PHD research speeds up automatic debugging of software considerably
PhD student Tukaram Muske has developed a technology that significantly reduces the number of alarms.
Software systems play a crucial role in our life, and keeping them error-free is critical to ensuring the safety, security and even privacy of essential software systems such as financial, medical and messaging systems. Static analysis, which debugs the sourcecode of software programs without actually running them, is an important automated program analysis technique to find common programming errors and report on points of interest that could be errors.
Considering the effectiveness and usefulness of static analysis, a wide range of static analysis tools have been developed. However, these tools are known to generate a large number of false alarms. Tukaram Muske, PhD candidate at Eindhoven University of Technology, has developed alarm postprocessing techniques that significantly reduce the time and effort needed to inspect those alarms manually.
Reducing the number of static analysis alarms is an important challenge that academia and industry are both working on. Reporting fewer alarms by suppressing a subset of alarms is dangerous, because it can lead to missing critical errors. Muske addresses the problem of large numbers of alarms by processing the alarms after they are generated: postprocessing.
These techniques work regardless of the static analysis tool in use, and manage to reduce the number of alarms by up to 36% and the time required to automatically eliminate false positives by up to 60%. This could prove an important time and cost savings and enable faster and more accurate response to software errors.
Postprocessing
Postprocessing reduces the number of alarms that need to be checked and the effort needed to manually inspect them. Muske and coworkers reviewed previously proposed techniques and identified where they could be improved. They then created working techniques based on that review, and evaluated them on several industrial and open source systems. The new techniques were better at grouping similar alarms and eliminating false alarms automatically. They also performed better at suppressing alarms generated on continuously changing code.
Another improvement is in the inspection of alarms generated on code that is analyzed part by part: the techniques can identify whether the alarm is unique and triggered within a software partition, or a duplicate alarm triggered as a result of underlying code used by several partitions.
The main way Muske improved the existing techniques was by taking into account where the tools are used and what type of applications they are used on. The results show a tremendous improvement, which can potentially be increased even further by combining his new techniques with the existing ones.
Muske, Tukaram. Postprocessing of static analysis alarms (2020)
Supervisors: Alexander Serebrenik and Mark van den Brand