Static analysis tools (SATs) are widely adopted in both academia and industry for improving software quality, yet their practical use is often hindered by high false positive rates, especially in large-scale enterprise systems. These false alarms demand substantial manual inspection, creating severe inefficiencies in industrial code review. While recent work has demonstrated the potential of large language models (LLMs) for false alarm reduction on open-source benchmarks, their effectiveness in real-world enterprise settings remains unclear. To bridge this gap, we conduct the first comprehensive empirical study of diverse LLM-based false alarm reduction techniques in an industrial context at Tencent, one of the largest IT companies in China. Using data from Tencent's enterprise-customized SAT on its large-scale Advertising and Marketing Services software, we construct a dataset of 433 alarms (328 false positives, 105 true positives) covering three common bug types. Through interviewing developers and analyzing the data, our results highlight the prevalence of false positives, which wastes substantial manual effort (e.g., 10-20 minutes of manual inspection per alarm). Meanwhile, our results show the huge potential of LLMs for reducing false alarms in industrial settings (e.g., hybrid techniques of LLM and static analysis eliminate 94-98% of false positives with high recall). Furthermore, LLM-based techniques are cost-effective, with per-alarm costs as low as 2.1-109.5 seconds and $0.0011-$0.12, representing orders-of-magnitude savings compared to manual review. Finally, our case analysis further identifies key limitations of LLM-based false alarm reduction in industrial settings.

翻译：静态分析工具在学术界和工业界被广泛用于提升软件质量，但其实际应用常受高误报率所阻碍，尤其在大型企业级系统中。这些误报警报需要大量人工审查，导致工业代码评审效率严重低下。尽管近期研究表明大语言模型在开源基准测试中具有降低误报的潜力，但其在真实企业环境中的有效性尚不明确。为填补这一空白，我们在中国最大IT企业之一的腾讯开展了首次工业场景下多样化基于大语言模型的误报消减技术综合实证研究。利用腾讯企业定制化静态分析工具在其大规模广告与营销服务软件中产生的数据，我们构建了包含433个警报（328个误报，105个真报）的数据集，涵盖三种常见缺陷类型。通过访谈开发者和分析数据，我们的结果凸显了误报警报的普遍性，这造成了大量人力浪费（例如每个警报需10-20分钟人工审查）。同时，我们的研究表明大语言模型在工业场景中具有巨大的误报消减潜力（例如大语言模型与静态分析的混合技术能以高召回率消除94-98%的误报）。此外，基于大语言模型的技术具有成本效益，每个警报的处理成本低至2.1-109.5秒和0.0011-0.12美元，相比人工审查实现了数量级的成本节约。最后，我们的案例分析进一步识别了工业场景下基于大语言模型的误报消减技术的关键局限性。