---
_id: '52663'
abstract:
- lang: eng
text: "Context\r\nStatic analyses are well-established to aid in understanding bugs
or vulnerabilities during the development process or in large-scale studies. A
low false-positive rate is essential for the adaption in practice and for precise
results of empirical studies. Unfortunately, static analyses tend to report where
a vulnerability manifests rather than the fix location. This can cause presumed
false positives or imprecise results.\r\nMethod\r\nTo address this problem, we
designed an adaption of an existing static analysis algorithm that can distinguish
between a manifestation and fix location, and reports error chains. An error chain
represents at least two interconnected errors that occur successively, thus building
the connection between the fix and manifestation location. We used our tool CogniCryptSUBS
for a case study on 471 GitHub repositories, a performance benchmark to compare
different analysis configurations, and conducted an expert interview.\r\nResult\r\nWe
found that 50 % of the projects with a report had at least one error chain. Our
runtime benchmark demonstrated that our improvement caused only a minimal runtime
overhead of less than 4 %. The results of our expert interview indicate that with
our adapted version participants require fewer executions of the analysis.\r\nConclusion\r\nOur
results indicate that error chains occur frequently in real-world projects, and
ignoring them can lead to imprecise evaluation results. The runtime benchmark
indicates that our tool is a feasible and efficient solution for detecting error
chains in real-world projects. Further, our results gave a hint that the usability
of static analyses may benefit from supporting error chains."
author:
- first_name: Anna-Katharina
full_name: Wickert, Anna-Katharina
last_name: Wickert
- first_name: Michael
full_name: Schlichtig, Michael
id: '32312'
last_name: Schlichtig
orcid: 0000-0001-6600-6171
- first_name: Marvin
full_name: Vogel, Marvin
last_name: Vogel
- first_name: Lukas
full_name: Winter, Lukas
last_name: Winter
- first_name: Mira
full_name: Mezini, Mira
last_name: Mezini
- first_name: Eric
full_name: Bodden, Eric
id: '59256'
last_name: Bodden
orcid: 0000-0003-3470-3647
citation:
ama: Wickert A-K, Schlichtig M, Vogel M, Winter L, Mezini M, Bodden E. Supporting
Error Chains in Static Analysis for Precise Evaluation Results and Enhanced Usability.;
2024.
apa: Wickert, A.-K., Schlichtig, M., Vogel, M., Winter, L., Mezini, M., & Bodden,
E. (2024). Supporting Error Chains in Static Analysis for Precise Evaluation
Results and Enhanced Usability.
bibtex: '@book{Wickert_Schlichtig_Vogel_Winter_Mezini_Bodden_2024, title={Supporting
Error Chains in Static Analysis for Precise Evaluation Results and Enhanced Usability},
author={Wickert, Anna-Katharina and Schlichtig, Michael and Vogel, Marvin and
Winter, Lukas and Mezini, Mira and Bodden, Eric}, year={2024} }'
chicago: Wickert, Anna-Katharina, Michael Schlichtig, Marvin Vogel, Lukas Winter,
Mira Mezini, and Eric Bodden. Supporting Error Chains in Static Analysis for
Precise Evaluation Results and Enhanced Usability, 2024.
ieee: A.-K. Wickert, M. Schlichtig, M. Vogel, L. Winter, M. Mezini, and E. Bodden,
Supporting Error Chains in Static Analysis for Precise Evaluation Results and
Enhanced Usability. 2024.
mla: Wickert, Anna-Katharina, et al. Supporting Error Chains in Static Analysis
for Precise Evaluation Results and Enhanced Usability. 2024.
short: A.-K. Wickert, M. Schlichtig, M. Vogel, L. Winter, M. Mezini, E. Bodden,
Supporting Error Chains in Static Analysis for Precise Evaluation Results and
Enhanced Usability, 2024.
date_created: 2024-03-20T09:28:36Z
date_updated: 2024-03-20T09:32:29Z
department:
- _id: '76'
keyword:
- Static analysis
- error chains
- false positive re- duction
- empirical studies
language:
- iso: eng
main_file_link:
- url: https://arxiv.org/abs/2403.07808
status: public
title: Supporting Error Chains in Static Analysis for Precise Evaluation Results and
Enhanced Usability
type: misc
user_id: '32312'
year: '2024'
...