Enhancing Code Quality with Generative AI: Boosting Developer Warning Compliance
Hansen Chang, Christian DeLozier
TL;DR
This work addresses the problem of developers ignoring static-analysis warnings by leveraging large language models to produce plain-language explanations and actionable fixes. It outlines an experimental framework using the NIST Juliet vulnerability suite, two static-analysis tools (cppcheck and clang-check), and multiple LLMs, with careful prompt engineering to elicit concise explanations and remedies. Through case studies on Divide-by-Zero and Stack-Based Buffer Overflow warnings and an automated test-case extraction pipeline yielding 44 validated examples, the study demonstrates the potential of LLM-augmented warnings to improve bug-fix motivation and capability. The findings point toward practical impact, including planned IDE integration and a forthcoming user study with undergraduates to rigorously evaluate whether clearer warnings increase software quality and reduce technical debt.
Abstract
Programmers have long ignored warnings, especially those generated by static analysis tools, due to the potential for false-positives. In some cases, warnings may be indicative of larger issues, but programmers may not understand how a seemingly unimportant warning can grow into a vulnerability. Because these messages tend to be long and confusing, programmers tend to ignore them if they do not cause readily identifiable issues. Large language models can simplify these warnings, explain the gravity of important warnings, and suggest potential fixes to increase developer compliance with fixing warnings.
