Limitations of Code Analysis Tools in Detecting Runtime Errors, Performance Issues, and Other Vulnerabilities
DOI:
https://doi.org/10.63282/3117-5481/AIJCST-V7I4P106Keywords:
Static Analysis, Dynamic Analysis, Runtime Errors, Performance Issues, Code Analysis Tools, Security Analysis, Hybrid Analysis, Memory Leaks, Concurrency BugsAbstract
Learning code is becoming a common, part of the software engineering procedures, therefore, code analysis tools are developed to enable programmers to identify errors in programs, preserve programming correctness, and locate possible vulnerability. However, in as much as they have become commonplace, these tools also have dire shortcomings in respect of runtime errors, bottlenecks, and unclear security vulnerability identification. The given paper talks about theoretical and practical drawbacks of both static and dynamic code analysis tools to the software systems in the real world. We look in detail at how they are detected, and we indicate both their failings and how these blind spots come about. Such restrictions fall into 3 general sets in which we consider shortcomings in the detection of runtime errors, inability to conduct admirable performance analysis and security weakness blind spots. On top of the literature review comes the historical perceptions and comparisons of some of the most popular tools such as SonarQube, Coverity, Fortify and Valgrind capabilities. Empirically We point out inconsistencies and boundaries in tool results by a methodology of empirical evaluation by a benchmark codebases characteristics of controlled experimentation. In our analysis, we identified that the code analysis environments tend to be unobehaved detecting concurrency related issues and memory inefficiency and context sensitive security vulnerability. We conclude by mentioning the perspective of the future improvement, including hybrid approaches to analysis, the possibility of introducing machine learning to identify the vulnerabilities, and better integration with the commercial set of run-time monitoring tools. In this paper, we have pointed out that the quality assurance of software must remain in much holistic form where the static analysis of the code is also combined with the dynamic instrumentation and analysis
References
[1] Bessey, A., Block, K., Chelf, B., Chou, A., Fulton, B., Hallem, S., ... & Engler, D. (2010). A few billion lines of code later: using static analysis to find bugs in the real world. Communications of the ACM, 53(2), 66-75.
[2] Livshits, V. B., & Lam, M. S. (2005, August). Finding Security Vulnerabilities in Java Applications with Static Analysis. In USENIX security symposium (Vol. 14, pp. 18-18).
[3] Ayewah, N., Pugh, W., Hovemeyer, D., Morgenthaler, J. D., & Penix, J. (2008). Using static analysis to find bugs. IEEE software, 25(5), 22-29.
[4] Wagner, D., & Dean, R. (2000, May). Intrusion detection via static analysis. In Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001 (pp. 156-168). IEEE.
[5] Goseva-Popstojanova, K., & Perhinschi, A. (2015). On the capability of static code analysis to detect security vulnerabilities. Information and Software Technology, 68, 18-33.
[6] Avya Chaudhary, Types of Static Code Analysis: Benefits and Limitations, hatica, 2022. online. https://www.hatica.io/blog/static-code-analysis/
[7] Chess, B., & West, J. (2007). Secure programming with static analysis. Pearson Education.
[8] Nethercote, N., & Seward, J. (2007). Valgrind: a framework for heavyweight dynamic binary instrumentation. ACM Sigplan notices, 42(6), 89-100.
[9] Johnson, B., Song, Y., Murphy-Hill, E., & Bowdidge, R. (2013, May). Why don't software developers use static analysis tools to find bugs?. In 2013 35th International Conference on Software Engineering (ICSE) (pp. 672-681). IEEE.
[10] Christakis, M., & Bird, C. (2016, August). What developers want and need from program analysis: an empirical study. In Proceedings of the 31st IEEE/ACM international conference on automated software engineering (pp. 332-343).
[11] Kaur, A., & Nayyar, R. (2020). A comparative study of static code analysis tools for vulnerability detection in c/c++ and java source code. Procedia Computer Science, 171, 2023-2029.
[12] Vorobyov, K., Kosmatov, N., & Signoles, J. (2018). Detection of security vulnerabilities in C code using runtime verification: an experience report. In Tests and Proofs: 12th International Conference, TAP 2018, Held as Part of STAF 2018, Toulouse, France, June 27-29, 2018, Proceedings 12 (pp. 139-156). Springer International Publishing.
[13] Chahar, C., Chauhan, V. S., & Das, M. L. (2012). Code analysis for software and system security using open source tools. Information Security Journal: A Global Perspective, 21(6), 346-352.
[14] Nong, Y., Cai, H., Ye, P., Li, L., & Chen, F. (2021). Evaluating and comparing memory error vulnerability detectors. Information and Software Technology, 137, 106614.
[15] Stamelos, I., Angelis, L., Oikonomou, A., & Bleris, G. L. (2002). Code quality analysis in open source software development. Information systems journal, 12(1), 43-60.
[16] Rattan, D., Bhatia, R., & Singh, M. (2013). Software clone detection: A systematic review. Information and Software Technology, 55(7), 1165-1199.
[17] Static vs. dynamic code analysis: A comprehensive guide to choosing the right tool, vfunction, 2024. online. https://vfunction.com/blog/static-vs-dynamic-code-analysis/
[18] Smith, D. J., & Wood, K. B. (2012). Engineering quality software: a review of current practices, standards and guidelines including new methods and development tools.
[19] Heckman, S., & Williams, L. (2011). A systematic literature review of actionable alert identification techniques for automated static code analysis. Information and Software Technology, 53(4), 363-387.
[20] Azeem, M. I., Palomba, F., Shi, L., & Wang, Q. (2019). Machine learning techniques for code smell detection: A systematic literature review and meta-analysis. Information and Software Technology, 108, 115-138.
[21] Rusum, G. P., Pappula, K. K., & Anasuri, S. (2020). Constraint Solving at Scale: Optimizing Performance in Complex Parametric Assemblies. International Journal of Emerging Trends in Computer Science and Information Technology, 1(2), 47-55. https://doi.org/10.63282/3050-9246.IJETCSIT-V1I2P106
[22] Pappula, K. K., & Rusum, G. P. (2020). Custom CAD Plugin Architecture for Enforcing Industry-Specific Design Standards. International Journal of AI, BigData, Computational and Management Studies, 1(4), 19-28. https://doi.org/10.63282/3050-9416.IJAIBDCMS-V1I4P103
[23] Rahul, N. (2020). Optimizing Claims Reserves and Payments with AI: Predictive Models for Financial Accuracy. International Journal of Emerging Trends in Computer Science and Information Technology, 1(3), 46-55. https://doi.org/10.63282/3050-9246.IJETCSIT-V1I3P106
[24] Enjam, G. R., & Tekale, K. M. (2020). Transitioning from Monolith to Microservices in Policy Administration. International Journal of Emerging Research in Engineering and Technology, 1(3), 45-52. https://doi.org/10.63282/3050-922X.IJERETV1I3P106
[25] Pappula, K. K., & Anasuri, S. (2021). API Composition at Scale: GraphQL Federation vs. REST Aggregation. International Journal of Emerging Trends in Computer Science and Information Technology, 2(2), 54-64. https://doi.org/10.63282/3050-9246.IJETCSIT-V2I2P107
[26] Pedda Muntala, P. S. R. (2021). Integrating AI with Oracle Fusion ERP for Autonomous Financial Close. International Journal of AI, BigData, Computational and Management Studies, 2(2), 76-86. https://doi.org/10.63282/3050-9416.IJAIBDCMS-V2I2P109
[27] Rahul, N. (2021). Strengthening Fraud Prevention with AI in P&C Insurance: Enhancing Cyber Resilience. International Journal of Artificial Intelligence, Data Science, and Machine Learning, 2(1), 43-53. https://doi.org/10.63282/3050-9262.IJAIDSML-V2I1P106
[28] Enjam, G. R., & Chandragowda, S. C. (2021). RESTful API Design for Modular Insurance Platforms. International Journal of Emerging Research in Engineering and Technology, 2(3), 71-78. https://doi.org/10.63282/3050-922X.IJERET-V2I3P108
[29] Karri, N., Pedda Muntala, P. S. R., & Jangam, S. K. (2021). Predictive Performance Tuning. International Journal of Emerging Research in Engineering and Technology, 2(1), 67-76. https://doi.org/10.63282/3050-922X.IJERET-V2I1P108
[30] Rusum, G. P. (2022). Security-as-Code: Embedding Policy-Driven Security in CI/CD Workflows. International Journal of AI, BigData, Computational and Management Studies, 3(2), 81-88. https://doi.org/10.63282/3050-9416.IJAIBDCMS-V3I2P108
[31] Pappula, K. K. (2022). Containerized Zero-Downtime Deployments in Full-Stack Systems. International Journal of AI, BigData, Computational and Management Studies, 3(4), 60-69. https://doi.org/10.63282/3050-9416.IJAIBDCMS-V3I4P107
[32] Anasuri, S., Rusum, G. P., & Pappula, kiran K. (2022). Blockchain-Based Identity Management in Decentralized Applications. International Journal of AI, BigData, Computational and Management Studies, 3(3), 70-81. https://doi.org/10.63282/3050-9416.IJAIBDCMS-V3I3P109
[33] Pedda Muntala, P. S. R. (2022). Natural Language Querying in Oracle Fusion Analytics: A Step toward Conversational BI. International Journal of Emerging Trends in Computer Science and Information Technology, 3(3), 81-89. https://doi.org/10.63282/3050-9246.IJETCSIT-V3I3P109
[34] Rahul, N. (2022). Optimizing Rating Engines through AI and Machine Learning: Revolutionizing Pricing Precision. International Journal of Artificial Intelligence, Data Science, and Machine Learning, 3(3), 93-101. https://doi.org/10.63282/3050-9262.IJAIDSML-V3I3P110
[35] Enjam, G. R. (2022). Secure Data Masking Strategies for Cloud-Native Insurance Systems. International Journal of Emerging Trends in Computer Science and Information Technology, 3(2), 87-94. https://doi.org/10.63282/3050-9246.IJETCSIT-V3I2P109
[36] Karri, N. (2022). Predictive Maintenance for Database Systems. International Journal of Emerging Research in Engineering and Technology, 3(1), 105-115. https://doi.org/10.63282/3050-922X.IJERET-V3I1P111
[37] Tekale, K. M. T., & Enjam, G. reddy . (2022). The Evolving Landscape of Cyber Risk Coverage in P&C Policies. International Journal of Emerging Trends in Computer Science and Information Technology, 3(3), 117-126. https://doi.org/10.63282/3050-9246.IJETCSIT-V3I1P113
[38] Rusum, G. P. (2023). Secure Software Supply Chains: Managing Dependencies in an AI-Augmented Dev World. International Journal of Artificial Intelligence, Data Science, and Machine Learning, 4(3), 85-97. https://doi.org/10.63282/3050-9262.IJAIDSML-V4I3P110
[39] Pappula, K. K. (2023). Edge-Deployed Computer Vision for Real-Time Defect Detection. International Journal of AI, BigData, Computational and Management Studies, 4(3), 72-81. https://doi.org/10.63282/3050-9416.IJAIBDCMS-V4I3P108
[40] Anasuri, S. (2023). Synthetic Identity Detection Using Graph Neural Networks. International Journal of Artificial Intelligence, Data Science, and Machine Learning, 4(4), 87-96. https://doi.org/10.63282/3050-9262.IJAIDSML-V4I4P110
[41] Pedda Muntala, P. S. R. (2023). AI-Powered Chatbots and Digital Assistants in Oracle Fusion Applications. International Journal of Emerging Trends in Computer Science and Information Technology, 4(3), 101-111. https://doi.org/10.63282/3050-9246.IJETCSIT-V4I3P111
[42] Rahul, N. (2023). Transforming Underwriting with AI: Evolving Risk Assessment and Policy Pricing in P&C Insurance. International Journal of AI, BigData, Computational and Management Studies, 4(3), 92-101. https://doi.org/10.63282/3050-9416.IJAIBDCMS-V4I3P110
[43] Enjam, G. R. (2023). Optimizing PostgreSQL for High-Volume Insurance Transactions & Secure Backup and Restore Strategies for Databases. International Journal of Emerging Trends in Computer Science and Information Technology, 4(1), 104-111. https://doi.org/10.63282/3050-9246.IJETCSIT-V4I1P112
[44] Tekale, K. M. (2023). Cyber Insurance Evolution: Addressing Ransomware and Supply Chain Risks. International Journal of Emerging Trends in Computer Science and Information Technology, 4(3), 124-133. https://doi.org/10.63282/3050-9246.IJETCSIT-V4I3P113
[45] Karri, N., & Jangam, S. K. (2023). Role of AI in Database Security. International Journal of Artificial Intelligence, Data Science, and Machine Learning, 4(1), 89-97. https://doi.org/10.63282/3050-9262.IJAIDSML-V4I1P110
[46] Rusum, G. P. (2024). Trustworthy AI in Software Systems: From Explainability to Regulatory Compliance. International Journal of Emerging Research in Engineering and Technology, 5(1), 71-81. https://doi.org/10.63282/3050-922X.IJERET-V5I1P109
[47] Enjam, G. R., & Tekale, K. M. (2024). Self-Healing Microservices for Insurance Platforms: A Fault-Tolerant Architecture Using AWS and PostgreSQL. International Journal of AI, BigData, Computational and Management Studies, 5(1), 127-136. https://doi.org/10.63282/3050-9416.IJAIBDCMS-V5I1P113
[48] Pappula, K. K., & Rusum, G. P. (2024). AI-Assisted Address Validation Using Hybrid Rule-Based and ML Models. International Journal of Artificial Intelligence, Data Science, and Machine Learning, 5(4), 91-104. https://doi.org/10.63282/3050-9262.IJAIDSML-V5I4P110
[49] Rahul, N. (2024). Improving Policy Integrity with AI: Detecting Fraud in Policy Issuance and Claims. International Journal of Artificial Intelligence, Data Science, and Machine Learning, 5(1), 117-129. https://doi.org/10.63282/3050-9262.IJAIDSML-V5I1P111
[50] Partha Sarathi Reddy Pedda Muntala, "AI-Powered Expense and Procurement Automation in Oracle Fusion Cloud" International Journal of Multidisciplinary on Science and Management, Vol. 1, No. 3, pp. 62-75, 2024.
[51] Anasuri, S. (2024). Secure Software Development Life Cycle (SSDLC) for AI-Based Applications. International Journal of Artificial Intelligence, Data Science, and Machine Learning, 5(1), 104-116. https://doi.org/10.63282/3050-9262.IJAIDSML-V5I1P110
[52] Karri, N., & Jangam, S. K. (2024). Semantic Search with AI Vector Search. International Journal of AI, BigData, Computational and Management Studies, 5(2), 141-150. https://doi.org/10.63282/3050-9416.IJAIBDCMS-V5I2P114
[53] Tekale, K. M., & Rahul, N. (2024). AI Bias Mitigation in Insurance Pricing and Claims Decisions. International Journal of Artificial Intelligence, Data Science, and Machine Learning, 5(1), 138-148. https://doi.org/10.63282/3050-9262.IJAIDSML-V5I1P113
[54] Pappula, K. K., & Anasuri, S. (2020). A Domain-Specific Language for Automating Feature-Based Part Creation in Parametric CAD. International Journal of Emerging Research in Engineering and Technology, 1(3), 35-44. https://doi.org/10.63282/3050-922X.IJERET-V1I3P105
[55] Rahul, N. (2020). Vehicle and Property Loss Assessment with AI: Automating Damage Estimations in Claims. International Journal of Emerging Research in Engineering and Technology, 1(4), 38-46. https://doi.org/10.63282/3050-922X.IJERET-V1I4P105
[56] Enjam, G. R. (2020). Ransomware Resilience and Recovery Planning for Insurance Infrastructure. International Journal of AI, BigData, Computational and Management Studies, 1(4), 29-37. https://doi.org/10.63282/3050-9416.IJAIBDCMS-V1I4P104
[57] Pappula, K. K., & Rusum, G. P. (2021). Designing Developer-Centric Internal APIs for Rapid Full-Stack Development. International Journal of AI, BigData, Computational and Management Studies, 2(4), 80-88. https://doi.org/10.63282/3050-9416.IJAIBDCMS-V2I4P108
[58] Pedda Muntala, P. S. R., & Jangam, S. K. (2021). End-to-End Hyperautomation with Oracle ERP and Oracle Integration Cloud. International Journal of Emerging Research in Engineering and Technology, 2(4), 59-67. https://doi.org/10.63282/3050-922X.IJERET-V2I4P107
[59] Rahul, N. (2021). AI-Enhanced API Integrations: Advancing Guidewire Ecosystems with Real-Time Data. International Journal of Emerging Research in Engineering and Technology, 2(1), 57-66. https://doi.org/10.63282/3050-922X.IJERET-V2I1P107
[60] Enjam, G. R. (2021). Data Privacy & Encryption Practices in Cloud-Based Guidewire Deployments. International Journal of AI, BigData, Computational and Management Studies, 2(3), 64-73. https://doi.org/10.63282/3050-9416.IJAIBDCMS-V2I3P108
[61] Karri, N. (2021). AI-Powered Query Optimization. International Journal of Artificial Intelligence, Data Science, and Machine Learning, 2(1), 63-71. https://doi.org/10.63282/3050-9262.IJAIDSML-V2I1P108
[62] Rusum, G. P., & Pappula, kiran K. . (2022). Event-Driven Architecture Patterns for Real-Time, Reactive Systems. International Journal of Emerging Research in Engineering and Technology, 3(3), 108-116. https://doi.org/10.63282/3050-922X.IJERET-V3I3P111
[63] Pappula, K. K. (2022). Architectural Evolution: Transitioning from Monoliths to Service-Oriented Systems. International Journal of Emerging Research in Engineering and Technology, 3(4), 53-62. https://doi.org/10.63282/3050-922X.IJERET-V3I4P107
[64] Anasuri, S. (2022). Formal Verification of Autonomous System Software. International Journal of Emerging Research in Engineering and Technology, 3(1), 95-104. https://doi.org/10.63282/3050-922X.IJERET-V3I1P110
[65] Pedda Muntala, P. S. R., & Jangam, S. K. (2022). Predictive Analytics in Oracle Fusion Cloud ERP: Leveraging Historical Data for Business Forecasting. International Journal of Artificial Intelligence, Data Science, and Machine Learning, 3(4), 86-95. https://doi.org/10.63282/3050-9262.IJAIDSML-V3I4P110
[66] Rahul, N. (2022). Automating Claims, Policy, and Billing with AI in Guidewire: Streamlining Insurance Operations. International Journal of Emerging Research in Engineering and Technology, 3(4), 75-83. https://doi.org/10.63282/3050-922X.IJERET-V3I4P109
[67] Enjam, G. R. (2022). Energy-Efficient Load Balancing in Distributed Insurance Systems Using AI-Optimized Switching Techniques. International Journal of Artificial Intelligence, Data Science, and Machine Learning, 3(4), 68-76. https://doi.org/10.63282/3050-9262.IJAIDSML-V3I4P108
[68] Karri, N., Pedda Muntala, P. S. R., & Jangam, S. K. (2022). Forecasting Hardware Failures or Resource Bottlenecks Before They Occur. International Journal of Emerging Research in Engineering and Technology, 3(2), 99-109. https://doi.org/10.63282/3050-922X.IJERET-V3I2P111
[69] Tekale, K. M., & Rahul, N. (2022). AI and Predictive Analytics in Underwriting, 2022 Advancements in Machine Learning for Loss Prediction and Customer Segmentation. International Journal of Artificial Intelligence, Data Science, and Machine Learning, 3(1), 95-113. https://doi.org/10.63282/3050-9262.IJAIDSML-V3I1P111
[70] Rusum, G. P., & Anasuri, S. (2023). Synthetic Test Data Generation Using Generative Models. International Journal of Emerging Trends in Computer Science and Information Technology, 4(4), 96-108. https://doi.org/10.63282/3050-9246.IJETCSIT-V4I4P111
[71] Pappula, K. K. (2023). Reinforcement Learning for Intelligent Batching in Production Pipelines. International Journal of Artificial Intelligence, Data Science, and Machine Learning, 4(4), 76-86. https://doi.org/10.63282/3050-9262.IJAIDSML-V4I4P109
[72] Anasuri, S., Rusum, G. P., & Pappula, K. K. (2023). AI-Driven Software Design Patterns: Automation in System Architecture. International Journal of Artificial Intelligence, Data Science, and Machine Learning, 4(1), 78-88. https://doi.org/10.63282/3050-9262.IJAIDSML-V4I1P109
[73] Pedda Muntala, P. S. R., & Karri, N. (2023). Managing Machine Learning Lifecycle in Oracle Cloud Infrastructure for ERP-Related Use Cases. International Journal of Emerging Research in Engineering and Technology, 4(3), 87-97. https://doi.org/10.63282/3050-922X.IJERET-V4I3P110
[74] Rahul, N. (2023). Personalizing Policies with AI: Improving Customer Experience and Risk Assessment. International Journal of Emerging Trends in Computer Science and Information Technology, 4(1), 85-94. https://doi.org/10.63282/3050-9246.IJETCSIT-V4I1P110
[75] Enjam, G. R., Tekale, K. M., & Chandragowda, S. C. (2023). Zero-Downtime CI/CD Production Deployments for Insurance SaaS Using Blue/Green Deployments. International Journal of Emerging Research in Engineering and Technology, 4(3), 98-106. https://doi.org/10.63282/3050-922X.IJERET-V4I3P111
[76] Tekale , K. M. (2023). AI-Powered Claims Processing: Reducing Cycle Times and Improving Accuracy. International Journal of Artificial Intelligence, Data Science, and Machine Learning, 4(2), 113-123. https://doi.org/10.63282/3050-9262.IJAIDSML-V4I2P113
[77] Karri, N., & Pedda Muntala, P. S. R. (2023). Query Optimization Using Machine Learning. International Journal of Emerging Trends in Computer Science and Information Technology, 4(4), 109-117. https://doi.org/10.63282/3050-9246.IJETCSIT-V4I4P112
[78] Rusum, G. P., & Anasuri, S. (2024). Vector Databases in Modern Applications: Real-Time Search, Recommendations, and Retrieval-Augmented Generation (RAG). International Journal of AI, BigData, Computational and Management Studies, 5(4), 124-136. https://doi.org/10.63282/3050-9416.IJAIBDCMS-V5I4P113
[79] Enjam, G. R. (2024). AI-Powered API Gateways for Adaptive Rate Limiting and Threat Detection. International Journal of Artificial Intelligence, Data Science, and Machine Learning, 5(4), 117-129. https://doi.org/10.63282/3050-9262.IJAIDSML-V5I4P112
[80] Pappula, K. K., & Anasuri, S. (2024). Deep Learning for Industrial Barcode Recognition at High Throughput. International Journal of Artificial Intelligence, Data Science, and Machine Learning, 5(1), 79-91. https://doi.org/10.63282/3050-9262.IJAIDSML-V5I1P108
[81] Rahul, N. (2024). Revolutionizing Medical Bill Reviews with AI: Enhancing Claims Processing Accuracy and Efficiency. International Journal of AI, BigData, Computational and Management Studies, 5(2), 128-140. https://doi.org/10.63282/3050-9416.IJAIBDCMS-V5I2P113
[82] Reddy Pedda Muntala, P. S., & Jangam, S. K. (2024). Automated Risk Scoring in Oracle Fusion ERP Using Machine Learning. International Journal of Artificial Intelligence, Data Science, and Machine Learning, 5(4), 105-116. https://doi.org/10.63282/3050-9262.IJAIDSML-V5I4P111
[83] Anasuri, S., & Rusum, G. P. (2024). Software Supply Chain Security: Policy, Tooling, and Real-World Incidents. International Journal of Emerging Trends in Computer Science and Information Technology, 5(3), 79-89. https://doi.org/10.63282/3050-9246.IJETCSIT-V5I3P108
[84] Karri, N., & Pedda Muntala, P. S. R. (2024). Using Oracle’s AI Vector Search to Enable Concept-Based Querying across Structured and Unstructured Data. International Journal of AI, BigData, Computational and Management Studies, 5(3), 145-154. https://doi.org/10.63282/3050-9416.IJAIBDCMS-V5I3P115
[85] Tekale, K. M. (2024). Generative AI in P&C: Transforming Claims and Customer Service. International Journal of Emerging Trends in Computer Science and Information Technology, 5(2), 122-131. https://doi.org/10.63282/3050-9246.IJETCSIT-V5I2P113
