Article thumbnail

Sound Non-Statistical Clustering of Static Analysis Alarms

By ?????????

Abstract

We present a sound method for clustering alarms from static analyzers. Our method clusters alarms by discovering sound dependencies between them such that if the dominant alarms of a cluster turns out to be false, all the other alarms in the same cluster are guaranteed to be false. We have implemented our clustering algorithm on top of a realistic buffer-overflow analyzer and proved that our method reduces 45% of alarm reports. Our framework is applicable to any abstract interpretation-based static analysis and orthogonal to abstraction refinements and statistical ranking schemes.This work was supported by Institute for Information & communications Technology Promotion (IITP) grant funded by the Korea government (MSIP) (No. B0717-16-0098 and No. R0190-16-2011, Development of Vulnerability Discovery Technologies for IoT Software Security) and Basic Science Research Program through the National Research Foundation of Korea (NRF) funded by the Ministry of Science, ICT & Future Planning (NRF-2016R1C1B2014062). This research was also supported by the Engineering Research Center of Excellence Program of Korea Ministry of Science, ICT & Future Planning(MSIP) / National Research Foundation of Korea(NRF) (Grant NRF-2008-0062609), and by Samsung Electronics Software Center

Topics: Static analysis, abstract interpretation, false alarms
Publisher: ASSOC COMPUTING MACHINERY
Year: 2017
DOI identifier: 10.1145/3095021
OAI identifier: oai:repository.hanyang.ac.kr:20.500.11754/99246
Provided by: HANYANG Repository
Journal:
Download PDF:
Sorry, we are unable to provide the full text but you may find it at the following location(s):
  • http://repository.hanyang.ac.k... (external link)
  • https://dl.acm.org/citation.cf... (external link)
  • Suggested articles


    To submit an update or takedown request for this paper, please submit an Update/Correction/Removal Request.