Abstract
Researchers have reported that static analysis tools rarely achieve a false-positive rate that would make them attractive to developers. We overcome this problem by a technique that leads to reporting fewer bugs but also much fewer false positives. Our technique prunes the static call graph that sits at the core of many static analyses. Specifically, static call-graph construction proceeds as usual, after which a call-graph pruner removes many false-positive edges but few true edges. The challenge is to strike a balance between being aggressive in removing false-positive edges but not so aggressive that no true edges remain. We achieve this goal by automatically producing a call-graph pruner through an automatic, ahead-of-time learning process. We added such a call-graph pruner to a software tool for null-pointer analysis and found that the false-positive rate decreased from 73% to 23%. This improvement makes the tool more useful to developers.
| Original language | English |
|---|---|
| Title of host publication | Proceedings of 2022 ACM/IEEE 44th International Conference on Software Engineering |
| Publisher | Association for Computing Machinery |
| Publication date | 2022 |
| Pages | 2043-2055 |
| ISBN (Electronic) | 9781450392211 |
| DOIs | |
| Publication status | Published - 2022 |
| Event | 44th ACM/IEEE International Conference on Software Engineering - Pittsburgh, United States Duration: 22 May 2022 → 27 May 2022 |
Conference
| Conference | 44th ACM/IEEE International Conference on Software Engineering |
|---|---|
| Country/Territory | United States |
| City | Pittsburgh |
| Period | 22/05/2022 → 27/05/2022 |
Keywords
- Call graphs
- Machine learning classification
- Static Analysis