LCLint: a tool for using specifications to check code
SIGSOFT '94 Proceedings of the 2nd ACM SIGSOFT symposium on Foundations of software engineering
Type-based race detection for Java
PLDI '00 Proceedings of the ACM SIGPLAN 2000 conference on Programming language design and implementation
Automatically validating temporal safety properties of interfaces
SPIN '01 Proceedings of the 8th international SPIN workshop on Model checking of software
An empirical study of operating systems errors
SOSP '01 Proceedings of the eighteenth ACM symposium on Operating systems principles
Flow-sensitive type qualifiers
PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
ESP: path-sensitive program verification in polynomial time
PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
A system and language for building system-specific, static analyses
PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
Detecting Races in Relay Ladder Logic Programs
TACAS '98 Proceedings of the 4th International Conference on Tools and Algorithms for Construction and Analysis of Systems
Checking system rules using system-specific, programmer-written compiler extensions
OSDI'00 Proceedings of the 4th conference on Symposium on Operating System Design & Implementation - Volume 4
MECA: an extensible, expressive system and language for statically checking security properties
Proceedings of the 10th ACM conference on Computer and communications security
Correlation exploitation in error ranking
Proceedings of the 12th ACM SIGSOFT twelfth international symposium on Foundations of software engineering
ACM SIGPLAN Notices
Check 'n' crash: combining static checking and testing
Proceedings of the 27th international conference on Software engineering
Automatic Mining of Source Code Repositories to Improve Bug Finding Techniques
IEEE Transactions on Software Engineering
HeapMD: identifying heap-based bugs using anomaly detection
Proceedings of the 12th international conference on Architectural support for programming languages and operating systems
Proceedings of the 5th international conference on Generative programming and component engineering
An empirical study on classification methods for alarms from a bug-finding static C analyzer
Information Processing Letters
Automatic misconfiguration troubleshooting with peerpressure
OSDI'04 Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation - Volume 6
Prioritizing Warning Categories by Analyzing Software History
MSR '07 Proceedings of the Fourth International Workshop on Mining Software Repositories
Which warnings should I fix first?
Proceedings of the the 6th joint meeting of the European software engineering conference and the ACM SIGSOFT symposium on The foundations of software engineering
Proceedings of the 35th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
ISA: a source code static vulnerability detection system based on data fusion
Proceedings of the 2nd international conference on Scalable information systems
Predicting accurate and actionable static analysis warnings: an experimental approach
Proceedings of the 30th international conference on Software engineering
Accurate Interprocedural Null-Dereference Analysis for Java
ICSE '09 Proceedings of the 31st International Conference on Software Engineering
The road not taken: Estimating path execution frequency statically
ICSE '09 Proceedings of the 31st International Conference on Software Engineering
Filtering false alarms of buffer overflow analysis using SMT solvers
Information and Software Technology
Automatic construction of an effective training set for prioritizing static analysis warnings
Proceedings of the IEEE/ACM international conference on Automated software engineering
Proceedings of the eighteenth ACM SIGSOFT international symposium on Foundations of software engineering
Information and Software Technology
Underspecified harnesses and interleaved bugs
POPL '12 Proceedings of the 39th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Taming false alarms from a domain-unaware c analyzer by a bayesian statistical post analysis
SAS'05 Proceedings of the 12th international conference on Static Analysis
Sound non-statistical clustering of static analysis alarms
VMCAI'12 Proceedings of the 13th international conference on Verification, Model Checking, and Abstract Interpretation
Inferring definite counterexamples through under-approximation
NFM'12 Proceedings of the 4th international conference on NASA Formal Methods
Active refinement of clone anomaly reports
Proceedings of the 34th International Conference on Software Engineering
Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering
AFChecker: Effective model checking for context-aware adaptive applications
Journal of Systems and Software
Adoption of Model-Based Testing and Abstract Interpretation by a Railway Signalling Manufacturer
International Journal of Embedded and Real-Time Communication Systems
Proceedings of the 34th ACM SIGPLAN conference on Programming language design and implementation
Almost-correct specifications: a modular semantic framework for assigning confidence to warnings
Proceedings of the 34th ACM SIGPLAN conference on Programming language design and implementation
Dynamically validating static memory leak warnings
Proceedings of the 2013 International Symposium on Software Testing and Analysis
A comparative evaluation of static analysis actionable alert identification techniques
Proceedings of the 9th International Conference on Predictive Models in Software Engineering
Continuous validation of load test suites
Proceedings of the 5th ACM/SPEC international conference on Performance engineering
Hi-index | 0.00 |
This paper explores z-ranking, a technique to rank error reports emitted by static program checking analysis tools. Such tools often use approximate analysis schemes, leading to false error reports. These reports can easily render the error checker useless by hiding real errors amidst the false, and by potentially causing the tool to be discarded as irrelevant. Empirically, all tools that effectively find errors have false positive rates that can easily reach 30-100%. Z-ranking employs a simple statistical model to rank those error messages most likely to be true errors over those that are least likely. This paper demonstrates that z-ranking applies to a range of program checking problems and that it performs up to an order of magnitude better than randomized ranking. Further, it has transformed previously unusable analysis tools into effective program error finders.