Skip to Main content Skip to Navigation
Conference papers

Ranking Source Code Static Analysis Warnings for Continuous Monitoring of FLOSS Repositories

Abstract : Performing source code static analysis during the software development cycle is a difficult task. There are different static analyzers available, and each of them usually works better in a small subset of problems, making it hard to choose a single tool. Combining the analysis of different tools solves this problem, but brings about other problems, namely the generated false positives and a large amount of unsorted alarms. This paper presents kiskadee, a system to support the usage of static analysis during software development by providing carefully ranked static analysis reports. First, it runs multiple static analyzers on the source code. Then, using a classification model, the potential bugs detected by the static analyzers are ranked based on their importance, with critical flaws ranked first, and potential false positives ranked last. Our experimental results show that, on average, when inspecting warnings ranked by kiskadee, one hits 5.2 times less false positives before each bug than when using a randomly sorted warning list.
Document type :
Conference papers
Complete list of metadata

Cited literature [21 references]  Display  Hide  Download
Contributor : Hal Ifip Connect in order to contact the contributor
Submitted on : Monday, September 17, 2018 - 2:35:46 PM
Last modification on : Monday, September 24, 2018 - 2:20:51 PM
Long-term archiving on: : Tuesday, December 18, 2018 - 2:36:41 PM


Files produced by the author(s)


Distributed under a Creative Commons Attribution 4.0 International License



Athos Ribeiro, Paulo Meirelles, Nelson Lago, Fabio Kon. Ranking Source Code Static Analysis Warnings for Continuous Monitoring of FLOSS Repositories. 14th IFIP International Conference on Open Source Systems (OSS), Jun 2018, Athens, Greece. pp.90-101, ⟨10.1007/978-3-319-92375-8_8⟩. ⟨hal-01875492⟩



Record views


Files downloads