SMT-Based Refutation of Spurious Bug Reports in the Clang Static Analyzer

Gadelha, Mikhail R.; Steffinlongo, Enrico; Cordeiro, Lucas C.; Fischer, Bernd; Nicole, Denis A.

doi:10.1109/icse-companion.2019.00026

Cited by 11 publications

(7 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In this sub-category, SMT solvers [40,120] or deductive verification (also called theorem proving) [50] are used to eliminate false positives [53,131,132,177]. For example, Nguyen et al [131,132] use deductive verification to eliminate false positives.…”

Section: Smt Solvers/deductive Verification-based Afpementioning

confidence: 99%

“…For example, Nguyen et al [131,132] use deductive verification to eliminate false positives. In the studies that use SMT solvers for AFPE [53,177], for each alarm, constraints are generated that represent the conditions under which the alarm is an error. Then, the constraints are checked using a SMT solver to determine their satisfiability.…”

Section: Smt Solvers/deductive Verification-based Afpementioning

confidence: 99%

“…51 https://hex-rays.com/ 52 https://resources.sei.cmu.edu/library/asset-view.cfm?assetid=50801753 http://spinroot.com/cobra/manual.html 54 https://github.com/Boolector/boolector 55 http://pathcrawler-online.com:8080/…”

mentioning

confidence: 99%

See 2 more Smart Citations

Survey of Approaches for Postprocessing of Static Analysis Alarms

Muske

Serebrenik

2022

ACM Comput. Surv.

View full text Add to dashboard Cite

Static analysis tools have showcased their importance and usefulness in automated detection of defects. However, the tools are known to generate a large number of alarms which are warning messages to the user. The large number of alarms and cost incurred by their manual inspection have been identified as two major reasons for underuse of the tools in practice. To address these concerns plentitude of studies propose postprocessing of alarms: processing the alarms after they are generated. These studies differ greatly in their approaches to postprocess alarms. A comprehensive overview of the postprocessing approaches is, however, missing. In this article, we review 130 primary studies that propose postprocessing of alarms. The studies are collected by combining keywords-based database search and snowballing. We categorize approaches proposed by the collected studies into six main categories: clustering, ranking, pruning, automated elimination of false positives, combination of static and dynamic analyses, and simplification of manual inspection. We provide overview of the categories and sub-categories identified for them, their merits and shortcomings, and different techniques used to implement the approaches. Furthermore, we provide (1) guidelines for selection of the postprocessing techniques by the users/designers of static analysis tools; and (2) directions that can be explored by the researchers.

show abstract

Section: Smt Solvers/deductive Verification-based Afpementioning

confidence: 99%

Section: Smt Solvers/deductive Verification-based Afpementioning

confidence: 99%

See 1 more Smart Citation

Survey of Approaches for Postprocessing of Static Analysis Alarms

Muske

Serebrenik

2022

ACM Comput. Surv.

View full text Add to dashboard Cite

show abstract

“…Tools like RATS [14], Flawfinder [40], and Infer [6] are of this type. However, they produce many false positives, a problem identified early on by [2,8,15], making these tools difficult to use effectively as part of the developer tool chain.…”

Section: Related Workmentioning

confidence: 99%

Exploring Software Naturalness through Neural Language Models

Buratti,

Pujar,

Bornea

et al. 2020

Preprint

View full text Add to dashboard Cite

The Software Naturalness hypothesis argues that programming languages can be understood through the same techniques used in natural language processing. We explore this hypothesis through the use of a pre-trained transformer-based language model to perform code analysis tasks. Present approaches to code analysis depend heavily on features derived from the Abstract Syntax Tree (AST) while our transformer-based language models work on raw source code. This work is the first to investigate whether such language models can discover AST features automatically. To achieve this, we introduce a sequence labeling task that directly probes the language model's understanding of AST. Our results show that transformer based language models achieve high accuracy in the AST tagging task. Furthermore, we evaluate our model on a software vulnerability identification task. Importantly, we show that our approach obtains vulnerability identification results comparable to graph based approaches that rely heavily on compilers for feature extraction. * Equal Contribution. In no particular order.Preprint. Under review.

show abstract

“…Also in software engineering many problems are closely related to planning. As an example, consider program analysis based on static analyzers [25], [39]. To check whether the reported bugs are spurious or real, state-of-the-art SMT constraint solvers can be used to synthesize the sequence of actions leading to the bug.…”

Section: Introductionmentioning

confidence: 99%

Probabilistic Preference Planning Problem for Markov Decision Processes

Turrini

Hahn

et al. 2022

IIEEE Trans. Software Eng.

View full text Add to dashboard Cite

The classical planning problem aims to find a sequence of permitted actions leading a system to a designed state, i.e., to achieve the system's task. However, in many realistic cases we also have requirements on how to complete the task, indicating that some behaviors and situations are more preferred than others. In this paper, we present the probabilistic preference-based planning problem (P4) for Markov decision processes, where the preferences are defined based on an enriched probabilistic LTL-style logic. We first recall P4Solver, an SMT-based planner computing the preferred plan by reducing the problem to a quadratic programming one previously developed to solve P4. To improve computational efficiency and scalability, we then introduce a new encoding of the probabilistic preference-based planning problem as a multi-objective model checking one, and propose the corresponding planner P4Solver MO . We illustrate the efficacy of both planners on some selected case studies to show that the model checking-based algorithm is considerably more efficient than the quadratic-programming-based one.

show abstract

SMT-Based Refutation of Spurious Bug Reports in the Clang Static Analyzer

Cited by 11 publications

References 13 publications

Survey of Approaches for Postprocessing of Static Analysis Alarms

Survey of Approaches for Postprocessing of Static Analysis Alarms

Exploring Software Naturalness through Neural Language Models

Probabilistic Preference Planning Problem for Markov Decision Processes

Contact Info

Product

Resources

About