skip to main content
10.1145/1953355.1953369acmotherconferencesArticle/Chapter ViewAbstractPublication PagesisecConference Proceedingsconference-collections
short-paper

Effective false positive filtering for evolving software

Published: 24 February 2011 Publication History

Abstract

Model checking and static analysis are two techniques widely used to detect property violations in code. However, for property checking on large software systems, only static analysis tools are applied due to their ability to scale up in spite of being imprecise in comparison to model checking tools. All reported violations are manually examined to separate out large number of false positives. This is effort intensive, time consuming and requires reasonable understanding of the system. In this paper, we present a technique that reduces the number of reported false positives by exploiting the incremental nature of large software system development. This is achieved by performing an impact analysis of changes introduced in the current version and suppressing the false positives that are immune to these changes. The paper also presents our experience in applying this technique on a large embedded software system, where we found an 80% reduction in the overall false positives reported.

References

[1]
N. Ayewah and W. Pugh. Using Checklist to Review Static Analysis Warnings. DEFECTS'09, July 19, 2009, Chicago, Illinois, USA.
[2]
S. Kim and M. D. Ernst. Which Warnings should I Fix first? ESEC-FSE'07, September 3--7, 2007, Cavat near Dubrovnik, Croatia.
[3]
D. Binkley, R. Capellini, L. R. Raszewski and C. Smith. An Implementation of and Experiment with Semantic Differencing. ICSM'01 Proceedings of the IEEE International Conference on software maintenance, November 07--09, 2001, Florence, Italy.
[4]
M. Hutchins and K. Gallagher. Improving Visual Impact Analysis. ICSM'98 Proceedings of the International conference on software maintenance, 1998, Washington, DC, USA.
[5]
S. Horwitz. Identifying the Semantic and Textual difference between two versions of a program. Proceedings of the ACM SIGPLAN'SO Conference on Programming Language Design and Implementation, White Plains, New York, June 20--22, 1990.
[6]
X. Ren, F. Shah, F. Tip, B. Ryder, and O. Chesley. Chianti: a tool for change Impact Analysis of Java Programs. OOPSLA'04, October 24--28, 2004, Vancouver, British Columbia, Canada.
[7]
M Sharir, A Pnueli. Two Approaches to Interprocedural Data Flow Analysis. Theory and Applications, 1981 - Englewood Cliffs, NJ.
[8]
S. Horwitz, T. Reps, D. Binkley. Interprocedural Slicing Using Dependence Graphs. Proceedings of the SIGPLAN conference on Programming Language Design and Implementation, Atlanta, Georgia, June 22--24, 1988.
[9]
M. Harman and R. Hierons. An Overview of Program Slicing. Software Focus, Vol. 2, No. 3. (2001), page 85--92.
[10]
B. Alpern and F. Schneider. Recognizing safety and liveness. Distributed Computing 3, 3, 117--126. 1987.
[11]
E. M. Clarke, M. Fujita, S. P. Rajan, T. Reps, S. Shankar and T. Teitelbaum. Program Slicing for Design Automation: An Automatic Technique for Speeding-up Hardware Design, Simulation, Testing and Verification. http://www.cs.wisc.edu/wpis/papers/psda.ps
[12]
D. Engler and M. Musuvathi. Static Analysis versus software model checking for bug finding. Electronic notes in Theoretical Computer Science Volume89, Issue September 2003, Pages 378--404 SoftMC 2003, Workshop on Software Model Checking.
[13]
Embedded Java Persistence. An Oracle White Paper, March 2007. http://whitepapers.techrepublic.com
[14]
S. Horwitz and T. Reps. Efficient Comparison of Program Slices. Journal Acta Informatica, Volume 28, Issue9, Nov1991.

Cited By

View all

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences
ISEC '11: Proceedings of the 4th India Software Engineering Conference
February 2011
229 pages
ISBN:9781450305594
DOI:10.1145/1953355
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

  • Computer Society of India: Computer Society of India

In-Cooperation

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 24 February 2011

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. assertion
  2. backward slicing
  3. data flow analysis
  4. false positives
  5. impact analysis
  6. model checking
  7. safety property
  8. static analysis

Qualifiers

  • Short-paper

Conference

ISEC '11
Sponsor:
  • Computer Society of India
ISEC '11: Indian Software Engineering Conference
February 24 - 27, 2011
Kerala, Thiruvananthapuram, India

Acceptance Rates

Overall Acceptance Rate 76 of 315 submissions, 24%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)8
  • Downloads (Last 6 weeks)0
Reflects downloads up to 13 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2022)MetaLearning with Graph Neural NetworksACM SIGKDD Explorations Newsletter10.1145/3510374.351037923:2(13-22)Online publication date: 3-Jan-2022
  • (2022)LoRa Networking Techniques for Large-scale and Long-term IoT: A Down-to-top SurveyACM Computing Surveys10.1145/349467355:3(1-36)Online publication date: 3-Feb-2022
  • (2022)Survey of Approaches for Postprocessing of Static Analysis AlarmsACM Computing Surveys10.1145/349452155:3(1-39)Online publication date: 3-Feb-2022
  • (2022)Classification and Ranking of Delta Static Analysis Alarms2022 IEEE 22nd International Working Conference on Source Code Analysis and Manipulation (SCAM)10.1109/SCAM55253.2022.00029(197-207)Online publication date: Oct-2022
  • (2021)Truncated Models for Probabilistic Weighted RetrievalACM Transactions on Information Systems10.1145/347683740:3(1-24)Online publication date: 8-Dec-2021
  • (2021)BotSpot++: A Hierarchical Deep Ensemble Model for Bots Install Fraud Detection in Mobile AdvertisingACM Transactions on Information Systems10.1145/347610740:3(1-28)Online publication date: 17-Nov-2021
  • (2021)Graph Neural Collaborative Topic Model for Citation RecommendationACM Transactions on Information Systems10.1145/347397340:3(1-30)Online publication date: 17-Nov-2021
  • (2021)Traffic routing in the ever-changing city of DohaCommunications of the ACM10.1145/344773164:4(67-68)Online publication date: 22-Mar-2021
  • (2017)Scaling Bounded Model Checking by Transforming Programs with ArraysLogic-Based Program Synthesis and Transformation10.1007/978-3-319-63139-4_16(275-292)Online publication date: 25-Jul-2017
  • (2017)Sequentialization Using TimestampsTheory and Applications of Models of Computation10.1007/978-3-319-55911-7_49(684-696)Online publication date: 21-Mar-2017
  • Show More Cited By

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media