ACWRecommender: A Tool for Validating Actionable Warnings with Weak Supervision

by   Zhipeng Xue, et al.

Static analysis tools have gained popularity among developers for finding potential bugs, but their widespread adoption is hindered by the accomnpanying high false alarm rates (up to 90 proposed the concept of actionable warnings, and apply machine-learning methods to distinguish actionable warnings from false alarms. Despite these efforts, our preliminary study suggests that the current methods used to collect actionable warnings are rather shaky and unreliable, resulting in a large proportion of invalid actionable warnings. In this work, we mined 68,274 reversions from Top-500 Github C repositories to create a substantia actionable warning dataset and assigned weak labels to each warning's likelihood of being a real bug. To automatically identify actionable warnings and recommend those with a high probability of being real bugs (AWHB), we propose a two-stage framework called ACWRecommender. In the first stage, our tool use a pre-trained model, i.e., UniXcoder, to identify actionable warnings from a huge number of SA tool's reported warnings. In the second stage, we rerank valid actionable warnings to the top by using weakly supervised learning. Experimental results showed that our tool outperformed several baselines for actionable warning detection (in terms of F1-score) and performed better for AWHB recommendation (in terms of nDCG and MRR). Additionaly, we also performed an in-the-wild evaluation, we manually validated 24 warnings out of 2,197 reported warnings on 10 randomly selected projects, 22 of which were confirmed by developers as real bugs, demonstrating the practical usage of our tool.


Characterizing and Detecting WebAssembly Runtime Bugs

WebAssembly (abbreviated WASM) has emerged as a promising language of th...

Assessing Validity of Static Analysis Warnings using Ensemble Learning

Static Analysis (SA) tools are used to identify potential weaknesses in ...

A Study of Static Warning Cascading Tools (Experience Paper)

Static analysis is widely used for software assurance. However, static a...

An Expert System for Learning Software Engineering Knowledge (with Case Studies in Understanding Static Code Warning)

Knowledge-based systems reason over some knowledge base. Hence, an impor...

Do Names Echo Semantics? A Large-Scale Study of Identifiers Used in C++'s Named Casts

Developers relax restrictions on a type to reuse methods with other type...

Automating the Removal of Obsolete TODO Comments

TODO comments are very widely used by software developers to describe th...

Weak Supervision for Label Efficient Visual Bug Detection

As video games evolve into expansive, detailed worlds, visual quality be...

Please sign up or login with your details

Forgot password? Click here to reset