Tracking the Evolution of Static Code Warnings: The State-of-the-Art and a Better Approach
Static bug detection tools help developers detect problems in the code, including bad programming practices and potential defects. Recent efforts to integrate static bug detectors in modern software development workflows, such as in code review and continuous integration, are shown to better motivate developers to fix the reported warnings on the fly. A proper mechanism to track the evolution of the reported warnings can better support such integration. Moreover, tracking the static code warnings will benefit many downstream software engineering tasks, such as learning the fix patterns for automated program repair, and learning which warnings are of more interest, so they can be prioritized automatically. In addition, the utilization of tracking tools enables developers to concentrate on the most recent and actionable static warnings rather than being overwhelmed by the thousands of warnings from the entire project. This, in turn, enhances the utilization of static analysis tools. Hence, precisely tracking the warnings by static bug detectors is critical to improving the utilization of static bug detectors further. In this paper, we study the effectiveness of the state-of-the-art (SOTA) solution in tracking static code warnings and propose a better solution based on our analysis of the insufficiency of the SOTA solution. In particular, we examined over 2,000 commits in four large-scale open-source systems (i.e., JClouds, Kafka, Spring-boot, and Guava) and crafted a dataset of 3,451 static code warnings by two static bug detectors (i.e., Spotbugs and PMD). We manually uncovered the ground-truth evolution status of the static warnings: persistent, removed fix , removed non-fix and newly-introduced. Upon manual analysis, we identified the main reasons behind the insufficiency of the SOTA solution. Furthermore, we propose StaticTracker to track static warnings over software development history. Our evaluation shows that StaticTracker significantly improves the tracking precision, i.e., from 64.4% to 90.3% for the evolution statuses combined (removed fix , removed non-fix and newly-introduced).
Fri 2 MayDisplayed time zone: Eastern Time (US & Canada) change
11:00 - 12:30 | Program Comprehension 3Research Track / Journal-first Papers at 204 Chair(s): Arie van Deursen TU Delft | ||
11:00 15mTalk | Automated Test Generation For Smart Contracts via On-Chain Test Case Augmentation and MigrationBlockchain Research Track Jiashuo Zhang Peking University, China, Jiachi Chen Sun Yat-sen University, John Grundy Monash University, Jianbo Gao Peking University, Yanlin Wang Sun Yat-sen University, Ting Chen University of Electronic Science and Technology of China, Zhi Guan Peking University, Zhong Chen Pre-print | ||
11:15 15mTalk | Boosting Code-line-level Defect Prediction with Spectrum Information and Causality Analysis Research Track Shiyu Sun , Yanhui Li Nanjing University, Lin Chen Nanjing University, Yuming Zhou Nanjing University, Jianhua Zhao Nanjing University, China | ||
11:30 15mTalk | BatFix: Repairing language model-based transpilation Journal-first Papers Daniel Ramos Carnegie Mellon University, Ines Lynce INESC-ID/IST, Universidade de Lisboa, Vasco Manquinho INESC-ID; Universidade de Lisboa, Ruben Martins Carnegie Mellon University, Claire Le Goues Carnegie Mellon University | ||
11:45 15mTalk | Tracking the Evolution of Static Code Warnings: The State-of-the-Art and a Better Approach Journal-first Papers | ||
12:00 15mTalk | PACE: A Program Analysis Framework for Continuous Performance Prediction Journal-first Papers | ||
12:15 15mTalk | Mimicking Production Behavior With Generated Mocks Journal-first Papers Deepika Tiwari KTH Royal Institute of Technology, Martin Monperrus KTH Royal Institute of Technology, Benoit Baudry Université de Montréal | ||