Supporting Error Chains in Static Analysis for Precise Evaluation Results and Enhanced Usability ...
Context: Static analyses are well-established to aid in understanding bugs or vulnerabilities during the development process or in large-scale studies. A low false-positive rate is essential for the adaption in practice and for precise results of empirical studies. Unfortunately, static analyses ten...
| Main Authors: | , , , , , |
|---|---|
| Format: | Article in Journal/Newspaper |
| Language: | unknown |
| Published: |
arXiv
2024
|
| Subjects: | |
| Online Access: | https://dx.doi.org/10.48550/arxiv.2403.07808 https://arxiv.org/abs/2403.07808 |
| _version_ | 1821694980972871680 |
|---|---|
| author | Wickert, Anna-Katharina Schlichtig, Michael Vogel, Marvin Winter, Lukas Mezini, Mira Bodden, Eric |
| author_facet | Wickert, Anna-Katharina Schlichtig, Michael Vogel, Marvin Winter, Lukas Mezini, Mira Bodden, Eric |
| author_sort | Wickert, Anna-Katharina |
| collection | DataCite |
| description | Context: Static analyses are well-established to aid in understanding bugs or vulnerabilities during the development process or in large-scale studies. A low false-positive rate is essential for the adaption in practice and for precise results of empirical studies. Unfortunately, static analyses tend to report where a vulnerability manifests rather than the fix location. This can cause presumed false positives or imprecise results. Method: To address this problem, we designed an adaption of an existing static analysis algorithm that can distinguish between a manifestation and fix location, and reports error chains. An error chain represents at least two interconnected errors that occur successively, thus building the connection between the fix and manifestation location. We used our tool CogniCryptSUBS for a case study on 471 GitHub repositories, a performance benchmark to compare different analysis configurations, and conducted an expert interview. Result: We found that 50 % of the projects with a report ... : 12 pages, 4 figures, accepted by the IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER), March 12-15, 2024, Rovaniemi, Finland at the research papers track ... |
| format | Article in Journal/Newspaper |
| genre | Rovaniemi |
| genre_facet | Rovaniemi |
| geographic | Rovaniemi |
| geographic_facet | Rovaniemi |
| id | ftdatacite:10.48550/arxiv.2403.07808 |
| institution | Open Polar |
| language | unknown |
| long_lat | ENVELOPE(26.159,26.159,66.392,66.392) |
| op_collection_id | ftdatacite |
| op_doi | https://doi.org/10.48550/arxiv.2403.07808 |
| op_rights | arXiv.org perpetual, non-exclusive license http://arxiv.org/licenses/nonexclusive-distrib/1.0/ |
| publishDate | 2024 |
| publisher | arXiv |
| record_format | openpolar |
| spelling | ftdatacite:10.48550/arxiv.2403.07808 2025-01-17T00:30:48+00:00 Supporting Error Chains in Static Analysis for Precise Evaluation Results and Enhanced Usability ... Wickert, Anna-Katharina Schlichtig, Michael Vogel, Marvin Winter, Lukas Mezini, Mira Bodden, Eric 2024 https://dx.doi.org/10.48550/arxiv.2403.07808 https://arxiv.org/abs/2403.07808 unknown arXiv arXiv.org perpetual, non-exclusive license http://arxiv.org/licenses/nonexclusive-distrib/1.0/ Software Engineering cs.SE FOS Computer and information sciences article Article Preprint CreativeWork 2024 ftdatacite https://doi.org/10.48550/arxiv.2403.07808 2024-04-02T12:00:42Z Context: Static analyses are well-established to aid in understanding bugs or vulnerabilities during the development process or in large-scale studies. A low false-positive rate is essential for the adaption in practice and for precise results of empirical studies. Unfortunately, static analyses tend to report where a vulnerability manifests rather than the fix location. This can cause presumed false positives or imprecise results. Method: To address this problem, we designed an adaption of an existing static analysis algorithm that can distinguish between a manifestation and fix location, and reports error chains. An error chain represents at least two interconnected errors that occur successively, thus building the connection between the fix and manifestation location. We used our tool CogniCryptSUBS for a case study on 471 GitHub repositories, a performance benchmark to compare different analysis configurations, and conducted an expert interview. Result: We found that 50 % of the projects with a report ... : 12 pages, 4 figures, accepted by the IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER), March 12-15, 2024, Rovaniemi, Finland at the research papers track ... Article in Journal/Newspaper Rovaniemi DataCite Rovaniemi ENVELOPE(26.159,26.159,66.392,66.392) |
| spellingShingle | Software Engineering cs.SE FOS Computer and information sciences Wickert, Anna-Katharina Schlichtig, Michael Vogel, Marvin Winter, Lukas Mezini, Mira Bodden, Eric Supporting Error Chains in Static Analysis for Precise Evaluation Results and Enhanced Usability ... |
| title | Supporting Error Chains in Static Analysis for Precise Evaluation Results and Enhanced Usability ... |
| title_full | Supporting Error Chains in Static Analysis for Precise Evaluation Results and Enhanced Usability ... |
| title_fullStr | Supporting Error Chains in Static Analysis for Precise Evaluation Results and Enhanced Usability ... |
| title_full_unstemmed | Supporting Error Chains in Static Analysis for Precise Evaluation Results and Enhanced Usability ... |
| title_short | Supporting Error Chains in Static Analysis for Precise Evaluation Results and Enhanced Usability ... |
| title_sort | supporting error chains in static analysis for precise evaluation results and enhanced usability ... |
| topic | Software Engineering cs.SE FOS Computer and information sciences |
| topic_facet | Software Engineering cs.SE FOS Computer and information sciences |
| url | https://dx.doi.org/10.48550/arxiv.2403.07808 https://arxiv.org/abs/2403.07808 |