VALAR: Streamlining Alarm Ranking in Static Analysis with Value-Flow Assisted Active Learning

Static analyzers play a critical role in program defects and security vulnerabilities detection. Despite their importance, the widespread adoption of static analysis techniques in industrial development faces numerous obstacles, among which the high rate of false alarms constitutes a significant one. To address this issue, we propose a novel approach called VALAR, which performs alarm ranking for advanced value-flow analysis using the active learning technique. Active learning algorithms minimize the manual effort for alarm inspection by maximizing the effect of each user labeling in recognizing true/false alarms. Meanwhile, the value-flows provide VALAR with a concise and comprehensive summary of the operational semantics about programs. Based on this, VALAR is able to reason about the potential correlations between alarms and prioritize the most profitable unlabeled alarm. Additionally, the accuracy of VALAR increases as more user labels are given and VALAR's active learning model is further refined. We evaluate VALAR on 20 real-world C/C++ programs using three value-flow based checkers. Our experimental results demonstrated that VALAR significantly lowers the priorities of false alarms with most true alarms ranked high. Notably, VALAR ranked all true alarms in the top 47% in 90% projects and ranked 90% true alarms in the top 22% in 75% projects. Furthermore, VALAR has no requirement for pretraining and has a negligible computation time of less than 0.1s for each alarm prioritization.