Triaging Checklists : a Substitute for a PhD in Static Analysis

Static analysis tools have achieved great success in recent years in automating the process of detecting defects in software. However, these sophisticated tools have yet to gain widespread adoption, since many of these tools remain too difficult to understand and use. In previous work, we discovered that even with an effective code visualization tool, users still found it hard to determine if warnings reported by these tools were true errors or false warnings. The fundamental problem users face is to understand enough of the underlying algorithm to determine if a warning is caused by imprecision in the algorithm, a challenge that even experts with PhDs may take a while to achieve. In our current work, we propose to use triaging checklists to provide users with systematic guidance to identify false warnings by taking into account specific sources of imprecision in the particular tool. Additionally, we plan to provide checklist assistants, which is a library of simple analyses designed to aid users in answering checklist questions.

[1]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[2]  D A Berman,et al.  Computerized algorithm-directed triage in the emergency department. , 1989, Annals of emergency medicine.

[3]  Earl L. Wiener,et al.  Human factors of flight-deck checklists: The normal checklist , 1990 .

[4]  Asaf Degani,et al.  Human Factors Of Flight-Deck Checklists , 1992 .

[5]  John M. Mellor-Crummey,et al.  FIAT: A Framework for Interprocedural Analysis and Transfomation , 1993, LCPC.

[6]  Glenn S. Fowler,et al.  Ciao: a graphical navigator for software and document repositories , 1995, Proceedings of International Conference on Software Maintenance.

[7]  Matthias Felleisen,et al.  Catching bugs in the web of program invariants , 1996, PLDI '96.

[8]  Lori A. Clarke,et al.  A flexible architecture for building data flow analyzers , 1995, Proceedings of IEEE 18th International Conference on Software Engineering.

[9]  Roger F. Crew ASTLOG: A Language for Examining Abstract Syntax Trees , 1997, DSL.

[10]  Rajiv Gupta,et al.  A practical framework for demand-driven interprocedural data flow analysis , 1997, TOPL.

[11]  David Grove,et al.  Frameworks for Intra- and Interprocedural Dataflow Analysis , 1998 .

[12]  Dawson R. Engler,et al.  Checking system rules using system-specific, programmer-written compiler extensions , 2000, OSDI.

[13]  David A. Wagner,et al.  This copyright notice must be included in the reproduced paper. USENIX acknowledges all trademarks herein. Detecting Format String Vulnerabilities with Type Qualifiers , 2001 .

[14]  Alexander Aiken,et al.  Flow-sensitive type qualifiers , 2002, PLDI '02.

[15]  Sriram K. Rajamani,et al.  The SLAM project: debugging system software via static analysis , 2002, POPL '02.

[16]  Calvin Lin,et al.  Client-Driven Pointer Analysis , 2003, SAS.

[17]  Paul Anderson,et al.  Tool Support for Fine-Grained Software Inspection , 2003, IEEE Softw..

[18]  Kris De Volder,et al.  Navigating and querying code without getting lost , 2003, AOSD '03.

[19]  Dawson R. Engler,et al.  RacerX: effective, static detection of race conditions and deadlocks , 2003, SOSP '03.

[20]  Thomas A. Henzinger,et al.  The Blast Query Language for Software Verification , 2004, SAS.

[21]  W. Pugh,et al.  Finding bugs is easy , 2004, SIGP.

[22]  Jeffrey S. Foster,et al.  Visualizing type qualifier inference with Eclipse , 2004, eclipse '04.

[23]  Monica S. Lam,et al.  Cloning-based context-sensitive pointer alias analysis using binary decision diagrams , 2004, PLDI '04.

[24]  Ambuj K. Singh,et al.  Dynamic Query-Based Debugging of Object-Oriented Programs , 2004, Automated Software Engineering.

[25]  Benjamin Livshits,et al.  Finding application errors and security flaws using PQL: a program query language , 2005, OOPSLA '05.

[26]  Alexander Aiken,et al.  Relational queries over program traces , 2005, OOPSLA '05.

[27]  Manuvir Das Formal Specifications on Industrial-Strength Code-From Myth to Reality , 2006, CAV.

[28]  P. Pronovost,et al.  The checklist--a tool for error management and performance improvement. , 2006, Journal of critical care.

[29]  Alexander Aiken,et al.  Effective static race detection for Java , 2006, PLDI '06.

[30]  Jeffrey S. Foster,et al.  LOCKSMITH: context-sensitive correlation analysis for race detection , 2006, PLDI '06.

[31]  J. David Morgenthaler,et al.  Evaluating static analysis defect warnings on production software , 2007, PASTE '07.

[32]  Ciera Jaspan,et al.  Understanding the value of program analysis tools , 2007, OOPSLA '07.

[33]  Brad A. Myers,et al.  Debugging reinvented , 2008, 2008 ACM/IEEE 30th International Conference on Software Engineering.

[34]  J. David Morgenthaler,et al.  Predicting accurate and actionable static analysis warnings , 2008, 2008 ACM/IEEE 30th International Conference on Software Engineering.

[35]  William Pugh,et al.  A report on a survey and study of static analysis users , 2008, DEFECTS '08.

[36]  David Hovemeyer,et al.  Using Static Analysis to Find Bugs , 2008, IEEE Software.

[37]  Vibha Sazawal,et al.  Path projection for user-centered static analysis tools , 2008, PASTE '08.

[38]  William Pugh,et al.  Using checklists to review static analysis warnings , 2009, DEFECTS '09.