Static Analysis Techniques and Tools: A Systematic Mapping Study

The main disadvantage of static analysis tools is their high false positive rates. False positives are errors that either do not exist or do not lead to serious software failures. Thus , the benefits of automated static analysis tools are reduced due t o he need for manual interventions to assess true and false posit ive warnings. This paper presents a systematic mapping study to identify current state-of-the-art static analysis techni ques and tools as well as the main approaches that have been developed to mitigate false positives. Keywords-automatic static analysis; false positive; systematic mapping study.

[1]  Jochen Hoenicke,et al.  Doomed program points , 2010, Formal Methods Syst. Des..

[2]  Claes Wohlin,et al.  Systematic literature reviews in software engineering , 2013, Inf. Softw. Technol..

[3]  Mangala Gowri Nanda,et al.  Making defect-finding tools work for you , 2010, 2010 ACM/IEEE 32nd International Conference on Software Engineering.

[4]  Kwang-Moo Choe,et al.  Filtering false alarms of buffer overflow analysis using SMT solvers , 2010, Inf. Softw. Technol..

[5]  C. Csallner,et al.  Check 'n' crash: combining static checking and testing , 2005, Proceedings. 27th International Conference on Software Engineering, 2005. ICSE 2005..

[6]  Chao Chen,et al.  ISA: a source code static vulnerability detection system based on data fusion , 2007 .

[7]  Thomas Zimmermann,et al.  Automatic Identification of Bug-Introducing Changes , 2006, 21st IEEE/ACM International Conference on Automated Software Engineering (ASE'06).

[8]  Tore Dybå,et al.  Empirical studies of agile software development: A systematic review , 2008, Inf. Softw. Technol..

[9]  Dawson R. Engler,et al.  Z-Ranking: Using Statistical Analysis to Counter the Impact of Static Analysis Approximations , 2003, SAS.

[10]  Ming Zhu,et al.  ISA: a source code static vulnerability detection system based on data fusion , 2007, Infoscale.

[11]  Jan Jürjens,et al.  Comparing Bug Finding Tools with Reviews and Tests , 2005, TestCom.

[12]  Yannis Smaragdakis,et al.  Residual investigation: predictive and precise bug detection , 2012, ISSTA 2012.

[13]  Yi Wang,et al.  BRICK: A Binary Tool for Run-Time Detecting and Locating Integer-Based Vulnerability , 2009, 2009 International Conference on Availability, Reliability and Security.

[14]  Junfeng Yang,et al.  Sound and precise analysis of parallel programs through schedule specialization , 2012, PLDI.

[15]  Eric Bodden,et al.  Finding programming errors earlier by evaluating runtime monitors ahead-of-time , 2008, SIGSOFT '08/FSE-16.

[16]  Zijiang Yang,et al.  HEAT: An Integrated Static and Dynamic Approach for Thread Escape Analysis , 2009, 2009 33rd Annual IEEE International Computer Software and Applications Conference.

[17]  Zhigang Ding,et al.  Practical strategies to improve test efficiency , 2007 .

[18]  Michael D. Ernst,et al.  Prioritizing Warning Categories by Analyzing Software History , 2007, Fourth International Workshop on Mining Software Repositories (MSR'07:ICSE Workshops 2007).

[19]  Gleb Naumovich,et al.  Improving Data Integrity with a Java Mutability Analysis , 2007, 14th Asia-Pacific Software Engineering Conference (APSEC'07).

[20]  Siau-Cheng Khoo,et al.  Discovering complete API rules with mutation testing , 2012, 2012 9th IEEE Working Conference on Mining Software Repositories (MSR).

[21]  Kai Petersen,et al.  Systematic Mapping Studies in Software Engineering , 2008, EASE.

[22]  Rongxin Wu,et al.  Dealing with noise in defect prediction , 2011, 2011 33rd International Conference on Software Engineering (ICSE).

[23]  Willem Bester,et al.  Test-case generation and bug-finding through symbolic execution , 2012, SAICSIT '12.

[24]  Pankaj Jalote,et al.  Integrating Static and Dynamic Analysis for Detecting Vulnerabilities , 2006, 30th Annual International Computer Software and Applications Conference (COMPSAC'06).

[25]  Cormac Flanagan,et al.  Detecting inconsistencies via universal reachability analysis , 2012, ISSTA 2012.

[26]  Alan J. Hu,et al.  Calysto: scalable and precise extended static checking , 2008, ICSE.

[27]  Claire Le Goues,et al.  Measuring Code Quality to Improve Specification Mining , 2012, IEEE Transactions on Software Engineering.

[28]  Sriram Sankaranarayanan,et al.  DC2: A framework for scalable, scope-bounded software verification , 2011, 2011 26th IEEE/ACM International Conference on Automated Software Engineering (ASE 2011).

[29]  Thomas Moschny,et al.  Finding synchronization defects in java programs: extended static analyses and code patterns , 2008, IWMSE '08.

[30]  Yannis Smaragdakis,et al.  Check 'n' crash: combining static checking and testing , 2005, Proceedings. 27th International Conference on Software Engineering, 2005. ICSE 2005..

[31]  Mangala Gowri Nanda,et al.  Accurate Interprocedural Null-Dereference Analysis for Java , 2009, 2009 IEEE 31st International Conference on Software Engineering.

[32]  Sarah Smith Heckman,et al.  On establishing a benchmark for evaluating static analysis alert prioritization and classification techniques , 2008, ESEM '08.

[33]  Edith Schonberg,et al.  SABER: smart analysis based error reduction , 2004, ISSTA '04.

[34]  Michael D. Ernst,et al.  Which warnings should I fix first? , 2007, ESEC-FSE '07.

[35]  Steffen Keul,et al.  Tuning Static Data Race Analysis for Automotive Control Software , 2011, 2011 IEEE 11th International Working Conference on Source Code Analysis and Manipulation.

[36]  Gleb Naumovich,et al.  Field Escape Analysis for Data Confidentiality in Java Components , 2007, 14th Asia-Pacific Software Engineering Conference (APSEC'07).

[37]  Jianjun Zhao,et al.  EFindBugs: Effective Error Ranking for FindBugs , 2011, 2011 Fourth IEEE International Conference on Software Testing, Verification and Validation.

[38]  Eitan Farchi,et al.  Practical verification of high-level dataraces in transactional memory programs , 2011, PADTAD '11.

[39]  William Pugh,et al.  Using checklists to review static analysis warnings , 2009, DEFECTS '09.

[40]  Mariano Ceccato,et al.  Towards security testing with taint analysis and genetic algorithms , 2010, SESS '10.

[41]  Stephen McCamant,et al.  Statically-directed dynamic automated test generation , 2011, ISSTA '11.

[42]  Yuanyuan Zhou,et al.  Detecting Concurrency Bugs from the Perspectives of Synchronization Intentions , 2012, IEEE Transactions on Parallel and Distributed Systems.

[43]  Jeffrey S. Foster,et al.  A comparison of bug finding tools for Java , 2004, 15th International Symposium on Software Reliability Engineering.

[44]  Victor R. Basili,et al.  Comparing the Effectiveness of Software Testing Strategies , 1987, IEEE Transactions on Software Engineering.

[45]  Panagiotis Louridas,et al.  Static code analysis , 2006, IEEE Software.

[46]  M. N. Al-Ameen,et al.  Making findbugs more powerful , 2011, 2011 IEEE 2nd International Conference on Software Engineering and Service Science.

[47]  Marco Torchiano,et al.  An empirical validation of FindBugs issues related to defects , 2011 .

[48]  Silvio Romero de Lemos Meira,et al.  A Systematic Mapping Study on Domain-Specific Languages , 2012, ICSEA 2012.

[49]  Yannis Smaragdakis,et al.  DSD-Crasher: A hybrid analysis tool for bug finding , 2006, TSEM.

[50]  Julia L. Lawall,et al.  WYSIWIB: A declarative approach to finding API protocols and bugs in Linux code , 2009, DSN.

[51]  Cristina Cifuentes,et al.  Parfait: designing a scalable bug checker , 2008, SAW '08.

[52]  Sarah Smith Heckman,et al.  A Model Building Process for Identifying Actionable Static Analysis Alerts , 2009, 2009 International Conference on Software Testing Verification and Validation.

[53]  David Lo,et al.  Active refinement of clone anomaly reports , 2012, 2012 34th International Conference on Software Engineering (ICSE).

[54]  Shrawan Kumar,et al.  Effective false positive filtering for evolving software , 2011, ISEC.

[55]  Yeping He,et al.  Static Analysis of Format String Vulnerabilities , 2011, 2011 First ACIS International Symposium on Software and Network Engineering.

[56]  Paul Anderson Measuring the Value of Static-Analysis Tool Deployments , 2012, IEEE Security & Privacy.

[57]  Tao Xie,et al.  Automatic construction of an effective training set for prioritizing static analysis warnings , 2010, ASE.

[58]  Ulf Nilsson,et al.  A Comparative Study of Industrial Static Analysis Tools , 2008, SSV.

[59]  Eric Bodden,et al.  Aspect-Oriented Race Detection in Java , 2010, IEEE Transactions on Software Engineering.

[60]  Sarah Smith Heckman Adaptively ranking alerts generated from automated static analysis , 2007, ACM Crossroads.