Submitted: November 2021
Abstract
Static analysis can be useful for practitioners to report critical security flaws and bugs in a software as warnings. These reports are then subsequently reviewed by human reviewers to validate the suspected code errors. However, due to the challenges of scalability and approximation, static analysis tools often suffer from performance and precision issues that require intensive manual reviewing. One of the major symptoms of the issues is the problem of reporting a high number of false positive warnings, which do not cause run-time failures but are still flagged by the static analysis tool. To address this issue, we leverage machine learning to reduce the cost of analyzing static analysis results in an industrial setting.