ISSRE 2006 | November 10, 2006 Automated Adaptive Ranking and Filtering of Static Analysis Alerts Sarah Heckman Laurie Williams November 10, 2006.

Slides:

Advertisements

Similar presentations

ICSE Doctoral Symposium | May 21, 2007 Adaptive Ranking Model for Ranking Code-Based Static Analysis Alerts Sarah Smith Heckman Advised by Laurie Williams.

Advertisements

Omnibus: A clean language and supporting tool for integrating different assertion-based verification techniques Thomas Wilson, Savi Maharaj, Robert G.

By Rohen Shah – rxs07u.  Introduction  Different methodologies used  Different types of testing tools  Most commonly used testing tools  Summary.

CS527: Advanced Topics in Software Engineering (Software Testing and Analysis) Darko Marinov September 18, 2008.

Automated Software Testing: Test Execution and Review Amritha Muralidharan (axm16u)

ESEM | October 9, 2008 On Establishing a Benchmark for Evaluating Static Analysis Prioritization and Classification Techniques Sarah Heckman and Laurie.

A Comparative Evaluation of Static Analysis Actionable Alert Identification Techniques Sarah Heckman and Laurie Williams Department of Computer Science.

Bug Isolation via Remote Program Sampling Ben Liblit, Alex Aiken, Alice X.Zheng, Michael I.Jordan Presented by: Xia Cheng.

Static code check – Klocwork

1 Software Testing and Quality Assurance Lecture 36 – Software Quality Assurance.

Informed Content Delivery Across Adaptive Overlay Networks J. Byers, J. Considine, M. Mitzenmacher and S. Rost Presented by Ananth Rajagopala-Rao.

Design of Fault Tolerant Data Flow in Ptolemy II Mark McKelvin EE290 N, Fall 2004 Final Project.

SIGDIG – Signal Discrimination for Condition Monitoring A system for condition analysis and monitoring of industrial signals Collaborative research effort.

Statement of the Problem Goal Establishes Setting of the Problem hypothesis Additional information to comprehend fully the meaning of the problem scopedefinitionsassumptions.

How to Measure the Impact of Specific Development Practices on Fielded Defect Density.

Software Process and Product Metrics

Aim: What are the steps of the scientific method?

Expediting Programmer AWAREness of Anomalous Code Sarah E. Smith Laurie Williams Jun Xu November 11, 2005.

SEG Software Maintenance1 Software Maintenance “The modification of a software product after delivery to correct faults, to improve performance or.

Concordia University Department of Computer Science and Software Engineering Click to edit Master title style ADVANCED PROGRAMING PRACTICES API documentation.

Training. Why Train? skills and knowledge needed by new staff update skills of old staff assure conformity to standards teach the proper use of SQA procedures.

Even More SQA: CAPA Corrective and Preventive Actions.

1 NASA OSMA SAS02 Software Reliability Modeling: Traditional and Non-Parametric Dolores R. Wallace Victor Laing SRS Information Services Software Assurance.

Software Reliability Growth. Three Questions Frequently Asked Just Prior to Release 1.Is this version of software ready for release (however “ready” is.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 27 Slide 1 Quality Management 1.

Copyright © 2005 Brooks/Cole, a division of Thomson Learning, Inc Chapter 24 Statistical Inference: Conclusion.

Software Quality Chapter Software Quality  How can you tell if software has high quality?  How can we measure the quality of software?  How.

Reverse Engineering State Machines by Interactive Grammar Inference Neil Walkinshaw, Kirill Bogdanov, Mike Holcombe, Sarah Salahuddin.

CSCE 548 Secure Software Development Risk-Based Security Testing.

1 Design, construction, & unit testing Software Engineering Semester Project Chih-Hong Jeng & Farn Wang fall 2006.

CSCE 548 Code Review. CSCE Farkas2 Reading This lecture: – McGraw: Chapter 4 – Recommended: Best Practices for Peer Code Review,

University of Maryland Bug Driven Bug Finding Chadd Williams.

1 Software Testing and Quality Assurance Lecture 33 – Software Quality Assurance.

Distributed QoS Evaluation for Real- World Web Services Zibin Zheng, Yilei Zhang, and Michael R. Lyu July 07, 2010 Department of Computer.

Sadegh Aliakbary Sharif University of Technology Spring 2012.

Jhih-sin Jheng 2009/09/01 Machine Learning and Bioinformatics Laboratory.

Predicting Accurate and Actionable Static Analysis Warnings: An Experimental Approach J. Ruthruff et al., University of Nebraska-Lincoln, NE U.S.A, Google.

Yazd University, Electrical and Computer Engineering Department Course Title: Advanced Software Engineering By: Mohammad Ali Zare Chahooki 1 Machine Learning.

Automatically Repairing Broken Workflows for Evolving GUI Applications Sai Zhang University of Washington Joint work with: Hao Lü, Michael D. Ernst.

Debug Concern Navigator Masaru Shiozuka(Kyushu Institute of Technology, Japan) Naoyasu Ubayashi(Kyushu University, Japan) Yasutaka Kamei(Kyushu University,

MARTIN P. ROBILLARD, McGill University, Canada ACM Transactions on Software Engineering and Methodology (TOSEM), vol. 17, no. 4, August 2008 Presented.

Of 18 Is Bytecode Instrumentation as Good as Source Instrumentation? An Empirical Study with Industrial Tools Nan Li, Xin Meng, Jeff Offutt, and Lin Deng.

© Andrew IrelandDependable Systems Group Static Analysis and Program Proof Andrew Ireland School of Mathematical & Computer Sciences Heriot-Watt University.

1 An Aspect-Oriented Implementation Method Sérgio Soares CIn – UFPE Orientador: Paulo Borba.

1 Test Selection for Result Inspection via Mining Predicate Rules Wujie Zheng

THE IRISH SOFTWARE ENGINEERING RESEARCH CENTRELERO© What we currently know about software fault prediction: A systematic review of the fault prediction.

Software Debugging, Testing, and Verification Presented by Chris Hundersmarck November 10, 2004 Dr. Bi’s SE516.

“Isolating Failure Causes through Test Case Generation “ Jeremias Rößler Gordon Fraser Andreas Zeller Alessandro Orso Presented by John-Paul Ore.

Consensus-based Mining of API Preconditions in Big Code Hoan NguyenRobert DyerTien N. NguyenHridesh Rajan.

Applicability Analysis of Software Testing for Actual Operating Railway Software Jong-Gyu Hwang 1, Hyun-Jeong Jo 1, Baek-Hyun Kim 1, Jong-Hyun Baek 1 1.

1-1 Copyright © 2014, 2011, and 2008 Pearson Education, Inc.

Combining Static and Dynamic Reasoning for Bug Detection Yannis Smaragdakis and Christoph Csallner Elnatan Reisner – April 17, 2008.

Automated Adaptive Bug Isolation using Dyninst Piramanayagam Arumuga Nainar, Prof. Ben Liblit University of Wisconsin-Madison.

Investigating QoS of Web Services by Distributed Evaluation Zibin Zheng Feb. 8, 2010 Department of Computer Science & Engineering.

| Secure Software Development | Funke, Pfretzschner, Zulfiqar Integration of Static Code Analysis in Continuous Integration Lifecycles Source:

DevCOP: A Software Certificate Management System for Eclipse Mark Sherriff and Laurie Williams North Carolina State University ISSRE ’06 November 10, 2006.

Static Analysis Introduction Emerson Murphy-Hill.

EKT 314/4 WEEK 2 : CHAPTER 1 INTRODUCTION TO EI ELECTRONIC INSTRUMENTATION.

Review on Test-Based Approach of Software Reliability November 22 nd, 2010 Nuclear I&C and Information Engineering LabKAIST Bo Gyung Kim.

October 20-23rd, 2015 FEEBO: A Framework for Empirical Evaluation of Malware Detection Resilience Against Behavior Obfuscation Sebastian Banescu Tobias.

Static Analysis Tools Emerson Murphy-Hill. A Comparison of Bug Finding Tools for Java Bug pattern detection PMD FindBugs JLint Theorem proving [involves.

A Hierarchical Model for Object-Oriented Design Quality Assessment

Generating Automated Tests from Behavior Models

Testing and Debugging PPT By :Dr. R. Mall.

Towards Trustworthy Program Repair

MultiRefactor: Automated Refactoring To Improve Software Quality

Martin Rajman, Martin Vesely

Corrective and Preventive Actions

Baisc Of Software Testing

What is the Scientific Method?

Presentation transcript:

ISSRE 2006 | November 10, 2006 Automated Adaptive Ranking and Filtering of Static Analysis Alerts Sarah Heckman Laurie Williams November 10, 2006

ISSRE 2006 | November 10, 2006 Contents Motivation Research Objective AWARE Ranking and Filtering –Alert Ranking Factors Experiment Progress & Future Work Conclusions

ISSRE 2006 | November 10, 2006 Motivation Programmers tend to make the same mistakes Static analysis tools are useful for finding these recurring mistakes However, static analysis tools have a high rate of false positives

ISSRE 2006 | November 10, 2006 Research Objective To improve the correctness and security of a system by continuously, automatically, and efficiently providing adaptively ranked and filtered static analysis alerts to software engineers during development.

ISSRE 2006 | November 10, 2006 AWARE Automated Warning Application for Reliability Engineering Ranks static analysis alerts by the probability an alert is a true fault Ranking is adjusted by –Filtering alerts –Fixing alerts

ISSRE 2006 | November 10, 2006 Alert Ranking Factors Type Accuracy: Categorization of alerts based on observed accuracy of alert type Code Locality: Alerts reported by static analysis tools cluster by locality Generated Test Failure: Failing test cases derived from static analysis alerts provide a concrete fault condition

ISSRE 2006 | November 10, 2006 Experiment (1) Questions to Investigate –Does AWARE’s initial ranking perform better than a random ordering of alerts for various initial TA values? Number of initial false positives Average number of false positives between true positives –How many false positives must be filtered before all of the true positives reach the top of the ranking? Number of alerts filtered before all true positives reach the top of the list

ISSRE 2006 | November 10, 2006 Experiment (2) RealEstate Example –775 uncommented, non-blank LOC –Analyzed without annotations Check ‘n’ Crash Results –28 alerts, 27 analyzed –2 alerts were true positives

ISSRE 2006 | November 10, 2006 Experimental Results and Limitations AWARE ranks TP alerts at the top of list and has a lower average occurrence of FPs between TPs. Between 11 – 25% of alerts required filtering before all TPs reached the top of the ranking Limitations –Small sample size –The initial ranking value for TA were unrealistic

ISSRE 2006 | November 10, 2006 Progress & Future Work Current Work: –Development of AWARE tool for Eclipse IDE and Java –Use of AWARE in graduate level class Future Work: – Industrial case study –Extend AWARE to gather alerts from C/C++ static analyzers AWARE Research site: –

ISSRE 2006 | November 10, 2006 Questions? Sarah Heckman: