基于函数调用序列模式挖掘的程序缺陷检测

Defects Detection Based on Mining Function Call Sequence Patterns

程序中通常会隐含大量编程规则,若在程序编写过程中违反此类规则,则可能引发软件缺陷。函数调用规则是其中一类常见的程序隐含规则,常见的函数调用规则挖掘工作将整个函数体内的函数调用作为一个项集来进行分析,未使用程序中函数调用先后顺序等约束信息,导致软件缺陷挖掘结果的误报率较高。通过简单的静态分析即可获取函数调用序列信息,如在缺陷挖掘过程中充分利用函数调用序列信息,将有效提高缺陷挖掘精度。基于上述思路,提出了一种基于函数调用序列模式挖掘的缺陷检测方法,该方法自动检测程序中违反函数调用序列模式的疑似缺陷,并报告可疑度较高的缺陷。基于该方法,在一组开源项目上进行的实验的结果表明,此方法能有效发现程序中由于违反函数调用序列模式而导致的缺陷,减少了缺陷误报,从而降低了人工核查疑似缺陷开销。

Large scale programs usually imply a large number of programming rules.However,if programmers violate those rules in the process of programming,it is possible to cause software defects.The function call rule is one kind of the typical implicit rules in programs.Previous work on mining function rules handle function calls in the body of a function definition as an itemset,and the constraints implied in function call sequences are not utilized,which can lead to high false positive rates.If the function call sequence information is exploited in the process of mining rules,it will effectively improve the accuracy of mining defects.This paper proposed a defect detection approach based on mining function call sequence patterns.In the approach,the suspected defects which violate function call sequence patterns are detected automatically,and the defects with high suspicious degrees are reported.Based on this approach,experiments were carried out in a group of open source projects.The expriment results show that this approach can effectively find defects which violate function call sequence patterns in programs,and reduce false positives.As a result,the overhead of verifying suspicious defects are also reduced.