识别和记录由静态代码分析工具生成的误报模式

2017 IEEE/ACM 4th International Workshop on Software Engineering Research and Industrial Practice (SER&IP) Pub Date : 2017-05-20 DOI:10.1109/SER-IP.2017..20

Zachary P. Reynolds, Abhinandan B. Jayanth, Ugur Koc, A. Porter, R. Raje, James H. Hill

{"title":"识别和记录由静态代码分析工具生成的误报模式","authors":"Zachary P. Reynolds, Abhinandan B. Jayanth, Ugur Koc, A. Porter, R. Raje, James H. Hill","doi":"10.1109/SER-IP.2017..20","DOIUrl":null,"url":null,"abstract":"This paper presents our results from identifying anddocumenting false positives generated by static code analysistools. By false positives, we mean a static code analysis toolgenerates a warning message, but the warning message isnot really an error. The goal of our study is to understandthe different kinds of false positives generated so we can (1)automatically determine if an error message is truly indeed a truepositive, and (2) reduce the number of false positives developersand testers must triage. We have used two open-source tools andone commercial tool in our study. The results of our study haveled to 14 core false positive patterns, some of which we haveconfirmed with static code analysis tool developers.","PeriodicalId":279970,"journal":{"name":"2017 IEEE/ACM 4th International Workshop on Software Engineering Research and Industrial Practice (SER&IP)","volume":"20 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-05-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"25","resultStr":"{\"title\":\"Identifying and Documenting False Positive Patterns Generated by Static Code Analysis Tools\",\"authors\":\"Zachary P. Reynolds, Abhinandan B. Jayanth, Ugur Koc, A. Porter, R. Raje, James H. Hill\",\"doi\":\"10.1109/SER-IP.2017..20\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"This paper presents our results from identifying anddocumenting false positives generated by static code analysistools. By false positives, we mean a static code analysis toolgenerates a warning message, but the warning message isnot really an error. The goal of our study is to understandthe different kinds of false positives generated so we can (1)automatically determine if an error message is truly indeed a truepositive, and (2) reduce the number of false positives developersand testers must triage. We have used two open-source tools andone commercial tool in our study. The results of our study haveled to 14 core false positive patterns, some of which we haveconfirmed with static code analysis tool developers.\",\"PeriodicalId\":279970,\"journal\":{\"name\":\"2017 IEEE/ACM 4th International Workshop on Software Engineering Research and Industrial Practice (SER&IP)\",\"volume\":\"20 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2017-05-20\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"25\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2017 IEEE/ACM 4th International Workshop on Software Engineering Research and Industrial Practice (SER&IP)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/SER-IP.2017..20\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 IEEE/ACM 4th International Workshop on Software Engineering Research and Industrial Practice (SER&IP)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SER-IP.2017..20","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 25

摘要

本文介绍了我们通过识别和记录静态代码分析工具产生的误报的结果。通过误报，我们的意思是静态代码分析工具生成一个警告消息，但是这个警告消息并不是真正的错误。我们研究的目标是了解产生的不同类型的误报，以便我们可以(1)自动确定错误消息是否确实是真阳性，以及(2)减少开发人员和测试人员必须分类的误报数量。在我们的研究中，我们使用了两个开源工具和一个商业工具。我们的研究结果有14个核心误报模式，其中一些我们已经与静态代码分析工具开发人员进行了确认。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Identifying and Documenting False Positive Patterns Generated by Static Code Analysis Tools

This paper presents our results from identifying anddocumenting false positives generated by static code analysistools. By false positives, we mean a static code analysis toolgenerates a warning message, but the warning message isnot really an error. The goal of our study is to understandthe different kinds of false positives generated so we can (1)automatically determine if an error message is truly indeed a truepositive, and (2) reduce the number of false positives developersand testers must triage. We have used two open-source tools andone commercial tool in our study. The results of our study haveled to 14 core false positive patterns, some of which we haveconfirmed with static code analysis tool developers.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2017 IEEE/ACM 4th International Workshop on Software Engineering Research and Industrial Practice (SER&IP)

自引率

0.00%

发文量