This SBIR Phase II project develops software products to improve software quality and developer productivity. Computers are used everywhere in our lives with most applications requiring high reliability, availability, and security. Despite efforts to improve quality, bugs are still too common and costly. To address these problems the team has conducted research in static-analysis and bug detection - taking a pattern-based approach - applying data-mining to software code analysis. The Phase II effort will focus on integration of the tools into the software development lifecycle providing customers an optimal way to benefit from the tools. The team will also develop needed functionality (Branch Quality Management, Patch-Mining) and code search - all new, unique, broader and important usages of technology identified by customers from Phase I.
The tools, once commercialized, can benefit a large percentage of IT departments in different business segments (IT, finance, government, entertainment, insurance, etc) to improve their software quality and productivity and reduce the software development cost via automatic bug detection. In contrast to traditional manual effort that usually takes a programmer 1-2 weeks to detect a bug, the proposed tools can easily identify hundreds of bugs in millions lines of code automatically in 1-2 hours. Once a bug is detected (either from these tools, or any other tools, the tools can be used to ensure that the bug-fix is applied throughout the code. In addition to detecting software bugs, the proposed tools can also be used to detect illegal software plagiarism from open source or other software.
Our Phase II project consisted of 5 main objectives and our Phase IIB consisted of 2 main objectives. The bulk of the objectives were related to make the technology easier to use and more applicable to a larger number of customers. The largest contribution was related to extending the technology to support a new use that we call "patch mining" which allows customers to ensure that when they fix a software defect in one location that it can easily be fixed in all of the other locations – both known and unknown locations. In addition to the new use case that we extended the technology to support, we spent a considerable amount of effort to improve both the scalability and ease-of-use of the technology. One specific area of focus was on integrating our technology into the software development lifecycle. Once integrated with industry standard SCM systems, all companies use to maintain their source code, we were able to more easily demonstrate the value of the technology to intersted parties. In addition we developed web service APIs to allow larger companies to customize the integration of the tools into their own environment. The results have been successful and is evidenced by the traction that we have gained in the market place thanks to our Phase II funding.