【摘要】 针对程序静态缺陷检测存在高误报需要耗费大量人力消除的问题,提出了一种程序语义缺陷警报关联的方法,通过挖掘警报间的深层次关联信息建立警报关联,有助于提升人工判定警报的效率。首先采用符号表达式与区间表示一个变量的取值,并基于符号表达式的逻辑关系建立了警报间的关联推导规则,然后在缺陷检测阶段根据缺陷触发条件识别出警报并推导出不同警报间的关联,最后根据警报间的关联关系对警报进行自动判定。通过对5个实际C工程的测试结果表明,本文所提方法可以有效识别出警报间的关联关系,能够有效减轻人工判定警报的工作。更多还原

【Abstract】 To solve the problem of high false alarm rate in program static defect detection, a recognition method of program semantic false-alarm correlation was proposed, and the efficiency of manual alarm was enhanced by mining deep-seated information and establishing the correlation between alarms. First, symbolic expression and domain were used to quantify the value of a variable, and derivation of the correlation was determined in logical relationship of the symbolic expression. Then, in the defect detection stage, alarms were identified according to the defect triggering condition, and the correlation was then deduced. Finally, alarms were automatically determined based on the correlation. Results of five real cases study show that the method proposed could effectively determine the correlation, with which the workload of manual alarm determination could be largely reduced.更多还原