Sciweavers

SAS
2005
Springer

Taming False Alarms from a Domain-Unaware C Analyzer by a Bayesian Statistical Post Analysis

14 years 6 months ago
Taming False Alarms from a Domain-Unaware C Analyzer by a Bayesian Statistical Post Analysis
Abstract. We present our experience of combining, in a realistic setting, a static analyzer with a statistical analysis. This combination is in order to reduce the inevitable false alarms from a domain-unaware static analyzer. Our analyzer named Airac(Array Index Range Analyzer for C) collects all the true buffer-overrun points in ANSI C programs. The soundness is maintained, and the analysis’ cost-accuracy improvement is achieved by techniques that static analysis community has long accumulated. For still inevitable false alarms (e.g. Airac raised 970 bufferoverrun alarms in commercial C programs of 5.3 million lines and 737 among the 970 alarms were false), which are always apt for particular C programs, we use a statistical post analysis. The statistical analysis, given the analysis results (alarms), sifts out probable false alarms and prioritizes true alarms. It estimates the probability of each alarm being true. The probabilities are used in two ways: 1) only the alarms that h...
Yungbum Jung, Jaehwang Kim, Jaeho Shin, Kwangkeun
Added 28 Jun 2010
Updated 28 Jun 2010
Type Conference
Year 2005
Where SAS
Authors Yungbum Jung, Jaehwang Kim, Jaeho Shin, Kwangkeun Yi
Comments (0)