微信服务号

微信订阅号

2025年3月24日 10:22 星期一
首页 > 过刊浏览>2014年第25卷第2期 >386-399. DOI:10.13328/j.cnki.jos.004538
PDF HTML阅读 XML下载 导出引用 引用提醒
基于缺陷关联的静态分析优化
作者:
基金项目:

国家自然科学基金(91318301, 61202080);国家高技术研究发展计划(863)(2012AA011201)


Optimizing Static Analysis Based on Defect Correlations
Author:
  • 摘要
    • | |
  • 访问统计
    • |
  • 参考文献 [18]
    • |
  • 相似文献 [20]
    • |
  • 引证文献
    • | |
  • 文章评论
    摘要:

    缺陷检测一般包括静态分析与人工审查两个阶段.静态检测工具报告大量缺陷,但是主要的缺陷确认工作仍由人工完成,这是一件费时、费力的工作.巨大的审查开销可能会导致软件开发人员拒绝使用该静态缺陷检测工具.提出一种可靠的基于缺陷关联的静态分析优化方法,能够分组静态检测工具所报告的缺陷,在分组后的任意一组缺陷中,如果其主导缺陷被证明是误报(或者是真实的),就能确认其他缺陷也是误报(也是真实的).实验结果表明,基于缺陷关联的静态分析优化方法在较小的时间和空间开销下减少了22%的缺陷审查工作,能够较好地适应于大型的关键嵌入式系统程序缺陷检测.

    Abstract:

    Defect detection generally includes two stages: static analysis and defect inspection. A large number of defects reported may lead developers and managers to reject the use of static analysis tools as part of the development process due to the overhead of defect inspection. To help with the inspection tasks, this paper formally introduces defect correlation, a sound dependency relationship between defects. If the occurrence of one defect causes another defect to occur, the two defects are correlated. This paper presents a sound optimized method to static analysis that can classify the defects reported by static defect detection tool into different groups, in which all defects are false positives (true positives) if the dominant defect is false positives (true positives). The experimental results show a decrease of 22% the time inspecting all defects and the capability and flexibility of this method to detect defects of large, critical or embedded systems.

    参考文献
    [1] Bush WR, Pincus JD, Sielaff DJ. A static analyzer for finding dynamic programming errors. Software-Practice and Experience, 2000,30(7):775-802. [doi: 10.1002/(SICI)1097-024X(200006)30:7<775::AID-SPE309>3.0.CO;2-H]
    [2] Das M, Lerner S, Seigle M. ESP: Path-Sensitive program verification in polynomial time. ACM SIGPLAN Notices, 2002,37(5): 57-68. [doi: 10.1145/543552.512538]
    [3] Rice HG. Classes of recursively enumerable sets and their decision problems. Trans. of the American Mathematical Society, 1953, 74(2):358-366. [doi: 10.1090/S0002-9947-1953-0053041-6]
    [4] Le W, Soffa ML. Path-Based fault correlations. In: Proc. of the 18th ACM SIGSOFT Int’l Symp. on Foundations of Software Engineering. ACM Press, 2010. 307-316. [doi: 10.1145/1882291.1882336]
    [5] Xiao Q, Gong YZ, Yang ZH, Jin DH, Wang YW. Path sensitive static defect detecting method. Ruan Jian Xue Bao/Journal of Software, 2010,21(2):209-217 (in Chinese with English abstract). http://www.jos.org.cn/1000-9825/3872.htm [doi: 10.3724/SP.J. 1001.2010.03872]
    [6] Xiao Q, Chen JL. Research on key technologies of improving the accuracy of static defect detecting [Ph.D. Thesis]. Beijing: Beijing University of Posts and Telecommunications, 2011 (in Chinese with English abstract).
    [7] Zhao YS, Gong YZ. Research on symbolic analysis based static defect detection technique [Ph.D. Thesis]. Beijing: Beijing University of Posts and Telecommunications, 2012 (in Chinese with English abstract).
    [8] Cousot P, Cousot R. Abstract interpretation frameworks. Journal of Logic and Computation, 1992,2(4):511-547. [doi: 10.1093/log com/2.4.511]
    [9] Cousot P, Cousot R. Abstract interpretation: A unified lattice model for static analysis of programs by construction or approximation of fixpoints. In: Proc. of the 4th ACM SIGACT-SIGPLAN Symp. on Principles of Programming Languages. ACM Press, 1977. 238-252. [doi: 10.1145/512950.512973]
    [10] Cousot P, Cousot R. Static determination of dynamic properties of generalized type unions. ACM SIGOPS Operating Systems Review, 1977,11(2):77-94. [doi: 10.1145/390018.808314]
    [11] Wang YW, Chen JL. Research on software testing technology based on defect pattern [Ph.D. Thesis]. Beijing: Beijing University of Posts and Telecommunications, 2009 (in Chinese with English abstract).
    [12] Zhao Y, Gong Y, Liu L, Xiao Q, Yang Z. Context-Sensitive interprocedural defect detection based on a unified symbolic procedure summary model. In: Proc. of the 2011 11th Int’l Conf. on Quality Software (QSIC). IEEE, 2011. 51-60. [doi: 10.1109/QSIC.2011. 15]
    [13] Dillig I, Dillig T, Aiken A. Automated error diagnosis using abductive inference. ACM SIGPLAN Notices, 2012,47(6):181-192.[doi: 10.1145/2254064.2254087]
    [14] Rival X. Understanding the origin of alarms in Astrée. In: Proc of the 12th Int’l Conf. on Static Analysis. London: Springer-Verlag, 2005. 303-319. [doi: 10.1007/11547662_21]
    [15] Manevich R, Sridharan M, Adams S, Das S, Yang Z. PSE: explaining program failures via postmortem static analysis. ACM SIGSOFT Software Engineering Notes, 2004,29(6):63-72. [doi: 10.1145/1029894.1029907]
    [16] Lee W, Lee W, Yi K. Sound non-statistical clustering of static analysis alarms. In: Proc. of the Verification, Model Checking, and Abstract Interpretation. Berlin, Heidelberg: Springer-Verlag, 2012. 299-314. [doi: 10.1007/978-3-642-27940-9_20]
    [17] Zhao Y, Wang Y, Gong Y, Chen H, Xiao Q, Yang Z. STVL: Improve the precision of static defect detection with symbolic threevalued logic. In: Proc. of the 2011 18th Asia Pacific Software Engineering Conf. (APSEC). IEEE, 2011. 179-186. [doi: 10.1109/A PSEC.2011.23]
    [18] Zhou H, Wang Q, Jin D, Gong Y. A Static detecting model for invalid arithmetic operation based on alias analysis. In: Proc. of the 2012 IEEE 23rd Int’l Symp. on Software Reliability Engineering Workshops (ISSREW). IEEE, 2012. 183-188. [doi: 10.1109/ISS REW.2012.14]
    网友评论
    网友评论
    分享到微博
    发 布
引用本文

张大林,金大海,宫云战,王前,董玉坤,张海龙.基于缺陷关联的静态分析优化.软件学报,2014,25(2):386-399

复制
分享
文章指标
  • 点击次数:5799
  • 下载次数: 7535
  • HTML阅读次数: 2330
  • 引用次数: 0
历史
  • 收稿日期:2013-05-08
  • 最后修改日期:2013-12-05
  • 在线发布日期: 2014-01-26
文章二维码
友情链接:中国科学院软件研究所中国计算机学会中国科学院国家自然科学基金委员会CCF数字图书馆Int'l J of Softw Info计算机系统应用
您是第19727511位访问者
版权所有:中国科学院软件研究所 京ICP备05046678号-3
地址:北京市海淀区中关村南四街4号,邮政编码:100190
电话:010-62562563 传真:010-62562533 Email:jos@iscas.ac.cn
技术支持:北京勤云科技发展有限公司

京公网安备 11040202500063号