Learning Probabilistic Models for Static Analysis Alarms

2022 IEEE/ACM 44th International Conference on Software Engineering (ICSE) Pub Date : 2022-05-01 DOI:10.1145/3510003.3510098

Hyunsu Kim, Mukund Raghothaman, K. Heo

{"title":"Learning Probabilistic Models for Static Analysis Alarms","authors":"Hyunsu Kim, Mukund Raghothaman, K. Heo","doi":"10.1145/3510003.3510098","DOIUrl":null,"url":null,"abstract":"We present BayeSmith, a general framework for automatically learning probabilistic models of static analysis alarms. Several prob-abilistic reasoning techniques have recently been proposed which incorporate external feedback on semantic facts and thereby reduce the user's alarm inspection burden. However, these approaches are fundamentally limited to models with pre-defined structure, and are therefore unable to learn or transfer knowledge regarding an analysis from one program to another. Furthermore, these probabilistic models often aggressively generalize from external feedback and falsely suppress real bugs. To address these problems, we propose BayeSmith that learns the structure and weights of the probabilistic model. Starting from an initial model and a set of training programs with bug labels, BayeSmith refines the model to effectively prioritize real bugs based on feedback. We evaluate the approach with two static analyses on a suite of C programs. We demonstrate that the learned models significantly improve the performance of three state-of-the-art probabilistic reasoning systems.","PeriodicalId":202896,"journal":{"name":"2022 IEEE/ACM 44th International Conference on Software Engineering (ICSE)","volume":"41 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 IEEE/ACM 44th International Conference on Software Engineering (ICSE)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3510003.3510098","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 3

Abstract

We present BayeSmith, a general framework for automatically learning probabilistic models of static analysis alarms. Several prob-abilistic reasoning techniques have recently been proposed which incorporate external feedback on semantic facts and thereby reduce the user's alarm inspection burden. However, these approaches are fundamentally limited to models with pre-defined structure, and are therefore unable to learn or transfer knowledge regarding an analysis from one program to another. Furthermore, these probabilistic models often aggressively generalize from external feedback and falsely suppress real bugs. To address these problems, we propose BayeSmith that learns the structure and weights of the probabilistic model. Starting from an initial model and a set of training programs with bug labels, BayeSmith refines the model to effectively prioritize real bugs based on feedback. We evaluate the approach with two static analyses on a suite of C programs. We demonstrate that the learned models significantly improve the performance of three state-of-the-art probabilistic reasoning systems.

查看原文本刊更多论文

静态分析报警的学习概率模型

我们提出了bayessmith，一个用于自动学习静态分析警报概率模型的通用框架。最近提出了几种概率推理技术，这些技术结合了语义事实的外部反馈，从而减少了用户的报警检查负担。然而，这些方法基本上仅限于具有预定义结构的模型，因此无法学习或将有关分析的知识从一个程序转移到另一个程序。此外，这些概率模型经常从外部反馈中积极地泛化，并错误地抑制了真正的bug。为了解决这些问题，我们提出了学习概率模型的结构和权重的bayessmith。bayessmith从一个初始模型和一组带有bug标签的训练程序开始，改进了这个模型，以便根据反馈有效地对真实的bug进行优先级排序。我们通过对一套C程序的两个静态分析来评估这种方法。我们证明了学习模型显著提高了三种最先进的概率推理系统的性能。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2022 IEEE/ACM 44th International Conference on Software Engineering (ICSE)

自引率

0.00%

发文量