Source Code Reduction to Summarize False Positives

View/ Open
Date
2015Author
Marenchino, Matias
Advisor
Porter, Adam
DRUM DOI
Metadata
Show full item recordAbstract
The main disadvantage of static code analysis tools is the high
rates of false positives they produce. Users may need to manually analyze a
large number of warnings, to determine if these are false or legitimate
warnings, reducing the benefits of automatic static analysis. Our long term
goal is to significantly reduce the number of false positives that these
tools report. A learning system could classify the warnings into true
positives and false positives by means of features extracted from the
program source code. This work implements and evaluates a technique to
reduce the source code producing false positives into code snippets that are
simpler to analyze. Results indicate that the method considerably reduces
the source code size and it is feasible to use it to characterize false
positives.