Article

Using groupings of static analysis alerts to identify files likely to contain field failures

Authors:

Mark S. Sherriff,

Sarah Smith Heckman,

J. Michael Lake,

Laurie A. WilliamsAuthors Info & Claims

ESEC-FSE '07: Proceedings of the the 6th joint meeting of the European software engineering conference and the ACM SIGSOFT symposium on The foundations of software engineering

Pages 565 - 568

https://doi.org/10.1145/1287624.1287711

Published: 07 September 2007 Publication History

Get Access

Abstract

In this paper, we propose a technique for leveraging historical field failure records in conjunction with automated static analysis alerts to determine which alerts or sets of alerts are predictive of a field failure. Our technique uses singular value decomposition to generate groupings of static analysis alert types, which we call alert signatures, that have been historically linked to field failure-prone files in previous releases of a software system. The signatures can be applied to sets of alerts from a current build of a software system. Files that have a matching alert signature are identified as having similar static analysis alert characteristics to files with known field failures in a previous release of the system. We performed a case study involving an industrial software system at IBM and found three distinct alert signatures that could be applied to the system. We found that 50% of the field failures reported since the last static analysis run could be discovered by examining the 10% of the files and static analysis alerts indicated by these three alert signatures. The remaining failures were either not detected by a signature which could be an indication of a new type of error in the field, or they were on areas of the code where no static analysis alerts were detected.

References

[1]

B. Chess and G. McGraw, "Static Analysis for Security," in IEEE Security and Privacy, November/December 2004 ed, 2004, pp. 32--35.

Digital Library

Google Scholar

[2]

IEEE, "IEEE Standard 610.12-1990, IEEE Standard Glossary of Software Engineering Terminology," 1990.

Google Scholar

[3]

N. Nagappan and T. Ball, "Static Analysis Tools as Early Indicator of Pre-Release Defect Density," in International Conference on Software Engineering, St. Louis, MO, USA, 2005, pp. 580--586.

Digital Library

Google Scholar

[4]

N. Nagappan and T. Ball, "Static Analysis Tools as Early Indicators of Pre-Release Defect Density," in International Conference on Software Engineering (ICSE), St. Louis, MO, 2005.

Digital Library

Google Scholar

[5]

N. Nagappan, L. Williams, M. Vouk, J. Hudepohl, and W. Snipes, "A Preliminary Investigation of Automated Software Inspection," in IEEE International Symposium on Software Reliability Engineering (ISSRE), St. Malo, France, 2004, pp. 429--439.

Digital Library

Google Scholar

[6]

S. Osinski, J. Stefanowski, and D. Weiss, "Lingo: Search Results Clustering Algorithm Based on Singular Value Decomposition," in Advances in Soft Computing, Intelligent Information Processing and Web Mining, Zakopane, Poland, 2004, pp. 359--368.

Crossref

Google Scholar

[7]

T. Will, "Introduction to the Singular Value Decomposition." vol. 2006: UW-La Crosse, 1999.

Google Scholar

[8]

J. Zheng, L. Williams, N. Nagappan, W. Snipes, J. Hudepohl, and M. Vouk, "On the Value of Static Analysis for Fault Detection in Software," IEEE Transactions on Software Engineering, vol. 32, no. 4, pp. 240--253, April 2006.

Digital Library

Google Scholar

Cited By

View all

Nguyen Quang Do LBodden ELeavens GGarcia APăsăreanu C(2018)Gamifying static analysisProceedings of the 2018 26th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering10.1145/3236024.3264830(714-718)Online publication date: 26-Oct-2018
https://dl.acm.org/doi/10.1145/3236024.3264830
Gitzel RKrug SBrhel MMenzies TKoru G(2010)Towards a software failure cost impact model for the customerProceedings of the 6th International Conference on Predictive Models in Software Engineering10.1145/1868328.1868354(1-9)Online publication date: 12-Sep-2010
https://dl.acm.org/doi/10.1145/1868328.1868354
Sherriff MWilliams L(2008)Empirical Software Change Impact Analysis using Singular Value DecompositionProceedings of the 2008 International Conference on Software Testing, Verification, and Validation10.1109/ICST.2008.25(268-277)Online publication date: 9-Apr-2008
https://dl.acm.org/doi/10.1109/ICST.2008.25

Index Terms

Using groupings of static analysis alerts to identify files likely to contain field failures

Recommendations

Using groupings of static analysis alerts to identify files likely to contain field failures
ESEC-FSE companion '07: The 6th Joint Meeting on European software engineering conference and the ACM SIGSOFT symposium on the foundations of software engineering: companion papers

In this paper, we propose a technique for leveraging historical field failure records in conjunction with automated static analysis alerts to determine which alerts or sets of alerts are predictive of a field failure. Our technique uses singular value ...
Malware Detection by Static Checking and Dynamic Analysis of Executables

The advanced malware continue to be a challenge in digital world that signature-based detection techniques fail to conquer. The malware use many anti-detection techniques to mutate. Thus no virus scanner can claim complete malware detection even for ...
Finding patterns in static analysis alerts: improving actionable alert ranking
MSR 2014: Proceedings of the 11th Working Conference on Mining Software Repositories

Static analysis (SA) tools that find bugs by inferring programmer beliefs (e.g., FindBugs) are commonplace in today's software industry. While they find a large number of actual defects, they are often plagued by high rates of alerts that a developer ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

ESEC-FSE '07: Proceedings of the the 6th joint meeting of the European software engineering conference and the ACM SIGSOFT symposium on The foundations of software engineering

September 2007

638 pages

ISBN:9781595938114

DOI:10.1145/1287624

General Chair:
Ivica Crnkovic
Mälardalen University, Sweden
,
Program Chair:
Antonia Bertolino
ISTI-CNR, Italy

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 07 September 2007

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Conference

ESEC/FSE07

Sponsor:

ESEC/FSE07: Joint 11th European Software Engineering Conference 2007

September 3 - 7, 2007

Dubrovnik, Croatia

Acceptance Rates

Overall Acceptance Rate 112 of 543 submissions, 21%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

3
Total Citations
View Citations
173
Total Downloads

Downloads (Last 12 months)2
Downloads (Last 6 weeks)1

Reflects downloads up to 18 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Nguyen Quang Do LBodden ELeavens GGarcia APăsăreanu C(2018)Gamifying static analysisProceedings of the 2018 26th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering10.1145/3236024.3264830(714-718)Online publication date: 26-Oct-2018
https://dl.acm.org/doi/10.1145/3236024.3264830
Gitzel RKrug SBrhel MMenzies TKoru G(2010)Towards a software failure cost impact model for the customerProceedings of the 6th International Conference on Predictive Models in Software Engineering10.1145/1868328.1868354(1-9)Online publication date: 12-Sep-2010
https://dl.acm.org/doi/10.1145/1868328.1868354
Sherriff MWilliams L(2008)Empirical Software Change Impact Analysis using Singular Value DecompositionProceedings of the 2008 International Conference on Software Testing, Verification, and Validation10.1109/ICST.2008.25(268-277)Online publication date: 9-Apr-2008
https://dl.acm.org/doi/10.1109/ICST.2008.25

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

Using groupings of static analysis alerts to identify files likely to contain field failures

Malware Detection by Static Checking and Dynamic Analysis of Executables

Finding patterns in static analysis alerts: improving actionable alert ranking