STVL: Improve the Precision of Static Defect Detection with Symbolic Three-Valued Logic

Zhao, Yisong; Wang, Yawen; Gong, Yi; Chen, Hong-He; Xiao, Qing; Zhou, Yang

doi:10.1109/apsec.2011.23

Cited by 12 publications

(9 citation statements)

References 32 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The value of data.d will also be 3. But after L8, L9 branch sentences, the value of i on L10 will be 1 or 2, if we do not use sensitive path analysis, the one that a[i] is assigned may be a [1] or a [2]. In this way, we can only process weak update operation.…”

Section: Motivationmentioning

confidence: 99%

“…And models based on region use a region which is represented by a continuous memory block of a memory object. STVL [2] considers the logic relations of value of variables, but it cannot describe the hierarchical relations of compound type data structure. Another way is to limit the testing program requirements, such as no memory allocated for the analyzed program, and assumes all types are completely safe.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Research on Complicate Array Object via Region-Based Memory Model

Wang¹,

Dong²,

Jin³

et al. 2013

Advances in Intelligent Systems Research

Self Cite

View full text Add to dashboard Cite

-Array is widely used in software development, but in static analysis, array cannot be perfectly processed. There exists a series of problems, such as incompletely representation of the associations of different memory units. In this paper, a memory model Symbolic Region Model (SRM) is proposed. It can describe the shape of array objects, different kinds of memory states of array object and relations of array variables. The relations include alias relations, hierarchical relations inside a array object and logic relations between array and pointer variables. Then to improve the precision of array object analysis, a SRM based analysis method is proposed, which is flow sensitive, field sensitive and context sensitive, to analyze the shape, dataflow and point-to relationship at every procedure point. According to the experimental results of a large number of open source projects, the method proposed in this paper can improve the accuracy to process array in the interval computation of static analysis.

show abstract

Section: Motivationmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Research on Complicate Array Object via Region-Based Memory Model

Wang¹,

Dong²,

Jin³

et al. 2013

Advances in Intelligent Systems Research

Self Cite

View full text Add to dashboard Cite

show abstract

“…What information to capture in each procedure summary has been carefully tuned so that the summary should not lose any common defect-related behaviour? Because of limited space, we do not explain our inter-procedural analysis, see [8,10] for details.…”

Section: B Correlation Definitionmentioning

confidence: 99%

“…While encountering at call site , the precise summary is extracted by comparing and the conditional constraints binding with the summary. Then we leverage the refined correlation summary in two different manners: (1) if the summary information is concrete deterministic abstract domains, we will update the call site context using these fresh dataflows for subsequent detection and (2) if the summary is represented by some symbolic expressions, we employ the reversed mapping function to decide which symbol should be substituted by the actual parameter, and the dataflow iterates continually in this manner [8].…”

Section: (2) Correlation Summary Instantiationmentioning

confidence: 99%

Research of alarm correlations based on static defect detection

et al. 2015

View full text Add to dashboard Cite

Original scientific paper Traditional static defect detection tools can detect software defects and report alarms, but the correlations among alarms are not identified and massive independent alarms are against the understanding. Helping users in the alarm verification task is a major challenge for current static defect detection tools. In this paper, we formally introduce alarm correlations. If the occurrence of one alarm causes another alarm, we say that they are correlated. If one dominant alarm is uniquely correlated with another, we know verifying the first will also verify the others. Guided by the correlation, we can reduce the number of alarms required for verification. Our algorithms are inter-procedural, path-sensitive, and scalable. We present a correlation procedure summary model for inter-procedural alarm correlation calculation. The underlying algorithms are implemented inside our defect detection tools. We chose one common semantic fault as a case study and proved that our method has the effect of reducing 34,23 % of workload. Using correlation information, we are able to automate the alarm verification that previously had to be done manually. Keywords: abstract interpretation; alarm correlations; alarm verification; correlation summary; state slicing Istraživanje korelacija alarma na temelju detekcije statičkog kvaraIzvorni znanstveni članak Tradicionalni alati za detekciju statičkog kvara mogu detektirati kvarove softvera i objaviti alarm, ali korelacije između alarma nisu identificirane i masivni nezavisni alarmi protivni su razumijevanju. Pomaganje korisnicima u verifikaciji alarma predstavlja veliki izazov postojećim alatima za detekciju statičke greške. U ovom radu mi formalno uvodimo korelacije alarma. Ako postojanje jednog alarma uzrokuje drugi, kažemo da su u korelaciji. Ako je jedan dominantni alarm jedinstveno povezan s drugim, znamo da će se verifikacijom jednoga također verificirati drugi. Na osnovu korelacije možemo reducirati broj alarma potrebnih za verifikaciju. Naši su algoritmi inter-proceduralni, osjetljivi na putanju i podesivi (scalable). Mi prikazujemo sumarni model postupka korelacije za računanje inter-proceduralne korelacije alarma. Osnovni algoritmi su implementirani u naše alate za detekciju kvara. Izabrali smo jednu uobičajenu semantičku pogrešku za analizu slučaja i dokazali da naša metoda rezultira smanjenjem radnog opterećenja za 34,23 %. Primjenom korelacijeske informacije možemo automatizirati verifikaciju alarma, što se ranije moralo raditi ručno.

show abstract

“…Zhao YS et al [3] introduces symbolized three-valued logical abstraction domains on the basis of interval abstract domain to support the logical association between the expression variables. Jung et al [4] use the Bayesian network to calculate the possibility of an alarm as a real defect.…”

Section: Introductionmentioning

confidence: 99%

Dominant Alarm Research and Implementation Based on Static Defect Detection

Jiao¹,

Jin²,

Zhou³

2018

dtcse

View full text Add to dashboard Cite

Abstract. Code defect detection technology plays an increasingly important role in software testing, but the problem of large number of alarms and high false positive rate is common, thus, the efficiency and difficulty of manual confirmation has seriously hindered the development of this technology. This paper proposes a generation method of dominant alarm, which can effectively reduce the number of the human confirmations and improve validation efficiency. Firstly, by analyzing the feature function of the alarms, the alarms with the same data source can be classified as a collection called 'Equivalent class collection'. Then, the dominant alarm in the equivalent class collection is determined by examining the contextual relationship of the codes where the alarm exits in the collection. Finally, the confirmation of the alarms in the collection can be accomplished by confirming the dominant alarm only. The experiment results show that this method can effectively improve the human conformation efficiency of 20%-30%.

show abstract

STVL: Improve the Precision of Static Defect Detection with Symbolic Three-Valued Logic

Cited by 12 publications

References 32 publications

Research on Complicate Array Object via Region-Based Memory Model

Research on Complicate Array Object via Region-Based Memory Model

Research of alarm correlations based on static defect detection

Dominant Alarm Research and Implementation Based on Static Defect Detection

Contact Info

Product

Resources

About