Understanding and Detecting Annotation-Induced Faults of Static Analyzers-Reference-Cited by-同舟云学术

Understanding and Detecting Annotation-Induced Faults of Static Analyzers

Published:2024-07-12 Issue:FSE Volume:1 Page:722-744
ISSN:2994-970X
Container-title:Proceedings of the ACM on Software Engineering
language:en
Short-container-title:Proc. ACM Softw. Eng.

Author:

Zhang Huaien¹^ORCID,Pei Yu²^ORCID,Liang Shuyun³^ORCID,Tan Shin Hwei⁴^ORCID

Affiliation:

1. Hong Kong Polytechnic University, Hong Kong, China / Southern University of Science and Technology, Shenzhen, China

2. Hong Kong Polytechnic University, Hong Kong, China

3. Southern University of Science and Technology, Shenzhen, China

4. Concordia University, Montreal, Canada

Abstract

Static analyzers can reason about the properties and behaviors of programs and detect various issues without executing them. Hence, they should extract the necessary information to understand the analyzed program well. Annotation has been a widely used feature for different purposes in Java since the introduction of Java 5. Annotations can change program structures and convey semantics information without awareness of static analyzers, consequently leading to imprecise analysis results. This paper presents the first comprehensive study of annotation-induced faults (AIF) by analyzing 246 issues in six open-source and popular static analyzers (i.e., PMD, SpotBugs, CheckStyle, Infer, SonarQube, and Soot). We analyzed the issues' root causes, symptoms, and fix strategies and derived ten findings and some practical guidelines for detecting and repairing annotation-induced faults. Moreover, we developed an automated testing framework called AnnaTester based on three metamorphic relations originating from the findings. AnnaTester generated new tests based on the official test suites of static analyzers and unveiled 43 new faults, 20 of which have been fixed. The results confirm the value of our study and its findings.

Publisher

Association for Computing Machinery (ACM)

Link

https://dl.acm.org/doi/pdf/10.1145/3643759

Reference85 articles.

1. adangel. 2019. NoPackage: False Negative for enums. https://github.com/pmd/pmd/issues/1782

2. Dima Alhadidi, Amine Boukhtouta, Nadia Belblidia, Mourad Debbabi, and Prabir Bhattacharya. 2009. The dataflow pointcut: a formal and practical framework. In Proceedings of the 8th ACM international conference on Aspect-oriented software development. 15–26.

3. Correlating automatic static analysis and mutation testing: towards incremental strategies

4. Nathaniel Ayewah and William Pugh. 2010. The Google FindBugs fixit. 241–252. https://doi.org/10.1145/1831708.1831738 10.1145/1831708.1831738

5. Evaluating static analysis defect warnings on production software

Cited by 1 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Characterizing and Detecting Program Representation Faults of Static Analysis Frameworks;Proceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis;2024-09-11