Journal Article10.1002/SPE.2287
Integrated static code analysis and runtime verification
16
TL;DR: A noval approach and a toolchain for integrated static code analysis and runtime verification of an open‐source bibliography reference manager software is introduced.
read more
Abstract: Summary
Static code analysis tools automatically generate alerts for potential software faults that can lead to failures. However, these tools usually generate a very large number of alerts, some of which are subject to false positives. Because of limited resources, it is usually hard to inspect all the alerts. As a complementary approach, runtime verification techniques verify dynamic system behavior with respect to a set of specifications. However, these specifications are usually created manually based on system requirements and constraints. In this paper, we introduce a noval approach and a toolchain for integrated static code analysis and runtime verification. Alerts that are generated by static code analysis tools are utilized for automatically generating runtime verification specifications. On the other hand, runtime verification results are used for automatically generating filters for static code analysis tools to eliminate false positives. The approach is illustrated for the static analysis and runtime verification of an open-source bibliography reference manager software. Copyright © 2014 John Wiley & Sons, Ltd.
read more
Chat with Paper
AI Agents for this Paper
Find similar papers on Google Scholar, PubMed and Arxiv
Write a critical review of this paper
Analyze citations of this paper to find unaddressed research gaps
Citations
•Journal Article
An overview of AspectJ
TL;DR: AspectJ as mentioned in this paper is a simple and practical aspect-oriented extension to Java with just a few new constructs, AspectJ provides support for modular implementation of a range of crosscutting concerns.
2.9K
Survey of Approaches for Handling Static Analysis Alarms
Tukaram Muske,Alexander Serebrenik +1 more
- 01 Oct 2016
TL;DR: This paper reviews 79 alarms handling studies collected through a systematic literature search and classify the approaches proposed into seven categories, finding that the categorized alarms handling approaches are complementary and they can be combined together in different ways.
80
Computer and Information Sciences: 31st International Symposium, ISCIS 2016, Kraków, Poland, October 27–28, 2016, Proceedings
Tadeusz Czachórski,Erol Gelenbe,Krzysztof Grochla,Ricardo Lent +3 more
- 01 Jan 2016
TL;DR: The topics included in this year’s edition included computer architectures and digital systems, algorithms, theory, software engineering, data engineering, computational intelligence, system security, computer systems and networks, performance modelling and analysis, distributed and parallel systems, bioinformatics, computer vision, and significant applications such as medical informatics and imaging.
Internal quality assurance for external contributions in GitHub: An empirical investigation
TL;DR: The quantitative results show that the casual contributors introduced greater quantity and severity of code quality issues than the main contributors; the developers who contribute to different projects as main and casual contributors did not perform significantly differently in terms of their code quality.
13
Mitigating False Positive Static Analysis Warnings: Progress, Challenges, and Opportunities
Zhaoqiang Guo,Tingting Tan,Shiran Liu,Xutong Liu,Wei Lai,Yibiao Yang,Yanhui Li,Lin Chen,Wei Dong,Yuming Zhou +9 more
TL;DR: A detailed survey of research achievements on the topic of FPM is offered and reveals the research trends of this field and summarizes the four types of empirical studies relating to SA warnings to exploit the insightful findings that are helpful to reduce FP warnings.
8
References
Basic concepts and taxonomy of dependable and secure computing
TL;DR: The aim is to explicate a set of general concepts, of relevance across a wide range of situations and, therefore, helping communication and cooperation among a number of scientific and technical communities, including ones that are concentrating on particular types of system, of system failures, or of causes of systems failures.
Aspect-oriented programming
Gregor Kiczales,Erik Hilsdale +1 more
- 01 Sep 2001
TL;DR: This tutorial shows how to use AOP to implement crosscutting conerns in a concise modular way and includes a description of their underlying model, in terms of which a wide range of AOP languages can be understood.
5.6K
The model checker SPIN
Gerard J. Holzmann
- 01 May 1997
TL;DR: An overview of the design and structure of the verifier, its theoretical foundation, and an overview of significant practical applications are given.
Basic Concepts and Taxonomy of Dependable and Secure Computing
Algirdas Avizienis,Jean-Claude Laprie,Brian Randell,Carl E. Landwehr +3 more
- 01 Jan 2007
TL;DR: In this paper, the main definitions relating to dependability, a generic concept including a special case of such attributes as reliability, availability, safety, integrity, maintainability, etc.
4.3K
•Journal Article
An overview of AspectJ
TL;DR: AspectJ as mentioned in this paper is a simple and practical aspect-oriented extension to Java with just a few new constructs, AspectJ provides support for modular implementation of a range of crosscutting concerns.
2.9K