Advanced

Residual Investigation : Predictive and Precise Bug Detection

Li, Kaituo; Reichenbach, Christoph LU ; Csallner, Christoph and Smaragdakis, Yannis (2014) In ACM Transactions on Software Engineering and Methodology 24(2).
Abstract
We introduce the concept of residual investigation for program analysis. A residual investigation is a dynamic check installed as a result of running a static analysis that reports a possible program error. The purpose is to observe conditions that indicate whether the statically predicted program fault is likely to be realizable and relevant. The key feature of a residual investigation is that it has to be much more precise (i.e., with fewer false warnings) than the static analysis alone, yet significantly more general (i.e., reporting more errors) than the dynamic tests in the program's test suite that are pertinent to the statically reported error. That is, good residual investigations encode dynamic conditions that, when considered in... (More)
We introduce the concept of residual investigation for program analysis. A residual investigation is a dynamic check installed as a result of running a static analysis that reports a possible program error. The purpose is to observe conditions that indicate whether the statically predicted program fault is likely to be realizable and relevant. The key feature of a residual investigation is that it has to be much more precise (i.e., with fewer false warnings) than the static analysis alone, yet significantly more general (i.e., reporting more errors) than the dynamic tests in the program's test suite that are pertinent to the statically reported error. That is, good residual investigations encode dynamic conditions that, when considered in conjunction with the static error report, increase confidence in the existence or severity of an error without needing to directly observe a fault resulting from the error.

We enhance the static analyzer FindBugs with several residual investigations appropriately tuned to the static error patterns in FindBugs, and apply it to nine large open-source systems and their native test suites. The result is an analysis with a low occurrence of false warnings (false positives) while reporting several actual errors that would not have been detected by mere execution of a program's test suite.
(Less)
Please use this url to cite or link to this publication:
author
publishing date
type
Contribution to journal
publication status
published
subject
in
ACM Transactions on Software Engineering and Methodology
volume
24
issue
2
publisher
Association for Computing Machinery (ACM)
external identifiers
  • scopus:84920135597
ISSN
1049-331X
DOI
10.1145/2656201
language
English
LU publication?
no
id
7c32a0a6-1a96-4d4c-930b-898b74a63756
date added to LUP
2018-02-15 16:07:56
date last changed
2018-07-15 04:47:30
@article{7c32a0a6-1a96-4d4c-930b-898b74a63756,
  abstract     = {We introduce the concept of residual investigation for program analysis. A residual investigation is a dynamic check installed as a result of running a static analysis that reports a possible program error. The purpose is to observe conditions that indicate whether the statically predicted program fault is likely to be realizable and relevant. The key feature of a residual investigation is that it has to be much more precise (i.e., with fewer false warnings) than the static analysis alone, yet significantly more general (i.e., reporting more errors) than the dynamic tests in the program's test suite that are pertinent to the statically reported error. That is, good residual investigations encode dynamic conditions that, when considered in conjunction with the static error report, increase confidence in the existence or severity of an error without needing to directly observe a fault resulting from the error.<br/><br/>We enhance the static analyzer FindBugs with several residual investigations appropriately tuned to the static error patterns in FindBugs, and apply it to nine large open-source systems and their native test suites. The result is an analysis with a low occurrence of false warnings (false positives) while reporting several actual errors that would not have been detected by mere execution of a program's test suite.<br/>},
  articleno    = {7},
  author       = {Li, Kaituo and Reichenbach, Christoph and Csallner, Christoph and Smaragdakis, Yannis},
  issn         = {1049-331X},
  language     = {eng},
  number       = {2},
  publisher    = {Association for Computing Machinery (ACM)},
  series       = {ACM Transactions on Software Engineering and Methodology},
  title        = {Residual Investigation : Predictive and Precise Bug Detection},
  url          = {http://dx.doi.org/10.1145/2656201},
  volume       = {24},
  year         = {2014},
}