Machine Learning for Actionable Warning Identification: A Comprehensive Survey

TL;DR

This survey comprehensively reviews recent machine learning approaches for actionable warning identification in static code analysis, highlighting workflows, techniques, and future research directions to enhance warning accuracy and usability.

Contribution

It provides a systematic overview of 51 ML-based AWI studies, categorizes approaches, analyzes techniques, and suggests future research directions in data and model improvements.

Findings

ML approaches outperform traditional methods in warning identification.

Categorization based on warning output formats reveals diverse techniques.

Future directions include data enhancement and exploring large language models.

Abstract

Actionable Warning Identification (AWI) plays a crucial role in improving the usability of static code analyzers. With recent advances in Machine Learning (ML), various approaches have been proposed to incorporate ML techniques into AWI. These ML-based AWI approaches, benefiting from ML's strong ability to learn subtle and previously unseen patterns from historical data, have demonstrated superior performance. However, a comprehensive overview of these approaches is missing, which could hinder researchers/practitioners from understanding the current process and discovering potential for future improvement in the ML-based AWI community. In this paper, we systematically review the state-of-the-art ML-based AWI approaches. First, we employ a meticulous survey methodology and gather 51 primary studies from 2000/01/01 to 2023/09/01. Then, we outline the typical ML-based AWI workflow, including warning dataset preparation, preprocessing, AWI model construction, and evaluation stages. In such a workflow, we categorize ML-based AWI approaches based on the warning output format. Besides, we analyze the techniques used in each stage, along with their strengths, weaknesses, and distribution. Finally, we provide practical research directions for future ML-based AWI approaches, focusing on aspects like data improvement (e.g., enhancing the warning labeling strategy) and model exploration (e.g., exploring large language models for AWI).