Abstract
We present a sound method for clustering alarms from static analyzers. Our method clusters alarms by discovering sound dependencies between them such that if the dominant alarms of a cluster turns out to be false, all the other alarms in the same cluster are guaranteed to be false. We have implemented our clustering algorithm on top of a realistic buffer-overflow analyzer and proved that our method reduces 45% of alarm reports. Our framework is applicable to any abstract interpretation-based static analysis and orthogonal to abstraction refinements and statistical ranking schemes.
Original language | English |
---|---|
Article number | 16 |
Journal | ACM Transactions on Programming Languages and Systems |
Volume | 39 |
Issue number | 4 |
DOIs | |
Publication status | Published - 2017 Aug 1 |
Keywords
- Abstract interpretation
- False alarms
- Static analysis
ASJC Scopus subject areas
- Software