Improving the quality of software code involves a plurality of underlying difficulties. There are often no opportunities to verify that the software of non-trivial large systems is correct. In addition the large volume of source code which mostly increases greatly during the lifetime of a software system makes for difficulties in the analysis of the code.
Furthermore there is a plurality of problem points in large software systems, i.e. points potentially prone to errors. Often there are also not enough experts available for the analysis, assignment and resolution of manually or automatically determined problem areas in the software source code.
A further problem emerges in that software solutions now generally have to be created and updated in very short cycles. In addition there is a plurality of explicit and implicit informal requirements as well as formal and informal peripheral conditions to be considered with software systems. Further consideration has to be given to the fact that the development of software involves a plurality of changing approaches to the technical implementation, such as middleware, class libraries, different programming languages and runtime environments for example. The different implementations mostly concentrate in such cases only on specific technical aspects, without taking into consideration other aspects such as ensuring the quality of the software for example.
The coding error messages currently determined with static code analysis methods are as a rule largely unstructured and difficult to process because of the large volume of error messages. Therefore coding errors which are known per se are often not corrected over many development cycles. Similarly the case often occurs of coding errors being wrongly patched or patched with insufficient quality.
Current approaches to solutions for improving the quality of software source code are mostly not technical. In such cases there is primarily reliance on the experience of experts who attempt to completely read through the software source code in a structured manner. In these cases potential sources of errors are identified, pinpointed and documented by individual experts or in an expert team. The overall result is then mostly available, as well as a list of the errors and potential sources of errors identified, as a quality estimate in the form of a piece of prose. In many cases this quality estimate will be supplemented by a list of improvement instructions and recommendations.
Approaches are known from the prior art in which the error messages are grouped together by code analysis methods. This grouping is mostly very arbitrary. For example the error messages of the C++ analysis tool PC-Lint are only rudimentarily arranged in accordance with the problems that they produce. In addition approaches are known in which errors in the software source code are divided up into technical areas. The disadvantage of the known approaches to solutions is that, after the analysis of the software source code, a user is not given any simple structures which reveal which criteria are not fulfilled by the individual programming errors.