Efficient elimination of false positives using static analysis

Muske, Tukaram; Khedker, Uday P.

doi:10.1109/issre.2015.7381820

Cited by 16 publications

(10 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…That is, the verification is started with the minimal context and the context is expanded later on a need basis. This approach also has been observed to be beneficial by other studies [37,126].…”

Section: Model Checking-based Afpementioning

confidence: 73%

“…To address this issue, i.e., to improve efficiency of AFPE, different techniques have been proposed. For example, Muske et al [125,126] have proposed static analysis-based techniques to predict outcome of a given model checking call. The predictions are used to reduce the number of model checking calls and thus, improve AFPE efficiency.…”

Section: Model Checking-based Afpementioning

confidence: 99%

See 1 more Smart Citation

Survey of Approaches for Postprocessing of Static Analysis Alarms

Muske

Serebrenik

2022

ACM Comput. Surv.

Self Cite

View full text Add to dashboard Cite

Static analysis tools have showcased their importance and usefulness in automated detection of defects. However, the tools are known to generate a large number of alarms which are warning messages to the user. The large number of alarms and cost incurred by their manual inspection have been identified as two major reasons for underuse of the tools in practice. To address these concerns plentitude of studies propose postprocessing of alarms: processing the alarms after they are generated. These studies differ greatly in their approaches to postprocess alarms. A comprehensive overview of the postprocessing approaches is, however, missing. In this article, we review 130 primary studies that propose postprocessing of alarms. The studies are collected by combining keywords-based database search and snowballing. We categorize approaches proposed by the collected studies into six main categories: clustering, ranking, pruning, automated elimination of false positives, combination of static and dynamic analyses, and simplification of manual inspection. We provide overview of the categories and sub-categories identified for them, their merits and shortcomings, and different techniques used to implement the approaches. Furthermore, we provide (1) guidelines for selection of the postprocessing techniques by the users/designers of static analysis tools; and (2) directions that can be explored by the researchers.

show abstract

Section: Model Checking-based Afpementioning

confidence: 73%

Section: Model Checking-based Afpementioning

confidence: 99%

Survey of Approaches for Postprocessing of Static Analysis Alarms

Muske

Serebrenik

2022

ACM Comput. Surv.

Self Cite

View full text Add to dashboard Cite

show abstract

“…Muske et al [24] augmented static analysis with model checking to improve precision. In their work, a model checker generated assertions associated with each static code analysis tool warning.…”

Section: Formal Methodsmentioning

confidence: 99%

Identifying and Documenting False Positive Patterns Generated by Static Code Analysis Tools

Reynolds

Jayanth

Koç

et al. 2017

2017 IEEE/ACM 4th International Workshop on Software Engineering Research and Industrial Practice (SER&IP)

View full text Add to dashboard Cite

show abstract

“…Authors in [32] aim to detect FPAs via the use of deductive checking to verify the conforms of source code position reported by the alert with a standard coding protocol such as Sei Cert C and ANSI/ISO. Authors in [33] aim to improve the scalability of model checking to handle the massive amount of generated SAT false positive alerts. They introduce a new variable named complete-range non-deterministic values (cnv) to reduce and avoid redundant verification calls of the model checker, mostly responsible for generating false-positive alerts.…”

Section: Model Checking Based Approachesmentioning

confidence: 99%

Software Security Static Analysis False Alerts Handling Approaches

Akremi¹

2021

IJACSA

View full text Add to dashboard Cite

False Positive Alerts (FPA), generated by Static Analyzers Tools (SAT), reduce the effectiveness of the automatic code review, letting them be underused in practice. Researchers conduct a lot of tests to improve SAT accuracy while keeping FPA at a lower rate. They use different simulated and production datasets to validate their proposed methods. This paper surveys recent approaches dealing with FPA filtering; it compares them and discusses their usefulness. It also studies the used datasets to validate the identified methods and show their effectiveness to cover most program defects. This study focuses mainly on the security bugs covered by the datasets and handled by the existing methods.

show abstract

Efficient elimination of false positives using static analysis

Cited by 16 publications

References 13 publications

Survey of Approaches for Postprocessing of Static Analysis Alarms

Survey of Approaches for Postprocessing of Static Analysis Alarms

Identifying and Documenting False Positive Patterns Generated by Static Code Analysis Tools

Software Security Static Analysis False Alerts Handling Approaches

Contact Info

Product

Resources

About