Abstract: A method and system is disclosed herein to identify causes of alarms generated corresponding to each alarm of the static analysis. The system models the basic reasons for alarms as alarm cause points of several types. Further, the system ranks these cause points based on different metrics such as unknown type-based ranking, grouping of cause points based on their lexical similarity or proximity and last but not least contribution score based ranking. The system also uses a workflow in which a user answers queries about the cause points and their answers are used in subsequent round of the static analysis. The collaboration between the answers of the user and the static analysis helps the tool to resolve the unknowns encountered during the analysis and weeding out the alarms. It also helps the user to expedite the manual inspections of alarms.

Abstract: This disclosure relates generally to a system and a method for repositioning of a plurality of static analysis alarms is provided. The proposed repositioned techniques, reposition each of the static analysis alarms from the set of static analysis alarms up or down the application code from the program points of their original reporting, for reducing the number of static analysis alarms reported or for reporting them closer to their causes or for both the objectives. Further the proposed repositioning techniques also ensure that the repositioning of the static analysis alarms is without affecting the errors uncovered by them. Further the disclosure also proposes to maintain traceability links between a repositioned static analysis alarm and its corresponding static analysis alarm(s).

Abstract: This disclosure relates generally to a system and a method for repositioning of a plurality of static analysis alarms is provided. The proposed repositioned techniques, reposition each of the static analysis alarms from the set of static analysis alarms up or down the application code from the program points of their original reporting, for reducing the number of static analysis alarms reported or for reporting them closer to their causes or for both the objectives. Further the proposed repositioning techniques also ensure that the repositioning of the static analysis alarms is without affecting the errors uncovered by them. Further the disclosure also proposes to maintain traceability links between a repositioned static analysis alarm and its corresponding static analysis alarm(s).

Abstract: A system and method for reviewing of warning generated during static analysis of a clustered software code by identifying, common point warnings and unique warnings from warnings associated with a software code, and further identifying, a top of must overlapped function for each of the common point warnings. Generating, one or more groups of the common point warnings based on the top of must overlapped function, and assigning, the top of must overlapped function as a constraint for corresponding group of common point warnings. Eliminating, warnings from each of the one or more groups using a review output wherein the review output is identified by reviewing a common point warning from the one or more group under the constraint such that the review of the common point warning under the constraint satisfy for review of all remaining for reviews of all remaining common point warnings of the group.

Abstract: A method and a system is disclosed herein for model checker based efficient elimination of false positives from static analysis warnings generated during static analysis of an application code. The system computes complete-range non-deterministic value variables (cnv variables) that are based on data flow analysis or static approximation of execution paths by control flow paths. During computation of cnv variables, over approximation (may-cnv variables) and under approximation (must-cnv variables) of a set of cnv variables at a program point is identified. The computed cnv variables are used to check whether an assertion variable is a cnv variable and the corresponding assertion verification call is redundant or otherwise. The identified redundant calls are then skipped for the efficiency of the false positives elimination and the model checker is invoked corresponding to the non-redundant assertion verification calls.

Abstract: A method and system is disclosed herein to identify causes of alarms generated corresponding to each alarm of the static analysis. The system models the basic reasons for alarms as alarm cause points of several types. Further, the system ranks these cause points based on different metrics such as unknown type-based ranking, grouping of cause points based on their lexical similarity or proximity and last but not least contribution score based ranking. The system also uses a workflow in which a user answers queries about the cause points and their answers are used in subsequent round of the static analysis. The collaboration between the answers of the user and the static analysis helps the tool to resolve the unknowns encountered during the analysis and weeding out the alarms. It also helps the user to expedite the manual inspections of alarms.

Abstract: A method and a system is disclosed herein for model checker based efficient elimination of false positives from static analysis warnings generated during static analysis of an application code. The system computes complete-range non-deterministic value variables (cnv variables) that are based on data flow analysis or static approximation of execution paths by control flow paths. During computation of cnv variables, over approximation (may-cnv variables) and under approximation (must-cnv variables) of a set of cnv variables at a program point is identified. The computed cnv variables are used to check whether an assertion variable is a cnv variable and the corresponding assertion verification call is redundant or otherwise. The identified redundant calls are then skipped for the efficiency of the false positives elimination and the model checker is invoked corresponding to the non-redundant assertion verification calls.

Abstract: The present disclosure generally relates to warnings generated based on static analysis and, more particularly, to grouping warnings generated based on static analysis. In one embodiment, a method for grouping a plurality of warnings generated based on a static analysis of an application program is provided. The method may include analyzing, by one or more processors using programmed instructions stored in a memory, the application program to generate the plurality of warnings; identifying, by the one or more processors, one or more similar warnings based on the plurality of warnings, the similar warnings having structurally and semantically similar expressions of interest (EOI); and generating, by the one or more processors, one or more groups of warnings based on the plurality of warnings, the one or more groups of warning including one or more of corresponding identified similar warnings.

Abstract: A system and method for reviewing of warning generated during static analysis of a clustered software code by identifying, common point warnings and unique warnings from warnings associated with a software code, and further identifying, a top of must overlapped function for each of the common point warnings. Generating, one or more groups of the common point warnings based on the top of must overlapped function, and assigning, the top of must overlapped function as a constraint for corresponding group of common point warnings. Eliminating, warnings from each of the one or more groups using a review output wherein the review output is identified by reviewing a common point warning from the one or more group under the constraint such that the review of the common point warning under the constraint satisfy for review of all remaining for reviews of all remaining common point warnings of the group.

Abstract: A system and method for facilitating verification of software code. A first program point is selected, from the software code, indicating static analysis warning to be reviewed. Further, review-assisting information including at least one of a set of modification points and a controlling condition are determined for the user to judge whether the warning generated is safe or unsafe. From the set of modification points, non-useful modification points may be filtered out in order to determine only relevant modification points. After filtering, the system presents the review-assisting information (relevant modification points and controlling conditions) in a systematic manner to the user for facilitating verification of the software code.

Abstract: Disclosed are a method and a system for facilitating verification of program code implementing Sleep Wakeup protocol for a microcontroller. An input handling module is configured to receive metadata from user required for verification of the program code. Identification module is configured to identify abstract syntax tree (AST) nodes corresponding to each program point in the program code. A computation module is configured to compute an actual interrupt protection status (IPS), task lock status (TLS), path entities and shared variables for each program point in the program code. A path analysis module is configured to determine transition paths between program points specified in the metadata, and are computed in terms of the path entities. Also, review information is computed for each of the path entities comprised in the transition paths. Further, a report generation module is configured to generate a report comprising the review information facilitating the user to verify the program code.

Abstract: A system and method for facilitating verification of software code. A first program point is selected, from the software code, indicating static analysis warning to be reviewed. Further, review-assisting information including at least one of a set of modification points and a controlling condition are determined for the user to judge whether the warning generated is safe or unsafe. From the set of modification points, non-useful modification points may be filtered out in order to determine only relevant modification points. After filtering, the system presents the review-assisting information (relevant modification points and controlling conditions) in a systematic manner to the user for facilitating verification of the software code.

Abstract: Disclosed are a method and a system for facilitating verification of program code implementing Sleep Wakeup protocol for a microcontroller. An input handling module is configured to receive metadata from user required for verification of the program code. Identification module is configured to identify abstract syntax tree (AST) nodes corresponding to each program point in the program code. A computation module is configured to compute an actual interrupt protection status (IPS), task lock status (TLS), path entities and shared variables for each program point in the program code. A path analysis module is configured to determine transition paths between program points specified in the metadata, and are computed in terms of the path entities. Also, review information is computed for each of the path entities comprised in the transition paths. Further, a report generation module is configured to generate a report comprising the review information facilitating the user to verify the program code.

Abstract: The present disclosure generally relates to warnings generated based on static analysis and, more particularly, to grouping warnings generated based on static analysis. In one embodiment, a method for grouping a plurality of warnings generated based on a static analysis of an application program is provided. The method may include analyzing, by one or more processors using programmed instructions stored in a memory, the application program to generate the plurality of warnings; identifying, by the one or more processors, one or more similar warnings based on the plurality of warnings, the similar warnings having structurally and semantically similar expressions of interest (EOI); and generating, by the one or more processors, one or more groups of warnings based on the plurality of warnings, the one or more groups of warning including one or more of corresponding identified similar warnings.