Enhancing Code Quality with Generative AI: Boosting Developer Warning Compliance

TL;DR

This paper explores how large language models can improve code quality by clarifying static analysis warnings, explaining their importance, and suggesting fixes to enhance developer compliance and reduce vulnerabilities.

Contribution

It introduces a method leveraging generative AI to make static analysis warnings more understandable and actionable for developers.

Findings

Large language models effectively clarify complex warnings.

AI explanations increase developer warning compliance.

Suggested fixes lead to more timely vulnerability mitigation.

Abstract

Programmers have long ignored warnings, especially those generated by static analysis tools, due to the potential for false-positives. In some cases, warnings may be indicative of larger issues, but programmers may not understand how a seemingly unimportant warning can grow into a vulnerability. Because these messages tend to be long and confusing, programmers tend to ignore them if they do not cause readily identifiable issues. Large language models can simplify these warnings, explain the gravity of important warnings, and suggest potential fixes to increase developer compliance with fixing warnings.