Improving Review of Clustered-Code Analysis Warnings

Muske, Tukaram

doi:10.1109/icsme.2014.97

Cited by 9 publications

(3 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Semi-automic diagnosis [14,54,148,149,189,193] Feedback-based [114,153] Checklists [8,140] UI & navigation tools [5,21,33,70,79,138] Alarm-relevant queries [42,80,127,190] Automated repair [12,15,115,116,179] Others [6,112,119,121,133,136,144] Fig. 1.…”

Section: Overview Of the Extracted Datamentioning

confidence: 99%

“…When an application to be analyzed belongs to multiple types, it would be more beneficial if more than one approach is applied, because combination of different approaches will help to reduce more alarms or simplify inspection of alarms further. For example, analyzing partitioned-code of an evolving application would require combining techniques that take into account the nature of multiple versions (pruning based on relative correctness [30,109]) and multiple partitions (clustering based on common points of interest [121]). The diversity of applications in terms of programming languages and coding practices induce different requirements when it comes to postprocessing of alarms and make the postprocessing much more challenging.…”

Section: F Simplification Of Manual Inspectionmentioning

confidence: 99%

See 1 more Smart Citation

Survey of Approaches for Postprocessing of Static Analysis Alarms

Muske

Serebrenik

2022

ACM Comput. Surv.

Self Cite

View full text Add to dashboard Cite

Static analysis tools have showcased their importance and usefulness in automated detection of defects. However, the tools are known to generate a large number of alarms which are warning messages to the user. The large number of alarms and cost incurred by their manual inspection have been identified as two major reasons for underuse of the tools in practice. To address these concerns plentitude of studies propose postprocessing of alarms: processing the alarms after they are generated. These studies differ greatly in their approaches to postprocess alarms. A comprehensive overview of the postprocessing approaches is, however, missing. In this article, we review 130 primary studies that propose postprocessing of alarms. The studies are collected by combining keywords-based database search and snowballing. We categorize approaches proposed by the collected studies into six main categories: clustering, ranking, pruning, automated elimination of false positives, combination of static and dynamic analyses, and simplification of manual inspection. We provide overview of the categories and sub-categories identified for them, their merits and shortcomings, and different techniques used to implement the approaches. Furthermore, we provide (1) guidelines for selection of the postprocessing techniques by the users/designers of static analysis tools; and (2) directions that can be explored by the researchers.

show abstract

Section: Overview Of the Extracted Datamentioning

confidence: 99%

Section: F Simplification Of Manual Inspectionmentioning

confidence: 99%

Survey of Approaches for Postprocessing of Static Analysis Alarms

Muske

Serebrenik

2022

ACM Comput. Surv.

Self Cite

View full text Add to dashboard Cite

show abstract

“…To reduce the number of alarms reported without affecting the errors uncovered. Furthermore, since traditional static analysis tools report alarms at the locations where run-time errors are likely to occur, the user has to traverse the code back to the causes of an alarm to identify whether the alarm represents an error or not [12,18,23]. Given the large size and complexity of industrial source code [23], this traversal can be a daunting task.…”

mentioning

confidence: 99%

Repositioning of static analysis alarms

Muske

Talluri

Serebrenik

2018

Proceedings of the 27th ACM SIGSOFT International Symposium on Software Testing and Analysis

Self Cite

View full text Add to dashboard Cite

The large number of alarms reported by static analysis tools is often recognized as one of the major obstacles to industrial adoption of such tools. We present repositioning of alarms, a novel automatic postprocessing technique intended to reduce the number of reported alarms without affecting the errors uncovered by them. The reduction in the number of alarms is achieved by moving groups of related alarms along the control flow to a program point where they can be replaced by a single alarm. In the repositioning technique, as the locations of repositioned alarms are different than locations of the errors uncovered by them, we also maintain traceability links between a repositioned alarm and its corresponding original alarm(s). The presented technique is tool-agnostic and orthogonal to many other techniques available for postprocessing alarms. To evaluate the technique, we applied it as a postprocessing step to alarms generated for 4 verification properties on 16 open source and 4 industry applications. The results indicate that the alarms repositioning technique reduces the alarms count by up to 20% over the state-of-the-art alarms grouping techniques with a median reduction of 7.25%.

show abstract

On the Verification of Software Vulnerabilities During Static Code Analysis Using Data Mining Techniques

Cheirdari

Karabatis

2017

On the Move to Meaningful Internet Systems. OTM 2017 Conferences

View full text Add to dashboard Cite

Improving Review of Clustered-Code Analysis Warnings

Cited by 9 publications

References 8 publications

Survey of Approaches for Postprocessing of Static Analysis Alarms

Survey of Approaches for Postprocessing of Static Analysis Alarms

Repositioning of static analysis alarms

On the Verification of Software Vulnerabilities During Static Code Analysis Using Data Mining Techniques

Contact Info

Product

Resources

About