Effective interactive resolution of static analysis alarms-Reference-Cited by-同舟云学术

Effective interactive resolution of static analysis alarms

Published:2017-10-12 Issue:OOPSLA Volume:1 Page:1-30
ISSN:2475-1421
Container-title:Proceedings of the ACM on Programming Languages
language:en
Short-container-title:Proc. ACM Program. Lang.

Author:

Zhang Xin¹,Grigore Radu²,Si Xujie³,Naik Mayur³

Affiliation:

1. Georgia Institute of Technology, USA

2. University of Kent, UK

3. University of Pennsylvania, USA

Abstract

We propose an interactive approach to resolve static analysis alarms. Our approach synergistically combines a sound but imprecise analysis with precise but unsound heuristics, through user interaction. In each iteration, it solves an optimization problem to find a set of questions for the user such that the expected payoff is maximized. We have implemented our approach in a tool, Ursa, that enables interactive alarm resolution for any analysis specified in the declarative logic programming language Datalog. We demonstrate the effectiveness of Ursa on a state-of-the-art static datarace analysis using a suite of 8 Java programs comprising 41-194 KLOC each. Ursa is able to eliminate 74% of the false alarms per benchmark with an average payoff of 12× per question. Moreover, Ursa prioritizes user effort effectively by posing questions that yield high payoffs earlier.

Funder

Defense Advanced Research Projects Agency

National Science Foundation

Publisher

Association for Computing Machinery (ACM)

Subject

Safety, Risk, Reliability and Quality,Software

Link

https://dl.acm.org/doi/pdf/10.1145/3133881

Reference43 articles.

1. 2015. UpWork. http://www.upwork.com . (2015). Accessed: 2015-11-19. 2015. UpWork. http://www.upwork.com . (2015). Accessed: 2015-11-19.

2. Nathaniel Ayewah David Hovemeyer J. David Morgenthaler John Penix and William Pugh. 2008. Using static analysis to find bugs. IEEE Software (2008). Nathaniel Ayewah David Hovemeyer J. David Morgenthaler John Penix and William Pugh. 2008. Using static analysis to find bugs. IEEE Software (2008).

3. Thomas Ball Mayur Naik and Sriram K. Rajamani. 2003. From symptom to cause: localizing errors in counterexample traces. In POPL. 10.1145/604131.604140 Thomas Ball Mayur Naik and Sriram K. Rajamani. 2003. From symptom to cause: localizing errors in counterexample traces. In POPL. 10.1145/604131.604140

4. Osbert Bastani Saswat Anand and Alex Aiken. 2015. Specification inference using context-free language reachability. In POPL . 10.1145/2676726.2676977 Osbert Bastani Saswat Anand and Alex Aiken. 2015. Specification inference using context-free language reachability. In POPL . 10.1145/2676726.2676977

5. Al Bessey Ken Block Benjamin Chelf Andy Chou Bryan Fulton Seth Hallem Charles-Henri Gros Asya Kamsky Scott McPeak and Dawson R. Engler. 2010. A few billion lines of code later: using static analysis to find bugs in the real world. Commun. ACM (2010). Al Bessey Ken Block Benjamin Chelf Andy Chou Bryan Fulton Seth Hallem Charles-Henri Gros Asya Kamsky Scott McPeak and Dawson R. Engler. 2010. A few billion lines of code later: using static analysis to find bugs in the real world. Commun. ACM (2010).

Cited by 20 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Automatically Inspecting Thousands of Static Bug Warnings with Large Language Model: How Far Are We?;ACM Transactions on Knowledge Discovery from Data;2024-06-19

2. Learning Abstraction Selection for Bayesian Program Analysis;Proceedings of the ACM on Programming Languages;2024-04-29

3. VALAR: Streamlining Alarm Ranking in Static Analysis with Value-Flow Assisted Active Learning;2023 38th IEEE/ACM International Conference on Automated Software Engineering (ASE);2023-09-11

4. Can the configuration of static analyses make resolving security vulnerabilities more effective? - A user study;Empirical Software Engineering;2023-09

5. Context-Sensitive Meta-Constraint Systems for Explainable Program Analysis;Tools and Algorithms for the Construction and Analysis of Systems;2023