Journal of Computer Applications ›› 2017, Vol. 37 ›› Issue (10): 2968-2972.DOI: 10.11772/j.issn.1001-9081.2017.10.2968

Previous Articles     Next Articles

False positive recognition method based on classification for null pointer dereference defects

WANG Shuyan, QUAN Yafei, SUN Jiaze   

  1. School of Computer Science & Technology, Xi'an University of Posts and Telecommunications, Xi'an Shaanxi 710061, China
  • Received:2017-04-28 Revised:2017-06-05 Online:2017-10-10 Published:2017-10-16
  • Supported by:
    This work is partially supported by the Industrial Research and Development Program of Shaanxi Province (2016GY-089), the Natural Science Foundation of the Ministry of Education of Shaanxi Province (15JK1672).


王曙燕, 权雅菲, 孙家泽   

  1. 西安邮电大学 计算机学院, 西安 710061
  • 通讯作者: 王曙燕(1964-),女,河南南阳人,教授,博士,CCF会员,主要研究方向:软件测试、数据挖掘、智能信息处理,
  • 作者简介:王曙燕(1964-),女,河南南阳人,教授,博士,CCF会员,主要研究方向:软件测试、数据挖掘、智能信息处理;权雅菲(1991-),女,陕西西安人,硕士研究生,主要研究方向:软件设计与测试、数据挖掘;孙家泽(1980-),男,河南南阳人,副教授,博士,CCF会员,主要研究方向:软件测试、数据挖掘、智能信息处理.
  • 基金资助:

Abstract: Focusing on the false positive problem of null pointer dereference (NPD) defect in static testing, a new false positive recognition method for null pointer reference defect based on classification was proposed. The knowledge of NPD defect was mined and preprocessed to generate data set of the defects. Then the data set of NPD defects was classified via ID3 classification algorithm based on rough set theory, and there were two kinds of classification results, one was false positive null pointer reference defect instances, the other was real null pointer reference defect instances. The real NPD defects were confirmed according to the classification results of the defect instances by recognizing the false positive NPD defects. The method was tested on ten benchmark programs and compared to the NPD defect detection method based on the mainstream static testing tool FindBugs, the false positive rate was reduced by 25%, and the confirmation amount was reduced by 24% for NPD defects. The experimental result shows that the proposed method can effectively reduce defect confirmation overhead and improve the detection efficiency and stability for NPD defects in static testing.

Key words: static testing, Null Pointer Dereference (NPD) defect, false positive recognition, defect classification, defect confirmation

摘要: 针对静态测试中空指针引用缺陷假阳性问题,提出一种空指针引用缺陷分类假阳性识别方法。挖掘空指针引用缺陷知识,对空指针引用缺陷知识进行预处理,生成空指针引用缺陷数据集;通过基于粗糙集理论属性重要性的ID3算法分类空指针引用缺陷数据集,分类结果有假阳性空指针引用缺陷实例和真实空指针引用缺陷实例两种;根据分类结果对静态测试中的空指针引用缺陷进行假阳性识别,确认真实的空指针引用缺陷。该方法对十个基准程序和基于主流静态测试工具FindBugs的空指针引用缺陷检测方法相比,空指针引用缺陷假阳性降低率平均为25%,减少了24%的空指针引用缺陷确认。实验结果表明,该方法在静态测试方面能有效降低缺陷确认开销,提高空指针引用缺陷检测效率和稳定性。

关键词: 静态测试, 空指针引用缺陷, 假阳性识别, 缺陷分类, 缺陷确认

CLC Number: