On establishing a benchmark for evaluating static analysis alert prioritization and classification techniques

Authors:
Sarah Heckman;Laurie Williams
Affiliations:
North Carolina State University, Raleigh, NC, USA;North Carolina State University, Raleigh, NC, USA
Venue:
Proceedings of the Second ACM-IEEE international symposium on Empirical software engineering and measurement
Year:
2008

Citing 19
Cited 8

Experiments of the effectiveness of dataflow- and controlflow-based test adequacy criteria

ICSE '94 Proceedings of the 16th international conference on Software engineering
Prioritizing Test Cases For Regression Testing

IEEE Transactions on Software Engineering
Should Computer Scientists Experiment More?

Computer
Using benchmarking to advance research: a challenge to software engineering

Proceedings of the 25th International Conference on Software Engineering
Balancing Agility and Discipline: A Guide for the Perplexed

Balancing Agility and Discipline: A Guide for the Perplexed
Finding bugs is easy

OOPSLA '04 Companion to the 19th annual ACM SIGPLAN conference on Object-oriented programming systems, languages, and applications
Correlation exploitation in error ranking

Proceedings of the 12th ACM SIGSOFT twelfth international symposium on Foundations of software engineering
Automatic Mining of Source Code Repositories to Improve Bug Finding Techniques

IEEE Transactions on Software Engineering
Effective static race detection for Java

Proceedings of the 2006 ACM SIGPLAN conference on Programming language design and implementation
Prioritizing Software Inspection Results using Static Profiling

SCAM '06 Proceedings of the Sixth IEEE International Workshop on Source Code Analysis and Manipulation
Data Mining: Practical Machine Learning Tools and Techniques, Second Edition (Morgan Kaufmann Series in Data Management Systems)

Data Mining: Practical Machine Learning Tools and Techniques, Second Edition (Morgan Kaufmann Series in Data Management Systems)
Predicting Faults from Cached History

ICSE '07 Proceedings of the 29th international conference on Software Engineering
Evaluating static analysis defect warnings on production software

PASTE '07 Proceedings of the 7th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering
Prioritizing Warning Categories by Analyzing Software History

MSR '07 Proceedings of the Fourth International Workshop on Mining Software Repositories
Predicting Defects for Eclipse

PROMISE '07 Proceedings of the Third International Workshop on Predictor Models in Software Engineering
Which warnings should I fix first?

Proceedings of the the 6th joint meeting of the European software engineering conference and the ACM SIGSOFT symposium on The foundations of software engineering
Adaptively ranking alerts generated from automated static analysis

Crossroads
An Evaluation of Two Bug Pattern Tools for Java

ICST '08 Proceedings of the 2008 International Conference on Software Testing, Verification, and Validation
On the Value of Static Analysis for Fault Detection in Software

IEEE Transactions on Software Engineering

BegBunch: benchmarking for C bug detection tools

Proceedings of the 2nd International Workshop on Defects in Large Software Systems: Held in conjunction with the ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA 2009)
Towards a unified fault-detection benchmark

Proceedings of the 9th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering
Automatic construction of an effective training set for prioritizing static analysis warnings

Proceedings of the IEEE/ACM international conference on Automated software engineering
A systematic literature review of actionable alert identification techniques for automated static code analysis

Information and Software Technology
Active refinement of clone anomaly reports

Proceedings of the 34th International Conference on Software Engineering
Dynamically validating static memory leak warnings

Proceedings of the 2013 International Symposium on Software Testing and Analysis
Why don't software developers use static analysis tools to find bugs?

Proceedings of the 2013 International Conference on Software Engineering
A comparative evaluation of static analysis actionable alert identification techniques

Proceedings of the 9th International Conference on Predictive Models in Software Engineering

Quantified Score

Hi-index	0.00

Visualization

Abstract

Benchmarks provide an experimental basis for evaluating software engineering processes or techniques in an objective and repeatable manner. We present the FAULTBENCH v0.1 benchmark, as a contribution to current benchmark materials, for evaluation and comparison of techniques that prioritize and classify alerts generated by static analysis tools. Static analysis tools may generate an overwhelming number of alerts, the majority of which are likely to be false positives (FP). Two FP mitigation techniques, alert prioritization and classification, provide an ordering or classification of alerts, identifying those likely to be anomalies. We evaluate FAULTBENCH using three versions of a FP mitigation technique within the AWARE adaptive prioritization model. Individual FAULTBENCH subjects vary in their optimal FP mitigation techniques. Together, FAULTBENCH subjects provide a precise and general evaluation of FP mitigation techniques.