Supporting Software Inspection with Static Profiling
نویسندگان
چکیده
Static software checking tools are useful as an additional automated software inspection step that can easily be integrated in the development cycle and assist in creating secure, reliable and high quality code. However, an often quoted disadvantage of these tools is that they generate an inordinate number of warnings, including many false positives due to the use of approximate analysis techniques. This information overload effectively limits their usefulness. In this paper we present ELAN, a technique that helps the user prioritize the information generated by a software inspection tool, based on a demand-driven computation of the likelihood that execution reaches the locations for which warnings are reported. This analysis is orthogonal to other prioritization techniques known from literature, such as severity levels and statistical filtering to reduce false positives. We evaluate the feasibility of our technique using a number of case studies and assess the quality of our static estimates by comparing them to actual values obtained by dynamic profiling.
منابع مشابه
Understanding Software – Static and Dynamic Aspects
We present an approach to software visualization supporting the understanding of structure and behavior of software systems. To do so, we merge information from static program analysis with dynamic information obtained during the execution of the programs. The merged information is presented graphically in different views, where users can interactively choose between more abstract or more concr...
متن کاملAn Extended Methodology for Risk Based Inspection Planning
Inspection planning is an important activity in process industries, and one of the key tools used for such planning is the risk based inspection (RBI) methodology. The RBI is commonly used in planning of inspections for static mechanical equipment, in particular piping networks. The inspections are prioritized based on risk, expressed as expected values, integrating the likelihood and consequen...
متن کاملAn Empirical Investigation of a Systematic Object-Oriented Inspection Technique
Software inspection is a well-recognised defect detection technique, but recent research has highlighted that its level of performance on object-oriented code may be suffering due to the highly delocalised nature of the software. This paper presents the results of an empirical investigation, which compared the traditional ad-hoc inspection approach with a systematic, abstraction-driven inspecti...
متن کاملStatic Verification of Code Access Security Policy Compliance of .NET Applications
Stack inspection-based sandboxing originated as a security mechanism for safely executing partially trusted code. Today, it is widely used for the more general purpose of supporting the principle of least privilege in component-based software development. In this more general setting, the permissions required by a component to run properly, or the permissions needed by other components to succe...
متن کاملGadget: A Tool for Extracting the Dynamic Structure of Java Programs
Source code analysis and inspection does not provide enough information to describe the structure of an objectoriented program completely because there are components and relations that only exist during its runtime. This paper presents a tool, called Gadget, that helps software engineers extract the dynamic structure of objectoriented programs written in the Java programming language. The tool...
متن کامل