WarningsFIX: a Recommendation System for Prioritizing Warnings Generated by Automated Static Analyzers

Resumo

Recommendation systems try to guide the users in carrying out a task providing them with useful information about it. Considering the context of software development, programs are ever-increasing, making it difficult to conduct a detailed verification and validation. Automated static analyzers help to detect possible faults on software products earlier and quickly but, in general, the issue maybe a false-positive warning. In this sense, this work presents and evaluates a recommendation system, called WarningsFIX (WFX), which combines several static analyzers aim at: i) Expand the possible fault domain approached by each static analysis tool increasing the range of warnings types covered, allowing the concentration of a higher number of true-positive warnings. ii) Establish different prioritization strategies of warnings aiming at suggesting for reviewers first analyze the ones with a higher chance of being true-positive. WFX organizes the warnings information via treemaps considering four levels of abstraction: program, package, class, and line. The nodes of the treemap on each level may be classified by three different prioritization strategies based on the number of warnings, the number of tools, and the suspicions rate. The use of these strategies enables the reviewer to handle the set of warnings in a coordinated way depending on the cost and time constraint available. We perform a feasibility study to evaluate the WFX effectiveness whose results shown that: i) WFX was able to improve the results obtained from combined static analyzers to 44% of the analyzed programs, concentrating for them a greater number of true-positives. ii) WFX, depending on the adopted prioritization strategy, improved from 67.5% to 55% the ranking of lines with real bugs when compared with the list of warnings provided by the automated static analyzers without the WFX support.