Assoc. Prof. Ayman Taha, Eng. Mennat Allah Hassan, Eng. Heba Osama
9th of Nov. 2021
Many firms and software engineers utilize static analysis tools to learn about programming features ranging from simple coding style standards to more advanced software issues, as software becomes more complex every day.
Our static analysis tool’s responsibility is to solve problems that developers face during run-time, whether they are design issues or other security issues in the program, by providing a detailed description of the issues and, if possible, how to solve them.
The static analysis tool main idea is to detect the issues of the program before run-time, during the implementation it detects the faults that the user can fall in regardless it is a security issue, refactoring issue or design issues. When a high risk construct is detected, The static analysis tool reports a violation for the developer to view and remediate.
According to studies made by software AG the static analysis tools interface ranking sets the dedicated tools as the developers best choice of static analysis tools followed by other interfaces.
A non-run-time environment is a technique for developers to test their code without actually executing it, which is known as static code analysis. Static code analysis tools are an extraordinarily effective approach to locate and highlight programming flaws to software engineers. It allows problems to be detected long before they cause mayhem when the code is released or deployed to a server. Static analysis is typically thought to be the more complete method of code analysis. It may also prove to be the more cost-effective solution. When code mistakes are detected early on, they are usually less expensive to rectify than when they become stuck in the system.
Static analysis tools were originally intended for compiler optimization , but their applications have since expanded to include bug and security vulnerability spotters, as well as code automation. Almost every piece of software has flaws. Some faults are easily discovered, whereas others are never discovered, usually because they appear seldom or not at all. Some faults that appear often go overlooked simply because they aren’t viewed as mistakes or aren’t serious enough. Software flaws can cause a variety of mistakes, from logical/functional failures to run-time errors and resource leaks.
The goal of static program analysis, often known as static analysis, is to learn about the semantic features of program, Without having to run them.
It is used in all aspects of software development, including specification and program Verification, synthesis of optimal code, and refactoring and maintenance of software applications.
The static analysis tool in it’s new form would be very helpful for software engineers and software companies to test their programs before reaching the final stages of the projects and finding some issues that can ruin their whole process and cost them extra money and time.
1.3 Problem Statement
Covering the biggest amount of vulnerabilities through our report to help the developer get the most out of our tool.
and Giving a detailed warnings/Feedback about the issue and some solutions to the problem if found.