Survey of approaches for handling static analysis alarms

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

    26 Citations (Scopus)

    Abstract

    Static analysis tools have showcased their importance and usefulness in automated detection of code anomalies and defects. However, the large number of alarms reported and cost incurred in their manual inspections have been the major concerns with the usage of static analysis tools. Existing studies addressing these concerns differ greatly in their approaches to handle the alarms, varying from automatic postprocessing of alarms, supporting the tool-users during manual inspections of the alarms, to designing of light-weight static analysis tools. A comprehensive study of approaches for handling alarms is, however, not found. In this paper, we review 79 alarms handling studies collected through a systematic literature search and classify the approaches proposed into seven categories. The literature search is performed by combining the keywords-based database search and snowballing. Our review is intended to provide an overview of various alarms handling approaches, their merits and shortcomings, and different techniques used in their implementations. Our findings include that the categorized alarms handling approaches are complementary and they can be combined together in different ways. The categorized approaches and techniques employed in them can help the designers and developers of static analysis tools to make informed choices.
    Original languageEnglish
    Title of host publication2016 IEEE 16th International Working Conference on Source Code Analysis and Manipulation (SCAM)
    Place of PublicationPiscataway
    PublisherInstitute of Electrical and Electronics Engineers
    Pages157-166
    ISBN (Electronic)978-1-5090-3848-0
    DOIs
    Publication statusPublished - 2016
    Event2016 International Working Conference on Source Code Analysis and manupilation (SCAM), October 2-3, 2016, Raleigh, - Raleigh, NC, United States
    Duration: 2 Oct 20163 Oct 2016

    Conference

    Conference2016 International Working Conference on Source Code Analysis and manupilation (SCAM), October 2-3, 2016, Raleigh,
    Abbreviated titleSCAM'16
    CountryUnited States
    CityRaleigh, NC
    Period2/10/163/10/16

    Fingerprint

    Dive into the research topics of 'Survey of approaches for handling static analysis alarms'. Together they form a unique fingerprint.

    Cite this