Abstract
We propose an interactive approach to resolve static analysis alarms. Our approach synergistically combines a sound but imprecise analysis with precise but unsound heuristics, through user interaction. In each iteration, it solves an optimization problem to find a set of questions for the user such that the expected payoff is maximized. We have implemented our approach in a tool, Ursa, that enables interactive alarm resolution for any analysis specified in the declarative logic programming language Datalog. We demonstrate the effectiveness of Ursa on a state-of-the-art static datarace analysis using a suite of 8 Java programs comprising 41-194 KLOC each. Ursa is able to eliminate 74% of the false alarms per benchmark with an average payoff of 12× per question. Moreover, Ursa prioritizes user effort effectively by posing questions that yield high payoffs earlier.
- 2015. UpWork. http://www.upwork.com . (2015). Accessed: 2015-11-19.Google Scholar
- Nathaniel Ayewah, David Hovemeyer, J. David Morgenthaler, John Penix, and William Pugh. 2008. Using static analysis to find bugs. IEEE Software (2008).Google Scholar
Digital Library
- Thomas Ball, Mayur Naik, and Sriram K. Rajamani. 2003. From symptom to cause: localizing errors in counterexample traces. In POPL. Google Scholar
Digital Library
- Osbert Bastani, Saswat Anand, and Alex Aiken. 2015. Specification inference using context-free language reachability. In POPL . Google Scholar
Digital Library
- Al Bessey, Ken Block, Benjamin Chelf, Andy Chou, Bryan Fulton, Seth Hallem, Charles-Henri Gros, Asya Kamsky, Scott McPeak, and Dawson R. Engler. 2010. A few billion lines of code later: using static analysis to find bugs in the real world. Commun. ACM (2010).Google Scholar
- Sam Blackshear and Shuvendu Lahiri. 2013. Almost-correct specifications: a modular semantic framework for assigning confidence to warnings. In PLDI. Google Scholar
Digital Library
- Tom Copeland. 2005. PMD applied. (2005).Google Scholar
- Isil Dillig, Thomas Dillig, and Alex Aiken. 2012. Automated error diagnosis using abductive inference. In PLDI. Google Scholar
Digital Library
- Lisa Nguyen Quang Do, Karim Ali, Benjamin Livshits, Eric Bodden, Justin Smith, and Emerson Murphy-Hill. 2017. Just-intime static analysis. In ISSTA.Google Scholar
- Michael D. Ernst, Jake Cockrell, William G. Griswold, and David Notkin. 2001. Dynamically discovering likely program invariants to support program evolution. IEEE Trans. Software Eng. (2001).Google Scholar
Digital Library
- Gurobi Optimization, Inc. 2016. Gurobi optimizer reference manual. http://www.gurobi.com . (2016).Google Scholar
- Seth Hallem, Benjamin Chelf, Yichen Xie, and Dawson R. Engler. 2002. A system and language for building system-specific, static analyses. In PLDI. Google Scholar
Cross Ref
- James A. Jones and Mary Jean Harrold. 2005. Empirical evaluation of the tarantula automatic fault-localization technique. In ASE. Google Scholar
Digital Library
- James A. Jones, Mary Jean Harrold, and John T. Stasko. 2002. Visualization of test information to assist fault localization. In ICSE . Google Scholar
Cross Ref
- Herbert Jordan, Bernhard Scholz, and Pavle Subotic. 2016. Soufflé: on synthesis of program analyzers. In CAV. Google Scholar
Cross Ref
- Yungbum Jung, Jaehwang Kim, Jaeho Shin, and Kwangkeun Yi. 2005. Taming false alarms from a domain-unaware C analyzer by a bayesian statistical post analysis. In SAS.Google Scholar
- Ted Kremenek, Ken Ashcraft, Junfeng Yang, and Dawson Engler. 2004. Correlation exploitation in error ranking. In FSE. Google Scholar
Digital Library
- Ted Kremenek and Dawson Engler. 2003. Z-Ranking: using statistical analysis to counter the impact of static analysis approximations. In SAS.Google Scholar
- Wei Le and Mary Lou Soffa. 2010. Path-based Fault Correlations. In FSE. Google Scholar
Digital Library
- Woosuk Lee, Wonchan Lee, and Kwangkeun Yi. 2012. Sound non-statistical clustering of static analysis alarms. In VMCAI. Google Scholar
Digital Library
- Ondrej Lhoták. 2002. Spark: A flexible points-to analysis framework for Java. (2002).Google Scholar
- Ben Liblit, Mayur Naik, Alice X. Zheng, Alexander Aiken, and Michael I. Jordan. 2005. Scalable statistical bug isolation. In PLDI . Google Scholar
Digital Library
- Benjamin Livshits, Manu Sridharan, Yannis Smaragdakis, Ondrej Lhoták, José Nelson Amaral, Bor-Yuh Evan Chang, Samuel Z. Guyer, Uday P. Khedker, Anders Møller, and Dimitrios Vardoulakis. 2015. In defense of soundiness: a manifesto. CACM (2015).Google Scholar
- Magnus Madsen, Ming-Ho Yee, and Ondrej Lhoták. 2016. From Datalog to Flix: a declarative language for fixed points on lattices. In PLDI. Google Scholar
Digital Library
- Ravi Mangal, Xin Zhang, Aditya V. Nori, and Mayur Naik. 2015. A user-guided approach to program analysis. In FSE. Google Scholar
Digital Library
- Mayur Naik. 2006. Chord: A Program Analysis Platform for Java. http://jchord.googlecode.com/ . (2006).Google Scholar
- Mayur Naik, Alex Aiken, and John Whaley. 2006. Effective static race detection for Java. In PLDI. Google Scholar
Digital Library
- Mayur Naik, Hongseok Yang, Ghila Castelnuovo, and Mooly Sagiv. 2012. Abstractions from tests. In POPL. Google Scholar
Digital Library
- Greg Nelson and Derek C. Oppen. 1979. Simplification by cooperating decision procedures. ACM TOPLAS (1979).Google Scholar
- Hakjoo Oh, Wonchan Lee, Kihong Heo, Hongseok Yang, and Kwangkeun Yi. 2016. Selective X-sensitive analysis guided by impact pre-analysis. ACM TOPLAS (2016).Google Scholar
- Oded Padon, Kenneth McMillan, Aurojit Panda, Mooly Sagiv, and Sharon Shoham. 2016. Ivy: safety verification by interactive generalization. In PLDI. Google Scholar
Digital Library
- Christos H. Papadimitriou. 1981. On the complexity of integer programming. J. ACM (1981).Google Scholar
- J. Ross Quinlan. 1993. C4.5: Programs for Machine Learning. Morgan Kaufmann.Google Scholar
Digital Library
- Manos Renieris and Steven P. Reiss. 2003. Fault localization with nearest neighbor queries. In ASE. Google Scholar
Digital Library
- Henry Gordon Rice. 1953. Classes of recursively enumerable sets and their decision problems. Trans. Amer. Math. Soc. (1953).Google Scholar
- Yannis Smaragdakis and Martin Bravenboer. 2010. Using Datalog for fast and easy program analysis. In Datalog 2.0 Workshop .Google Scholar
- Yannis Smaragdakis, George Kastrinis, and George Balatsouras. 2014. Introspective analysis: context-sensitivity, across the board. In PLDI. Google Scholar
Digital Library
- Daniel von Dincklage and Amer Diwan. 2009. Optimizing programs with intended semantics. In OOPSLA. Google Scholar
Digital Library
- Daniel von Dincklage and Amer Diwan. 2011. Integrating program analyses with programmer productivity tools. Softw., Pract. Exper. (2011).Google Scholar
- Shiyi Wei, Omer Tripp, Barbara G. Ryder, and Julian Dolby. 2016. Revamping JavaScript static analysis via localization and remediation of root causes of imprecision. In FSE. Google Scholar
Digital Library
- John Whaley, Dzintars Avots, Michael Carbin, and Monica S. Lam. 2005. Using Datalog with binary decision diagrams for program analysis. In APLAS. Google Scholar
Digital Library
- Xin Zhang, Ravi Mangal, Radu Grigore, Mayur Naik, and Hongseok Yang. 2014. On abstraction refinement for program analyses in Datalog. In PLDI. Google Scholar
Digital Library
- Haiyan Zhu, Thomas Dillig, and Isil Dillig. 2013. Automated inference of library specifications for source-sink property verification. In APLAS 2013. Google Scholar
Digital Library
Index Terms
Effective interactive resolution of static analysis alarms
Recommendations
Interprocedural pointer alias analysis
We present practical approximation methods for computing and representing interprocedural aliases for a program written in a language that includes pointers, reference parameters, and recursion. We present the following contributions: (1) a framework ...
Filtering false alarms of buffer overflow analysis using SMT solvers
Buffer overflow detection using static analysis can provide a powerful tool for software programmers to find difficult bugs in C programs. Sound static analysis based on abstract interpretation, however, often suffers from false alarm problem. Although ...
Sound Non-Statistical Clustering of Static Analysis Alarms
We present a sound method for clustering alarms from static analyzers. Our method clusters alarms by discovering sound dependencies between them such that if the dominant alarms of a cluster turns out to be false, all the other alarms in the same ...






Comments