Abstract
Static analysis tools are widely used in practice to improve the quality and reliability of software through early detection of defects. However, the number of alarms generated is a major concern because of the cost incurred in their manual inspection required to partition them into true errors and false positives. In this paper, we propose a static analysis to identify the causes of alarms generated by a client static analysis. This simplifies the manual inspections and reduces the cost involved. The proposed analysis involves the following: (1) modeling the basic reasons for alarms as alarm cause points of several types, (2) ranking these cause points based on three different metrics, (3) a workflow in which a user answers queries about the cause points and the answers are used in subsequent round of the client analysis. The collaboration between the user and the client analysis helps the tool to resolve the unknowns encountered during the analysis and weeding out the alarms. It also helps the user expedite the manual inspections of alarms. Further, the ranking of cause points helps to prioritize the alarms. Our experimental evaluation in several settings demonstrated that the proposed approach (a) reduces manual effort by 23% to 72% depending on various parameters, with an average reduction of 42%, and (b) is also effective in identifying the alarms that are more likely to be true errors.
Published Version
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call