Predicting accurate and actionable static analysis warnings

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

Predicting accurate and actionable static analysis warnings: an experimental approach

Full text

Pdf (170 KB)

Source

International Conference on Software Engineering archive
Proceedings of the 30th international conference on Software engineering table of contents

Leipzig, Germany

SESSION: Empirical testing & analysis table of contents

Pages 341-350

Year of Publication: 2008

ISBN:978-1-60558-079-1

Authors

Joseph R. Ruthruff	University of Nebraska-Lincoln, Lincoln, NE, USA
John Penix	Google In ., Mountain View, CA, USA
J. David Morgenthaler	Google Inc., Mountain View, CA, USA
Sebastian Elbaum	University of Nebraska-Lincoln, Lincoln, NE, USA
Gregg Rothermel	University of Nebraska-Lincoln, Lincoln, NE, USA

Sponsors

ACM: Association for Computing Machinery
SIGSOFT: ACM Special Interest Group on Software Engineering

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): n/a, Downloads (12 Months): n/a, Citation Count: 3

Additional Information:

abstract references cited by index terms collaborative colleagues

Tools and Actions:	Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/1368088.1368135 What is a DOI?

ABSTRACT

Static analysis tools report software defects that may or may not be detected by other verification methods. Two challenges complicating the adoption of these tools are spurious false positive warnings and legitimate warnings that are not acted on. This paper reports automated support to help address these challenges using logistic regression models that predict the foregoing types of warnings from signals in the warnings and implicated code. Because examining many potential signaling factors in large software development settings can be expensive, we use a screening methodology to quickly discard factors with low predictive power and cost-effectively build predictive models. Our empirical evaluation indicates that these models can achieve high accuracy in predicting accurate and actionable static analysis warnings, and suggests that the models are competitive with alternative models built without screening.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	FindBugs. http://findbugs.sourceforge.net/.
	2	The R project for statistical computing. http://r-project.org/.
	3	Nathaniel Ayewah , William Pugh , J. David Morgenthaler , John Penix , YuQian Zhou, Evaluating static analysis defect warnings on production software, Proceedings of the 7th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering, p.1-8, June 13-14, 2007, San Diego, California, USA [doi>10.1145/1251535.1251536]
	4	Robert M. Bell , Thomas J. Ostrand , Elaine J. Weyuker, Looking for bugs in all the right places, Proceedings of the 2006 international symposium on Software testing and analysis, July 17-20, 2006, Portland, Maine, USA [doi>10.1145/1146238.1146246]
	5	Dawson Engler , David Yu Chen , Seth Hallem , Andy Chou , Benjamin Chelf, Bugs as deviant behavior: a general approach to inferring errors in systems code, Proceedings of the eighteenth ACM symposium on Operating systems principles, October 21-24, 2001, Banff, Alberta, Canada
	6	T. J. Hastie and D. Pregibon. Statistical Models in S. Wadsworth & Brooks/Cole, 1992.
	7	Sarah Smith Heckman, Adaptively ranking alerts generated from automated static analysis, Crossroads, v.14 n.1, p.1-11, December 2007 [doi>10.1145/1349332.1349339]
	8	D. W. Hosmer and S. Lemeshow. Applied Logistic Regression. John Wiley & Sons, 2nd ed., 2000.
	9	David Hovemeyer , William Pugh, Finding bugs is easy, Companion to the 19th annual ACM SIGPLAN conference on Object-oriented programming systems, languages, and applications, October 24-28, 2004, Vancouver, BC, CANADA [doi>10.1145/1028664.1028717]
	10	R. A. Johnson , D. W. Wichern, Applied multivariate statistical analysis, Prentice-Hall, Inc., Upper Saddle River, NJ, 1988
	11	Sunghun Kim , Michael D. Ernst, Prioritizing Warning Categories by Analyzing Software History, Proceedings of the Fourth International Workshop on Mining Software Repositories, p.27, May 20-26, 2007 [doi>10.1109/MSR.2007.26]
	12	Sunghun Kim , Michael D. Ernst, Which warnings should I fix first?, Proceedings of the the 6th joint meeting of the European software engineering conference and the ACM SIGSOFT symposium on The foundations of software engineering, September 03-07, 2007, Dubrovnik, Croatia [doi>10.1145/1287624.1287633]
	13	Ted Kremenek , Ken Ashcraft , Junfeng Yang , Dawson Engler, Correlation exploitation in error ranking, Proceedings of the 12th ACM SIGSOFT twelfth international symposium on Foundations of software engineering, October 31-November 06, 2004, Newport Beach, CA, USA
	14	T. Kremenek and D. Engler. Z-Ranking: Using statistical analysis to counter the impact of static analysis approximations. In Proc. 10th Static Analysis Symp., 2003.
	15	L. Z. Markosian, O. O'Malley, J. Penix, andW. Brew. Hosted services for advanced V&V technologies: An approach to achieving adoption without the woes of usage. In Proc. ICSE Workshop on Adoption-Centric Softw. Eng., 2003.
	16	Nachiappan Nagappan , Thomas Ball , Andreas Zeller, Mining metrics to predict component failures, Proceedings of the 28th international conference on Software engineering, May 20-28, 2006, Shanghai, China [doi>10.1145/1134285.1134349]
	17	J. Neter, M. H. Kutner, C. J. Nachtsheim, and W. Wasserman. Applied Linear Statistical Models. Irwin, 4th edition, 1996.
	18	Thomas J. Ostrand , Elaine J. Weyuker , Robert M. Bell, Where the bugs are, Proceedings of the 2004 ACM SIGSOFT international symposium on Software testing and analysis, July 11-14, 2004, Boston, Massachusetts, USA
	19	Thomas J. Ostrand , Elaine J. Weyuker , Robert M. Bell, Automating algorithms for the identification of fault-prone files, Proceedings of the 2007 international symposium on Software testing and analysis, July 09-12, 2007, London, United Kingdom [doi>10.1145/1273463.1273493]
	20	Joseph R. Ruthruff , Sebastian Elbaum , Gregg Rothermel, Experimental program analysis: a new program analysis paradigm, Proceedings of the 2006 international symposium on Software testing and analysis, July 17-20, 2006, Portland, Maine, USA [doi>10.1145/1146238.1146245]
	21	Jaime Spacco , David Hovemeyer , William Pugh, Tracking defect warnings across versions, Proceedings of the 2006 international workshop on Mining software repositories, May 22-23, 2006, Shanghai, China [doi>10.1145/1137983.1138014]
	22	Claes Wohlin , Per Runeson , Martin Höst , Magnus C. Ohlsson , Bjöorn Regnell , Anders Wesslén, Experimentation in software engineering: an introduction, Kluwer Academic Publishers, Norwell, MA, 2000

CITED BY 3

	Nathaniel Ayewah , William Pugh, A report on a survey and study of static analysis users, Proceedings of the 2008 workshop on Defects in large software systems, July 20-20, 2008, Seattle, Washington
	Haihao Shen , Sai Zhang , Jianjun Zhao , Jianhong Fang , Shiyuan Yao, XFindBugs: eXtended FindBugs for AspectJ, Proceedings of the 8th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering, November 09-10, 2008, Atlanta, Georgia
	Mangala Gowri Nanda , Saurabh Sinha, Accurate Interprocedural Null-Dereference Analysis for Java, Proceedings of the 2009 IEEE 31st International Conference on Software Engineering, p.133-143, May 16-24, 2009