Litcius/Paper detail

How to Find Actionable Static Analysis Warnings: A Case Study With FindBugs

Rahul Yedida, Hong Jin Kang, Huy Tu, Xueqi Yang, David Lo, Tim Menzies

2023IEEE Transactions on Software Engineering17 citationsDOI

Abstract

Automatically generated static code warnings suffer from a large number of false alarms. Hence, developers only take action on a small percent of those warnings. To better predict which static code warnings should <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">n</i> ot be ignored, we suggest that analysts need to look deeper into their algorithms to find choices that better improve the particulars of their specific problem. Specifically, we show here that effective predictors of such warnings can be created by methods that <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">l</i> ocally adjust the decision boundary (between actionable warnings and others). These methods yield a new high water-mark for recognizing actionable static code warnings. For eight open-source Java projects (cassandra, jmeter, commons, lucene-solr, maven, ant, tomcat, derby) we achieve perfect test results on 4/8 datasets and, overall, a median AUC (area under the true negatives, true positives curve) of 92%.

Topics & Concepts

Computer scienceFalse positive paradoxCode (set theory)JavaSource codeOpen sourceStatic analysisCode coverageBoundary (topology)Information retrievalData miningProgramming languageMachine learningSet (abstract data type)SoftwareMathematicsMathematical analysisSoftware Engineering ResearchSoftware Reliability and Analysis ResearchAdvanced Malware Detection Techniques
How to Find Actionable Static Analysis Warnings: A Case Study With FindBugs | Litcius