Collaborative Research: SHF: Small: An Automated Full-Lifecycle Approach for Improving the Development and Use of Static Analysis

合作研究：SHF：小型：改进静态分析开发和使用的自动化全生命周期方法

• 批准号: 2008905
• 负责人: Shiyi Wei
• 金额: $ 24.99万
• 依托单位: University of Texas at Dallas
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2020
• 资助国家: 美国
• 起止时间: 2020-10-01 至 2024-09-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2008905&HistoricalAwards=false
• 关键词: Collaborative; Research; SHF; Small; Automated

Because software failures can and do cause severe, even life-threatening losses, effective quality assurance remains a constant concern for software developers. In fact, over the past decades, numerous software analysis techniques have been developed to address this concern. These techniques represent a powerful means of detecting bugs or proving their absence. Despite their theoretical superiority, static program analysis tools have had relatively limited industry adoption. Static analysis tools aiming for practical solutions are forced to approximate, trading off precision (i.e., better modeling to ensure correctness) against performance (i.e., faster analysis). Finding the right balance of the complex tradeoffs between performance and precision when developing and using static analysis tools is extremely challenging. This project seeks to reduce practical barriers to conquering this tradeoff. Successful outcomes of this project are likely to improve static analysis tool adoption rates, and thereby improve the safety, security and functionality of critical software that society depends upon. This project aims to achieve more effective static analysis design and usage through cohesive development and usage lifecycle that is powerfully augmented with automated support. This automated support includes systematic evaluation and generation of benchmarks for static analysis tools, localizing sources of imprecision and performance bottlenecks, configuring tool settings that are likely to produce correct and timely results, using machine learning approaches to identify and filter false positives, and integrating these improvements into a demonstration system that leverages information and experiences coming from both tool developers and tool users. This augmented and automated lifecycle will identify frequently occurring code patterns that significantly affect performance/precision tradeoffs in specific tools, allowing tool developers to quickly improve their tools. It will also enable tools designed to customize their behavior and analysis approaches to specific target programs. At the same time, this will provide static analysis tool users with automated support for tuning tool configurations to quickly get more effective results. This is supported by automated classification of tool error reports, reducing effort wasted investigating false positives. These improvements used in concert with each other will result in greatly improved static analysis tools, and much-increased use of these tools in analyzing real-world software.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

由于软件故障可能并且确实会导致严重甚至威胁生命的损失，因此对于软件开发人员来说，有效的质量保证仍然是一个不断关注的问题。实际上，在过去的几十年中，已经开发了许多软件分析技术来解决这一问题。这些技术代表了检测错误或证明其缺席的强大手段。尽管具有理论上的优势，但静态程序分析工具的行业采用却相对有限。针对实用解决方案的静态分析工具被迫近似近似，即在绩效（即更快的分析速度）（即，更好地建模以确保正确性以确保正确性）。在开发和使用静态分析工具时，在性能和精度之间找到复杂的权衡取平衡是极具挑战性的。该项目旨在减少征服这种权衡的实际障碍。该项目的成功结果可能会提高静态分析工具的采用率，从而提高社会依赖的关键软件的安全性，安全性和功能。该项目旨在通过具有自动支持的有力增强的凝聚力开发和使用寿命类别来实现更有效的静态分析设计和使用。这种自动化支持包括用于静态分析工具的系统评估和基准生成，本地化不精确和性能瓶颈来源，配置可能会产生正确且及时的结果的工具设置，并使用机器学习方法来识别和过滤误差误点，并将这些改进整合到来自工具和开发人员的演示系统中，并将这些改进整合到同时的工具中。这种增强和自动化的生命周期将确定经常发生的代码模式，这些模式会严重影响特定工具的性能/精确折衷，从而使工具开发人员能够快速改善其工具。它还将启用旨在自定义特定目标程序的行为和分析方法的工具。同时，这将为静态分析工具用户提供对调整工具配置的自动支持，以快速获得更有效的结果。这是通过对工具错误报告的自动分类来支持的，从而减少了浪费的努力调查误报。相互协同使用的这些改进将极大地改善静态分析工具，并在分析现实世界软件中使用这些工具的使用极大地使用。该奖项反映了NSF的法定任务，并认为值得通过基金会的知识分子优点和更广泛的影响审查标准通过评估来进行评估。

项目成果

ECSTATIC: Automatic Configuration-Aware Testing and Debugging of Static Analysis Tools

• DOI: 10.1145/3597926.3604918
• 发表时间: 2023-07
• 期刊: Proceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis
• 作者: Austin Mordahl;Dakota Soles;Miao Miao-Miao;Zenong Zhang;Shiyi Wei

An empirical assessment of machine learning approaches for triaging reports of static analysis tools

• DOI: 10.1007/s10664-022-10253-z
• 发表时间: 2023-03-01
• 期刊: EMPIRICAL SOFTWARE ENGINEERING
• 影响因子: 4.1
• 作者: Yerramreddy，Sai;Mordahl，Austin;Porter，Adam A.
• 通讯作者: Porter，Adam A.

SATune: A Study-Driven Auto-Tuning Approach for Configurable Software Verification Tools

• DOI: 10.1109/ase51524.2021.9678761
• 发表时间: 2021-11
• 期刊: 2021 36th IEEE/ACM International Conference on Automated Software Engineering (ASE)
• 作者: Ugur Koc;Austin Mordahl;Shiyi Wei;J. Foster;A. Porter

The impact of tool configuration spaces on the evaluation of configurable taint analysis for Android

• DOI: 10.1145/3460319.3464823
• 发表时间: 2021-07
• 期刊: Proceedings of the 30th ACM SIGSOFT International Symposium on Software Testing and Analysis
• 作者: Austin Mordahl;Shiyi Wei

ECSTATIC: An Extensible Framework for Testing and Debugging Configurable Static Analysis

• DOI: 10.1109/icse48619.2023.00056
• 发表时间: 2023-05
• 期刊: 2023 IEEE/ACM 45th International Conference on Software Engineering (ICSE)
• 作者: Austin Mordahl;Zenong Zhang;Dakota Soles;Shiyi Wei