Supporting software inspection with static profiling

Report (2009)
Department
Software Computer Technology (EEMCS) (TU Delft)
Copyright: Software Technology, Faculty of Electrical Engineering, Mathematics and Computer Science, Delft University of Technology. All rights reserved. No part of this series may be reproduced in any form or by any means without prior written permission of the authors.
More Info
expand_more

Published Date

31-12-2009

Reuse Rights

Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.

Source:

Technical Report Series TUD-SERG-2009-022

ISSN:

1872-5392

Faculty

Electrical Engineering, Mathematics and Computer Science

Department

Software Computer Technology

Abstract

Static software checking tools are useful as an additional automated software inspection step that can easily be integrated in the development cycle and assist in creating secure, reliable and high quality code. However, an often quoted disadvantage of these tools is that they generate an inordinate number of warnings, including many false positives due to the use of approximate analysis techniques. This information overload effectively limits their usefulness. In this paper we present ELAN, a technique that helps the user prioritize the information generated by a software inspection tool, based on a demand-driven computation of the likelihood that execution reaches the locations for which warnings are reported. This analysis is orthogonal to other prioritization techniques known from literature, such as severity levels and statistical filtering to reduce false positives. We evaluate the feasibility of our technique using a number of case studies and assess the quality of our static estimates by comparing them to actual values obtained by dynamic profiling.