用户指导程序分析的实证应用

Jigang Wang, Shengyu Cheng, Jicheng Cao, Meihua He
{"title":"用户指导程序分析的实证应用","authors":"Jigang Wang, Shengyu Cheng, Jicheng Cao, Meihua He","doi":"10.23919/JCC.fa.2023-0331.202407","DOIUrl":null,"url":null,"abstract":"Although static program analysis methods are frequently employed to enhance software quality, their efficiency in commercial settings is limited by their high false positive rate. The EUGENE tool can effectively lower the false positive rate. However, in continuous integration (CI) environments, the code is always changing, and user feedback from one version of the software cannot be applied to a subsequent version. Additionally, people find it difficult to distinguish between true positives and false positives in the analytical output. In this study, we developed the EUGENE-CI technique to address the CI problem and the EUGENE-rank lightweight heuristic algorithm to rate the reports of the analysis output in accordance with the likelihood that they are true positives. On the three projects ethereum, go-cloud, and kuber-netes, we assessed our methodologies. According to the trial findings, EUGENE-CI may drastically reduce false positives while EUGENE-rank can make it much easier for users to identify the real positives among a vast number of reports. We paired our techniques with GoInsight1 and discovered a vulnerability. We also offered a patch to the community.","PeriodicalId":504777,"journal":{"name":"China Communications","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2024-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"An empirical application of user-guided program analysis\",\"authors\":\"Jigang Wang, Shengyu Cheng, Jicheng Cao, Meihua He\",\"doi\":\"10.23919/JCC.fa.2023-0331.202407\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Although static program analysis methods are frequently employed to enhance software quality, their efficiency in commercial settings is limited by their high false positive rate. The EUGENE tool can effectively lower the false positive rate. However, in continuous integration (CI) environments, the code is always changing, and user feedback from one version of the software cannot be applied to a subsequent version. Additionally, people find it difficult to distinguish between true positives and false positives in the analytical output. In this study, we developed the EUGENE-CI technique to address the CI problem and the EUGENE-rank lightweight heuristic algorithm to rate the reports of the analysis output in accordance with the likelihood that they are true positives. On the three projects ethereum, go-cloud, and kuber-netes, we assessed our methodologies. According to the trial findings, EUGENE-CI may drastically reduce false positives while EUGENE-rank can make it much easier for users to identify the real positives among a vast number of reports. We paired our techniques with GoInsight1 and discovered a vulnerability. We also offered a patch to the community.\",\"PeriodicalId\":504777,\"journal\":{\"name\":\"China Communications\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2024-07-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"China Communications\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.23919/JCC.fa.2023-0331.202407\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"China Communications","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.23919/JCC.fa.2023-0331.202407","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0

摘要

尽管静态程序分析方法经常被用来提高软件质量,但由于其误报率较高,其在商业环境中的效率受到了限制。EUGENE 工具可以有效降低误报率。然而,在持续集成(CI)环境中,代码总是在不断变化,一个版本软件的用户反馈无法应用到后续版本中。此外,人们很难区分分析输出中的真阳性和假阳性。在本研究中,我们开发了 EUGENE-CI 技术来解决 CI 问题,并开发了 EUGENE-rank 轻量级启发式算法,根据真阳性的可能性对分析输出的报告进行评级。我们在以太坊、go-cloud 和 kuber-netes 这三个项目上评估了我们的方法。根据试验结果,EUGENE-CI 可以大幅减少误报,而 EUGENE-rank 则可以让用户更容易地从大量报告中识别出真正的误报。我们将我们的技术与 GoInsight1 配对,发现了一个漏洞。我们还向社区提供了一个补丁。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
An empirical application of user-guided program analysis
Although static program analysis methods are frequently employed to enhance software quality, their efficiency in commercial settings is limited by their high false positive rate. The EUGENE tool can effectively lower the false positive rate. However, in continuous integration (CI) environments, the code is always changing, and user feedback from one version of the software cannot be applied to a subsequent version. Additionally, people find it difficult to distinguish between true positives and false positives in the analytical output. In this study, we developed the EUGENE-CI technique to address the CI problem and the EUGENE-rank lightweight heuristic algorithm to rate the reports of the analysis output in accordance with the likelihood that they are true positives. On the three projects ethereum, go-cloud, and kuber-netes, we assessed our methodologies. According to the trial findings, EUGENE-CI may drastically reduce false positives while EUGENE-rank can make it much easier for users to identify the real positives among a vast number of reports. We paired our techniques with GoInsight1 and discovered a vulnerability. We also offered a patch to the community.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信