[go: up one dir, main page]
More Web Proxy on the site http://driver.im/ skip to main content
10.1145/3213846.3213850acmconferencesArticle/Chapter ViewAbstractPublication PagesisstaConference Proceedingsconference-collections
research-article

Repositioning of static analysis alarms

Published: 12 July 2018 Publication History

Abstract

The large number of alarms reported by static analysis tools is often recognized as one of the major obstacles to industrial adoption of such tools.
We present repositioning of alarms, a novel automatic postprocessing technique intended to reduce the number of reported alarms without affecting the errors uncovered by them. The reduction in the number of alarms is achieved by moving groups of related alarms along the control flow to a program point where they can be replaced by a single alarm. In the repositioning technique, as the locations of repositioned alarms are different than locations of the errors uncovered by them, we also maintain traceability links between a repositioned alarm and its corresponding original alarm(s). The presented technique is tool-agnostic and orthogonal to many other techniques available for postprocessing alarms.
To evaluate the technique, we applied it as a postprocessing step to alarms generated for 4 verification properties on 16 open source and 4 industry applications. The results indicate that the alarms repositioning technique reduces the alarms count by up to 20% over the state-of-the-art alarms grouping techniques with a median reduction of 7.25%.

References

[1]
{n. d.}. Polyspace Code Prover. http://in.mathworks.com/products/ polyspacecodeprover/. {Online: accessed 30-Jan-2017}.
[2]
Frances E. Allen. 1970. Control Flow Analysis. In Symposium on Compiler Optimization. ACM, New York, NY, USA, 1–19.
[3]
Nathaniel Ayewah and William Pugh. 2010.
[4]
The Google FindBugs Fixit. In International Symposium on Software Testing and Analysis. ACM, New York, NY, USA, 241–252.
[5]
Nathaniel Ayewah, William Pugh, J. David Morgenthaler, John Penix, and YuQian Zhou. 2007. Evaluating Static Analysis Defect Warnings on Production Software. In Workshop on Program Analysis for Software Tools and Engineering. ACM, New York, NY, USA, 1–8.
[6]
Moritz Beller, Radjino Bholanath, Shane McIntosh, and Andy Zaidman. 2016.
[7]
Analyzing the State of Static Analysis: A Large-Scale Evaluation in Open Source Software. In International Conference on Software Analysis, Evolution, and Reengineering, Vol. 1. 470–481. Repositioning of Static Analysis Alarms ISSTA’18, July 16–21, 2018, Amsterdam, Netherlands
[8]
Al Bessey, Ken Block, Ben Chelf, Andy Chou, Bryan Fulton, Seth Hallem, Charles Henri-Gros, Asya Kamsky, Scott McPeak, and Dawson Engler. 2010.
[9]
A Few Billion Lines of Code Later: Using Static Analysis to Find Bugs in the Real World. Commun. ACM 53, 2 (2010), 66–75.
[10]
Maria Christakis and Christian Bird. 2016. What Developers Want and Need from Program Analysis: An Empirical Study. In International Conference on Automated Software Engineering. ACM, New York, NY, USA, 332–343. 1145/2970276.2970347
[11]
Patrick Cousot, Radhia Cousot, Manuel Fähndrich, and Francesco Logozzo. 2013.
[12]
Automatic Inference of Necessary Preconditions. Springer Berlin Heidelberg, Berlin, Heidelberg, 128–148.
[13]
Pascal Cuoq, Florent Kirchner, Nikolai Kosmatov, Virgile Prevosto, Julien Signoles, and Boris Yakobowski. 2012. Frama-c. In International Conference on Software Engineering and Formal Methods. Springer, 233–247.
[14]
Ankush Das, Shuvendu K. Lahiri, Akash Lal, and Yi Li. 2015.
[15]
Angelic Verification: Precise Verification Modulo Unknowns. Springer International Publishing, Cham, 324–342.
[16]
Vinicius Rafael Lobo de Mendonca, Cassio Leonardo Rodrigues, Fabrízzio Alphonsus A de M. N. Soares, and Auri Marcelo Rizzo Vincenzi. 2013. Static analysis techniques and tools: A systematic mapping study. In International Conference on Software Engineering Advances.
[17]
Isil Dillig, Thomas Dillig, and Alex Aiken. 2012.
[18]
Automated Error Diagnosis Using Abductive Inference. In Conference on Programming Language Design and Implementation. ACM, New York, NY, USA, 181–192. 2254064.2254087
[19]
Marcel Gehrke. 2014.
[20]
Bidirectional Predicate Propagation in Frama-C and its Application to Warning Removal. Master’s thesis. Hamburg University of Technology.
[21]
Sarah Heckman and Laurie Williams. 2011. A Systematic Literature Review of Actionable Alert Identification Techniques for Automated Static Code Analysis. Inf. Softw. Technol. 53, 4 (2011), 363–387. 007
[22]
David Hovemeyer and William Pugh. 2004. Finding Bugs is Easy. SIGPLAN Not. 39, 12 (2004), 92–106.
[23]
Brittany Johnson, Yoonki Song, Emerson Murphy-Hill, and Robert Bowdidge. 2013. Why Don’t Software Developers Use Static Analysis Tools to Find Bugs?. In International Conference on Software Engineering. IEEE Press, Piscataway, NJ, USA, 672–681.
[24]
Uday Khedker, Amitabha Sanyal, and Bageshri Sathe. 2009.
[25]
Data flow analysis: theory and practice. CRC Press.
[26]
Yit Phang Khoo, Jeffrey S. Foster, Michael Hicks, and Vibha Sazawal. 2008. Path Projection for User-centered Static Analysis Tools. In Workshop on Program Analysis for Software Tools and Engineering. ACM, New York, NY, USA, 57–63.
[27]
Lucas Layman, Laurie Williams, and Robert St. Amant. 2007. Toward Reducing Fault Fix Time: Understanding Developer Behavior for the Design of Automated Fault Detection Tools. In International Symposium on Empirical Software Engineering and Measurement. 176–185.
[28]
Woosuk Lee, Wonchan Lee, and Kwangkeun Yi. 2012.
[29]
Sound Non-statistical Clustering of Static Analysis Alarms. In International Conference on Verification, Model Checking, and Abstract Interpretation. Springer-Verlag, Berlin, Heidelberg, 299–314. 3- 642- 27940- 9_20
[30]
Ravi Mangal, Xin Zhang, Aditya V. Nori, and Mayur Naik. 2015. A User-guided Approach to Program Analysis. In Proceedings of the 2015 10th Joint Meeting on Foundations of Software Engineering (ESEC/FSE 2015). ACM, New York, NY, USA, 462–473.
[31]
Bertrand Meyer. 2002.
[32]
Design by contract. Prentice Hall.
[33]
Tukaram Muske. 2014. Improving Review of Clustered-Code Analysis Warnings. In International Conference on Software Maintenance and Evolution. IEEE Computer Society, Washington, DC, USA, 569–572. 2014.97
[34]
Tukaram Muske, Ankit Baid, and Tushar Sanas. 2013. Review efforts reduction by partitioning of static analysis warnings. In International Working Conference on Source Code Analysis and Manipulation. 106–115. SCAM.2013.6648191
[35]
Tukaram Muske and Uday P. Khedker. 2016.
[36]
Cause Points Analysis for Effective Handling of Alarms. In International Symposium on Software Reliability Engineering. 173–184.
[37]
Tukaram Muske and Alexander Serebrenik. 2016.
[38]
Survey of approaches for handling static analysis alarms. In International Working Conference on Source Code Analysis and Manipulation. 157–166.
[39]
Flemming Nielson, Hanne R. Nielson, and Chris Hankin. 1999.
[40]
Principles of Program Analysis. Springer-Verlag New York, Inc., Secaucus, NJ, USA.
[41]
Caitlin Sadowski, Jeffrey van Gogh, Ciera Jaspan, Emma Söderberg, and Collin Winter. 2015. Tricorder: Building a Program Analysis Ecosystem. In International Conference on Software Engineering. IEEE Press, Piscataway, NJ, USA, 598–608.
[42]
YN Srikant and Priti Shankar. 2007.
[43]
The compiler design handbook: optimizations and machine code generation. CRC Press.
[44]
Arnaud Venet. 2008. A Practical Approach to Formal Software Verification by Static Analysis. Ada Lett. XXVIII, 1 (2008), 92–95. 1387830.1387836
[45]
Dalin Zhang, Dahai Jin, Yunzhan Gong, and Hailong Zhang. 2013. Diagnosis-Oriented Alarm Correlations. In Asia-Pacific Software Engineering Conference, Vol. 1. 172–179.
[46]
Jiang Zheng, Laurie Williams, Nachiappan Nagappan, Will Snipes, John P. Hudepohl, and Mladen A. Vouk. 2006.

Cited By

View all
  • (2023)Resolving Security Issues via Quality-Oriented Refactoring: A User Study2023 ACM/IEEE International Conference on Technical Debt (TechDebt)10.1109/TechDebt59074.2023.00016(82-91)Online publication date: May-2023
  • (2023)Mitigating False Positive Static Analysis Warnings: Progress, Challenges, and OpportunitiesIEEE Transactions on Software Engineering10.1109/TSE.2023.332966749:12(5154-5188)Online publication date: 1-Dec-2023
  • (2023)Computing Maximum Fixed Point Solutions over Feasible Paths in Data Flow AnalysesScience of Computer Programming10.1016/j.scico.2023.102944(102944)Online publication date: Mar-2023
  • Show More Cited By

Recommendations

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences
ISSTA 2018: Proceedings of the 27th ACM SIGSOFT International Symposium on Software Testing and Analysis
July 2018
379 pages
ISBN:9781450356992
DOI:10.1145/3213846
  • General Chair:
  • Frank Tip,
  • Program Chair:
  • Eric Bodden
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

In-Cooperation

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 12 July 2018

Permissions

Request permissions for this article.

Check for updates

Badges

Author Tags

  1. Static analysis
  2. alarms repositioning
  3. anticipable conditions
  4. available conditions
  5. data flowanalysis
  6. static analysis alarms

Qualifiers

  • Research-article

Conference

ISSTA '18
Sponsor:

Acceptance Rates

Overall Acceptance Rate 58 of 213 submissions, 27%

Upcoming Conference

ISSTA '25

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)28
  • Downloads (Last 6 weeks)3
Reflects downloads up to 20 Dec 2024

Other Metrics

Citations

Cited By

View all
  • (2023)Resolving Security Issues via Quality-Oriented Refactoring: A User Study2023 ACM/IEEE International Conference on Technical Debt (TechDebt)10.1109/TechDebt59074.2023.00016(82-91)Online publication date: May-2023
  • (2023)Mitigating False Positive Static Analysis Warnings: Progress, Challenges, and OpportunitiesIEEE Transactions on Software Engineering10.1109/TSE.2023.332966749:12(5154-5188)Online publication date: 1-Dec-2023
  • (2023)Computing Maximum Fixed Point Solutions over Feasible Paths in Data Flow AnalysesScience of Computer Programming10.1016/j.scico.2023.102944(102944)Online publication date: Mar-2023
  • (2023)A critical comparison on six static analysis tools: Detection, agreement, and precisionJournal of Systems and Software10.1016/j.jss.2022.111575198(111575)Online publication date: Apr-2023
  • (2022)An empirical study on the effectiveness of static C code analyzers for vulnerability detectionProceedings of the 31st ACM SIGSOFT International Symposium on Software Testing and Analysis10.1145/3533767.3534380(544-555)Online publication date: 18-Jul-2022
  • (2022)An Empirical Assessment on Merging and Repositioning of Static Analysis Alarms2022 IEEE 22nd International Working Conference on Source Code Analysis and Manipulation (SCAM)10.1109/SCAM55253.2022.00031(219-229)Online publication date: Oct-2022
  • (2022)Classification and Ranking of Delta Static Analysis Alarms2022 IEEE 22nd International Working Conference on Source Code Analysis and Manipulation (SCAM)10.1109/SCAM55253.2022.00029(197-207)Online publication date: Oct-2022
  • (2021)Empirical Assessment of Program Comprehension Styles in Programming Language Paradigms2021 IEEE Symposium on Visual Languages and Human-Centric Computing (VL/HCC)10.1109/VL/HCC51201.2021.9576333(1-2)Online publication date: 10-Oct-2021
  • (2021)Dynamic Filtering and Prioritization of Static Code Analysis Alerts2021 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW)10.1109/ISSREW53611.2021.00086(294-295)Online publication date: Oct-2021
  • (2020)Evaluation of Software Static AnalyzersProceedings of the 9th International Conference on Software and Information Engineering10.1145/3436829.3436835(11-17)Online publication date: 11-Nov-2020
  • Show More Cited By

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media