期刊
ACM SIGPLAN NOTICES
卷 53, 期 4, 页码 722-735出版社
ASSOC COMPUTING MACHINERY
DOI: 10.1145/3192366.3192417
关键词
Static analysis; belief networks; Bayesian inference; alarm ranking
资金
- DARPA [FA8750-15-2-0009]
- NSF [1253867, 1526270]
- Division of Computing and Communication Foundations
- Direct For Computer & Info Scie & Enginr [1526270, 1253867] Funding Source: National Science Foundation
Program analyses necessarily make approximations that often lead them to report true alarms interspersed with many false alarms. We propose a new approach to leverage user feedback to guide program analyses towards true alarms and away from false alarms. Our approach associates each alarm with a confidence value by performing Bayesian inference on a probabilistic model derived from the analysis rules. In each iteration, the user inspects the alarm with the highest confidence and labels its ground truth, and the approach recomputes the confidences of the remaining alarms given this feedback. It thereby maximizes the return on the effort by the user in inspecting each alarm. We have implemented our approach in a tool named Bingo for program analyses expressed in Datalog. Experiments with real users and two sophisticated analyses-a static datarace analysis for Java programs and a static taint analysis for Android apps-show significant improvements on a range of metrics, including false alarm rates and number of bugs found.
作者
我是这篇论文的作者
点击您的名字以认领此论文并将其添加到您的个人资料中。
推荐
暂无数据