Research On Several Key Technologies Of Optimizing The Static Defect Detecting

Software test is to analyze whether the execution of a software system to achieve the desired objectives, and identify potential defects. At present, as a result of the scale up on software size, complexity and application field, the software testing has been paid more and more attention from both academic and industrial circles.The static analysis technique is becoming a typical method to improve the trustworthiness of software, which could efficiently analyze part of a program for detecting the small probability potential defects, without executing the program. Defect detection generally includes two stages:static analysis and alarm inspection. Rice’s theorem shows that static analysis cannot perfectly determine the nontrivial properties of normal procedures. The undecidability of static analysis in fact makes no automatic static testing system sound and complete at the same time to the non-trivial properties in programs. A large number of independent alarms are against the understanding and may lead developers and managers to reject the use of static analysis tools due to the overhead of alarm inspection. How to improve the static analysis precision and inspection efficiency has become the critical factor affecting the capability of static analysis techniques, which is also the hot research topic both in domestic and overseas.Funded by the National High-Tech Research and Development Plan of China under Grant "2012AA011201". and the National Science Foundation of China under Grant "91318301", aiming at improving the precision of static defect detection tools and efficiency of alarm identification, three aspects of work are included:(1) Improving the accuracy of path-sensitive static defect detection In order to avoid the path explosion problem in full path-sensitive detection during the process of path-sensitive defect detection, defect states are often merged at merging nodes on control flow graph, but this rough merging strategy may lead to accuracy loss and false positives. In this paper, state partition is proposed to handle the implicit variable relationships on respective paths and to improve the accuracy of detection. We also propose a path merging strategy with state partition to avoid accuracy loss caused by untimely merging of data flow information, and it has been implemented in our static analysis tool, Defect Testing System (DTS). Experiment on10GCC open source projects shows the great improvement this strategy makes.(2) Research of alarm correlations based on static defect detectionTraditional static defect detection tools can detect software defects and report alarms, but the correlations among alarms are not identified and massive independent alarms are against the understanding. Helping users in the alarm verification task is a major challenge for current static defect detection tools. In this paper, we formally introduce alarm correlations. If the occurrence of one alarm causes another alarm, we say that they are correlated. If one dominant alarm is unique correlated with another, we know verifying the first will also verify the others. Guided by the correlation, we can reduce the number of alarms required for verification. Our algorithms are inter-procedural, path-sensitive, and scalable. We present a correlation procedure summary model for inter-procedural alarm correlation calculation. The underlying algorithms are implemented inside our defect detection tools. We chose one common semantic fault as a case study and proved that our method has the effect of reducing34.23%of workload. Using correlation information, we are able to automate the alarm verification that previously has to be done manually.(3) Research of automatic alarms classication method based on trace miningStatic analysis tools usually report many warnings. To help with the inspection tasks, we present an approach that uses data mining techniques to work on the results of static analysis of source code to classify similar warnings and warning combinations, and makes the final warning report easier to handle. The underlying algorithms were implemented inside our static analysis tool and used successfully to prioritizing static analysis warnings in large, critical embedded applications.