一种面向缺陷检测过程的警报自动确认方法

An Automatic Alarm Identification Method Oriented to Defect Detection Process

静态分析工具能够一定程度上帮助开发者检测代码中的重要错误;然而,可扩展性和不可判定性的存在会影响这些工具的准确率,导致它们无法被用于更广泛的实践中;最近,研究人员开始利用人工智能的技术来提高这些工具的可使用性,通过将正确和错误的警报自动分类,以节省在软件开发过程中人工确认警报所需要的人力和时间的花费;传统的方法主要通过使用手工提取的特征来表示有缺陷的代码片段,难以抓住它们深层次的语义信息;为了克服传统方法的限制,设计并提出了一种创新的特征提取方法,通过收集并提取缺陷模式状态机实例状态转换过程中相关指令集所包含的细粒度的语法、语义信息,并将有效的深度学习框架与之相结合,从而实现跨工程的警报自动确认;在5个开源工程的警报数据集上实验,分别与基于传统度量元的自动确认方法比较,AUC指标提升幅度在1.83%~31.81%之间,表明该方法能够有效提升跨工程警报自动确认的表现。

Static analysis(SA)tools can aid the developers detect the critical errors in software to some degree.However,challenges such as scalability and undecidability are likely to have impact on their precision and performances,preventing these tools from being widely adopted in practice.Recently,researchers begin to utilize the artificial intelligence techniques to improve the usability of these tools by automatically classifying the alarms of false and positive,the manual identification of which is laborious and time-consuming in software development processes.Traditional approaches mainly focus on using hand-engineered features to represent the defective code snippets,it is hard to extract the deep semantic information of reported alarms.In order to overcome the limitations of traditional approaches,a novel feature extraction approach is designed and proposed.By collecting and capturing the fine-grained semantic and syntactic information,which is included in the instructions related to the state-transforming processes of instances of the fault pattern state machine,and combining them with an effective deep learning framework,the cross-project defect automatic identification can be achieved.The experiment is based on the alarm dataset of five open-source projects.Comparing with the traditional metrics-based method,the indicator AUC is increased by between 1.83%~31.81%.The experimental results show that the proposed method is effective and can yield significant improvement on the cross-project defect identification.