Mitigating false positive static analysis warnings: Progress, challenges, and opportunities
Static analysis (SA) tools can generate useful static warnings to reveal the problematic code
snippets in a software system without dynamically executing the corresponding source code …
snippets in a software system without dynamically executing the corresponding source code …
Skipanalyzer: An embodied agent for code analysis with large language models
We introduce SkipAnalyzer, the first large language model (LLM)-powered embodied agent
for static code analysis. It can detect bugs, filter false positive warnings, and patch the …
for static code analysis. It can detect bugs, filter false positive warnings, and patch the …
Sorald: Automatic patch suggestions for sonarqube static analysis violations
Previous work has shown that early resolution of issues detected by static code analyzers
can prevent major costs later on. However, developers often ignore such issues for two main …
can prevent major costs later on. However, developers often ignore such issues for two main …
How to find actionable static analysis warnings: A case study with FindBugs
Automatically generated static code warnings suffer from a large number of false alarms.
Hence, developers only take action on a small percent of those warnings. To better predict …
Hence, developers only take action on a small percent of those warnings. To better predict …
Effectiveness of ChatGPT for Static Analysis: How Far Are We?
This paper conducted a novel study to explore the capabilities of ChatGPT, a state-of-the-art
LLM, in static analysis tasks such as static bug detection and false positive warning removal …
LLM, in static analysis tasks such as static bug detection and false positive warning removal …
An Evaluation of General-Purpose Static Analysis Tools on C/C++ Test Code
In recent years, maintaining test code quality has gained more attention due to increased
automation and the growing focus on issues caused during this process. Test code may …
automation and the growing focus on issues caused during this process. Test code may …
[PDF][PDF] How to find actionable static analysis warnings: A case study with FindBugs.(2023)
Automatically generated static code warnings suffer from a large number of false alarms.
Hence, developers only take action on a small percent of those warnings. To better predict …
Hence, developers only take action on a small percent of those warnings. To better predict …
[PDF][PDF] Combinatorial Method with Static Analysis for Source Code Security in Web Applications
Security weaknesses in web applications deployed in cloud architectures can seriously
affect its data confidentiality and integrity. The construction of the procedure utilized in the …
affect its data confidentiality and integrity. The construction of the procedure utilized in the …