{"title":"大型语言模型能否取代静态分析工具","authors":"Han Cui","doi":"10.1117/12.3031920","DOIUrl":null,"url":null,"abstract":"Static analysis tools are widely used to ensure code quality and security, especially in large software projects. Recently, the advent of Large Language Models (LLM), such as the Generative Pre-trained Transformer (GPT), seems to present a strong ability to handle tasks about static code analysis. This paper aims to answer the question, can large language model replace static analysis tools? We present an extensive evaluation of ChatGPT’s capabilities in identifying and analyzing issues detectable by three well-known Java static analysis tools: PMD, SpotBugs, and SonarQube. Through a series of experiments, we assess the performance of two versions of GPT, GPT-3.5 and GPT-4, across various categories of code issues. We conduct a detailed analysis of the experiment results and discuss the limitation of using ChatGPT to perform as a static analysis tool. The findings during our research suggest that while GPT, especially GPT-4 performs outstanding marks on the dataset we chose, it is improper to fully replace the static code analyzers at the time. Working as the supplementary of static code analyzers can be a nice way to enhance the code quality ensuring projects.","PeriodicalId":198425,"journal":{"name":"Other Conferences","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2024-06-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Can large language model replace static analysis tools\",\"authors\":\"Han Cui\",\"doi\":\"10.1117/12.3031920\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Static analysis tools are widely used to ensure code quality and security, especially in large software projects. Recently, the advent of Large Language Models (LLM), such as the Generative Pre-trained Transformer (GPT), seems to present a strong ability to handle tasks about static code analysis. This paper aims to answer the question, can large language model replace static analysis tools? We present an extensive evaluation of ChatGPT’s capabilities in identifying and analyzing issues detectable by three well-known Java static analysis tools: PMD, SpotBugs, and SonarQube. Through a series of experiments, we assess the performance of two versions of GPT, GPT-3.5 and GPT-4, across various categories of code issues. We conduct a detailed analysis of the experiment results and discuss the limitation of using ChatGPT to perform as a static analysis tool. The findings during our research suggest that while GPT, especially GPT-4 performs outstanding marks on the dataset we chose, it is improper to fully replace the static code analyzers at the time. Working as the supplementary of static code analyzers can be a nice way to enhance the code quality ensuring projects.\",\"PeriodicalId\":198425,\"journal\":{\"name\":\"Other Conferences\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2024-06-06\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Other Conferences\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1117/12.3031920\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Other Conferences","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1117/12.3031920","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Can large language model replace static analysis tools
Static analysis tools are widely used to ensure code quality and security, especially in large software projects. Recently, the advent of Large Language Models (LLM), such as the Generative Pre-trained Transformer (GPT), seems to present a strong ability to handle tasks about static code analysis. This paper aims to answer the question, can large language model replace static analysis tools? We present an extensive evaluation of ChatGPT’s capabilities in identifying and analyzing issues detectable by three well-known Java static analysis tools: PMD, SpotBugs, and SonarQube. Through a series of experiments, we assess the performance of two versions of GPT, GPT-3.5 and GPT-4, across various categories of code issues. We conduct a detailed analysis of the experiment results and discuss the limitation of using ChatGPT to perform as a static analysis tool. The findings during our research suggest that while GPT, especially GPT-4 performs outstanding marks on the dataset we chose, it is improper to fully replace the static code analyzers at the time. Working as the supplementary of static code analyzers can be a nice way to enhance the code quality ensuring projects.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
