Revision as of 20:45, 9 July 2022 edit Caleb Stanford (talk \| contribs) Extended confirmed users, IP block exemptions 5,595 edits c/e lead and diffuse WP:EASTEREGG Tag: 2017 wikitext editor ← Previous edit		Revision as of 10:04, 15 August 2022 edit undo Martin.monperrus (talk \| contribs) 437 edits add section "Remediation" Tag: 2017 wikitext editor Next edit →
Line 53: Data-driven static analysis uses large amounts of code to infer coding rules.<ref name="dewes">{{cite web \|title=Learning from other's mistakes: Data-driven code analysis. \|url=https://www.slideshare.net/japh44/talk-handout-46938511 \|website=www.slideshare.net \|date=13 April 2015 \|language=en}}</ref>{{Better source needed\|date=September 2020}} For instance, one can use all Java open-source packages on GitHub to learn a good analysis strategy. The rule inference can use machine learning techniques.<ref name="OhYang2015">{{cite book\|last1=Oh\|first1=Hakjoo\|title=Proceedings of the 2015 ACM SIGPLAN International Conference on Object-Oriented Programming, Systems, Languages, and Applications - OOPSLA 2015\|last2=Yang\|first2=Hongseok\|last3=Yi\|first3=Kwangkeun\|chapter=Learning a strategy for adapting a program analysis via bayesian optimisation\|year=2015\|pages=572–588\|doi=10.1145/2814270.2814309\|isbn=9781450336895\|s2cid=13940725\|url=https://ora.ox.ac.uk/objects/uuid:f656bcfd-ec1b-477c-9185-ff2c7490a207}}</ref> For instance, it has been shown that when one deviates too much in the way one uses an object-oriented API, it is likely to be a bug.<ref name="MonperrusMezini2013">{{cite journal\|last1=Monperrus\|first1=Martin\|last2=Mezini\|first2=Mira\|title=Detecting missing method calls as violations of the majority rule\|journal=ACM Transactions on Software Engineering and Methodology\|volume=22\|issue=1\|year=2013\|pages=1–25\|url=https://hal.archives-ouvertes.fr/hal-00702196/document\|doi=10.1145/2430536.2430541\|arxiv=1306.0762\|s2cid=1212778}}</ref> It is also possible to learn from a large amount of past fixes and warnings.<ref name="dewes"/>{{Better source needed\|date=September 2020}} == Remediation == Static analyzers produce warnings. For certain types of warnings, it is possible to design and implement [[Automatic bug fixing\|automated remediation]] techniques. For example, Logozzo and Ball have proposed automated remediations for C# ''cccheck''<ref>{{Cite journal \|last=Logozzo \|first=Francesco \|last2=Ball \|first2=Thomas \|date=2012-11-15 \|title=Modular and verified automatic program repair \|url=http://dx.doi.org/10.1145/2398857.2384626 \|journal=ACM SIGPLAN Notices \|volume=47 \|issue=10 \|pages=133–146 \|doi=10.1145/2398857.2384626 \|issn=0362-1340}}</ref> and Etemadi and colleagues use program transformation to automatically fix [[SonarQube]]'s warnings.<ref>{{Cite journal \|last=Etemadi Someoliayi \|first=Khashayar \|last2=Harrand \|first2=Nicolas Yves Maurice \|last3=Larsen \|first3=Simon \|last4=Adzemovic \|first4=Haris \|last5=Luong Phu \|first5=Henry \|last6=Verma \|first6=Ashutosh \|last7=Madeiral \|first7=Fernanda \|last8=Wikstrom \|first8=Douglas \|last9=Monperrus \|first9=Martin \|date=2022 \|title=Sorald: Automatic Patch Suggestions for SonarQube Static Analysis Violations \|url=https://ieeexplore.ieee.org/document/9756950/ \|journal=IEEE Transactions on Dependable and Secure Computing \|pages=1–1 \|doi=10.1109/TDSC.2022.3167316 \|issn=1545-5971}}</ref> == See also ==

Static program analysis: Difference between revisions