Sound Non-Statistical Clustering of Static Analysis Alarms

被引：17

作者：

Lee, Woosuk ^{[1
,4
]}

Lee, Wonchan ^{[2
]}

Kang, Dongok ^{[1
]}

Heo, Kihong ^{[1
]}

Oh, Hakjoo ^{[3
]}

Yi, Kwangkeun ^{[1
]}

机构：

[1] Seoul Natl Univ, Room 312-2,Bldg 302,1 Kwanak Ro, Seoul 151744, South Korea

[2] Stanford Univ, Stanford, CA 94305 USA

[3] Korea Univ, Coll Informat, Room 616C,Sci Lib Bldg,Anam Dong 5Ga, Seoul 136713, South Korea

[4] 416 Gates,353 Serra Mall, Stanford, CA 94305 USA

来源：

ACM TRANSACTIONS ON PROGRAMMING LANGUAGES AND SYSTEMS | 2017年 / 39卷 / 04期

基金：

新加坡国家研究基金会;

关键词：

Static analysis; abstract interpretation; false alarms;

D O I：

10.1145/3095021

中图分类号：

TP31 [计算机软件];

学科分类号：

081202 ; 0835 ;

摘要：

We present a sound method for clustering alarms from static analyzers. Our method clusters alarms by discovering sound dependencies between them such that if the dominant alarms of a cluster turns out to be false, all the other alarms in the same cluster are guaranteed to be false. We have implemented our clustering algorithm on top of a realistic buffer-overflow analyzer and proved that our method reduces 45% of alarm reports. Our framework is applicable to any abstract interpretation-based static analysis and orthogonal to abstraction refinements and statistical ranking schemes.

引用

页数：35

共 34 条

[1]

[Anonymous], PROGRAMMING LANGUAGE

[2]

Balakrishnan G, 2008, LECT NOTES COMPUT SC, V5079, P238

[3] From symptom to cause: Localizing errors in counterexample traces [J].