clustering static analysis defect reports to reduce
play

CLUSTERING STATIC ANALYSIS DEFECT REPORTS TO REDUCE MAINTENANCE - PowerPoint PPT Presentation

Mar 18, 2023 •293 likes •570 views

CLUSTERING STATIC ANALYSIS DEFECT REPORTS TO REDUCE MAINTENANCE COSTS Zachary P. Fry and Westley Weimer University of Virginia Static Analysis-based Bug Finders Use known-faulty semantic patterns to find suspected bugs statically

  1. CLUSTERING STATIC ANALYSIS DEFECT REPORTS TO REDUCE MAINTENANCE COSTS Zachary P. Fry and Westley Weimer University of Virginia

  2. Static Analysis-based Bug Finders • Use known-faulty semantic patterns to find suspected bugs statically • Generally with minimal human intervention • Valgrind, Fortify, SLAM, ConQAT, CodeSonar, PMD, Findbugs, Coverity SAVE, etc. • Influential in both academia and industry • Many academic tools spanning various languages • Coverity boasts over 300 employees and over 1,100 customers, with extremely high growth

  3. Static Analysis-based Bug Finders • Produce many defect reports in practice Program KLOC Reports Eclipse 3,618 4,345 Linux (sound) 420 869 Blender 996 827 GDB 1,689 827 MPlayer 845 500 • Difficult to adapt to particular styles or idioms • Regardless of true or false positives, groups of defect reports exhibit similarity in practice

  4. Structurally Similar Defects • Some defect reports are obviously similar or different • Some are not: printk(KERN_DEBUG "Receive CCP � if (!lp->master) � sidx = isdn_dc2minor(di, 1); � frame from peer slot(%d)", � qdisc_reset(lp->netdev-> � #ifdef ISDN_DEBUG_NET_ICALL � lp->ppp_slot); � dev.qdisc); � printk(KERN_DEBUG “n_fi:ch=0\n”); � if (lp->ppp_slot < 0 || � lp->dialstate = 0; � #endif � lp->ppp_slot > ISDN_MAX) { � dev->st_netdev[isdn_dc2minor( � � printk(KERN_ERR "%s: � lp->isdn_device � if (USG_NONE(dev->usage[sidx])){ � lp->ppp_slot (%d) out of � lp->isdn_channel) � if (dev->usage[sidx] & � range", _FUNCTION_, � � ] = NULL; ISDN_USAGE_EXCLUSIVE) { � lp->ppp_slot); � isdn_free_channel( � printk(KERN_DEBUG “n_fi: 2nd � return; � lp->isdn_device, � channel is down and bound\n”); � } � lp->isdn_channel, � if ((lp->pre_device == di) && � is = ippp_table[lp->ppp_slot]; � ISDN_USAGE_NET); � (lp->pre_channel == 1)) { � isdn_ppp_frame_log('ccp-rcv', � lp->flags &= � skb->data, skb->len, 32, � ISDN_NET_CONNECTED; �

  5. Determining Defect Report Similarity • Some defect reports are obviously similar or different • Some are not: printk(KERN_DEBUG "Receive CCP � if (!lp->master) � sidx = isdn_dc2minor(di, 1); � frame from peer slot(%d)", � qdisc_reset(lp->netdev-> � #ifdef ISDN_DEBUG_NET_ICALL � lp->ppp_slot); � dev.qdisc); � printk(KERN_DEBUG “n_fi:ch=0\n”); � if (lp->ppp_slot < 0 || � lp->dialstate = 0; � #endif � lp->ppp_slot > ISDN_MAX) { � dev->st_netdev[isdn_dc2minor( � � printk(KERN_ERR "%s: � lp->isdn_device � if (USG_NONE(dev->usage[sidx])){ � lp->ppp_slot (%d) out of � lp->isdn_channel) � if (dev->usage[sidx] & � range", _FUNCTION_, � � ] = NULL; ISDN_USAGE_EXCLUSIVE) { � lp->ppp_slot); � isdn_free_channel( � printk(KERN_DEBUG “n_fi: 2nd � return; � lp->isdn_device, � channel is down and bound\n”); � } � lp->isdn_channel, � if ((lp->pre_device == di) && � is = ippp_table[lp->ppp_slot]; � ISDN_USAGE_NET); � (lp->pre_channel == 1)) { � isdn_ppp_frame_log('ccp-rcv', � lp->flags &= � skb->data, skb->len, 32, � ISDN_NET_CONNECTED; �

  6. Determining Defect Report Similarity • Some defect reports are obviously similar or different • Some are not: printk(KERN_DEBUG "Receive CCP � if (!lp->master) � sidx = isdn_dc2minor(di, 1); � frame from peer slot(%d)", � qdisc_reset(lp->netdev-> � #ifdef ISDN_DEBUG_NET_ICALL � lp->ppp_slot); � dev.qdisc); � printk(KERN_DEBUG “n_fi:ch=0\n”); � if (lp->ppp_slot < 0 || � lp->dialstate = 0; � #endif � lp->ppp_slot > ISDN_MAX) { � dev->st_netdev[isdn_dc2minor( � � printk(KERN_ERR "%s: � lp->isdn_device � if (USG_NONE(dev->usage[sidx])){ � lp->ppp_slot (%d) out of � lp->isdn_channel) � if (dev->usage[sidx] & � range", _FUNCTION_, � � ] = NULL; ISDN_USAGE_EXCLUSIVE) { � lp->ppp_slot); � isdn_free_channel( � printk(KERN_DEBUG “n_fi: 2nd � return; � lp->isdn_device, � channel is down and bound\n”); � } � lp->isdn_channel, � if ((lp->pre_device == di) && � is = ippp_table[lp->ppp_slot]; � ISDN_USAGE_NET); � (lp->pre_channel == 1)) { � isdn_ppp_frame_log('ccp-rcv', � lp->flags &= � skb->data, skb->len, 32, � ISDN_NET_CONNECTED; �

  7. Determining Defect Report Similarity • Some defect reports are obviously similar or different • Some are not: printk(KERN_DEBUG "Receive CCP � if (!lp->master) � sidx = isdn_dc2minor(di, 1); � frame from peer slot(%d)", � qdisc_reset(lp->netdev-> � #ifdef ISDN_DEBUG_NET_ICALL � lp->ppp_slot); � dev.qdisc); � printk(KERN_DEBUG “n_fi:ch=0\n”); � if (lp->ppp_slot < 0 || � lp->dialstate = 0; � #endif � lp->ppp_slot > ISDN_MAX) { � dev->st_netdev[isdn_dc2minor( � � printk(KERN_ERR "%s: � lp->isdn_device � if (USG_NONE(dev->usage[sidx])){ � lp->ppp_slot (%d) out of � lp->isdn_channel) � if (dev->usage[sidx] & � range", _FUNCTION_, � � ] = NULL; ISDN_USAGE_EXCLUSIVE) { � lp->ppp_slot); � isdn_free_channel( � printk(KERN_DEBUG “n_fi: 2nd � return; � lp->isdn_device, � channel is down and bound\n”); � } � lp->isdn_channel, � if ((lp->pre_device == di) && � is = ippp_table[lp->ppp_slot]; � ISDN_USAGE_NET); � (lp->pre_channel == 1)) { � isdn_ppp_frame_log('ccp-rcv', � lp->flags &= � skb->data, skb->len, 32, � ISDN_NET_CONNECTED; �

  8. Goals • To both aid in triage of real defects and facilitate the elimination of false positives, we desire a technique for clustering automatically-generated, static analysis-based defect reports. • The technique should be flexible to meet the needs of different systems and development teams. • The resulting clusters should be more accurate than those produced by existing baselines and also congruent with human notions of related defect reports.

  9. High Level Approach R3 R1 R2 ✗ R1 x R2 ✗ R1 x R3 ✓ R2 x R3

  10. High Level Approach R3 R1 R2 Clustering ✗ R1 x R2 1 3 ✗ R1 x R3 2 ✓ R2 x R3

  11. High Level Approach R3 R1 R2 Clustering ✗ R1 x R2 C1: {R1} 1 3 ✗ R1 x R3 C2: {R2,R3} 2 ✓ R2 x R3

  12. Approach – Types of Information • Gathered or synthesized from structured defect reports • Type of defect • Suspected faulty line • Set of lines on static execution path to suspected fault • The enclosing function of the suspected fault • Three-line window of context around faulty line • Macros • File system path of suspected faulty file • Additional meta-information • These categories conform to many state-of-the- art static analysis tools’ output format • For instance, Coverity’s SAVE tool and Findbugs

  13. Approach – Types of Similarity Metrics • Structured Similarity Metrics • Exact equality Component comp = myGraph.subcomponent(size, false); � Component comp = g.subcomponent(getSize(), false); �

  14. Approach – Types of Similarity Metrics • Structured Similarity Metrics • Exact equality • Strict pair-wise comparison Component comp = myGraph.subcomponent(size, false); � Component comp = g.subcomponent(getSize(), false); �

  15. Approach – Types of Similarity Metrics • Structured Similarity Metrics • Exact equality • Strict pair-wise comparison • Levenshtein edit distance Component comp = myGraph.subcomponent(size, false); � Component comp = g.subcomponent(getSize(), false); �

  16. Approach – Types of Similarity Metrics • Structured Similarity Metrics • Exact equality • Strict pair-wise comparison • Levenshtein edit distance • TF-IDF Component comp = myGraph.subcomponent(size, false); � Component comp = g.subcomponent(getSize(), false); �

  17. Approach – Types of Similarity Metrics • Structured Similarity Metrics • Exact equality • Strict pair-wise comparison • Levenshtein edit distance • TF-IDF • Largest common pair-wise prefix Component comp = myGraph.subcomponent(size, false); � Component comp = g.subcomponent(getSize(), false); �

  18. Approach – Types of Similarity Metrics • Structured Similarity Metrics • Exact equality • Strict pair-wise comparison • Levenshtein edit distance • TF-IDF • Largest common pair-wise prefix • Punctuation edit distance Component comp = myGraph.subcomponent(size, false); � Component comp = g.subcomponent(getSize(), false); �

  19. Approach – Similarity and Clusters • Learn a linear regression model for all relevant information-metric pairs with similarity cutoff • Traditional clustering (e.g. k-medoid) assumes equal feature weights and real-valued properties measured for individual entities • Recursively find maximum cliques (clusters) and remove them from similarity graph R4 R6 R11 R1 R8 R10 R3 R7 R9 R5 R2 R12

  20. Evaluation • Research Questions 1. How effective is our technique at accurately clustering automatically-generated defect reports? 2. Does our approach outperform existing baseline techniques? 3. Do humans agree with the clusters produced by our technique?

Recommend

A Comparative Analysis of the Efficiency of Change Metrics and Static Code Attributes for Defect

A Comparative Analysis of the Efficiency of Change Metrics and Static Code Attributes for Defect

A Comparative Analysis of the Efficiency of Change Metrics and Static Code Attributes for Defect Prediction Raimund Moser, Witold Pedrycz, Giancarlo Succi ICSE 08 Andres Bhlmann, April 2009 What is it about? Change Metrics + Change Metrics

453 views • 23 slides
Defect Removal Metrics September 30, 2004 Swami Natarajan RIT Software Engineering Defect

Defect Removal Metrics September 30, 2004 Swami Natarajan RIT Software Engineering Defect

Defect Removal Metrics September 30, 2004 Swami Natarajan RIT Software Engineering Defect removal metrics: concepts All defect removal metrics computed from the measurements identified last time Inspection reports, test reports,

279 views • 26 slides
Circuit Analysis and Defect Characteristics Estimation Method Using Bimodal Defect-Centric Random

Circuit Analysis and Defect Characteristics Estimation Method Using Bimodal Defect-Centric Random

Circuit Analysis and Defect Characteristics Estimation Method Using Bimodal Defect-Centric Random Telegraph Noise Model March 17, 2016 TAU 2017 Michitarou Yabuuchi (Renesas System Design Co., Ltd.), Azusa Oshima, Takuya Komawaki, Ryo Kishida,

429 views • 21 slides
Static Analysis of Haskell Neil Mitchell http://ndmitchell.com Static Analysis is getting

Static Analysis of Haskell Neil Mitchell http://ndmitchell.com Static Analysis is getting

Static Analysis of Haskell Neil Mitchell http://ndmitchell.com Static Analysis is getting insights at compile time Full branch coverage Terminates Doesnt rely on a test suite Types are static analysis. Lets talk about

784 views • 39 slides
Bi-clustering and co-clustering Going further in cluster analysis and classifjcation: publics ou

Bi-clustering and co-clustering Going further in cluster analysis and classifjcation: publics ou

HAL Id: hal-01810380 manant des tablissements denseignement et de Summer School on Clustering, Data Analysis and Visualization of Complex Data, May 2018, Catania, Going further in cluster analysis and classifjcation: Bi-clustering and

1.23k views • 67 slides
Learning a Variable-Clustering Strategy for Octagon from Labeled Data Generated by a Static

Learning a Variable-Clustering Strategy for Octagon from Labeled Data Generated by a Static

1 Learning a Variable-Clustering Strategy for Octagon from Labeled Data Generated by a Static Analysis Kihong Heo 1 , Hakjoo Oh 2 , Hongseok Yang 3 Seoul National University 1 Korea University 2 University of Oxford 3 SAS 2016 @Edinburgh 2

823 views • 32 slides
Static Analysis for Secure Development Introduction Static analysis : What , and why ?

Static Analysis for Secure Development Introduction Static analysis : What , and why ?

Static Analysis for Secure Development Introduction Static analysis : What , and why ? Basic analysis ! Example : Flow analysis ! Increasing precision ! Context -, flow -, and path sensitivity Scaling it up !

527 views • 27 slides
1 Analysis Information Where Do Facts Hold? How much information depends on the client

1 Analysis Information Where Do Facts Hold? How much information depends on the client

711? CS711 Advanced Programming Languages Topics in Program Analysis Radu Rugina Fall 2005 CS711 Overview 2 Program Analysis Static vs. Dynamic Static analysis: inspect programs at compile-time Static analysis: Work done at

282 views • 4 slides
A Brief Introduction to Static Analysis Sam Blackshear March 13, 2012 Outline A theoretical

A Brief Introduction to Static Analysis Sam Blackshear March 13, 2012 Outline A theoretical

A Brief Introduction to Static Analysis Sam Blackshear March 13, 2012 Outline A theoretical problem and how to ignore it An example static analysis What is static analysis used for? Commercial successes Free static analysis tools you should

490 views • 37 slides
Static Analysis Static Analysis they are read? Will the current value of a variable ever be

Static Analysis Static Analysis they are read? Will the current value of a variable ever be

Interesting Questions Interesting Questions Is every statement reachable? Does every non- void method return a value? Compilation 2007 Compilation 2007 Will local variables definitely be assigned before Static Analysis Static

169 views • 13 slides
PAC-Bayesian Analysis of Co-clustering, Graph Clustering and Pairwise Clustering Yevgeny Seldin

PAC-Bayesian Analysis of Co-clustering, Graph Clustering and Pairwise Clustering Yevgeny Seldin

PAC-Bayesian Analysis of Co-clustering, Graph Clustering and Pairwise Clustering Yevgeny Seldin Motivation Example Clustering cannot be analyzed without specifying what it will be used for! be used for! Example Cluster then pack

293 views • 28 slides
Static and dynamic verification Software inspections Concerned with analysis of the static

Static and dynamic verification Software inspections Concerned with analysis of the static

1 Static and dynamic verification Software inspections Concerned with analysis of the static system representation to discover problems (static verification) May be supplement by tool-based document and code analysis Software

430 views • 12 slides
1 K-means clustering The K-means clustering algorithm can be seen as applying the EM algorithm to

1 K-means clustering The K-means clustering algorithm can be seen as applying the EM algorithm to

Statistical Modeling and Analysis of Neural Data (NEU 560) Princeton University, Spring 2018 Jonathan Pillow Lecture 18 notes: K-means and Factor Analysis Tues, 4.17 1 K-means clustering The K-means clustering algorithm can be seen as

547 views • 3 slides
Clustering and Dimensionality Reduction Preview Clustering K -means clustering

Clustering and Dimensionality Reduction Preview Clustering K -means clustering

Clustering and Dimensionality Reduction Preview Clustering K -means clustering Mixture models Hierarchical clustering Dimensionality reduction Principal component analysis Multidimensional scaling Isomap

1.61k views • 17 slides
Static vs. Dynamic Analysis Static analysis: analyze source code or byte code Imprecise

Static vs. Dynamic Analysis Static analysis: analyze source code or byte code Imprecise

I NTELLI D ROID A Targeted Input Generator for the Dynamic Analysis of Android Malware Michelle Y. Wong and David Lie University of Toronto Department of Electrical and Computer Engineering NDSS Symposium 2016 ! ! ! B ACKGROUND Static vs.

1.02k views • 32 slides
Static analysis and all that Martin Steffen IfI UiO Spring 2014 Static analysis and all that

Static analysis and all that Martin Steffen IfI UiO Spring 2014 Static analysis and all that

Static analysis and all that Martin Steffen IfI UiO Spring 2014 Static analysis and all that Martin Steffen IfI UiO Spring 2014 Plan approx. 15 lectures, details see web-page flexible time-schedule, depending on progress/interest

2.15k views • 194 slides
CS7038 - Malware Analysis - Wk04.1 Static Analysis Introduction Coleman Kane kaneca@mail.uc.edu

CS7038 - Malware Analysis - Wk04.1 Static Analysis Introduction Coleman Kane kaneca@mail.uc.edu

CS7038 - Malware Analysis - Wk04.1 Static Analysis Introduction Coleman Kane kaneca@mail.uc.edu February 1, 2017 Static Analysis Static Analysis is the process of documenting your observations about what identifying characteristics a

575 views • 8 slides
Clustering A Categorization of Major Clustering Methods Partitioning Methods

Clustering A Categorization of Major Clustering Methods Partitioning Methods

Clustering What is Clustering? Types of Data in Cluster Analysis Clustering A Categorization of Major Clustering Methods Partitioning Methods Hierarchical Methods 1 2 What is Clustering? What is Clustering? Typical

647 views • 18 slides
Static and dynamic verification Software inspections Concerned with analysis of the

Static and dynamic verification Software inspections Concerned with analysis of the

1 Static and dynamic verification Software inspections Concerned with analysis of the static system representation to discover problems (static verification) May be supplement by tool-based document and code analysis

310 views • 12 slides
Static analysis and all that Martin Steffen IfI UiO Spring 2014 uio Static analysis and all

Static analysis and all that Martin Steffen IfI UiO Spring 2014 uio Static analysis and all

Static analysis and all that Martin Steffen IfI UiO Spring 2014 uio Static analysis and all that Martin Steffen IfI UiO Spring 2014 uio Plan approx. 15 lectures, details see web-page flexible time-schedule, depending on

938 views • 69 slides
Modelling, Specification and Formal Analysis of Complex Software Systems Precise Static Analysis

Modelling, Specification and Formal Analysis of Complex Software Systems Precise Static Analysis

Modelling, Specification and Formal Analysis of Complex Software Systems Precise Static Analysis of Programs with Dynamic Memory Mihaela Sighireanu IRIF, University Paris Diderot &amp; CNRS VTSA 2015 1 / 99 Static Analysis Establish

2.15k views • 186 slides
Whats Coverity static analysis ever done for us? Philip Withnall Endless Mobile

Whats Coverity static analysis ever done for us? Philip Withnall Endless Mobile

Whats Coverity static analysis ever done for us? Philip Withnall Endless Mobile philip@tecnocode.co.uk July 30, 2017 MANCHESTER What is static analysis? Compile-time testing of all possible code paths. Whats Coverity static analysis

236 views • 12 slides
Outline t t Why static analysis? t t What is it? Underlying technology t Some

Outline t t Why static analysis? t t What is it? Underlying technology t Some

2005-05-04 Static Analysis methods and tools An industrial study t Pr Emanuelsson Ericsson AB and LiU Prof Ulf Nilsson LiU t itle Outline t t Why static analysis? t t What is it? Underlying technology t Some tools

438 views • 19 slides
Analysis of Design Defect Injection A l i f D i D f t I j ti and Removal in PSP Diego

Analysis of Design Defect Injection A l i f D i D f t I j ti and Removal in PSP Diego

Analysis of Design Defect Injection A l i f D i D f t I j ti and Removal in PSP Diego Vallespir William Nichols Grupo de Ingeniera de Software p g Software Engineering Institute g g Universidad de la Repblica Carnegie Mellon

449 views • 31 slides

More recommend