We present a sound method for clustering alarms from static analyzers. Our method clusters alarms by discovering sound dependencies between them such that if the dominant alarms of a cluster turns out to be false, all the other alarms in the same cluster are guaranteed to be false. We have implemented our clustering algorithm on top of a realistic buffer-overflow analyzer and proved that our method reduces 45% of alarm reports. Our framework is applicable to any abstract interpretation-based static analysis and orthogonal to abstraction refinements and statistical ranking schemes.
|Journal||ACM Transactions on Programming Languages and Systems|
|Publication status||Published - 2017 Aug 1|
- Abstract interpretation
- False alarms
- Static analysis
ASJC Scopus subject areas