期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

静态缺陷检测中的误报消除技术研究 被引量:7

False Positive Elimination in Static Defect Detection
下载PDF
导出
摘要 误报率是衡量静态缺陷检测工具的重要指标.在对比分析了各种误报消除技术的基础上,提出了一种前向数据流分析结合逆向约束搜索技术的误报消除方法:前向数据流分析的保守数据流解可以用于缺陷状态迭代,并得到初始的缺陷检测结果;根据缺陷发生处的数据流特征,逆向搜索可能导致缺陷发生的约束条件,该约束条件可以作为通用约束求解器的输入判断缺陷的可满足性,从而对初始的缺陷检测结果进行精化.同时,在数据流分析过程中引入符号执行技术,不仅提高了数据流分析的精度,且便于约束表示及转化,提高了约束搜索的效率.对SPECCPU2000中11个工程的对比实验表明,前向数据流分析与逆向约束搜索相结合的误报消除方法在增加了有限开销的同时有效地消除了部分误报,且与同类工具相比具有更好的可扩展性. False positive ratio is a key factor for measuring the performance of static defect detection tools. Based on the analysis of a series of false positive elimination techniques, we put forward a defect detection method which combines the strength of forward dataflow analysis and backward constraint query techniques. The forward dataflow analysis generates a conservative dataflow solution, which could help reporting an initial defect detection result. According to the dataflow feature of the initial defect location, by querying the potential constraints that might cause defects, the satisfiability of the initial defects could be determined by the collection of queried constraints, with the help of a general purpose constraint solver. So the initial "coarse granularity" detection result is refined. In addition, introducing the symbolic execution technique during dataflow analysis not only improves the precision of dataflow analysis, but also facilitates the constraint representation and betters the constraint querying efficiency. The comparative experiments on 11 benchmarks from SPEC CPU2000 show that our method efficiently eliminates parts of the false positives with an acceptable overhead increase, and several comparisons between similar tools reveal the scalability of our method.
作者 赵云山 宫云战 周傲 王前 周虹伯
机构地区 北京邮电大学网络与交换技术国家重点实验室
出处 《计算机研究与发展》 EI CSCD 北大核心 2012年第9期1822-1831,共10页 Journal of Computer Research and Development
基金 国家"八六三"高技术研究发展计划基金项目(2012AA010101 2009AA012404) 国家自然科学基金项目(91018002)
关键词 误报 数据流分析 抽象解释 约束求解 符号执行 false positive dataflow analysis abstract interpretation constraint solving symbolicexecution
分类号 TP311 [自动化与计算机技术—计算机软件与理论]
  • 相关文献

参考文献25

  • 1何炎祥,吴伟,刘陶,李清安,陈勇,胡明昊,刘健博,石谦.可信编译理论及其核心实现技术:研究综述[J].计算机科学与探索,2011,5(1):1-22. 被引量:12
  • 2刘克,单志广,王戟,何积丰,张兆田,秦玉文.“可信软件基础研究”重大研究计划综述[J].中国科学基金,2008,22(3):145-151. 被引量:136
  • 3Binkley D. Source code analysis: A road map I-C] //Proc of the Future of Software Engineering. Piscataway, NJ: IEEE, 2007: 104-119.
  • 4Rice H. Classes of recursively enumerable sets and their decision problems [J]. Transactions of the American Mathematical Society, 1953, 74(2): 358-366.
  • 5Le W, Soffa M L. Path-based fault correlations [C]//International Symp on Foundations of Software Engineering. New Yorkz ACM, 2010:307-316.
  • 6景涛,江昌海,胡德斌,白成刚,蔡开元.软件关联缺陷的一种检测方法[J].软件学报,2005,16(1):17-28. 被引量:23
  • 7Clarke E, Grumberg O, Jha S, et al. Counter example- guided abstraction refinement [C]//Proe of the 12th International Conf on Computer Aided Verification. Berlin: Springer, 2000:154-169.
  • 8Weiser M. Program slicing [C] //Proc of Int Conf on Software Engineering. Piscataway, NJ: IEEE, 1981:439- 449.
  • 9Silva J. A vocabulary of program slicing-based techniques [OL]. [2012-03-19]. http://users, dsic. upv. es/- jsilva/ papers/Vocabulary, pdf.
  • 10Jeannet B, Mine A. Apron: A library of numerical abstract domains for static analysis [C] //Proc of the 21st Int Conf on Computer Aided Verification. Berlin Springer, 2009: 661- 667.

二级参考文献61

  • 1陈学军,苏振华.软件可靠性模型研究[J].电子产品可靠性与环境试验,1996,14(5):17-24. 被引量:2
  • 2姬孟洛,李军,王馨,齐治昌.一种基于抽象解释的WCET自动分析工具[J].计算机工程,2006,32(14):54-56. 被引量:10
  • 3张焕国,罗捷,金刚,朱智强,余发江,严飞.可信计算研究进展[J].武汉大学学报(理学版),2006,52(5):513-518. 被引量:114
  • 4姬孟洛,王怀民,李梦君,董威,齐治昌.一种基于抽象解释和通用单调数据流框架的值范围分析方法[J].计算机研究与发展,2006,43(11):2020-2026. 被引量:10
  • 5Department of Defense. DoD 5200.28-STD Department of defense trusted computer system evaluation criteria[S]. USA: DoD, 1985.
  • 6Nielson F,Nielson H R, Hankin C. Principles of Program Anal ysis[ M ]. Berlin: Springer Verlag, 1999.211 - 282.
  • 7Cousot P, Cousot R. Abstract Interpretation: A unified lattice model for static analysis of programs by construction or ap proximation of fixpoints [ A ]. Proceedings of the 4th ACM SIGACT-SIGPLAN Symposium on Principles of Programming Languages[ C] .New York, ACM Press, 1977.238 - 252.
  • 8Cousot P, Cousot R. Static determination of dynamic properties of pmgrams[A ]. Proceedings of the 2nd International Sympo sium on Pmgramming[ C]. Dunod, Paris, 1976.106 - 130.
  • 9Cousot P. Abstract interpretation based formal methods and fu- ture challenges[A]. Informatics-10 Years Back, 10 Years A head[ C]. Iondon: Springer-Verlag, 2001. 138 - 156.
  • 10HaUem S, Chelf B, Xie Y, et al. A system and language for building system-specific, static analyses[ A]. Proceedings of the ACM SIGPLAN 2002 Conference on Programming Language Design and Implementation[ C]. New York: ACM Press,2002. 69 - 82.

共引文献190

同被引文献56

引证文献7

二级引证文献7

计算机研究与发展
2012年 第9期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部