Techniques for Efficient Automated Elimination of False Positives

Muske, Tukaram; Serebrenik, Alexander

doi:10.1109/scam51674.2020.00035

Cited by 5 publications

(1 citation statement)

References 17 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Lenarduzzi et al [17] argue that developers cannot determine the actual impact of a SONARQUBE warning only by looking at the severity level assigned by the tool. Because of this, several methods have been proposed to detect false positive warnings automatically [37]. For example, Yang et al [38] introduce an incremental support vector machine mechanism to distinguish between warnings that represent serious problems in programs and unimportant warnings.…”

Section: Static Code Analysis Usagementioning

confidence: 99%

Sorald: Automatic Patch Suggestions for SonarQube Static Analysis Violations

Etemadi,

Harrand,

Larsen

et al. 2021

Preprint

View full text Add to dashboard Cite

Previous work has shown that early resolution of issues detected by static code analyzers can prevent major cost later on. However, developers often ignore such issues for two main reasons. First, many issues should be interpreted to determine if they correspond to actual flaws in the program. Second, static analyzers often do not present the issues in a way that makes it apparent how to fix them. To address these problems, we present SORALD: a novel system that adopts a set of predefined metaprogramming templates to transform the abstract syntax trees of programs to suggest fixes for static issues. Thus, the burden on the developer is reduced from both interpreting and fixing static issues, to inspecting and approving solutions for them. SORALD fixes violations of 10 rules from SONARQUBE, one of the most widely used static analyzers for Java. We also implement an effective mechanism to integrate SORALD into development workflows based on pull requests. We evaluate SORALD on a dataset of 161 popular repositories on GITHUB. Our analysis shows the effectiveness of SORALD as it fixes 94% (1,153/1,223) of the violations that it attempts to fix. Overall, our experiments show it is possible to automatically fix violations of static analysis rules produced by the state-of-the-art static analyzer SONARQUBE.

show abstract

Section: Static Code Analysis Usagementioning

confidence: 99%