CodeFlowLM：基于预训练语言模型的增量式即时缺陷预测及缺陷定位探索性分析 (CodeFlowLM: Incremental Just-In-Time Defect Prediction with Pretrained Language Models and Exploratory Insights into Defect Localization)

This work introduces CodeFlowLM, an incremental learning framework for Just-In-Time Software Defect Prediction (JIT-SDP) that leverages pre-trained language models (PLMs). Unlike traditional online learners, CodeFlowLM employs continual fine-tuning to address concept drift, class imbalance, and verification latency without retraining from scratch. We evaluated encoder-only and encoder-decoder PLMs (notably CodeT5+ and UniXCoder) in JIT-SDP scenarios within and between projects, comparing them with the incremental baseline BORB. The results show that CodeFlowLM achieves up to 68% G-Mean gains, confirming its superior adaptability and robustness in evolving software environments. We further extend the analysis to Just-in-Time Defect Localization (JIT-DL), benchmarking Large Language Models (LLMs) such as GPT-5, Claude Sonnet 4.5, and Gemini 2.5 Pro against attention-based models. GPT-5 delivers comparable performance for Recall@20% and Effort@20% with higher stability, although attention-based methods retain an advantage in fine-grained ranking metrics (Top-k, IFA). A qualitative error analysis reveals that most false positives arise from (1) human-like conservative bias, (2) insufficient contextual information in diff-based prompts, and (3) potential dataset mislabeling in JIT-Defects4J. These findings highlight both the promise and the current limitations of LLM reasoning in defect localization. False negatives occur in smaller proportions. Overall, CodeFlowLM significantly advances the state of the art in incremental JIT-SDP, demonstrating superior adaptability and robustness in evolving software environments. Furthermore, our exploratory analysis of LLMs in JIT-DL not only benchmarks their performance against established attention-based models but also provides critical insights into the current limitations of prompt-based defect reasoning.

翻译：本文提出CodeFlowLM，一种利用预训练语言模型（PLMs）的即时软件缺陷预测（JIT-SDP）增量学习框架。与传统在线学习器不同，CodeFlowLM采用持续微调策略，无需从头训练即可应对概念漂移、类别不平衡和验证延迟问题。我们在项目内及跨项目JIT-SDP场景中评估了仅编码器与编码器-解码器PLMs（特别是CodeT5+和UniXCoder），并与增量基线方法BORB进行对比。实验结果表明，CodeFlowLM在G-Mean指标上最高提升68%，证实了其在动态软件环境中卓越的适应性与鲁棒性。我们进一步将分析延伸至即时缺陷定位（JIT-DL），以GPT-5、Claude Sonnet 4.5和Gemini 2.5 Pro等大语言模型（LLMs）为基准，与基于注意力的模型进行对比。GPT-5在Recall@20%和Effort@20%指标上表现出可比的性能且稳定性更高，但基于注意力的方法在细粒度排序指标（Top-k、IFA）上仍具优势。定性误差分析表明，多数误报源于：（1）类人保守性偏差，（2）基于差异提示的上下文信息不足，（3）JIT-Defects4J数据集中潜在的标注错误。这些发现揭示了LLM在缺陷定位推理中的潜力与当前局限。误判情况占比较小。总体而言，CodeFlowLM显著推进了增量式JIT-SDP的技术水平，在动态软件环境中展现出卓越的适应性与鲁棒性。此外，我们对LLMs在JIT-DL中的探索性分析，不仅为其与成熟注意力模型的性能提供了基准，更为基于提示的缺陷推理当前局限提供了关键见解。