检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
作 者:王淑栋[1] 刘浩[1] 董玉坤[1] 陈红旗 张莉[1] 尹文静 WANG Shu-dong;LIU Hao;DONG Yu-kun;CHEN Hong-qi;ZHANG Li;YIN Wen-jing(College of Computer Science and Technology,China University of Petroleum,Qingdao 266580 China)
机构地区:[1]中国石油大学(华东)计算机科学与技术学院,青岛266580
出 处:《科学技术与工程》2020年第9期3648-3655,共8页Science Technology and Engineering
基 金:国家自然科学基金(61572522,61873281);中央高校基本科研业务费专项(19CX02028A)。
摘 要:针对程序静态缺陷检测存在高误报需要耗费大量人力消除的问题,提出了一种程序语义缺陷警报关联的方法,通过挖掘警报间的深层次关联信息建立警报关联,有助于提升人工判定警报的效率。首先采用符号表达式与区间表示一个变量的取值,并基于符号表达式的逻辑关系建立了警报间的关联推导规则,然后在缺陷检测阶段根据缺陷触发条件识别出警报并推导出不同警报间的关联,最后根据警报间的关联关系对警报进行自动判定。通过对5个实际C工程的测试结果表明,本文所提方法可以有效识别出警报间的关联关系,能够有效减轻人工判定警报的工作。To solve the problem of high false alarm rate in program static defect detection, a recognition method of program semantic false-alarm correlation was proposed, and the efficiency of manual alarm was enhanced by mining deep-seated information and establishing the correlation between alarms. First, symbolic expression and domain were used to quantify the value of a variable, and derivation of the correlation was determined in logical relationship of the symbolic expression. Then, in the defect detection stage, alarms were identified according to the defect triggering condition, and the correlation was then deduced. Finally, alarms were automatically determined based on the correlation. Results of five real cases study show that the method proposed could effectively determine the correlation, with which the workload of manual alarm determination could be largely reduced.
关 键 词:静态分析 缺陷检测 程序语义缺陷 警报关联 符号表达式
分 类 号:TP311[自动化与计算机技术—计算机软件与理论]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.70