基于抽象语义切片和后向求精分析的静态分析警报自动确认研究

项目名称： 基于抽象语义切片和后向求精分析的静态分析警报自动确认研究

项目编号： No.61502029

项目类型： 青年科学基金项目

立项/批准年度： 2016

项目学科： 自动化技术、计算机技术

项目作者： 张大林

作者单位： 北京交通大学

项目金额： 21万元

中文摘要： 基于静态分析的缺陷检测一般包括静态分析与人工审查两个阶段。静态分析工具报告大量警报，但是主要的警报确认工作仍由人工完成，这是一件费时、费力的工作。巨大的审查开销可能会导致软件开发人员拒绝使用该静态缺陷检测工具。如何提高静态分析警报的确认效率已成为影响静态分析技术实用性的关键因素之一。. 本项目旨在研究提高警报的确认效率和实现警报的自动确认。首先，利用警报错误状态切片得到程序的抽象语义切片，计算警报间的依赖关系，并将警报按依赖关系分组，同一组内如果其主导警报是误报那么组内其余警报也是误报；其次，针对主导警报，提出基于逆向求精分析的警报自动确认框架；最后，自动构建警报依赖图并呈现主导警报的确认结果，进而减少人工确认负担。. 本项目的研究成果不仅是对现有基于抽象解释理论的静态分析技术的必要补充，也将为静态分析系统的实用性提供重要保障。

中文关键词： 静态分析；警报依赖；警报确认；语义切片；后向求精分析

英文摘要： Defect detection based on static analysis generally includes two stages: static analysis and alarm identification. A large number of alarms reported may lead developers and managers to reject the use of static analysis tools as part of the development process due to the overhead of alarm identification. How to enhance the efficiency of the alarm identification has become one of the key factors influencing the practicability of static analysis technology.. This project aims to study how to improve the efficiency of the alarm identification and be automated. The main contents include: First, the error state slices are used to get the program abstract semantic slices. We calculate the dependent relationships among alarms. The alarms reported by static analysis system were classified into different groups, in which all alarms are false positives if the dominant is false positives; Second, for dominant alarms, this project puts forward a automatic identification framework which is based on a refined backward analysis; Finally, this project builds dependency graph and presents the dominant alerts identification results.. The research achievements will enrich the existing static analysis technology based on abstract interpretation theory and provide important guarantee for the practicability of static analysis system.

英文关键词： static analysis ;alarm dependence;alarm identification ;semantic slices ; refined backward analysis