Making defect-finding tools work for you

Authors:
Mangala Gowri Nanda;Monika Gupta;Saurabh Sinha;Satish Chandra;David Schmidt;Pradeep Balachandran
Affiliations:
IBM Research - India;IBM Research - India;IBM Research - India;IBM Research - TJ Watson Research Center;IBM Tivoli;IBM Rational
Venue:
Proceedings of the 32nd ACM/IEEE International Conference on Software Engineering - Volume 2
Year:
2010

Citing 11
Cited 2

Extended static checking for Java

PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
Finding bugs is easy

ACM SIGPLAN Notices
Continuous code-quality assurance with SAFE

Proceedings of the 2006 ACM SIGPLAN symposium on Partial evaluation and semantics-based program manipulation
Evaluating static analysis defect warnings on production software

PASTE '07 Proceedings of the 7th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering
Which warnings should I fix first?

Proceedings of the the 6th joint meeting of the European software engineering conference and the ACM SIGSOFT symposium on The foundations of software engineering
Understanding the value of program analysis tools

Companion to the 22nd ACM SIGPLAN conference on Object-oriented programming systems and applications companion
Predicting accurate and actionable static analysis warnings: an experimental approach

Proceedings of the 30th international conference on Software engineering
A report on a survey and study of static analysis users

DEFECTS '08 Proceedings of the 2008 workshop on Defects in large software systems
Using Static Analysis to Find Bugs

IEEE Software
Accurate Interprocedural Null-Dereference Analysis for Java

ICSE '09 Proceedings of the 31st International Conference on Software Engineering
Comparing bug finding tools with reviews and tests

TestCom'05 Proceedings of the 17th IFIP TC6/WG 6.1 international conference on Testing of Communicating Systems

A systematic literature review of actionable alert identification techniques for automated static code analysis

Information and Software Technology
Extending static analysis by mining project-specific rules

Proceedings of the 34th International Conference on Software Engineering

Quantified Score

Hi-index	0.00

Visualization

Abstract

Given the high costs of software testing and fixing bugs after release, early detection of bugs using static analysis can result in significant savings. However, despite their many benefits, recent availability of many such tools, and evidence of a positive return-on-investment, static-analysis tools are not used widely because of various usability and usefulness problems. The usability inhibitors include the lack of features, such as capabilities to merge reports from multiple tools and view warning deltas between two builds of a system. The usefulness problems are related primarily to the accuracy of the tools: identification of false positives (or, spurious bugs) and uninteresting bugs among the true positives. In this paper, we present the details of an online portal, developed at IBM Research, to address these problems and promote the adoption of static-analysis tools. We report our experience with the deployment of the portal within the IBM developer community. We also highlight the problems that we have learned are important to address, and present our approach toward solving some of those problems.