[关键词]
[摘要]
缺陷检测一般包括静态分析与人工审查两个阶段.静态检测工具报告大量缺陷,但是主要的缺陷确认工作仍由人工完成,这是一件费时、费力的工作.巨大的审查开销可能会导致软件开发人员拒绝使用该静态缺陷检测工具.提出一种可靠的基于缺陷关联的静态分析优化方法,能够分组静态检测工具所报告的缺陷,在分组后的任意一组缺陷中,如果其主导缺陷被证明是误报(或者是真实的),就能确认其他缺陷也是误报(也是真实的).实验结果表明,基于缺陷关联的静态分析优化方法在较小的时间和空间开销下减少了22%的缺陷审查工作,能够较好地适应于大型的关键嵌入式系统程序缺陷检测.
[Key word]
[Abstract]
Defect detection generally includes two stages: static analysis and defect inspection. A large number of defects reported may lead developers and managers to reject the use of static analysis tools as part of the development process due to the overhead of defect inspection. To help with the inspection tasks, this paper formally introduces defect correlation, a sound dependency relationship between defects. If the occurrence of one defect causes another defect to occur, the two defects are correlated. This paper presents a sound optimized method to static analysis that can classify the defects reported by static defect detection tool into different groups, in which all defects are false positives (true positives) if the dominant defect is false positives (true positives). The experimental results show a decrease of 22% the time inspecting all defects and the capability and flexibility of this method to detect defects of large, critical or embedded systems.
[中图分类号]
[基金项目]
国家自然科学基金(91318301, 61202080);国家高技术研究发展计划(863)(2012AA011201)