A Better Approach to Track the Evolution of Static Code Warnings

TL;DR

This paper analyzes the limitations of current static code warning tracking methods and proposes an improved approach that significantly increases tracking precision in large-scale open-source projects.

Contribution

The paper identifies shortcomings of the state-of-the-art warning tracking solution and introduces a new method that enhances tracking accuracy based on detailed analysis.

Findings

Improved tracking precision from 66.9% to 90.0%.

Analyzed 3,452 warnings across four large open-source systems.

Identified key reasons for existing solution's insufficiencies.

Abstract

Static bug detection tools help developers detect code problems. However, it is known that they remain underutilized due to various reasons. Recent advances to incorporate static bug detectors in modern software development workflows can better motivate developers to fix the reported warnings on the fly. In this paper, we study the effectiveness of the state-of-the-art (SOA) solution in tracking warnings by static bug detectors and propose a better solution based on our analysis of the insufficiencies of the SOA solution. In particular, we examined four large-scale open-source systems and crafted a data set of 3,452 static code warnings by two static bug detectors. We manually uncover the ground-truth evolution status of the selected warnings: persistent, resolved, or newly-introduced. Moreover, upon manual analysis, we identified the critical reasons behind the insufficiencies of the SOA matching algorithm. Finally, we propose a better approach to improve the tracking of static warnings over software development history. Our evaluation shows that our proposed approach provides a significant improvement in the precision of the tracking, i.e., from 66.9% to 90.0%.