{"title":"Reachability confirmation of statically detected defects using dynamic analysis","authors":"A. Gerasimov, L. Kruglov","doi":"10.1109/CSITECHNOL.2017.8312141","DOIUrl":null,"url":null,"abstract":"Static and dynamic analysis of programs are well known approaches to the problem of automatic program behaviour analysis. Both methods have advantages and limitations. Static analysis has lack of precision for the sake of scalability. On the other hand, dynamic analysis has 100% precision while reaching defect point, but suffers from scalability issues. This paper describes an approach to confirmation of reachability of source-sink defects that were found by static analysis with help of dynamic analysis. The combination of methods allows to circumvent limitations and multiply their advantages. Preliminary experiments on several open source projects show that real true positive defects can be confirmed to be reachable using the approach and some false positives can be proved.","PeriodicalId":332371,"journal":{"name":"2017 Computer Science and Information Technologies (CSIT)","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2017-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 Computer Science and Information Technologies (CSIT)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CSITECHNOL.2017.8312141","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 5
Abstract
Static and dynamic analysis of programs are well known approaches to the problem of automatic program behaviour analysis. Both methods have advantages and limitations. Static analysis has lack of precision for the sake of scalability. On the other hand, dynamic analysis has 100% precision while reaching defect point, but suffers from scalability issues. This paper describes an approach to confirmation of reachability of source-sink defects that were found by static analysis with help of dynamic analysis. The combination of methods allows to circumvent limitations and multiply their advantages. Preliminary experiments on several open source projects show that real true positive defects can be confirmed to be reachable using the approach and some false positives can be proved.