Reference : Mining Fix Patterns for FindBugs Violations
Scientific journals : Article
Engineering, computing & technology : Computer science
Computational Sciences
Mining Fix Patterns for FindBugs Violations
Liu, Kui mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
Kim, Dongsun []
Bissyande, Tegawendé François D Assise mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
Yoo, Shin []
Le Traon, Yves mailto [University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC) >]
IEEE Transactions on Software Engineering
Institute of Electrical and Electronics Engineers
Yes (verified by ORBilu)
New York
[en] Fix pattern ; pattern mining ; program repair ; findbugs violation ; unsupervised learning
[en] Several static analysis tools, such as Splint or FindBugs, have been proposed to the software development community to help detect security vulnerabilities or bad programming practices. However, the adoption of these tools is hindered by their high false positive rates. If the false positive rate is too high, developers may get acclimated to violation reports from these tools, causing concrete and severe bugs being overlooked. Fortunately, some violations are actually addressed and resolved by developers. We claim that those violations that are recurrently fixed are likely to be true positives, and an automated approach can learn to repair similar unseen violations. However, there is lack of a systematic way to investigate the distributions on existing violations and fixed ones in the wild, that can provide insights into prioritizing violations for developers, and an effective way to mine code and fix patterns which can help developers easily understand the reasons of leading violations and how to fix them.
In this paper, we first collect and track a large number of fixed and unfixed violations across revisions of software. The empirical analyses reveal that there are discrepancies in the distributions of violations that are detected and those that are fixed, in terms of occurrences, spread and categories, which can provide insights into prioritizing violations. To automatically identify patterns in violations and their fixes, we propose an approach that utilizes convolutional neural networks to learn features and clustering to regroup similar instances. We then evaluate the usefulness of the identified fix patterns by applying them to unfixed violations. The results show that developers will accept and merge a majority (69/116) of fixes generated from the inferred fix patterns. It is also noteworthy that the yielded patterns are applicable to four real bugs in the Defects4J major benchmark for software testing and automated repair.
Interdisciplinary Centre for Security, Reliability and Trust (SnT) > Security Design and Validation Research Group (SerVal)
Fonds National de la Recherche - FnR
Researchers ; Professionals ; Students ; General public
FnR ; FNR10449467 > Tegawendé François D'Assise Bissyandé > RECOMMEND > Automatic Bug Fix Recommendation: Improving Software Repair and Reducing Time-to-Fix Delays in Software Development Projects > 01/02/2016 > 31/01/2019 > 2015

File(s) associated to this reference

Fulltext file(s):

Open access
liu2018mining.pdfAuthor preprint1.94 MBView/Open

Additional material(s):

File Commentary Size Access
Open access
appendices.pdfAppendices347.83 kBView/Open

Bookmark and Share SFX Query

All documents in ORBilu are protected by a user license.