Z-ranking: using statistical analysis to counter the impact of static analysis approximations

Authors:
Ted Kremenek;Dawson Engler
Affiliations:
Computer Systems Laboratory, Stanford University, Stanford, CA;Computer Systems Laboratory, Stanford University, Stanford, CA
Venue:
SAS'03 Proceedings of the 10th international conference on Static analysis
Year:
2003

Citing 9
Cited 34

LCLint: a tool for using specifications to check code

SIGSOFT '94 Proceedings of the 2nd ACM SIGSOFT symposium on Foundations of software engineering
Type-based race detection for Java

PLDI '00 Proceedings of the ACM SIGPLAN 2000 conference on Programming language design and implementation
Automatically validating temporal safety properties of interfaces

SPIN '01 Proceedings of the 8th international SPIN workshop on Model checking of software
An empirical study of operating systems errors

SOSP '01 Proceedings of the eighteenth ACM symposium on Operating systems principles
Flow-sensitive type qualifiers

PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
ESP: path-sensitive program verification in polynomial time

PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
A system and language for building system-specific, static analyses

PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
Detecting Races in Relay Ladder Logic Programs

TACAS '98 Proceedings of the 4th International Conference on Tools and Algorithms for Construction and Analysis of Systems
Checking system rules using system-specific, programmer-written compiler extensions

OSDI'00 Proceedings of the 4th conference on Symposium on Operating System Design & Implementation - Volume 4

MECA: an extensible, expressive system and language for statically checking security properties

Proceedings of the 10th ACM conference on Computer and communications security
Correlation exploitation in error ranking

Proceedings of the 12th ACM SIGSOFT twelfth international symposium on Foundations of software engineering
Finding bugs is easy

ACM SIGPLAN Notices
Check 'n' crash: combining static checking and testing

Proceedings of the 27th international conference on Software engineering
Automatic Mining of Source Code Repositories to Improve Bug Finding Techniques

IEEE Transactions on Software Engineering
HeapMD: identifying heap-based bugs using anomaly detection

Proceedings of the 12th international conference on Architectural support for programming languages and operating systems
Patches as better bug reports

Proceedings of the 5th international conference on Generative programming and component engineering
An empirical study on classification methods for alarms from a bug-finding static C analyzer

Information Processing Letters
Automatic misconfiguration troubleshooting with peerpressure

OSDI'04 Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation - Volume 6
Prioritizing Warning Categories by Analyzing Software History

MSR '07 Proceedings of the Fourth International Workshop on Mining Software Repositories
Which warnings should I fix first?

Proceedings of the the 6th joint meeting of the European software engineering conference and the ACM SIGSOFT symposium on The foundations of software engineering
Proving non-termination

Proceedings of the 35th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Adaptively ranking alerts generated from automated static analysis

Crossroads
ISA: a source code static vulnerability detection system based on data fusion

Proceedings of the 2nd international conference on Scalable information systems
Predicting accurate and actionable static analysis warnings: an experimental approach

Proceedings of the 30th international conference on Software engineering
Accurate Interprocedural Null-Dereference Analysis for Java

ICSE '09 Proceedings of the 31st International Conference on Software Engineering
The road not taken: Estimating path execution frequency statically

ICSE '09 Proceedings of the 31st International Conference on Software Engineering
Filtering false alarms of buffer overflow analysis using SMT solvers

Information and Software Technology
Automatic construction of an effective training set for prioritizing static analysis warnings

Proceedings of the IEEE/ACM international conference on Automated software engineering
Path-based fault correlations

Proceedings of the eighteenth ACM SIGSOFT international symposium on Foundations of software engineering
A systematic literature review of actionable alert identification techniques for automated static code analysis

Information and Software Technology
Underspecified harnesses and interleaved bugs

POPL '12 Proceedings of the 39th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Taming false alarms from a domain-unaware c analyzer by a bayesian statistical post analysis

SAS'05 Proceedings of the 12th international conference on Static Analysis
Sound non-statistical clustering of static analysis alarms

VMCAI'12 Proceedings of the 13th international conference on Verification, Model Checking, and Abstract Interpretation
Inferring definite counterexamples through under-approximation

NFM'12 Proceedings of the 4th international conference on NASA Formal Methods
Active refinement of clone anomaly reports

Proceedings of the 34th International Conference on Software Engineering
To what extent could we detect field defects? an empirical study of false negatives in static bug finding tools

Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering
AFChecker: Effective model checking for context-aware adaptive applications

Journal of Systems and Software
Adoption of Model-Based Testing and Abstract Interpretation by a Railway Signalling Manufacturer

International Journal of Embedded and Real-Time Communication Systems
Taming compiler fuzzers

Proceedings of the 34th ACM SIGPLAN conference on Programming language design and implementation
Almost-correct specifications: a modular semantic framework for assigning confidence to warnings

Proceedings of the 34th ACM SIGPLAN conference on Programming language design and implementation
Dynamically validating static memory leak warnings

Proceedings of the 2013 International Symposium on Software Testing and Analysis
A comparative evaluation of static analysis actionable alert identification techniques

Proceedings of the 9th International Conference on Predictive Models in Software Engineering
Continuous validation of load test suites

Proceedings of the 5th ACM/SPEC international conference on Performance engineering

Quantified Score

Hi-index	0.00

Visualization

Abstract

This paper explores z-ranking, a technique to rank error reports emitted by static program checking analysis tools. Such tools often use approximate analysis schemes, leading to false error reports. These reports can easily render the error checker useless by hiding real errors amidst the false, and by potentially causing the tool to be discarded as irrelevant. Empirically, all tools that effectively find errors have false positive rates that can easily reach 30-100%. Z-ranking employs a simple statistical model to rank those error messages most likely to be true errors over those that are least likely. This paper demonstrates that z-ranking applies to a range of program checking problems and that it performs up to an order of magnitude better than randomized ranking. Further, it has transformed previously unusable analysis tools into effective program error finders.