Source Code Reduction to Summarize False Positives
Source Code Reduction to Summarize False Positives
Files
Publication or External Link
Date
2015
Authors
Marenchino, Matias
Advisor
Porter, Adam
Citation
DRUM DOI
Abstract
The main disadvantage of static code analysis tools is the high
rates of false positives they produce. Users may need to manually analyze a
large number of warnings, to determine if these are false or legitimate
warnings, reducing the benefits of automatic static analysis. Our long term
goal is to significantly reduce the number of false positives that these
tools report. A learning system could classify the warnings into true
positives and false positives by means of features extracted from the
program source code. This work implements and evaluates a technique to
reduce the source code producing false positives into code snippets that are
simpler to analyze. Results indicate that the method considerably reduces
the source code size and it is feasible to use it to characterize false
positives.