nach oben

Erschienen in:

2018 | OriginalPaper | Buchkapitel

Ranking Source Code Static Analysis Warnings for Continuous Monitoring of FLOSS Repositories

verfasst von : Athos Ribeiro, Paulo Meirelles, Nelson Lago, Fabio Kon

Erschienen in: Open Source Systems: Enterprise Software and Solutions

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Performing source code static analysis during the software development cycle is a difficult task. There are different static analyzers available, and each of them usually works better in a small subset of problems, making it hard to choose a single tool. Combining the analysis of different tools solves this problem, but brings about other problems, namely the generated false positives and a large amount of unsorted alarms. This paper presents kiskadee, a system to support the usage of static analysis during software development by providing carefully ranked static analysis reports. First, it runs multiple static analyzers on the source code. Then, using a classification model, the potential bugs detected by the static analyzers are ranked based on their importance, with critical flaws ranked first, and potential false positives ranked last. Our experimental results show that, on average, when inspecting warnings ranked by kiskadee, one hits 5.2 times less false positives before each bug than when using a randomly sorted warning list.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Process Mining for Process Conformance Checking in an OSS Project: An Empirical Research

Nächstes Kapitel Using PageRank to Reveal Relevant Issues to Support Decision-Making on Open Source Projects

Anitya project website. https://release-monitoring.org. Accessed 5 Jan 2018

Fedora mock-with-analysis project. github.com/fedora-static-analysis/mock-with-analysis. Accessed 5 Jan 2018

Fedora project static analysis special interest group. fedoraproject.org/wiki/StaticAnalysis. Accessed 5 Jan 2018

Firehose mailing list archives. http://lists.fedoraproject.org/archives/list/firehose-devel@lists.fedoraproject.org. Accessed 5 Jan 2018

Black, P.E.: Static analyzers in software engineering. J. Defense Softw. Eng. 22(3), 16–17 (2009)MathSciNet

Boland, T., Black, P.E.: Juliet 1.1 C/C++ and Java test suite. Computer 45(10), 88–90 (2012)CrossRef

Drucker, H., Cortes, C.: Boosting decision trees. In: Advances in Neural Information Processing Systems, pp. 479–485 (1996)

Freund, Y., Schapire, R., Abe, N.: A short introduction to boosting. J. Jpn. Soc. Artif. Intell. 14(771–780), 1612 (1999)

Heckman, S., Williams, L.: A model building process for identifying actionable static analysis alerts. In: International Conference on Software Testing Verification and Validation, ICST 2009, pp. 161–170. IEEE (2009)

10.

Heckman, S.S.: Adaptively ranking alerts generated from automated static analysis. Crossroads 14(1), 7 (2007)

11.

Hovemeyer, D., Pugh, W.: Finding bugs is easy. SIGPLAN Not. 39(12), 92–106 (2004). https://doi.acm.org/10.1145/1052883.1052895CrossRef

12.

Jung, Y., Kim, J., Shin, J., Yi, K.: Taming false alarms from a domain-unaware C analyzer by a Bayesian statistical post analysis. In: Hankin, C., Siveroni, I. (eds.) SAS 2005. LNCS, vol. 3672, pp. 203–217. Springer, Heidelberg (2005). https://doi.org/10.1007/11547662_15CrossRef

13.

Kremenek, T., Ashcraft, K., Yang, J., Engler, D.: Correlation exploitation in error ranking. ACM SIGSOFT Softw. Eng. Notes 29, 83–93 (2004)CrossRef

14.

Kremenek, T., Engler, D.: Z-ranking: using statistical analysis to counter the impact of static analysis approximations. In: Cousot, R. (ed.) SAS 2003. LNCS, vol. 2694, pp. 295–315. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-44898-5_16CrossRefMATH

15.

Landi, W.: Undecidability of static analysis. ACM Lett. Prog. Lang. Syst. (LOPLAS) 1(4), 323–337 (1992). http://dl.acm.org/citation.cfm?id=161494.161501CrossRef

16.

Muske, T., Serebrenik, A.: Survey of approaches for handling static analysis alarms. In: 2016 IEEE 16th International Working Conference on Source Code Analysis and Manipulation (SCAM), pp. 157–166. IEEE (2016)

17.

Muske, T.B., Baid, A., Sanas, T.: Review efforts reduction by partitioning of static analysis warnings. In: 2013 IEEE 13th International Working Conference on Source Code Analysis and Manipulation (SCAM), pp. 106–115. IEEE (2013)

18.

Polikar, R.: Ensemble based systems in decision making. IEEE Circ. Syst. Mag. 6(3), 21–45 (2006)CrossRef

19.

Russell, S.J., Norvig, P.: Artificial Intelligence: A Modern Approach, 2 edn. Pearson Education, Upper Saddle River (2003)

20.

Ruthruff, J.R., Penix, J., Morgenthaler, J.D., Elbaum, S., Rothermel, G.: Predicting accurate and actionable static analysis warnings: an experimental approach. In: Proceedings of the 30th International Conference on Software Engineering, ICSE 2008, pp. 341–350. ACM, New York (2008). https://doi.acm.org/10.1145/1368088.1368135

21.

Yoon, J., Jin, M., Jung, Y.: Reducing false alarms from an industrial-strength static analyzer by SVM. In: 2014 21st Asia-Pacific Software Engineering Conference (APSEC), vol. 2, pp. 3–6. IEEE (2014)

Titel: Ranking Source Code Static Analysis Warnings for Continuous Monitoring of FLOSS Repositories
verfasst von: Athos Ribeiro
Paulo Meirelles
Nelson Lago
Fabio Kon
Verlag: Springer International Publishing
Buch: Open Source Systems: Enterprise Software and Solutions
Print ISBN: 978-3-319-92374-1

Electronic ISBN: 978-3-319-92375-8

Copyright-Jahr: 2018
DOI: https://doi.org/10.1007/978-3-319-92375-8_8

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"