Game Theoretic Selection of Static Analysis Tools
Project
Game Theoretic Selection of Static Analysis Tools
Principal Investigator
Oracle Principal Investigator
Cristina Cifuentes, Vice President, Software Assurance
Padmanabhan Krishnan, Research Director
Summary
Software bugs are ubiquitous and costly. However, early detection of these bugs may lower that cost by more than 90%. An essential technique to enable this early detection is static analysis, which allows software developers to reason about the runtime behaviour of their code without necessarily executing it. While running only the best available static analysis tool does not provide enough coverage of potential bugs, running all available tools is prohibitively expensive. Therefore, an organization typically runs a set of tools that maximizes their coverage given a limited budget. However, how should an organization choose that set? This project provides the answer to this question by developing a game-theoretic approach that computes an optimal randomization over size-bounded sets of available static analysis tools.