A Framework for Combining and Ranking Static Analysis Tool Findings Based on Tool Performance Statistics

被引：11

作者：

Xypolytos, Achilleas ^{[1
,2
]}

Xu, Haiyun ^{[1
]}

Vieira, Barbara ^{[1
]}

Ali-Eldin, Amr M. T. ^{[2
,3
]}

机构：

[1] Software Improvement Grp, Amstelpl 1, NL-1096 HA Amsterdam, Netherlands

[2] Leiden Univ, Leiden Inst Adv Comp Sci, POB 9512, NL-2300 RA Leiden, Netherlands

[3] Mansoura Univ, Comp & Syst Dept, Fac Engn, Mansoura, Egypt

来源：

2017 IEEE INTERNATIONAL CONFERENCE ON SOFTWARE QUALITY, RELIABILITY AND SECURITY COMPANION (QRS-C) | 2017年

关键词：

D O I：

10.1109/QRS-C.2017.110

中图分类号：

TP31 [计算机软件];

学科分类号：

081202 ; 0835 ;

摘要：

This paper proposes a conceptual, performance-based ranking framework that prioritises the output of multiple Static Analysis Tools, to improve the tool effectiveness and usefulness. The framework weights the performance of Static Analysis Tools per defect type and cross-validates the findings between different Static Analysis Tools' reports. An initial validation shows the potential benefits of the proposed framework.

引用

页码：595 / 596

页数：2

共 50 条

[41] Searching for Taint Vulnerabilities with Svace Static Analysis Tool
A. E. Borodin
A. V. Goremykin
S. P. Vartanov
A. A. Belevantsev
Programming and Computer Software, 2021, 47 : 466 - 481
[42] Searching for Taint Vulnerabilities with Svace Static Analysis Tool
Borodin, A. E.
Goremykin, A., V
Vartanov, S. P.
Belevantsev, A. A.
PROGRAMMING AND COMPUTER SOFTWARE, 2021, 47 (06) : 466 - 481
[43] Static analysis tool supporting C program testing
Jixie Kexue Yu Jishu, 5 (813):
[44] A tool for static and dynamic model extraction and impact analysis
Bodhuin, T
Tortorella, M
Ninth European Conference on Software Maintenance and Reengineering, Proceedings, 2005, : 193 - 193
[45] A Static Microcode Analysis Tool for Programmable Load Drivers
Dariz, Luca
Ruggeri, Massimiliano
Selvatici, Michele
2015 IEEE 15TH INTERNATIONAL WORKING CONFERENCE ON SOURCE CODE ANALYSIS AND MANIPULATION (SCAM), 2015, : 265 - 270
[46] SharpChecker: Static analysis tool for C# programs
V. K. Koshelev
V. N. Ignatiev
A. I. Borzilov
A. A. Belevantsev
Programming and Computer Software, 2017, 43 : 268 - 276
[47] CacheAudit: A Tool for the Static Analysis of Cache Side Channels
Doychev, Goran
Koepf, Boris
Mauborgne, Laurent
Reineke, Jan
ACM TRANSACTIONS ON INFORMATION AND SYSTEM SECURITY, 2015, 18 (01)
[48] Measuring the Value of Static-Analysis Tool Deployments
Anderson, Paul
IEEE SECURITY & PRIVACY, 2012, 10 (03) : 40 - 47
[49] Government Communication as a Policy Tool: A Framework for Analysis
Howlett, Michael
CANADIAN POLITICAL SCIENCE REVIEW, 2009, 3 (02): : 23 - 37
[50] A Description of a Web-Based Educational Tool for Understanding the PICO Framework in Evidence-Based Practice With a Citation Ranking System
Larue, Elizabeth M.
Draus, Peter
Klem, Mary Lou
CIN-COMPUTERS INFORMATICS NURSING, 2009, 27 (01) : 44 - 49

← 1 2 3 4 5 →