Visible to the public Identifying and Documenting False Positive Patterns Generated by Static Code Analysis Tools

Submitted by grigby1 on Thu, 06/07/2018 - 3:12pm
TitleIdentifying and Documenting False Positive Patterns Generated by Static Code Analysis Tools
Publication TypeConference Paper
Year of Publication2017
AuthorsReynolds, Z. P., Jayanth, A. B., Koc, U., Porter, A. A., Raje, R. R., Hill, J. H.
Conference Name2017 IEEE/ACM 4th International Workshop on Software Engineering Research and Industrial Practice (SER IP)
ISBN Number978-1-5386-2797-6
Keywordscommercial tool, composability, Conferences, Context, false positive pattern documentation, false positive pattern identification, Human Behavior, Open Source Software, open-source tools, program diagnostics, pubcrawl, public domain software, resilience, Resiliency, security, software engineering, software tools, static code analysis, static code analysis tools, system documentation, Tools, warning message
Abstract

This paper presents our results from identifying anddocumenting false positives generated by static code analysistools. By false positives, we mean a static code analysis toolgenerates a warning message, but the warning message isnot really an error. The goal of our study is to understandthe different kinds of false positives generated so we can (1)automatically determine if an error message is truly indeed a truepositive, and (2) reduce the number of false positives developersand testers must triage. We have used two open-source tools andone commercial tool in our study. The results of our study haveled to 14 core false positive patterns, some of which we haveconfirmed with static code analysis tool developers.
URLhttps://ieeexplore.ieee.org/document/7964366
DOI10.1109/SER-IP.2017..20
Citation Keyreynolds_identifying_2017
Groups: