Mining Fix Patterns for FindBugs Violations

Cited 32 time in webofscience Cited 25 time in scopus
  • Hit : 191
  • Download : 0
Several static analysis tools, such as Splint or FindBugs, have been proposed to the software development community to help detect security vulnerabilities or bad programming practices. However, the adoption of these tools is hindered by their high false positive rates. If the false positive rate is too high, developers may get acclimated to violation reports from these tools, causing concrete and severe bugs being overlooked. Fortunately, some violations are actually addressed and resolved by developers. We claim that those violations that are recurrently fixed are likely to be true positives, and an automated approach can learn to repair similar unseen violations. However, there is lack of a systematic way to investigate the distributions on existing violations and fixed ones in the wild, that can provide insights into prioritizing violations for developers, and an effective way to mine code and fix patterns which can help developers easily understand the reasons of leading violations and how to fix them.
Publisher
IEEE COMPUTER SOC
Issue Date
2021-01
Language
English
Article Type
Article
Citation

IEEE TRANSACTIONS ON SOFTWARE ENGINEERING, v.47, no.1, pp.165 - 188

ISSN
0098-5589
DOI
10.1109/tse.2018.2884955
URI
http://hdl.handle.net/10203/280670
Appears in Collection
CS-Journal Papers(저널논문)
Files in This Item
There are no files associated with this item.
This item is cited by other documents in WoS
⊙ Detail Information in WoSⓡ Click to see webofscience_button
⊙ Cited 32 items in WoS Click to see citing articles in records_button

qr_code

  • mendeley

    citeulike


rss_1.0 rss_2.0 atom_1.0