Static analysis tools are useful for finding serious programming errors and security vulnerabilities in source and binary code. Most static analysis testing tools work by searching code for known patterns or conditions to indicate programming errors or coding standards violations. In the past, static tool notifications were limited to problems that were predicted by the tool’s developer.
Today, newer, advanced tools such as the GrammaTech CodeSonar tool, use machine learning techniques to thereby expand the scope of statically found errors. Machine learning can automatically determine new features to test by having the analysis tool look for parts of the code that deviate from “normal” usage. For these parts of the code, it is assumed that the code is faulty. This technique, which is particularly useful for finding anomalies in API usage, can be used especially for popular operating system interfaces or open-source libraries. Experience shows that a significant proportion of anomalies found via AI correspond to real defects.
Verifysoft Technology - Software Testing Blog 