Ranking Source Code Static Analysis Warnings for Continuous Monitoring of FLOSS Repositories - Open Source Systems: Enterprise Software and Solutions Access content directly
Conference Papers Year : 2018

Ranking Source Code Static Analysis Warnings for Continuous Monitoring of FLOSS Repositories

Abstract

Performing source code static analysis during the software development cycle is a difficult task. There are different static analyzers available, and each of them usually works better in a small subset of problems, making it hard to choose a single tool. Combining the analysis of different tools solves this problem, but brings about other problems, namely the generated false positives and a large amount of unsorted alarms. This paper presents kiskadee, a system to support the usage of static analysis during software development by providing carefully ranked static analysis reports. First, it runs multiple static analyzers on the source code. Then, using a classification model, the potential bugs detected by the static analyzers are ranked based on their importance, with critical flaws ranked first, and potential false positives ranked last. Our experimental results show that, on average, when inspecting warnings ranked by kiskadee, one hits 5.2 times less false positives before each bug than when using a randomly sorted warning list.
Fichier principal
Vignette du fichier
468158_1_En_8_Chapter.pdf (436.85 Ko) Télécharger le fichier
Origin : Files produced by the author(s)
Loading...

Dates and versions

hal-01875492 , version 1 (17-09-2018)

Licence

Attribution

Identifiers

Cite

Athos Ribeiro, Paulo Meirelles, Nelson Lago, Fabio Kon. Ranking Source Code Static Analysis Warnings for Continuous Monitoring of FLOSS Repositories. 14th IFIP International Conference on Open Source Systems (OSS), Jun 2018, Athens, Greece. pp.90-101, ⟨10.1007/978-3-319-92375-8_8⟩. ⟨hal-01875492⟩
226 View
124 Download

Altmetric

Share

Gmail Facebook X LinkedIn More