Welcome to the AWARE Research Website!


This website provides an overview of the Automated Warning Application for Reliability Engineering (AWARE) research at North Carolina State University. This research is being conducted by Sarah S. Heckman, Lucas Layman, and Stephen Thomas under the advising of Dr. Laurie Williams. Funding for this research is provided by the Center for Advanced Computing and Communication and an IBM PhD Fellowship awarded to Sarah for the 2006-2007, 2007-2008, and 2008-2009 academic years.

Overview

Static analysis tools automate the inspection of source code and can identify common coding problems, inconsistent, and deviant code early in the development process. Alerts generated by automated static analysis tools require inspection by a developer to determine if the alert is an indication of an anomaly important enough for the developer to fix, called an actionable alert. When an alert is not an indication of an actual code anomaly or is deemed unimportant to the developer (e.g. the alert indicates a programmer anomaly inconsequential to the program's functionally), the alert is called unactionable. Automated static analysis tools may generate an overwhelming number of alerts, the majority of which are likely to be unactionable. To mitigate the costs of false positives when using static analysis, we want to build project specific models to predict or prioritize which alerts are actionable.

The goal of this research is to decrease the inspection latency and increase the rate of anomaly removal when using automated static analysis tools by creating and validating an adaptive false positive mitigation model to prioritize automated static analysis alerts by the likelihood the alert is actionable by a developer. We hypothesize that false positive mitigation models can be built that predict which alerts are actionable by developers, and these models can be used to prioritized alerts for developer inspection. False positive mitigation models are built by observing patterns in the characteristics about alerts that have been fixed or suppressed by a team or developer in the past, and using these patterns to predict which alerts are likely to be actionable and unactionable in the future. Additionally, the developer remains ignorant of an injected anomaly until automated static analysis issues an alert that the developer chooses to inspection. Using static analysis during development reduces the time between the anomaly's injection and the alert's creation, which reduces the amount of time the developer is ignorant of the potential problem.

AWARE is an Eclipse plug-in that aggregates automated static analysis alerts and prioritizes the alerts by the likelihood an is actionable using a prioritization model specific to the project, or a more generic model. Depending on the model used in AWARE, the prioritization of alerts may change due to a developer fixing or suppressing a specific alert. Additionally, AWARE provides the functionality to suppress alerts outside of the annotation or configuration file changes required by static analysis. AWARE currently works with Eclipse 3.3.x and 3.4.x and the FindBugs static analysis tool.