Mining Fix Patterns for FindBugs Violations
Several static analysis tools, such as Splint or FindBugs, have been proposed to the software development community to help detect security vulnerabilities or bad programming practices. However, the adoption of these tools is hindered by their high false positive rates. If the false positive rate is too high, developers may get acclimated to violation reports from these tools, causing concrete and severe bugs being overlooked. Fortunately, some violations are actually addressed and resolved by developers. We claim that those violations that are recurrently fixed are likely to be true positives, and an automated approach can learn to repair similar unseen violations. However, there is lack of a systematic way to investigate the distributions on existing violations and fixed ones in the wild, that can provide insights into prioritizing violations for developers, and an effective way to mine code and fix patterns which can help developers easily understand the reasons of leading violations and how to fix them.
- Publisher
- IEEE COMPUTER SOC
- Issue Date
- 2021-01
- Language
- English
- Article Type
- Article
- Citation
IEEE TRANSACTIONS ON SOFTWARE ENGINEERING, v.47, no.1, pp.165 - 188
- ISSN
- 0098-5589
- Appears in Collection
- CS-Journal Papers(저널논문)
- Files in This Item
- There are no files associated with this item.
This item is cited by other documents in WoS
| ⊙ Detail Information in WoSⓡ | Click to see |  |
| ⊙ Cited 73 items in WoS | Click to see citing articles in |  |
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.