A study of static warning cascading tool

Thumbnail Image
Date
2023-08
Authors
Guo, Xiuyuan
Major Professor
Advisor
Le, Wei
Mitra, Simanta
Zhang, Wensheng
Committee Member
Journal Title
Journal ISSN
Volume Title
Publisher
Altmetrics
Authors
Research Projects
Organizational Units
Journal Issue
Is Version Of
Versions
Series
Department
Computer Science
Abstract
Static analysis is widely used for software assurance. However, static analysis tools can report an overwhelming number of warnings, many of which are false positives. Applying the static analysis to a new version can result in a large number of warnings that are only relevant to the old version. Inspecting these warnings is time-consuming and can hinder developers from finding new bugs in the new version. We report the challenges of cascading warnings generated from two versions of programs. We investigated program differencing tools and extended them to perform warning cascading automatically. Specifically, we used the textual-based diff tool, namely SCALe, abstract syntax tree (AST) based diff tool, namely GumTree, and control flow graph (CFG) based diff tool, namely Hydrogen. We reported our experience of applying these tools, and hopefully, our findings can help developers understand of pros and cons of each approach. In our evaluation, we used 96 pairs of benchmark programs for which we know ground-truth bugs and fixes as well as 12 pairs of real-world open-source projects. Our tools and data are available at https://github.com/WarningCas/WarningCascading_Data.
Comments
Description
Keywords
Citation
Source
Subject Categories
Copyright