Automated classification of static code analysis alerts: a case study

Abstract

Static code analysis tools automatically generate alerts for potential software faults that can lead to failures. However, developers are usually exposed to a large number of alerts. Moreover, some of these alerts are subject to false positives and there is a lack of resources to inspect all the alerts manually. To address this problem, numerous approaches have been proposed for automatically ranking or classifying the alerts based on their likelihood of reporting a critical fault. One of the promising approaches is the application of machine learning techniques to classify alerts based on a set of artifact characteristics. In this work, we evaluate this approach in the context of an industrial case study to classify the alerts generated for a digital TV software. First, we created a benchmark based on this code base by manually analyzing thousands of alerts. Then, we evaluated 34 machine learning algorithms using 10 different artifact characteristics and identified characteristics that have a significant impact. We obtained promising results with respect to the precision of classification.