Swap Detector is an open-source checker that detects API usage errors. The project was released this week by GrammaTech, and originally created by The Department of Homeland Security, Science and Technology Directorate, and Static Tool Analysis Modernization Project.
“Traditional static-analysis techniques do not take advantage of the vast wealth of information on what represents error-free coding practices available in the open-source domain,” said Alexey Loginov, the vice president of research at GrammaTech. “With Swap Detector we applied Big Data analysis techniques, what we call Big Code analysis, to the Fedora RPM open-source repository to baseline correct API usage. This allowed us to develop error-detection capabilities that far exceed the scalability and accuracy of conventional approaches to program analysis.”
Swap Detector enables developers and DevOps teams to identify errors due to swapped function arguments, which can also be present in deployed code.
It consumes input information about a call site and function declaration information pertaining to that call site. If it detects a potential swapped-argument error at that call site, it outputs an appropriate warning message and a score for the warning.
Swap Detector also integrates with a variety of static analysis tools such as Clang Static Analyzer, Clang-Tidy, and PyLint, and is especially beneficial for languages that are interpreted and not compiled, according to GrammaTech.
The software uses “Big Code” techniques and applies statistical information about usages of “known good” API-usage patterns collected from a large corpus of code, and flags usages that are statistically anomalous as potential errors.
Additional details are available here.