Effective false positive filtering for evolving software

Model checking and static analysis are two techniques widely used to detect property violations in code. However, for property checking on large software systems, only static analysis tools are applied due to their ability to scale up in spite of being imprecise in comparison to model checking tools. All reported violations are manually examined to separate out large number of false positives. This is effort intensive, time consuming and requires reasonable understanding of the system. In this paper, we present a technique that reduces the number of reported false positives by exploiting the incremental nature of large software system development. This is achieved by performing an impact analysis of changes introduced in the current version and suppressing the false positives that are immune to these changes. The paper also presents our experience in applying this technique on a large embedded software system, where we found an 80% reduction in the overall false positives reported.

[1]  Michael D. Ernst,et al.  Which warnings should I fix first? , 2007, ESEC-FSE '07.

[2]  William Pugh,et al.  Using checklists to review static analysis warnings , 2009, DEFECTS '09.

[3]  Thomas W. Reps,et al.  Efficient comparison of program slices , 1991, Acta Informatica.

[4]  Bowen Alpern,et al.  Recognizing safety and liveness , 2005, Distributed Computing.

[5]  Susan Horwitz,et al.  Identifying the semantic and textual differences between two versions of a program , 1990, PLDI '90.

[6]  David W. Binkley,et al.  Interprocedural slicing using dependence graphs , 1990, TOPL.

[7]  Frank Tip,et al.  Chianti: a tool for change impact analysis of java programs , 2004, OOPSLA.

[8]  Mark Harman,et al.  An overview of program slicing , 2001, Softw. Focus.

[9]  David W. Binkley,et al.  An implementation of and experiment with semantic differencing , 2001, Proceedings IEEE International Conference on Software Maintenance. ICSM 2001.

[10]  Thomas Reps,et al.  Program Slicing for Design Automation: An Automatic Technique for Speeding-up Hardware Design, Simul , 1998 .

[11]  Keith Brian Gallagher,et al.  Improving visual impact analysis , 1998, Proceedings. International Conference on Software Maintenance (Cat. No. 98CB36272).

[12]  Dawson R. Engler,et al.  Static Analysis versus Software Model Checking for Bug Finding , 2004, VMCAI.