Survey of approaches for handling static analysis alarms

Tukaram Muske; A. Serebrenik

doi:10.1109/SCAM.2016.25

Survey of approaches for handling static analysis alarms

Tukaram Muske, A. Serebrenik

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

45 Citations (Scopus)

Abstract

Static analysis tools have showcased their importance and usefulness in automated detection of code anomalies and defects. However, the large number of alarms reported and cost incurred in their manual inspections have been the major concerns with the usage of static analysis tools. Existing studies addressing these concerns differ greatly in their approaches to handle the alarms, varying from automatic postprocessing of alarms, supporting the tool-users during manual inspections of the alarms, to designing of light-weight static analysis tools. A comprehensive study of approaches for handling alarms is, however, not found. In this paper, we review 79 alarms handling studies collected through a systematic literature search and classify the approaches proposed into seven categories. The literature search is performed by combining the keywords-based database search and snowballing. Our review is intended to provide an overview of various alarms handling approaches, their merits and shortcomings, and different techniques used in their implementations. Our findings include that the categorized alarms handling approaches are complementary and they can be combined together in different ways. The categorized approaches and techniques employed in them can help the designers and developers of static analysis tools to make informed choices.

Original language	English
Title of host publication	2016 IEEE 16th International Working Conference on Source Code Analysis and Manipulation (SCAM)
Place of Publication	Piscataway
Publisher	Institute of Electrical and Electronics Engineers
Pages	157-166
ISBN (Electronic)	978-1-5090-3848-0
DOIs	https://doi.org/10.1109/SCAM.2016.25
Publication status	Published - 2016
Event	2016 International Working Conference on Source Code Analysis and manupilation (SCAM), October 2-3, 2016, Raleigh, - Raleigh, NC, United States Duration: 2 Oct 2016 → 3 Oct 2016

Conference

Conference	2016 International Working Conference on Source Code Analysis and manupilation (SCAM), October 2-3, 2016, Raleigh,
Abbreviated title	SCAM'16
Country/Territory	United States
City	Raleigh, NC
Period	2/10/16 → 3/10/16

Access to Document

10.1109/SCAM.2016.25

Cite this

@inproceedings{cc8fe6e6efb94f1dbe5cf5b85d2d0e9e,

title = "Survey of approaches for handling static analysis alarms",

abstract = "Static analysis tools have showcased their importance and usefulness in automated detection of code anomalies and defects. However, the large number of alarms reported and cost incurred in their manual inspections have been the major concerns with the usage of static analysis tools. Existing studies addressing these concerns differ greatly in their approaches to handle the alarms, varying from automatic postprocessing of alarms, supporting the tool-users during manual inspections of the alarms, to designing of light-weight static analysis tools. A comprehensive study of approaches for handling alarms is, however, not found. In this paper, we review 79 alarms handling studies collected through a systematic literature search and classify the approaches proposed into seven categories. The literature search is performed by combining the keywords-based database search and snowballing. Our review is intended to provide an overview of various alarms handling approaches, their merits and shortcomings, and different techniques used in their implementations. Our findings include that the categorized alarms handling approaches are complementary and they can be combined together in different ways. The categorized approaches and techniques employed in them can help the designers and developers of static analysis tools to make informed choices.",

author = "Tukaram Muske and A. Serebrenik",

year = "2016",

doi = "10.1109/SCAM.2016.25",

language = "English",

pages = "157--166",

booktitle = "2016 IEEE 16th International Working Conference on Source Code Analysis and Manipulation (SCAM)",

publisher = "Institute of Electrical and Electronics Engineers",

address = "United States",

note = "2016 International Working Conference on Source Code Analysis and manupilation (SCAM), October 2-3, 2016, Raleigh, , SCAM'16 ; Conference date: 02-10-2016 Through 03-10-2016",

}

Muske, T & Serebrenik, A 2016, Survey of approaches for handling static analysis alarms. in 2016 IEEE 16th International Working Conference on Source Code Analysis and Manipulation (SCAM) . Institute of Electrical and Electronics Engineers, Piscataway, pp. 157-166, 2016 International Working Conference on Source Code Analysis and manupilation (SCAM), October 2-3, 2016, Raleigh, , Raleigh, NC, United States, 2/10/16. https://doi.org/10.1109/SCAM.2016.25

Survey of approaches for handling static analysis alarms. / Muske, Tukaram; Serebrenik, A.
2016 IEEE 16th International Working Conference on Source Code Analysis and Manipulation (SCAM) . Piscataway: Institute of Electrical and Electronics Engineers, 2016. p. 157-166.

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

TY - GEN

T1 - Survey of approaches for handling static analysis alarms

AU - Muske, Tukaram

AU - Serebrenik, A.

PY - 2016

Y1 - 2016

N2 - Static analysis tools have showcased their importance and usefulness in automated detection of code anomalies and defects. However, the large number of alarms reported and cost incurred in their manual inspections have been the major concerns with the usage of static analysis tools. Existing studies addressing these concerns differ greatly in their approaches to handle the alarms, varying from automatic postprocessing of alarms, supporting the tool-users during manual inspections of the alarms, to designing of light-weight static analysis tools. A comprehensive study of approaches for handling alarms is, however, not found. In this paper, we review 79 alarms handling studies collected through a systematic literature search and classify the approaches proposed into seven categories. The literature search is performed by combining the keywords-based database search and snowballing. Our review is intended to provide an overview of various alarms handling approaches, their merits and shortcomings, and different techniques used in their implementations. Our findings include that the categorized alarms handling approaches are complementary and they can be combined together in different ways. The categorized approaches and techniques employed in them can help the designers and developers of static analysis tools to make informed choices.

AB - Static analysis tools have showcased their importance and usefulness in automated detection of code anomalies and defects. However, the large number of alarms reported and cost incurred in their manual inspections have been the major concerns with the usage of static analysis tools. Existing studies addressing these concerns differ greatly in their approaches to handle the alarms, varying from automatic postprocessing of alarms, supporting the tool-users during manual inspections of the alarms, to designing of light-weight static analysis tools. A comprehensive study of approaches for handling alarms is, however, not found. In this paper, we review 79 alarms handling studies collected through a systematic literature search and classify the approaches proposed into seven categories. The literature search is performed by combining the keywords-based database search and snowballing. Our review is intended to provide an overview of various alarms handling approaches, their merits and shortcomings, and different techniques used in their implementations. Our findings include that the categorized alarms handling approaches are complementary and they can be combined together in different ways. The categorized approaches and techniques employed in them can help the designers and developers of static analysis tools to make informed choices.

U2 - 10.1109/SCAM.2016.25

DO - 10.1109/SCAM.2016.25

M3 - Conference contribution

SP - 157

EP - 166

BT - 2016 IEEE 16th International Working Conference on Source Code Analysis and Manipulation (SCAM)

PB - Institute of Electrical and Electronics Engineers

CY - Piscataway

T2 - 2016 International Working Conference on Source Code Analysis and manupilation (SCAM), October 2-3, 2016, Raleigh,

Y2 - 2 October 2016 through 3 October 2016

ER -

Survey of approaches for handling static analysis alarms

Abstract

Conference

Access to Document

Fingerprint

Cite this