What is it about?
Many years, researchers have shown, that a perfect static analysis cannot exist: it is theoretically impossible to design an analysis such that it generates only true warnings, without false positives. In this work, however, we show a novel design that nonetheless avoids false warnings in such programs that programmer usually write. In result, one obtains a static analysis with very low false positive rates. In result, this design also makes the analysis even much more efficient than related previous approaches.
Featured Image
Photo by Annie Spratt on Unsplash
Why is it important?
Research has shown that high numbers of false warnings / false positives are the number one reason for why developers might be unsatisfied with - or even abandon - a static analysis tool. Secondly, tools are not used on a regular basis due to their long feedback cycles of hours or even days to present the results to the user. This paper presents a new algorithm that drastically reduces the high false positives while improving the performance of a static analysis, hence making tools more usable for the target audience.
Perspectives
I have written many papers over the years but am personally very proud about this one. It presents quite an elegant solution to a long-standing problem, and gives good empirical evidence that it can work in practice. Johannes Späth deserves all the credit for the algorithmic design, he did excellent work!
Eric Bodden
Universitat Paderborn
Read the Original
This page is a summary of: Context-, flow-, and field-sensitive data-flow analysis using synchronized Pushdown systems, Proceedings of the ACM on Programming Languages, January 2019, ACM (Association for Computing Machinery),
DOI: 10.1145/3290361.
You can read the full text:
Contributors
The following have contributed to this page
