Supporting Error Chains in Static Analysis for Precise Evaluation Results and Enhanced Usability ...

Context: Static analyses are well-established to aid in understanding bugs or vulnerabilities during the development process or in large-scale studies. A low false-positive rate is essential for the adaption in practice and for precise results of empirical studies. Unfortunately, static analyses ten...

Full description

Bibliographic Details
Main Authors: Wickert, Anna-Katharina, Schlichtig, Michael, Vogel, Marvin, Winter, Lukas, Mezini, Mira, Bodden, Eric
Format: Article in Journal/Newspaper
Language:unknown
Published: arXiv 2024
Subjects:
Online Access:https://dx.doi.org/10.48550/arxiv.2403.07808
https://arxiv.org/abs/2403.07808
id ftdatacite:10.48550/arxiv.2403.07808
record_format openpolar
spelling ftdatacite:10.48550/arxiv.2403.07808 2024-04-28T08:37:07+00:00 Supporting Error Chains in Static Analysis for Precise Evaluation Results and Enhanced Usability ... Wickert, Anna-Katharina Schlichtig, Michael Vogel, Marvin Winter, Lukas Mezini, Mira Bodden, Eric 2024 https://dx.doi.org/10.48550/arxiv.2403.07808 https://arxiv.org/abs/2403.07808 unknown arXiv arXiv.org perpetual, non-exclusive license http://arxiv.org/licenses/nonexclusive-distrib/1.0/ Software Engineering cs.SE FOS Computer and information sciences article Article Preprint CreativeWork 2024 ftdatacite https://doi.org/10.48550/arxiv.2403.07808 2024-04-02T12:00:42Z Context: Static analyses are well-established to aid in understanding bugs or vulnerabilities during the development process or in large-scale studies. A low false-positive rate is essential for the adaption in practice and for precise results of empirical studies. Unfortunately, static analyses tend to report where a vulnerability manifests rather than the fix location. This can cause presumed false positives or imprecise results. Method: To address this problem, we designed an adaption of an existing static analysis algorithm that can distinguish between a manifestation and fix location, and reports error chains. An error chain represents at least two interconnected errors that occur successively, thus building the connection between the fix and manifestation location. We used our tool CogniCryptSUBS for a case study on 471 GitHub repositories, a performance benchmark to compare different analysis configurations, and conducted an expert interview. Result: We found that 50 % of the projects with a report ... : 12 pages, 4 figures, accepted by the IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER), March 12-15, 2024, Rovaniemi, Finland at the research papers track ... Article in Journal/Newspaper Rovaniemi DataCite Metadata Store (German National Library of Science and Technology)
institution Open Polar
collection DataCite Metadata Store (German National Library of Science and Technology)
op_collection_id ftdatacite
language unknown
topic Software Engineering cs.SE
FOS Computer and information sciences
spellingShingle Software Engineering cs.SE
FOS Computer and information sciences
Wickert, Anna-Katharina
Schlichtig, Michael
Vogel, Marvin
Winter, Lukas
Mezini, Mira
Bodden, Eric
Supporting Error Chains in Static Analysis for Precise Evaluation Results and Enhanced Usability ...
topic_facet Software Engineering cs.SE
FOS Computer and information sciences
description Context: Static analyses are well-established to aid in understanding bugs or vulnerabilities during the development process or in large-scale studies. A low false-positive rate is essential for the adaption in practice and for precise results of empirical studies. Unfortunately, static analyses tend to report where a vulnerability manifests rather than the fix location. This can cause presumed false positives or imprecise results. Method: To address this problem, we designed an adaption of an existing static analysis algorithm that can distinguish between a manifestation and fix location, and reports error chains. An error chain represents at least two interconnected errors that occur successively, thus building the connection between the fix and manifestation location. We used our tool CogniCryptSUBS for a case study on 471 GitHub repositories, a performance benchmark to compare different analysis configurations, and conducted an expert interview. Result: We found that 50 % of the projects with a report ... : 12 pages, 4 figures, accepted by the IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER), March 12-15, 2024, Rovaniemi, Finland at the research papers track ...
format Article in Journal/Newspaper
author Wickert, Anna-Katharina
Schlichtig, Michael
Vogel, Marvin
Winter, Lukas
Mezini, Mira
Bodden, Eric
author_facet Wickert, Anna-Katharina
Schlichtig, Michael
Vogel, Marvin
Winter, Lukas
Mezini, Mira
Bodden, Eric
author_sort Wickert, Anna-Katharina
title Supporting Error Chains in Static Analysis for Precise Evaluation Results and Enhanced Usability ...
title_short Supporting Error Chains in Static Analysis for Precise Evaluation Results and Enhanced Usability ...
title_full Supporting Error Chains in Static Analysis for Precise Evaluation Results and Enhanced Usability ...
title_fullStr Supporting Error Chains in Static Analysis for Precise Evaluation Results and Enhanced Usability ...
title_full_unstemmed Supporting Error Chains in Static Analysis for Precise Evaluation Results and Enhanced Usability ...
title_sort supporting error chains in static analysis for precise evaluation results and enhanced usability ...
publisher arXiv
publishDate 2024
url https://dx.doi.org/10.48550/arxiv.2403.07808
https://arxiv.org/abs/2403.07808
genre Rovaniemi
genre_facet Rovaniemi
op_rights arXiv.org perpetual, non-exclusive license
http://arxiv.org/licenses/nonexclusive-distrib/1.0/
op_doi https://doi.org/10.48550/arxiv.2403.07808
_version_ 1797568618907566080