Test-Driving Static Analysis Tools in Search of C Code Vulnerabilities
Recently, a number of tools for automated code scanning came in the limelight. Due to the significant costs associated with incorporating such a tool in the software life-cycle, it is important to know what defects are detected and how accurate and efficient the analysis is. The authors focus specifically on popular static analysis tools for C code defects. Existing benchmarks include the actual defects in open source programs, but they lack systematic coverage of possible code defects and the coding complexities in which they arise. They introduce a test suite implementing the discussed requirements for frequent defects selected from public catalogues.