Samenvatting
Static analysis tools help to detect common programming errors but generate a large number of alarms indicating possible errors. Moreover, when applied to evolving software systems, around 95% of alarms generated on a version are repeated, i.e., they have also been generated on the previous version. Version-aware static analysis techniques (VSATs) have been proposed to suppress the repeated alarms that are not impacted by the code changes between the two versions. The alarms reported by VSATs after the suppression, called delta alarms, still constitute 63% of the tool generated alarms.
We observe that delta alarms can be further postprocessed using their corresponding code changes: the code changes due to which VSATs identify them as delta alarms. However, none of the existing VSATs or alarms postprocessing techniques postprocesses delta alarms using the corresponding code changes. Based on this observation, we use the code changes to classify delta alarms into six classes that have different priorities assigned to them. The assignment of priorities is based on the type of code changes and their likelihood of actually impacting the delta alarms. The ranking of alarms, obtained through the prioritization of classes, can help suppress alarms that are ranked lower, when resources to inspect the alarms are limited.
We performed an empirical evaluation using 9789 alarms generated on 59 versions of seven open source C applications. The evaluation results indicate that the proposed classification and ranking of delta alarms help to identify, on average, 53% of delta alarms as less likely to be errors than the others.
We observe that delta alarms can be further postprocessed using their corresponding code changes: the code changes due to which VSATs identify them as delta alarms. However, none of the existing VSATs or alarms postprocessing techniques postprocesses delta alarms using the corresponding code changes. Based on this observation, we use the code changes to classify delta alarms into six classes that have different priorities assigned to them. The assignment of priorities is based on the type of code changes and their likelihood of actually impacting the delta alarms. The ranking of alarms, obtained through the prioritization of classes, can help suppress alarms that are ranked lower, when resources to inspect the alarms are limited.
We performed an empirical evaluation using 9789 alarms generated on 59 versions of seven open source C applications. The evaluation results indicate that the proposed classification and ranking of delta alarms help to identify, on average, 53% of delta alarms as less likely to be errors than the others.
Originele taal-2 | Engels |
---|---|
Pagina's | 197-207 |
Aantal pagina's | 11 |
DOI's | |
Status | Gepubliceerd - 3 okt. 2022 |
Evenement | International Working Conference on Source Code Analysis & Manipulation - Limassol, Cyprus Duur: 3 okt. 2022 → 4 okt. 2022 Congresnummer: 22 https://www.ieee-scam.org/2022/ |
Congres
Congres | International Working Conference on Source Code Analysis & Manipulation |
---|---|
Verkorte titel | SCAM |
Land/Regio | Cyprus |
Stad | Limassol |
Periode | 3/10/22 → 4/10/22 |
Internet adres |