Dynamic Filtering and Prioritization of Static Code Analysis Alerts

被引:0
作者
Yuksel, Ulas [1 ]
Sozer, Hasan [2 ]
机构
[1] Vestel Elect, Manisa, Turkey
[2] Ozyegin Univ, Istanbul, Turkey
来源
2021 IEEE INTERNATIONAL SYMPOSIUM ON SOFTWARE RELIABILITY ENGINEERING WORKSHOPS (ISSREW 2021) | 2021年
关键词
program analysis; static code analysis; processing alarms/warnings/alerts; Prolog; code reviews;
D O I
10.1109/ISSREW53611.2021.00086
中图分类号
TP31 [计算机软件];
学科分类号
081202 ; 0835 ;
摘要
We propose an approach for filtering and prioritizing static code analysis alerts while these alerts are being reviewed by the developer. We construct a Prolog knowledge base that captures the data flow information in the source code as well as the reported alerts, their properties and associations with the data flow. The knowledge base is updated as the developer reviews the listed alerts and decides whether they point at an actual fault or not. These updates provide useful information since some of the alerts of the same type can be related in terms of their root cause. Hence, dynamically updated knowledge base can be queried to eliminate or prioritize the remaining alerts in the review list. We present a motivating example to illustrate the approach and its automation by integrating a set of tools.
引用
收藏
页码:294 / 295
页数:2
相关论文
共 14 条
  • [1] Measuring the Value of Static-Analysis Tool Deployments
    Anderson, Paul
    [J]. IEEE SECURITY & PRIVACY, 2012, 10 (03) : 40 - 47
  • [2] [Anonymous], 2014, 17th International Conference on Information Fusion (FUSION), Information Fusion (FUSION), 2014 17th International Conference On, P1
  • [3] [Anonymous], 2009, CISC VIS NETW IND GL
  • [4] Gosain A., 2015, Intelligent Computing and Applications, P581
  • [5] A systematic literature review of actionable alert identification techniques for automated static code analysis
    Heckman, Sarah
    Williams, Laurie
    [J]. INFORMATION AND SOFTWARE TECHNOLOGY, 2011, 53 (04) : 363 - 387
  • [6] Validating Static Warnings via Testing Code Fragments
    Joshy, Ashwin Kallingal
    Chen, Xueyuan
    Steenhoek, Benjamin
    Le, Wei
    [J]. ISSTA '21: PROCEEDINGS OF THE 30TH ACM SIGSOFT INTERNATIONAL SYMPOSIUM ON SOFTWARE TESTING AND ANALYSIS, 2021, : 540 - 552
  • [7] Kremenek T, 2003, LECT NOTES COMPUT SC, V2694, P295
  • [8] Li Mengchen., 2013, Proceedings of the 2013 International Symposium on Software Testing and Analysis, ISSTA 2013, P112
  • [9] Repositioning of Static Analysis Alarms
    Muske, Tukaram
    Talluri, Rohith
    Serebrenik, Alexander
    [J]. ISSTA'18: PROCEEDINGS OF THE 27TH ACM SIGSOFT INTERNATIONAL SYMPOSIUM ON SOFTWARE TESTING AND ANALYSIS, 2018, : 187 - 197
  • [10] Survey of Approaches for Handling Static Analysis Alarms
    Muske, Tukaram
    Serebrenik, Alexander
    [J]. 2016 IEEE 16TH INTERNATIONAL WORKING CONFERENCE ON SOURCE CODE ANALYSIS AND MANIPULATION (SCAM), 2016, : 157 - 166
12