An automated approach to detect violations with high confidence in incremental code using a learning system

Abstract

Static analysis (SA) tools are often used to analyze a software system to identify violation of good programming practices (such as not validating arguments to public methods, use of magic numbers etc.) and potential defects (such as misused APIs, race conditions, deadlocks etc.). Most widely used SA tools perform shallow data flow analysis with the results containing considerable number of False Positives (FPs) and False Negatives (FNs). Moreover it is difficult to run these tools only on newly added or modified piece of code. In order to determine which violations are new we need to perform tedious process of post processing the SA tool results. The proposed system takes into consideration the above mentioned issues of SA and provides a lightweight approach to detection of coding violations statically and proactively, with high degree of confidence using a learning system. It also identifies the violations with a quality perspective using the predefined mapping of violations to quality attributes. We successfully implemented a prototype of the system and studied its use across some of the projects in Siemens, Corporate Technology, Development Center, Asia Australia (CT DC AA). Experimental results showed significant reduction in time required in result analysis and also in FPs and FNs reported.