How to Find Actionable Static Analysis Warnings: A Case Study With FindBugs

被引:11
作者
Yedida, Rahul [1 ]
Kang, Hong Jin [2 ]
Tu, Huy [3 ]
Yang, Xueqi [1 ]
Lo, David [2 ]
Menzies, Tim [1 ]
机构
[1] North Carolina State Univ, Dept Comp Sci, Raleigh, NC 27695 USA
[2] Singapore Management Univ, Sch Comp & Informat Syst, Singapore City 188065, Singapore
[3] Meta Platforms Inc, New York, NY 94025 USA
来源
IEEE TRANSACTIONS ON SOFTWARE ENGINEERING | 2023年 / 49卷 / 04期
关键词
Codes; Computer bugs; Static analysis; Training; Source coding; Measurement; Industries; Software analytics; static analysis; false alarms; locality; hyperparameter optimization; ANALYSIS TOOLS;
D O I
10.1109/TSE.2023.3234206
中图分类号
TP31 [计算机软件];
学科分类号
081202 ; 0835 ;
摘要
Automatically generated static code warnings suffer from a large number of false alarms. Hence, developers only take action on a small percent of those warnings. To better predict which static code warnings should not be ignored, we suggest that analysts need to look deeper into their algorithms to find choices that better improve the particulars of their specific problem. Specifically, we show here that effective predictors of such warnings can be created by methods that locally adjust the decision boundary (between actionable warnings and others). These methods yield a new high water-mark for recognizing actionable static code warnings. For eight open-source Java projects (cassandra, jmeter, commons, lucene-solr, maven, ant, tomcat, derby) we achieve perfect test results on 4/8 datasets and, overall, a median AUC (area under the true negatives, true positives curve) of 92%.
引用
收藏
页码:2856 / 2872
页数:17
相关论文
共 74 条
[1]  
Aggarwal CC, 2001, LECT NOTES COMPUT SC, V1973, P420
[2]   Simpler Hyperparameter Optimization for Software Analytics: Why, How, When? [J].
Agrawal, Amritanshu ;
Yang, Xueqi ;
Agrawal, Rishabh ;
Yedida, Rahul ;
Shen, Xipeng ;
Menzies, Tim .
IEEE TRANSACTIONS ON SOFTWARE ENGINEERING, 2022, 48 (08) :2939-2954
[3]   How to "DODGE" Complex Software Analytics [J].
Agrawal, Amritanshu ;
Fu, Wei ;
Chen, Di ;
Shen, Xipeng ;
Menzies, Tim .
IEEE TRANSACTIONS ON SOFTWARE ENGINEERING, 2021, 47 (10) :2182-2194
[4]   Is "Better Data" Better Than "Better Data Miners"? On the Benefits of Tuning SMOTE for Defect Prediction [J].
Agrawal, Amritanshu ;
Menzies, Tim .
PROCEEDINGS 2018 IEEE/ACM 40TH INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING (ICSE), 2018, :1050-1061
[5]   Events per variable (EPV) and the relative performance of different strategies for estimating the out-of-sample validity of logistic regression models [J].
Austin, Peter C. ;
Steyerberg, Ewout W. .
STATISTICAL METHODS IN MEDICAL RESEARCH, 2017, 26 (02) :796-808
[6]  
Ayewah Nathaniel, 2010, P 19 INT S SOFTWARE, P241, DOI DOI 10.1145/1831708.1831738
[7]   NULLAWAY: Practical Type-Based Null Safety for Java']Java [J].
Banerjee, Subarno ;
Clapp, Lazaro ;
Sridharan, Manu .
ESEC/FSE'2019: PROCEEDINGS OF THE 2019 27TH ACM JOINT MEETING ON EUROPEAN SOFTWARE ENGINEERING CONFERENCE AND SYMPOSIUM ON THE FOUNDATIONS OF SOFTWARE ENGINEERING, 2019, :740-750
[8]  
Barkan E., 2021, US Patent, Patent No. [10,916,343, 10916343]
[9]   Analyzing the State of Static Analysis: A Large-Scale Evaluation in Open Source Software [J].
Beller, Moritz ;
Bholanath, Radjino ;
McIntosh, Shane ;
Zaidman, Andy .
2016 IEEE 23RD INTERNATIONAL CONFERENCE ON SOFTWARE ANALYSIS, EVOLUTION, AND REENGINEERING (SANER), VOL 1, 2016, :470-481
[10]  
Bergstra J, 2012, J MACH LEARN RES, V13, P281
12345678