Identifying and documenting false positive patterns generated by static code analysis tools

dc.contributor.advisorHill, James H.
dc.contributor.authorReynolds, Zachary P.
dc.date.accessioned2017-07-21T18:04:33Z
dc.date.available2017-07-21T18:04:33Z
dc.date.issued2017-07-18
dc.degree.date2017en_US
dc.degree.grantorPurdue Universityen_US
dc.degree.levelM.S.en_US
dc.descriptionIndiana University-Purdue University Indianapolis (IUPUI)en_US
dc.description.abstractStatic code analysis tools are known to flag a large number of false positives. A false positive is a warning message generated by a static code analysis tool for a location in the source code that does not have any known problems. This thesis presents our approach and results in identifying and documenting false positives generated by static code analysis tools. The goal of our study was to understand the different kinds of false positives generated so we can (1) automatically determine if a warning message from a static code analysis tool truly indicates an error, and (2) reduce the number of false positives developers must triage. We used two open-source tools and one commercial tool in our study. Our approach led to a hierarchy of 14 core false positive patterns, with some patterns appearing in multiple variations. We implemented checkers to identify the code structures of false positive patterns and to eliminate them from the output of the tools. Preliminary results showed that we were able to reduce the number of warnings by 14.0%-99.9% with a precision of 94.2%-100.0% by applying our false positive filters in different cases.en_US
dc.identifier.doi10.7912/C22651
dc.identifier.urihttps://hdl.handle.net/1805/13533
dc.identifier.urihttp://dx.doi.org/10.7912/C2/2344
dc.language.isoen_USen_US
dc.rightsAttribution 3.0 United States
dc.rights.urihttp://creativecommons.org/licenses/by/3.0/us/
dc.subjectfalse positive catalogen_US
dc.subjectfalse positive eliminationen_US
dc.subjectfalse positive patternen_US
dc.subjectstatic code analysisen_US
dc.titleIdentifying and documenting false positive patterns generated by static code analysis toolsen_US
dc.typeThesisen
thesis.degree.disciplineComputer & Information Scienceen
Files
Original bundle
Now showing 1 - 1 of 1
Loading...
Thumbnail Image
Name:
thesis-reynolds-final.pdf
Size:
1007.59 KB
Format:
Adobe Portable Document Format
Description:
License bundle
Now showing 1 - 1 of 1
No Thumbnail Available
Name:
license.txt
Size:
1.88 KB
Format:
Item-specific license agreed upon to submission
Description: