Tracking the Evolution of Static Code Warnings: the State-of-the-Art and a Better Approach

• URL: http://arxiv.org/abs/2210.02651v2
• Date: Tue, 23 Jan 2024 05:07:06 GMT
• Title: Tracking the Evolution of Static Code Warnings: the State-of-the-Art and a Better Approach
• Authors: Junjie Li, Jinqiu Yang
• Abstract summary: Static bug detection tools help developers detect problems in the code, including bad programming practices and potential defects. Recent efforts to integrate static bug detectors in modern software development, such as in code review and continuous integration, are shown to better motivate developers to fix the reported warnings on the fly.
• Score: 18.350023994564904
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: Static bug detection tools help developers detect problems in the code, including bad programming practices and potential defects. Recent efforts to integrate static bug detectors in modern software development workflows, such as in code review and continuous integration, are shown to better motivate developers to fix the reported warnings on the fly. A proper mechanism to track the evolution of the reported warnings can better support such integration. Moreover, tracking the static code warnings will benefit many downstream software engineering tasks, such as learning the fix patterns for automated program repair, and learning which warnings are of more interest, so they can be prioritized automatically. In addition, the utilization of tracking tools enables developers to concentrate on the most recent and actionable static warnings rather than being overwhelmed by the thousands of warnings from the entire project. This, in turn, enhances the utilization of static analysis tools. Hence, precisely tracking the warnings by static bug detectors is critical to improving the utilization of static bug detectors further.

Related papers

• Detecting Object Tracking Failure via Sequential Hypothesis Testing [80.7891291021747]
  Real-time online object tracking in videos constitutes a core task in computer vision.<n>We propose interpreting object tracking as a sequential hypothesis test, wherein evidence for or against tracking failures is gradually accumulated over time.<n>We propose both supervised and unsupervised variants by leveraging either ground-truth or solely internal tracking information.
  arXiv  Detail & Related papers  (2026-02-13T14:57:15Z)
• Steering Externalities: Benign Activation Steering Unintentionally Increases Jailbreak Risk for Large Language Models [62.16655896700062]
  Activation steering is a technique to enhance the utility of Large Language Models (LLMs)<n>We show that it unintentionally introduces critical and under-explored safety risks.<n>Experiments reveal that these interventions act as a force multiplier, creating new vulnerabilities to jailbreaks and increasing attack success rates to over 80% on standard benchmarks.
  arXiv  Detail & Related papers  (2026-02-03T12:32:35Z)
• Actionable Warning Is Not Enough: Recommending Valid Actionable Warnings with Weak Supervision [15.030122326395977]
  This study builds the first large actionable warning dataset by mining 68,274 reversions from Top-500 GitHub C repositories.<n>We then take one step further by assigning each actionable warning a weak label regarding its likelihood of being a real bug.<n>Following that, we propose a two-stage framework called ACWRecommender to automatically recommend the actionable warnings with high probability to be real bugs.
  arXiv  Detail & Related papers  (2025-11-15T14:10:56Z)
• A Large-Scale Collection Of (Non-)Actionable Static Code Analysis Reports [0.05599792629509228]
  Static Code Analysis (SCA) tools often generate an overwhelming number of warnings, many of which are non-actionable.<n>This overload of alerts leads to alert fatigue'', a phenomenon where developers become desensitized to warnings, potentially overlooking critical issues and ultimately hindering productivity and code quality.<n>We introduce a novel methodology for collecting and categorizing SCA warnings, effectively distinguishing actionable from non-actionable ones.<n>We generate a large-scale dataset of over 1 million entries of Java source code warnings, named NASCAR: (Non-)Actionable Static Code Analysis Reports.
  arXiv  Detail & Related papers  (2025-11-13T13:59:21Z)
• Certifiably robust malware detectors by design [48.367676529300276]
  We propose a new model architecture for robust malware detection by design.<n>We show that every robust detector can be decomposed into a specific structure, which can be applied to learn empirically robust malware detectors.<n>Our framework ERDALT is based on this structure.
  arXiv  Detail & Related papers  (2025-08-10T09:19:29Z)
• Enhancing Code Quality with Generative AI: Boosting Developer Warning Compliance [0.17495213911983415]
  In some cases, warnings may be indicative of larger issues, but programmers may not understand how a seemingly unimportant warning can grow into a vulnerability.<n>Because these messages tend to be long and confusing, programmers tend to ignore them if they do not cause readily identifiable issues.<n>Large language models can simplify these warnings, explain the gravity of important warnings, and suggest potential fixes to increase developer compliance with fixing warnings.
  arXiv  Detail & Related papers  (2025-05-16T20:26:05Z)
• UncTrack: Reliable Visual Object Tracking with Uncertainty-Aware Prototype Memory Network [75.9933952886197]
  UncTrack is a novel uncertainty-aware transformer tracker that predicts the target localization uncertainty. Our method outperforms other state-of-the-art methods in experiments.
  arXiv  Detail & Related papers  (2025-03-17T07:33:16Z)
• FineWAVE: Fine-Grained Warning Verification of Bugs for Automated Static Analysis Tools [18.927121513404924]
  Automated Static Analysis Tools (ASATs) have evolved over time to assist in detecting bugs. Previous research efforts have explored learning-based methods to validate the reported warnings. We propose FineWAVE, a learning-based approach that verifies bug-sensitive warnings at a fine-grained granularity.
  arXiv  Detail & Related papers  (2024-03-24T06:21:35Z)
• Quieting the Static: A Study of Static Analysis Alert Suppressions [7.324969824727792]
  We examine 1,425 open-source Java-based projects that utilize Findbugs or Spotbugs for warning-suppressing configurations and source code annotations. We find that although most warnings are suppressed, only a small portion of them get frequently suppressed. Findings underscore the need for better communication and education related to the use of static analysis tools.
  arXiv  Detail & Related papers  (2023-11-13T17:16:25Z)
• ACWRecommender: A Tool for Validating Actionable Warnings with Weak Supervision [10.040337069728569]
  Static analysis tools have gained popularity among developers for finding potential bugs, but their widespread adoption is hindered by the high false alarm rates. Previous studies proposed the concept of actionable warnings, and apply machine-learning methods to distinguish actionable warnings from false alarms. We propose a two-stage framework called ACWRecommender to automatically identify actionable warnings and recommend those with a high probability of being real bugs.
  arXiv  Detail & Related papers  (2023-09-18T12:35:28Z)
• AiATrack: Attention in Attention for Transformer Visual Tracking [89.94386868729332]
  Transformer trackers have achieved impressive advancements recently, where the attention mechanism plays an important role. We propose an attention in attention (AiA) module, which enhances appropriate correlations and suppresses erroneous ones by seeking consensus among all correlation vectors. Our AiA module can be readily applied to both self-attention blocks and cross-attention blocks to facilitate feature aggregation and information propagation for visual tracking.
  arXiv  Detail & Related papers  (2022-07-20T00:44:03Z)
• Learning to Reduce False Positives in Analytic Bug Detectors [12.733531603080674]
  We propose a Transformer-based learning approach to identify false positive bug warnings. We demonstrate that our models can improve the precision of static analysis by 17.5%.
  arXiv  Detail & Related papers  (2022-03-08T04:26:26Z)
• VELVET: a noVel Ensemble Learning approach to automatically locate VulnErable sTatements [62.93814803258067]
  This paper presents VELVET, a novel ensemble learning approach to locate vulnerable statements in source code. Our model combines graph-based and sequence-based neural networks to successfully capture the local and global context of a program graph. VELVET achieves 99.6% and 43.6% top-1 accuracy over synthetic data and real-world data, respectively.
  arXiv  Detail & Related papers  (2021-12-20T22:45:27Z)
• Tracking the risk of a deployed model and detecting harmful distribution shifts [105.27463615756733]
  In practice, it may make sense to ignore benign shifts, under which the performance of a deployed model does not degrade substantially. We argue that a sensible method for firing off a warning has to both (a) detect harmful shifts while ignoring benign ones, and (b) allow continuous monitoring of model performance without increasing the false alarm rate.
  arXiv  Detail & Related papers  (2021-10-12T17:21:41Z)
• Sample-Efficient Safety Assurances using Conformal Prediction [57.92013073974406]
  Early warning systems can provide alerts when an unsafe situation is imminent. To reliably improve safety, these warning systems should have a provable false negative rate. We present a framework that combines a statistical inference technique known as conformal prediction with a simulator of robot/environment dynamics.
  arXiv  Detail & Related papers  (2021-09-28T23:00:30Z)
• Software Vulnerability Detection via Deep Learning over Disaggregated Code Graph Representation [57.92972327649165]
  This work explores a deep learning approach to automatically learn the insecure patterns from code corpora. Because code naturally admits graph structures with parsing, we develop a novel graph neural network (GNN) to exploit both the semantic context and structural regularity of a program.
  arXiv  Detail & Related papers  (2021-09-07T21:24:36Z)
• Assessing Validity of Static Analysis Warnings using Ensemble Learning [4.05739885420409]
  Static Analysis (SA) tools are used to identify potential weaknesses in code and fix them in advance, while the code is being developed. These rules-based static analysis tools generally report a lot of false warnings along with the actual ones. We propose a Machine Learning (ML)-based learning process that uses source codes, historic commit data, and classifier-ensembles to prioritize the True warnings.
  arXiv  Detail & Related papers  (2021-04-21T19:39:20Z)
• D2A: A Dataset Built for AI-Based Vulnerability Detection Methods Using Differential Analysis [55.15995704119158]
  We propose D2A, a differential analysis based approach to label issues reported by static analysis tools. We use D2A to generate a large labeled dataset to train models for vulnerability identification.
  arXiv  Detail & Related papers  (2021-02-16T07:46:53Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.