FineWAVE: Fine-Grained Warning Verification of Bugs for Automated Static Analysis Tools
arxiv(2024)
摘要
The continual expansion of software size and complexity has led to an
increased focus on reducing defects and bugs during development. Although
Automated Static Analysis Tools (ASATs) offer help, in practice, the
significant number of false positives can impede developers' productivity and
confidence in the tools. Therefore, previous research efforts have explored
learning-based methods to validate the reported warnings. Nevertheless, there
are still some limitations. (1) The granularity of prior research is coarse, as
it focuses on identifying either actionable warnings throughout extensive
development histories or potential true warnings at the function level. These
approaches lack specificity regarding individual bugs and warnings. (2) Machine
learning-based approaches need much manual effort for feature engineering while
existing deep learning-based approaches ignore key semantics between source
code and warnings. (3) The small number of selected projects hinders the
comprehensive evaluation of these approaches. In this paper, we proposed a
fine-grained warning verification approach that is sensitive to bugs for
improving the results of ASATs, namely . Specifically, we design a
novel LSTM-based model that captures both fine-grained semantics of source code
and warnings from ASATs and highlights their correlations with cross-attention.
To tackle the data scarcity of training and evaluation, we collected a
large-scale dataset of 280,273 warnings, namely FineWA. It is ten times larger
than the existing largest dataset. Then, we conducted extensive experiments on
the dataset to evaluate FineWAVE. The experimental results demonstrate the
effectiveness of our approach, with an F1-score of 97.79
alarms and 67.06
outperforms all baselines.
更多查看译文
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要