Abstract
Static analysis tools help to detect common programming errors but generate a large number of alarms indicating possible errors. Moreover, when applied to evolving software systems, around 95% of alarms generated on a version are repeated, i.e., they have also been generated on the previous version. Version-aware static analysis techniques (VSATs) have been proposed to suppress the repeated alarms that are not impacted by the code changes between the two versions. The alarms reported by VSATs after the suppression, called delta alarms, still constitute 63% of the tool generated alarms.
We observe that delta alarms can be further postprocessed using their corresponding code changes: the code changes due to which VSATs identify them as delta alarms. However, none of the existing VSATs or alarms postprocessing techniques postprocesses delta alarms using the corresponding code changes. Based on this observation, we use the code changes to classify delta alarms into six classes that have different priorities assigned to them. The assignment of priorities is based on the type of code changes and their likelihood of actually impacting the delta alarms. The ranking of alarms, obtained through the prioritization of classes, can help suppress alarms that are ranked lower, when resources to inspect the alarms are limited.
We performed an empirical evaluation using 9789 alarms generated on 59 versions of seven open source C applications. The evaluation results indicate that the proposed classification and ranking of delta alarms help to identify, on average, 53% of delta alarms as less likely to be errors than the others.
We observe that delta alarms can be further postprocessed using their corresponding code changes: the code changes due to which VSATs identify them as delta alarms. However, none of the existing VSATs or alarms postprocessing techniques postprocesses delta alarms using the corresponding code changes. Based on this observation, we use the code changes to classify delta alarms into six classes that have different priorities assigned to them. The assignment of priorities is based on the type of code changes and their likelihood of actually impacting the delta alarms. The ranking of alarms, obtained through the prioritization of classes, can help suppress alarms that are ranked lower, when resources to inspect the alarms are limited.
We performed an empirical evaluation using 9789 alarms generated on 59 versions of seven open source C applications. The evaluation results indicate that the proposed classification and ranking of delta alarms help to identify, on average, 53% of delta alarms as less likely to be errors than the others.
Original language | English |
---|---|
Pages | 197-207 |
Number of pages | 11 |
DOIs | |
Publication status | Published - 3 Oct 2022 |
Event | International Working Conference on Source Code Analysis & Manipulation - Limassol, Cyprus Duration: 3 Oct 2022 → 4 Oct 2022 Conference number: 22 https://www.ieee-scam.org/2022/ |
Conference
Conference | International Working Conference on Source Code Analysis & Manipulation |
---|---|
Abbreviated title | SCAM |
Country/Territory | Cyprus |
City | Limassol |
Period | 3/10/22 → 4/10/22 |
Internet address |
Keywords
- static analysis
- delta alarms
- impact analysis
- version-aware static analysis
- classification of alarms
- ranking of alarms
- ranking and classification of alarms
- version aware static analysis
- Static analysis
- program slicing
- incremental analysis