Automated Adaptive Ranking and Filtering of Static Analysis Alerts
Sarah Heckman and Laurie Williams
The 17th IEEE International Symposium on Software Reliability Engineering: Fast Abstracts (ISSRE 2006)
Raleigh, North Carolina, USA, November 6-10 2006
Abstract
Static analysis tools are useful in finding recurring software faults and weaknesses during the development process. However, these tools often report a high number of false positives, dissuading software engineers from frequent use of the tools during development. By ranking static analysis alerts by the probability the alert is a true positive, software engineers can be directed to the faults that are most likely to need attention. The ranking is based on historical data from the filtering of alerts previously found to be false positives by a software engineer. The Automated Warning Application for Reliability Engineering (AWARE) v 0.2 has been created to support static analysis alert ranking and filtering. Initial results from a feasibility study show that with AWARE, true positive alerts appear at the top of the ranking and the distance between true positive alerts are better than a random ordering of alerts. By filtering a small number of false positives, AWARE can provide true positive alerts to the software engineer.