Elements of information theory
Elements of information theory
LCLint: a tool for using specifications to check code
SIGSOFT '94 Proceedings of the 2nd ACM SIGSOFT symposium on Foundations of software engineering
A static analyzer for finding dynamic programming errors
Software—Practice & Experience
Type-based race detection for Java
PLDI '00 Proceedings of the ACM SIGPLAN 2000 conference on Programming language design and implementation
Automatically validating temporal safety properties of interfaces
SPIN '01 Proceedings of the 8th international SPIN workshop on Model checking of software
An empirical study of operating systems errors
SOSP '01 Proceedings of the eighteenth ACM symposium on Operating systems principles
Flow-sensitive type qualifiers
PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
ESP: path-sensitive program verification in polynomial time
PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
A system and language for building system-specific, static analyses
PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
Extended static checking for Java
PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
Probabilistic Networks and Expert Systems
Probabilistic Networks and Expert Systems
Tracking down software bugs using automatic anomaly detection
Proceedings of the 24th International Conference on Software Engineering
MOPS: an infrastructure for examining security properties of software
Proceedings of the 9th ACM conference on Computer and communications security
From symptom to cause: localizing errors in counterexample traces
POPL '03 Proceedings of the 30th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Detecting Races in Relay Ladder Logic Programs
TACAS '98 Proceedings of the 4th International Conference on Tools and Algorithms for Construction and Analysis of Systems
Understanding belief propagation and its generalizations
Exploring artificial intelligence in the new millennium
Bug isolation via remote program sampling
PLDI '03 Proceedings of the ACM SIGPLAN 2003 conference on Programming language design and implementation
ISSTA '04 Proceedings of the 2004 ACM SIGSOFT international symposium on Software testing and analysis
Checking system rules using system-specific, programmer-written compiler extensions
OSDI'00 Proceedings of the 4th conference on Symposium on Operating System Design & Implementation - Volume 4
Detecting format string vulnerabilities with type qualifiers
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Z-ranking: using statistical analysis to counter the impact of static analysis approximations
SAS'03 Proceedings of the 10th international conference on Static analysis
Proceedings of the 10th European software engineering conference held jointly with 13th ACM SIGSOFT international symposium on Foundations of software engineering
HeapMD: identifying heap-based bugs using anomaly detection
Proceedings of the 12th international conference on Architectural support for programming languages and operating systems
Proceedings of the 5th international conference on Generative programming and component engineering
Adaptive Probabilistic Model for Ranking Code-Based Static Analysis Alerts
ICSE COMPANION '07 Companion to the proceedings of the 29th International Conference on Software Engineering
ISA: a source code static vulnerability detection system based on data fusion
Proceedings of the 2nd international conference on Scalable information systems
Predicting accurate and actionable static analysis warnings: an experimental approach
Proceedings of the 30th international conference on Software engineering
Proceedings of the Second ACM-IEEE international symposium on Empirical software engineering and measurement
Path projection for user-centered static analysis tools
Proceedings of the 8th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering
Linux kernel developer responses to static analysis bug reports
USENIX'09 Proceedings of the 2009 conference on USENIX Annual technical conference
Automatic construction of an effective training set for prioritizing static analysis warnings
Proceedings of the IEEE/ACM international conference on Automated software engineering
Proceedings of the eighteenth ACM SIGSOFT international symposium on Foundations of software engineering
Information and Software Technology
Predicting defect priority based on neural networks
ADMA'10 Proceedings of the 6th international conference on Advanced data mining and applications - Volume Part II
Selecting peers for execution comparison
Proceedings of the 2011 International Symposium on Software Testing and Analysis
Exception-Handling bugs in java and a language extension to avoid them
Advanced Topics in Exception Handling Techniques
Sound non-statistical clustering of static analysis alarms
VMCAI'12 Proceedings of the 13th international conference on Verification, Model Checking, and Abstract Interpretation
System-specific static code analyses: a case study in the complex embedded systems domain
Software Quality Control
Residual investigation: predictive and precise bug detection
Proceedings of the 2012 International Symposium on Software Testing and Analysis
SAS'07 Proceedings of the 14th international conference on Static Analysis
AFChecker: Effective model checking for context-aware adaptive applications
Journal of Systems and Software
Dynamically validating static memory leak warnings
Proceedings of the 2013 International Symposium on Software Testing and Analysis
A comparative evaluation of static analysis actionable alert identification techniques
Proceedings of the 9th International Conference on Predictive Models in Software Engineering
Hi-index | 0.00 |
Static program checking tools can find many serious bugs in software, but due to analysis limitations they also frequently emit false error reports. Such false positives can easily render the error checker useless by hiding real errors amidst the false. Effective error report ranking schemes mitigate the problem of false positives by suppressing them during the report inspection process [17, 19, 20]. In this way, ranking techniques provide a complementary method to increasing the precision of the analysis results of a checking tool. A weakness of previous ranking schemes, however, is that they produce static rankings that do not adapt as reports are inspected, ignoring useful correlations amongst reports. This paper addresses this weakness with two main contributions. First, we observe that both bugs and false positives frequently cluster by code locality. We analyze clustering behavior in historical bug data from two large systems and show how clustering can be exploited to greatly improve error report ranking. Second, we present a general probabilistic technique for error ranking that (1) exploits correlation behavior amongst reports and (2) incorporates user feedback into the ranking process. In our results we observe a factor of 2-8 improvement over randomized ranking for error reports emitted by both intra-procedural and inter-procedural analysis tools.