Striking a balance: pruning false-positives from static call graphs

A Utture, S Liu, CG Kalhauge, J Palsberg - Proceedings of the 44th …, 2022 - dl.acm.org
Proceedings of the 44th International Conference on Software Engineering, 2022dl.acm.org
Researchers have reported that static analysis tools rarely achieve a false-positive rate that
would make them attractive to developers. We overcome this problem by a technique that
leads to reporting fewer bugs but also much fewer false positives. Our technique prunes the
static call graph that sits at the core of many static analyses. Specifically, static call-graph
construction proceeds as usual, after which a call-graph pruner removes many false-positive
edges but few true edges. The challenge is to strike a balance between being aggressive in …
Researchers have reported that static analysis tools rarely achieve a false-positive rate that would make them attractive to developers. We overcome this problem by a technique that leads to reporting fewer bugs but also much fewer false positives. Our technique prunes the static call graph that sits at the core of many static analyses. Specifically, static call-graph construction proceeds as usual, after which a call-graph pruner removes many false-positive edges but few true edges. The challenge is to strike a balance between being aggressive in removing false-positive edges but not so aggressive that no true edges remain. We achieve this goal by automatically producing a call-graph pruner through an automatic, ahead-of-time learning process. We added such a call-graph pruner to a software tool for null-pointer analysis and found that the false-positive rate decreased from 73% to 23%. This improvement makes the tool more useful to developers.
ACM Digital Library