Game Theoretic Selection of Static Analysis Tools

Project

Game Theoretic Selection of Static Analysis Tools

Principal Investigator

University of Alberta

Oracle Principal Investigator

Cristina Cifuentes, Senior Director of Research & Development, Oracle Labs Australia
Padmanabhan Krishnan, Research Director

Summary

Software bugs are ubiquitous and costly. However, early detection of these bugs may lower that cost by more than 90%. An essential technique to enable this early detection is static analysis, which allows software developers to reason about the runtime behaviour of their code without necessarily executing it. While running only the best available static analysis tool does not provide enough coverage of potential bugs, running all available tools is prohibitively expensive. Therefore, an organization typically runs a set of tools that maximizes their coverage given a limited budget. However, how should an organization choose that set? This project provides the answer to this question by developing a game-theoretic approach that computes an optimal randomization over size-bounded sets of available static analysis tools.