ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Using groupings of static analysis alerts to identify files likely to contain field failures
Full text PdfPdf (66 KB)
Source Foundations of Software Engineering archive
The 6th Joint Meeting on European software engineering conference and the ACM SIGSOFT symposium on the foundations of software engineering: companion papers table of contents
Dubrovnik, Croatia
POSTER SESSION: ESEC/FSE'07 posters table of contents
Pages: 565 - 568  
Year of Publication: 2007
ISBN:978-1-59593-812-1
Authors
Mark S. Sherriff  NC State University, Raleigh, NC
Sarah Smith Heckman  NC State University, Raleigh, NC
J. Michael Lake  IBM, Durham, NC
Laurie A. Williams  NC State University, Raleigh, NC
Sponsors
ACM: Association for Computing Machinery
SIGSOFT: ACM Special Interest Group on Software Engineering
CEPIS : The Council of European Professional Informatics Societies
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 0,   Downloads (12 Months): 11,   Citation Count: 0
Additional Information:

abstract   references   index terms   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/1295014.1295042
What is a DOI?

ABSTRACT

In this paper, we propose a technique for leveraging historical field failure records in conjunction with automated static analysis alerts to determine which alerts or sets of alerts are predictive of a field failure. Our technique uses singular value decomposition to generate groupings of static analysis alert types, which we call alert signatures, that have been historically linked to field failure-prone files in previous releases of a software system. The signatures can be applied to sets of alerts from a current build of a software system. Files that have a matching alert signature are identified as having similar static analysis alert characteristics to files with known field failures in a previous release of the system. We performed a case study involving an industrial software system at IBM and found three distinct alert signatures that could be applied to the system. We found that 50% of the field failures reported since the last static analysis run could be discovered by examining the 10% of the files and static analysis alerts indicated by these three alert signatures. The remaining failures were either not detected by a signature which could be an indication of a new type of error in the field, or they were on areas of the code where no static analysis alerts were detected.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
Brian Chess , Gary McGraw, Static Analysis for Security, IEEE Security and Privacy, v.2 n.6, p.76-79, November 2004  [doi>10.1109/MSP.2004.111]
 
2
IEEE, "IEEE Standard 610.12-1990, IEEE Standard Glossary of Software Engineering Terminology," 1990.
3
Nachiappan Nagappan , Thomas Ball, Static analysis tools as early indicators of pre-release defect density, Proceedings of the 27th international conference on Software engineering, May 15-21, 2005, St. Louis, MO, USA  [doi>10.1145/1062455.1062558]
4
Nachiappan Nagappan , Thomas Ball, Static analysis tools as early indicators of pre-release defect density, Proceedings of the 27th international conference on Software engineering, May 15-21, 2005, St. Louis, MO, USA  [doi>10.1145/1062455.1062558]
 
5
Nachiappan Nagappan , Laurie Williams , John Hudepohl , Will Snipes , Mladen Vouk, Preliminary Results On Using Static Analysis Tools For Software Inspection, Proceedings of the 15th International Symposium on Software Reliability Engineering, p.429-439, November 02-05, 2004  [doi>10.1109/ISSRE.2004.30]
 
6
S. Osinski, J. Stefanowski, and D. Weiss, "Lingo: Search Results Clustering Algorithm Based on Singular Value Decomposition," in Advances in Soft Computing, Intelligent Information Processing and Web Mining, Zakopane, Poland, 2004, pp. 359--368.
 
7
T. Will, "Introduction to the Singular Value Decomposition." vol. 2006: UW-La Crosse, 1999.
 
8
J. Zheng, L. Williams, N. Nagappan, W. Snipes, J. Hudepohl, and M. Vouk, "On the Value of Static Analysis for Fault Detection in Software," IEEE Transactions on Software Engineering, vol. 32, no. 4, pp. 240--253, April 2006.

INDEX TERMS

Primary Classification:
  D. Software
  D.2 SOFTWARE ENGINEERING
      D.2.5 Testing and Debugging
          Subjects: Symbolic execution

Additional Classification:
  D. Software
  D.2 SOFTWARE ENGINEERING
      D.2.5 Testing and Debugging
          Subjects: Testing tools (e.g., data generators, coverage testing)


General Terms:
Experimentation, Management, Measurement, Reliability


Keywords:
field failures, singular value decomposition, static analysis

Collaborative Colleagues:
Mark S. Sherriff: colleagues
Sarah Smith Heckman: colleagues
J. Michael Lake: colleagues
Laurie A. Williams: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player