Static analysis tools are commonly used to detect defects before the code is released. Previous research has focused on their overall effectiveness and their ability to detect defects. However, little is known about the usage patterns of warning suppressions: the configurations developers set up in order to prevent the appearance of specific warnings. We address this gap by analyzing how often are warning suppression features used, which warning suppression features are used and for what purpose, and also how could the use of warning suppression annotations be avoided. To answer these questions we examine 1\,425 open-source Java-based projects that utilize Findbugs or Spotbugs for warning-suppressing configurations and source code annotations. We find that although most warnings are suppressed, only a small portion of them get frequently suppressed. Contrary to expectations, false positives account for a minor proportion of suppressions. A significant number of suppressions introduce technical debt, suggesting potential disregard for code quality or a lack of appropriate guidance from the tool. Misleading suggestions and incorrect assumptions also lead to suppressions. Findings underscore the need for better communication and education related to the use of static analysis tools, improved bug pattern definitions, and better code annotation. Future research can extend these findings to other static analysis tools, and apply them to improve the effectiveness of static analysis.

翻译：静态分析工具常用于在代码发布前检测缺陷。以往研究多聚焦于其整体效能与缺陷检测能力，但鲜有涉及告警抑制的使用模式——即开发者为避免特定告警出现而配置的设置。本研究通过分析告警抑制功能的使用频率、使用方式及目的，以及如何避免使用告警抑制注解来填补这一空白。为解答上述问题，我们考察了1425个使用Findbugs或Spotbugs进行告警抑制配置与源码注解的开源Java项目。研究发现：尽管多数告警被抑制，但仅有少量告警被频繁抑制。与预期相反，误报仅占抑制案例的极小比例。大量抑制行为引入技术债务，暗示开发者可能忽视代码质量或缺乏工具提供的适当指导。误导性建议与错误假设同样导致抑制行为。研究结果强调需加强静态分析工具使用的宣传与教育、改进缺陷模式定义并完善代码注解方法。未来研究可将这些发现拓展至其他静态分析工具，并据此提升静态分析的有效性。