How to find actionable static analysis warnings: A case study with FindBugs

How to find actionable static analysis warnings: A case study with FindBugs

Automatically generated static code warnings suffer from a large number of false alarms. Hence, developers only take action on a small percent of those warnings. To better predict which static code warnings should ot be ignored, we suggest that analysts need to look deeper into their algorithms to f...

Full description

Saved in:
Bibliographic Details
Main Authors: YEDIDA, Rahul, KANG, Hong Jin, TU, Huy, YANG, Xueqi, LO, David, MENZIES, Tim
Format: text
Language:English
Published: Institutional Knowledge at Singapore Management University 2023
Subjects:
Codes
Computer bugs
false alarms
Industries
locality
hyperparameter optimization
Measurement
software analytics
static analysis
Source coding
Static analysis
Training
Software Engineering
Online Access:https://ink.library.smu.edu.sg/sis_research/7768
https://ink.library.smu.edu.sg/context/sis_research/article/8771/viewcontent/ActionableStaticAnalysisWarn_av.pdf
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Singapore Management University
Language: English
id sg-smu-ink.sis_research-8771
record_format dspace
spelling sg-smu-ink.sis_research-87712023-02-23T08:06:25Z How to find actionable static analysis warnings: A case study with FindBugs YEDIDA, Rahul KANG, Hong Jin TU, Huy YANG, Xueqi LO, David MENZIES, Tim Automatically generated static code warnings suffer from a large number of false alarms. Hence, developers only take action on a small percent of those warnings. To better predict which static code warnings should ot be ignored, we suggest that analysts need to look deeper into their algorithms to find choices that better improve the particulars of their specific problem. Specifically, we show here that effective predictors of such warnings can be created by methods that ocally adjust the decision boundary (between actionable warnings and others). These methods yield a new high water-mark for recognizing actionable static code warnings. For eight open-source Java projects (cassandra, jmeter, commons, lucene-solr, maven, ant, tomcat, derby) we achieve perfect test results on 4/8 datasets and, overall, a median AUC (area under the true negatives, true positives curve) of 92%. 2023-01-01T08:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/7768 info:doi/10.1109/TSE.2023.3234206 https://ink.library.smu.edu.sg/context/sis_research/article/8771/viewcontent/ActionableStaticAnalysisWarn_av.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Codes Computer bugs false alarms Industries locality hyperparameter optimization Measurement software analytics static analysis Source coding Static analysis Training Software Engineering
institution Singapore Management University
building SMU Libraries
continent Asia
country Singapore
Singapore
content_provider SMU Libraries
collection InK@SMU
language English
topic Codes
Computer bugs
false alarms
Industries
locality
hyperparameter optimization
Measurement
software analytics
static analysis
Source coding
Static analysis
Training
Software Engineering
spellingShingle Codes
Computer bugs
false alarms
Industries
locality
hyperparameter optimization
Measurement
software analytics
static analysis
Source coding
Static analysis
Training
Software Engineering
YEDIDA, Rahul
KANG, Hong Jin
TU, Huy
YANG, Xueqi
LO, David
MENZIES, Tim
How to find actionable static analysis warnings: A case study with FindBugs
description Automatically generated static code warnings suffer from a large number of false alarms. Hence, developers only take action on a small percent of those warnings. To better predict which static code warnings should ot be ignored, we suggest that analysts need to look deeper into their algorithms to find choices that better improve the particulars of their specific problem. Specifically, we show here that effective predictors of such warnings can be created by methods that ocally adjust the decision boundary (between actionable warnings and others). These methods yield a new high water-mark for recognizing actionable static code warnings. For eight open-source Java projects (cassandra, jmeter, commons, lucene-solr, maven, ant, tomcat, derby) we achieve perfect test results on 4/8 datasets and, overall, a median AUC (area under the true negatives, true positives curve) of 92%.
format text
author YEDIDA, Rahul
KANG, Hong Jin
TU, Huy
YANG, Xueqi
LO, David
MENZIES, Tim
author_facet YEDIDA, Rahul
KANG, Hong Jin
TU, Huy
YANG, Xueqi
LO, David
MENZIES, Tim
author_sort YEDIDA, Rahul
title How to find actionable static analysis warnings: A case study with FindBugs
title_short How to find actionable static analysis warnings: A case study with FindBugs
title_full How to find actionable static analysis warnings: A case study with FindBugs
title_fullStr How to find actionable static analysis warnings: A case study with FindBugs
title_full_unstemmed How to find actionable static analysis warnings: A case study with FindBugs
title_sort how to find actionable static analysis warnings: a case study with findbugs
publisher Institutional Knowledge at Singapore Management University
publishDate 2023
url https://ink.library.smu.edu.sg/sis_research/7768
https://ink.library.smu.edu.sg/context/sis_research/article/8771/viewcontent/ActionableStaticAnalysisWarn_av.pdf
_version_ 1770576470492577792

Similar Items