The False False Positives of Static Analysis

Yuriy Tymchuk. The False False Positives of Static Analysis. In SATToSE’17: Pre-Proceedings of the 10th International Seminar Series on Advanced Techniques & Tools for Software Evolution, June 2017. Details.

Abstract

Static analysis tools may produce false positive results, which negatively impact the overall usability of these tools. However, even a correct static analysis report is sometimes classified as a false positive if a developer does not understand it or does not agree with it. Lately developers’ classification of false positives is treated on a par with the actual static analysis performance which may distort the knowledge about the real state of static analysis. In this paper we discuss various use cases where a false positive report is not false and the issue is caused by another aspects of static analysis. We provide an in-depth explanation of the issue for each use case followed by recommendations on how to solve it, and thus exemplify the importance of careful false positive classification.

Posted by scg at 7 February 2019, 4:15 pm link
Last changed by admin on 21 April 2009