A systematic literature review of actionable alert identification techniques for automated static code analysis

Heckman, Sarah; Williams, Laurie

doi:10.1016/j.infsof.2010.12.007

Cited by 122 publications

(85 citation statements)

References 50 publications

(283 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In 2011, Sarah Heckmann et al [37] have made an inventory and evaluation of defects detections technique. To do this work, they first collected articles in scientific journals (ACM, IEEE, Springer); They sorted these articles manually according to their importance in relation to the problem.…”

Section: Defect Detection Techniquesmentioning

confidence: 99%

“…As we have just seen, for the renaming of entities this will be an adequate behavior. The reasoning behind this decision was that research showed that the majority of programmers did not care about violations [37]. Therefore, a violation may go unnoticed for a long period of time before it simply disappears due to unexpected changes in the source code.…”

Section: Some Terminologiesmentioning

confidence: 99%

See 1 more Smart Citation

Learning from Human Repairs Through the Exploitation of Software Repositories

Oumarou¹,

Kolyang²

2017

IJSEA

View full text Add to dashboard Cite

show abstract

Section: Defect Detection Techniquesmentioning

confidence: 99%

Section: Some Terminologiesmentioning

confidence: 99%

Learning from Human Repairs Through the Exploitation of Software Repositories

Oumarou¹,

Kolyang²

2017

IJSEA

View full text Add to dashboard Cite

show abstract

“…This fails for situations where a programmer writes code that performs as intended and does not wish to modify. We therefore use the term actionable alert (AA) to define a SA alert that the programmer would act on to resolve and unactionable alert (UA) to define a SA alert that the programmer would not act on to resolve [15].…”

Section: Introductionmentioning

confidence: 99%

“…Because of the prevalence of unactionable alerts in SA warnings, considerable work has attempted to predict whether alerts are actionable or not; Heckman and Williams survey this literature [15]. Of particular importance in this research are the set of characteristics used to predict what SA alerts are actionable or unactionable.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Finding patterns in static analysis alerts: improving actionable alert ranking

Hanam

Tan

Holmes

et al. 2014

Proceedings of the 11th Working Conference on Mining Software Repositories

View full text Add to dashboard Cite

Static analysis (SA) tools that find bugs by inferring programmer beliefs (e.g., FindBugs) are commonplace in today's software industry. While they find a large number of actual defects, they are often plagued by high rates of alerts that a developer would not act on (unactionable alerts) because they are incorrect, do not significantly affect program execution, etc. High rates of unactionable alerts decrease the utility of static analysis tools in practice.We present a method for differentiating actionable and unactionable alerts by finding alerts with similar code patterns. To do so, we create a feature vector based on code characteristics at the site of each SA alert. With these feature vectors, we use machine learning techniques to build an actionable alert prediction model that is able to classify new SA alerts.We evaluate our technique on three subject programs using the FindBugs static analysis tool and the Faultbench benchmark methodology. For a developer inspecting the top 5% of all alerts for three sample projects, our approach is able to identify 57 of 211 actionable alerts, which is 38 more than the FindBugs priority measure. Combined with previous actionable alert identification techniques, our method finds 75 actionable alerts in the top 5%, which is four more actionable alerts (a 6% improvement) than previous actionable alert identification techniques.

show abstract

Integrated static code analysis and runtime verification

Sözer

2014

Softw Pract Exp

View full text Add to dashboard Cite

Due to copyright restrictions, the access to the full text of this article is only available via subscription.Static code analysis tools automatically generate alerts for potential software faults that can lead to failures. However, these tools usually generate a very large number of alerts, some of which are subject to false positives. Because of limited resources, it is usually hard to inspect all the alerts. As a complementary approach, runtime verification techniques verify dynamic system behavior with respect to a set of specifications. However, these specifications are usually created manually based on system requirements and constraints. In this paper, we introduce a noval approach and a toolchain for integrated static code analysis and runtime verification. Alerts that are generated by static code analysis tools are utilized for automatically generating runtime verification specifications. On the other hand, runtime verification results are used for automatically generating filters for static code analysis tools to eliminate false positives. The approach is illustrated for the static analysis and runtime verification of an open-source bibliography reference manager software.TÜBİTA

show abstract

A systematic literature review of actionable alert identification techniques for automated static code analysis

Cited by 122 publications

References 50 publications

Learning from Human Repairs Through the Exploitation of Software Repositories

Learning from Human Repairs Through the Exploitation of Software Repositories

Finding patterns in static analysis alerts: improving actionable alert ranking

Integrated static code analysis and runtime verification

Contact Info

Product

Resources

About