@article{21adebd14fc34f45a393a01afa814a63,
title = "Sound non-statistical clustering of static analysis alarms",
abstract = "We present a sound method for clustering alarms from static analyzers. Our method clusters alarms by discovering sound dependencies between them such that if the dominant alarms of a cluster turns out to be false, all the other alarms in the same cluster are guaranteed to be false. We have implemented our clustering algorithm on top of a realistic buffer-overflow analyzer and proved that our method reduces 45% of alarm reports. Our framework is applicable to any abstract interpretation-based static analysis and orthogonal to abstraction refinements and statistical ranking schemes.",
keywords = "Abstract interpretation, False alarms, Static analysis",
author = "Woosuk Lee and Wonchan Lee and Dongok Kang and Kihong Heo and Hakjoo Oh and Kwangkeun Yi",
note = "Funding Information: This work was supported by Institute for Information & communications Technology Promotion (IITP) grant funded by the Korea government (MSIP) (No. B0717-16-0098 and No. R0190-16-2011, Development of Vulnerability Discovery Technologies for IoT Software Security) and Basic Science Research Program through the National Research Foundation of Korea (NRF) funded by the Ministry of Science, ICT & Future Planning (NRF-2016R1C1B2014062). This research was also supported by the Engineering Research Center of Excellence Program of Korea Ministry of Science, ICT & Future Planning(MSIP) / National Research Foundation of Korea(NRF) (Grant NRF-2008-0062609), and by Samsung Electronics Software Center. Authors{\textquoteright} addresses: W. Lee, D. Kang, K. Heo, and K. Yi, Room 312-2, Building 302, Seoul National University, 1 Kwanak-ro, Kwanak-gu, Seoul 151-744, Korea; emails: {wslee, dokang, khheo, kwang}@ropas.snu.ac.kr; W. Lee, 416 Gates, 353 Serra Mall, Stanford, California 94305, USA; email: wonchan@cs.stanford.edu; H. Oh (Corresponding author), Room 616c, Science Library Bldg, College of Informatics, Korea University, Anam-dong 5-ga, Seongbuk-gu, Seoul 136-713, Korea. Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from permissions@acm.org. {\textcopyright} 2017 ACM 0164-0925/2017/08-ART16 $15.00 https://doi.org/10.1145/3095021 Publisher Copyright: {\textcopyright} 2017 ACM.",
year = "2017",
month = aug,
doi = "10.1145/3095021",
language = "English",
volume = "39",
journal = "ACM Transactions on Programming Languages and Systems",
issn = "0164-0925",
publisher = "Association for Computing Machinery (ACM)",
number = "4",
}