System, Method and Apparatus for Planning-aware Static Analysis
Publication Date: 2016-Nov-08
The IP.com Prior Art Database
Static Analysis is made aware of planning considerations (in the form of budgets for fixing problems) Supervised learning is used to learn (i) whether issues are correct, and if so, (ii) how long it would require to fix them Based on the above, the analysis outputs an effective set of issues that are (hypothesized to be) correct and fit within the planning budget.
Page 01 of 2
Static code analysis is a powerful approach to software quality checking
* High coverage
* Nontrivial bugs (e.g., information-flow vulnerabilities)
Yet even commercial-grade tools often report many warnings, most of which are false warnings [Muske13,Tripp14]
Software Development / Planning
* A key aspect of software development is planning
* How long would it take to implement feature X or solve bug Y?
* In Agile software development, for example, tasks are scheduled as part of sprints
* Committing to a task, and scheduling it, requires an estimate how long the task would take to complete
* So… on the one hand, static analysis generates many warnings that, for the most part, are bogus, and on the other hand there is the need to estimate and plan according to the output of the static analysis tool
* This tension defines the problem that we address - or rather the solution that we propose - in the current invention, which is how to create an effective interface between the static analysis tool and planning considerations
Method: Step 1
* Subject static analysis to supervised learning:
* Warnings are reduced to feature vectors [Tripp14]
* Size of the warning
* Code complexity (e.g., information flow involving branching and loops vs straight-line code)
* Time to compute warning
* Warnings annotated to reflect
* if, or to what degree, they are true warnings; and...