The program dependence graph and its use in optimization
ACM Transactions on Programming Languages and Systems (TOPLAS)
Interprocedural slicing using dependence graphs
ACM Transactions on Programming Languages and Systems (TOPLAS)
Bugs as deviant behavior: a general approach to inferring errors in systems code
SOSP '01 Proceedings of the eighteenth ACM symposium on Operating systems principles
Art of Software Testing
Check 'n' crash: combining static checking and testing
Proceedings of the 27th international conference on Software engineering
Static analysis tools as early indicators of pre-release defect density
Proceedings of the 27th international conference on Software engineering
DynaMine: finding common error patterns by mining software revision histories
Proceedings of the 10th European software engineering conference held jointly with 13th ACM SIGSOFT international symposium on Foundations of software engineering
Proceedings of the 10th European software engineering conference held jointly with 13th ACM SIGSOFT international symposium on Foundations of software engineering
Finding what's not there: a new approach to revealing neglected conditions in software
Proceedings of the 2007 international symposium on Software testing and analysis
Static specification mining using automata-based abstractions
Proceedings of the 2007 international symposium on Software testing and analysis
Mining API patterns as partial orders from source code: from usage scenarios to specifications
Proceedings of the the 6th joint meeting of the European software engineering conference and the ACM SIGSOFT symposium on The foundations of software engineering
Detecting object usage anomalies
Proceedings of the the 6th joint meeting of the European software engineering conference and the ACM SIGSOFT symposium on The foundations of software engineering
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
Predicting accurate and actionable static analysis warnings: an experimental approach
Proceedings of the 30th international conference on Software engineering
Static analysis tools for security checking in code at Motorola
ACM SIGAda Ada Letters
On the Value of Static Analysis for Fault Detection in Software
IEEE Transactions on Software Engineering
Discovering Neglected Conditions in Software by Mining Dependence Graphs
IEEE Transactions on Software Engineering
Path projection for user-centered static analysis tools
Proceedings of the 8th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering
Mining exception-handling rules as sequence association rules
ICSE '09 Proceedings of the 31st International Conference on Software Engineering
A few billion lines of code later: using static analysis to find bugs in the real world
Communications of the ACM
Alattin: Mining Alternative Patterns for Detecting Neglected Conditions
ASE '09 Proceedings of the 2009 IEEE/ACM International Conference on Automated Software Engineering
Making defect-finding tools work for you
Proceedings of the 32nd ACM/IEEE International Conference on Software Engineering - Volume 2
Linux kernel developer responses to static analysis bug reports
USENIX'09 Proceedings of the 2009 conference on USENIX Annual technical conference
ISSRE '10 Proceedings of the 2010 IEEE 21st International Symposium on Software Reliability Engineering
Scalable and incremental software bug detection
Proceedings of the 2013 9th Joint Meeting on Foundations of Software Engineering
Hi-index | 0.00 |
Commercial static program analysis tools can be used to detect many defects that are common across applications. However, such tools currently have limited ability to reveal defects that are specific to individual projects, unless specialized checkers are devised and implemented by tool users. Developers do not typically exploit this capability. By contrast, defect mining tools developed by researchers can discover project-specific defects, but they require specialized expertise to employ and they may not be robust enough for general use. We present a hybrid approach in which a sophisticated dependence-based rule mining tool is used to discover project-specific programming rules, which are then transformed automatically into checkers that a commercial static analysis tool can run against a code base to reveal defects. We also present the results of an empirical study in which this approach was applied successfully to two large industrial code bases. Finally, we analyze the potential implications of this approach for software development practice.