|
ā | Method type | Advantage | Disadvantage |
|
Automatic vulnerability detection | Code similarity-based vulnerability detection | Source code-based detects multiple clone types; binary code-based achieves higher detection accuracy | False negative rate high (source); analytical complexity (binary) |
Code pattern-based vulnerability detection | Static method achieves higher code; coverage dynamic method detects faster | Lack run-time information (static); low code coverage (dynamic) |
|
Automatic program patching | Grammar-based program patching | Token-based method error analysis; simple text-based method generates higher quality patches | Poor patches interpretability (token); unacceptable program behavior (tex) |
Semantic-based program patching | Static method achieves good repair effect dynamic method and accurately captures program behavior | Limited type of repair (static); high cost (dynamic) |
|
Automatic defect prediction | Within-project defect prediction | End-to-end implementation, accurate prediction of defective program modules | Poor expansion |
Crossproject defect prediction | Effectively integrates dataset resources to better promote new project development practices | Excessive code feature extraction granularity |
Just-in-time defect prediction | Earlier identifies faulty modules and fine-grained analysis, efficiently identifies the number of defects | Lack of extensive training data to train the model |
|