The present invention relates to static analysis, and more specifically, to generating complaints during static analysis.
Software programs may contain implementation or design errors created by developers who write the underlying software code for the programs. Thus, during development, several rounds of writing, testing, and modification may be required before a high-quality software product can be released.
Static analysis is widely used during development to identify possible implementation or design errors. Static analysis is a method of computer program debugging that is done by examining the code without executing the program. The process provides an understanding of the code structure and can help to ensure that the code adheres to industry standards by issuing complaints whenever code is detected that corresponds to an implementation or design error.
However, many complaints issued by a typical static analysis tool are considered false positives, or are otherwise insignificant. For example, there are cases when a programmer would opt to include code that a static analysis tool would normally complain about, but would actually be considered bad practice to remove. Accordingly, there are multiple techniques by which a static analysis tool can be configured to ignore those particular types of complaints in specific parts of the program (i.e., not issue/suppress a complaint about that section of code in the future). For example, the use of comments to provide issue/suppress directives to a static analysis tool is widely used.
However, other challenges exist in contemporary static code analysis approaches. For example, existing static code analysis tools do not offer support for handling changes over time relating to the implementation or design errors and the corresponding complaints that may or may not be issued.