Promises and Limitations of

 

Applying AI in Software Testing and Static Analysis

 
 
 

In recent years, integrating artificial intelligence (AI) into software development processes has been recognized as a significant advancement. AI-driven tools promise to increase efficiency, improve code quality, and automate mundane tasks. There is no question that the use of AI can change our lives, whether it be for diagnosing different types of cancer or developing autonomous vehicles. AI has become such a hot topic that there is currently a trend to equip everything with it. Sometimes, it feels like an AI feature was added to claim the product includes AI. Occasionally, you can hear the call: “Stop putting AI in everything! We didn't ask for it!”

In addition to this “AI for AI's sake,” there are many practical applications that can make day-to-day work much easier. For instance, in Software Testing, AI can generate high-quality unit test suites, extend existing coverage by identifying missing paths, and customize tests with minimal effort. Additionally, AI can understand code changes and develop new unit tests to close coverage gaps, ensuring comprehensive testing. However, while these capabilities are promising, human oversight remains essential to strike a balance between simplicity and complexity in tests and output. Since current AI systems are inherently non-deterministic, the reliability of results, especially in safety-critical areas, can only be achieved through human review and oversight.

AI Is Not Only Chatbots and Image Generators

Artificial Intelligence (AI) is often seen as the ultimate problem-solving tool. But its capabilities extend far beyond chatbots and image generators. At its core, AI is a branch of computer science focused on machine learning and the automation of intelligent behavior.

Today, AI is woven into many aspects of our daily lives—from personalized shopping recommendations and virtual assistants to search engine results and real-time translation tools. These applications highlight where modern AI truly excels: processing vast amounts of data, identifying patterns, and making informed predictions.

But ask a tool like Copilot, and you’ll learn that they’re the result of sophisticated algorithms analyzing complex data relationships. Far from random, these insights are grounded in statistical rigor and computational power.

Practical Applications

It is remarkable to observe the results that can be achieved today. For example, where we previously had to search for individual websites painstakingly, we now receive a summary of relevant sources (from the AI's perspective) for our search queries. The use of AI is a quantum leap forward in natural language processing. But in comparison to language, which is more or less an ordered sequence, codebases are complex structures. Codebase complexity makes it challenging to translate practical applications into code directly. One possible starting point, given the use of natural language, is requirements.

AI in VectorCAST

While artificial intelligence is not a new concept, its applications in software testing have become increasingly impactful. One such approach is Automated Reasoning—a method used to determine what systems can or cannot do. This technique enables us to generate test cases that accurately reflect a program's behavior, yielding highly reliable and accurate results.

VectorCAST builds on this foundation with its Automatic Test Generation (ATG) capabilities. Now, we're taking it a step further. Our new AI-powered test-case generator uses large language models (LLMs) to create tests directly from your functional requirements.

VectorCAST Sneak Peek: AI-Powered Test-Case Generation

Join the Early Access Program Now

AI Supported Requirements-based Testing

In regulated markets such as automotive, railway, and medical, compliance mandates follow a “requirements-driven testing” approach. This approach means that test cases have to be written against a requirements specification rather than the source code itself. These markets offer ideal opportunities for pairing AI with VectorCAST to automate the generation of requirements-based test cases. VectorCAST is specifically designed to meet the stringent needs of various industries, offering a well-suited environment due to its comprehensive traceability.  AI can therein interpret both the requirements and the code to propose test cases that exercise the intent of the requirements specification. A human reviewer can then evaluate these test cases for completeness before they are approved.

AI in Static Analysis

AI also shows potential in enhancing static analysis by prioritizing rule violations based on compliance requirements, suggesting code fixes, and reducing the noise associated with static analysis. AI-powered tools can flag and prioritize critical issues, helping teams focus on the most pressing problems. They can also group violations based on previous triage actions, streamlining the remediation process. The list of use cases is constantly growing. Not least because AI is being increasingly integrated into development environments, opening up new possibilities.

PC-lint Plus Emphasizes Accuracy and Quality

PC-lint Plus findings are based on over 30 years of experience in static code analysis. This experience is a cornerstone of customer confidence in the tool. PC-lint Plus is particularly well-known and valued for its reliability, depth of analysis, and suitability for safety- and security-critical software projects. The current focus of development is to provide more accurate results and enhanced capabilities for collaborative review, enabling teams to achieve compliance together.

PC-lint Plus: The Ultimate Solution for Detecting Defects in C and C++ Code

PC-lint Plus

The Human in the Loop

Despite all these advantages and possibilities of AI, humans have not yet been made redundant. It is not just a matter of establishing society's trust in technology and taking responsibility. Even though AI can draw on an enormous amount of data to generate solutions, it lacks a comprehensive understanding of the context. This is especially the case for highly specialized domains whose context has not been part of the dataset that an AI has seen during training. Even within companies, a significant amount of knowledge and experience is not being maintained in a way that can be utilized for training, making the task even more challenging. Humans can assess situations more carefully and adapt to new ones. For instance, when fixing coding rule violations, they can ensure that suggested fixes comply with non-functional requirements and balance trade-offs, such as readability versus performance. Humans can also better assess the suitability of a test case concerning a requirement and confirm the correctness of proposed traceability. Human involvement remains necessary to ensure compliance, especially in safety-critical applications. Effective use of AI requires a balance between automating specific tasks and maintaining vigilance.

Conclusion

The integration of AI into software testing and static analysis presents a transformative opportunity to enhance efficiency and accuracy. AI-driven tools can automate complex tasks, generate comprehensive test suites, and prioritize critical issues, significantly reducing the manual effort required.  However, the potential of AI should be balanced with the need for human oversight. While AI excels in data processing, pattern recognition, and predictive analysis, it lacks the nuanced understanding and contextual awareness that humans bring to the table.

Human involvement remains indispensable, especially in safety-critical applications, to ensure that AI-generated solutions are accurate, reliable, and compliant with standards.   And as of today, only humans can take responsibility. The collaboration between AI and human expertise can lead to more robust and effective software testing and static analysis processes. As AI continues to evolve, its role in these domains will undoubtedly expand, but the symbiotic relationship between technology and human judgment will always be crucial for achieving optimal results.

AI offers remarkable potential to revolutionize software testing and static analysis, but the true power lies in complementing human capabilities rather than replacing them. Tools like VectorCAST and PC-lint Plus already provide robust capabilities for improving software quality and reliability, emphasizing the importance of human oversight in the process. By leveraging the strengths of both AI and human insight, we can achieve a balanced and practical approach to software quality.

The Author

Andreas Horn is Senior Manager for Code Testing at Vector.
He studied computer science at the University of Karlsruhe and has been involved in safety-critical software development projects for more than 15 years, both in aerospace and automotive.
The focus has always been on quality assurance, with activities ranging from tester to auditor. In the past he worked as a consultant for development processes for automotive manufacturers and suppliers worldwide. Now he is responsible for the global go-to-market strategy of the code testing product line.
He is IREB certified Requirements Engineering Professional and intacs certified AutomotiveSPICE Provisional Assessor.