Article (Scientific journals)
Mining Fix Patterns for FindBugs Violations
Liu, Kui; Kim, Dongsun; Bissyande, Tegawendé François D Assise et al.
2018In IEEE Transactions on Software Engineering
Peer reviewed


Full Text
Author preprint (1.98 MB)
(356.18 kB)

All documents in ORBilu are protected by a user license.

Send to


Keywords :
Fix pattern; pattern mining; program repair; findbugs violation; unsupervised learning
Abstract :
[en] Several static analysis tools, such as Splint or FindBugs, have been proposed to the software development community to help detect security vulnerabilities or bad programming practices. However, the adoption of these tools is hindered by their high false positive rates. If the false positive rate is too high, developers may get acclimated to violation reports from these tools, causing concrete and severe bugs being overlooked. Fortunately, some violations are actually addressed and resolved by developers. We claim that those violations that are recurrently fixed are likely to be true positives, and an automated approach can learn to repair similar unseen violations. However, there is lack of a systematic way to investigate the distributions on existing violations and fixed ones in the wild, that can provide insights into prioritizing violations for developers, and an effective way to mine code and fix patterns which can help developers easily understand the reasons of leading violations and how to fix them. In this paper, we first collect and track a large number of fixed and unfixed violations across revisions of software. The empirical analyses reveal that there are discrepancies in the distributions of violations that are detected and those that are fixed, in terms of occurrences, spread and categories, which can provide insights into prioritizing violations. To automatically identify patterns in violations and their fixes, we propose an approach that utilizes convolutional neural networks to learn features and clustering to regroup similar instances. We then evaluate the usefulness of the identified fix patterns by applying them to unfixed violations. The results show that developers will accept and merge a majority (69/116) of fixes generated from the inferred fix patterns. It is also noteworthy that the yielded patterns are applicable to four real bugs in the Defects4J major benchmark for software testing and automated repair.
Research center :
Interdisciplinary Centre for Security, Reliability and Trust (SnT) > Security Design and Validation Research Group (SerVal)
Disciplines :
Computer science
Author, co-author :
Liu, Kui ;  University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)
Kim, Dongsun
Bissyande, Tegawendé François D Assise  ;  University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)
Yoo, Shin
Le Traon, Yves ;  University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC)
External co-authors :
Language :
Title :
Mining Fix Patterns for FindBugs Violations
Publication date :
Journal title :
IEEE Transactions on Software Engineering
Publisher :
Institute of Electrical and Electronics Engineers, New York, United States - New York
Peer reviewed :
Peer reviewed
Focus Area :
Computational Sciences
FnR Project :
FNR10449467 - Automatic Bug Fix Recommendation: Improving Software Repair And Reducing Time-to-fix Delays In Software Development Projects, 2015 (01/02/2016-31/01/2019) - Tegawendé François D'assise Bissyandé
Funders :
FNR - Fonds National de la Recherche [LU]
Available on ORBilu :
since 15 April 2019


Number of views
144 (11 by Unilu)
Number of downloads
824 (12 by Unilu)

Scopus citations®
Scopus citations®
without self-citations
WoS citations


Similar publications

Contact ORBilu