WINE: Warning miner for improving bug finders

Bug finders have been actively used to efficiently detect bugs. However, developers and researchers found that the bug finders show high false positive rate. The false positives can be caused by two major reasons: (1) users rejecting warnings and (2) false-positive inducing issues (FPI), i.e., incorrect or incomplete rule implementations. The objective of this study is to reduce warning validation costs for developers of bug finders when they validate the implementation of bug finders to reduce false positives caused by FPI. To achieve the objective, we propose a novel approach, WINE. The key idea of WINE is to extract representative warnings that are structurally equal to other warnings, or structurally contain other warnings from numerous warnings. The rationale behind the approach is that the warnings detected based on structural information and tokens might be equal to each other, or contain other warnings structurally. We evaluated our approach with PMD, an open source bug finder, and 1,008 Java open source projects maintained by Apache Software Foundation. As a result, WINE extracted just about 2% of all warnings. Among the 2% of warnings, we could find the 28 FPIs of PMD. Among them, ten FPIs were already fixed among them. In addition, we simulated our approach in regression testing of PMD with twelve versions changes of PMD (6.25.0 to 6.37.0). As a result, we observed that WINE can effectively reduce the inspection costs by removing about 95% changed warnings. Based on the results, we suggest that WINE could be adopted to improve the bug finders in terms of reducing false positives cause by FPI. In addition, WINE is helpful in the development processes of bug finders to identify false positives and false negatives, especially in regression testing of bug finders. •We propose a novel approach, WINE, that can reduce the inspection cost of validating warnings reported by lightweight bug finders. WINE addresses a problem of false positives caused by incorrect or incomplete implementations of the bug finders by extracting representative warnings.•We evaluated our approach with PMD, an open source bug finder, and 1,008 Java open source projects maintained by Apache Software Foundation. As a result, WINE extracted just about 2% of all warnings, which results in reducing validation costs for the generated warnings. Among the 2% of warnings, we could find the 28 false positive patterns caused by incorrect or incomplete implementations of PMD. The developers