An empirical study of operating systems errors
SOSP '01 Proceedings of the eighteenth ACM symposium on Operating systems principles
Correlation exploitation in error ranking
Proceedings of the 12th ACM SIGSOFT twelfth international symposium on Foundations of software engineering
Static analysis tools as early indicators of pre-release defect density
Proceedings of the 27th international conference on Software engineering
Proceedings of the 28th international conference on Software engineering
Which warnings should I fix first?
Proceedings of the the 6th joint meeting of the European software engineering conference and the ACM SIGSOFT symposium on The foundations of software engineering
Predicting accurate and actionable static analysis warnings: an experimental approach
Proceedings of the 30th international conference on Software engineering
Using Static Analysis to Find Bugs
IEEE Software
Path projection for user-centered static analysis tools
Proceedings of the 8th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering
Cooperative update: a new model for dependable live update
Proceedings of the 2nd International Workshop on Hot Topics in Software Upgrades
ConMem: detecting severe concurrency bugs through an effect-oriented approach
Proceedings of the fifteenth edition of ASPLOS on Architectural support for programming languages and operating systems
Characterizing and predicting which bugs get fixed: an empirical study of Microsoft Windows
Proceedings of the 32nd ACM/IEEE International Conference on Software Engineering - Volume 1
Automated software testing as a service
Proceedings of the 1st ACM symposium on Cloud computing
TAPP'10 Proceedings of the 2nd conference on Theory and practice of provenance
Attack surface reduction for commodity OS kernels: trimmed garden plants may attract less bugs
Proceedings of the Fourth European Workshop on System Security
Using automatic persistent memoization to facilitate data analysis scripting
Proceedings of the 2011 International Symposium on Software Testing and Analysis
Towards reliable storage systems
Towards reliable storage systems
Extending static analysis by mining project-specific rules
Proceedings of the 34th International Conference on Software Engineering
Enhanced operating system security through efficient and fine-grained address space randomization
Security'12 Proceedings of the 21st USENIX conference on Security symposium
ConMem: Detecting Crash-Triggering Concurrency Bugs through an Effect-Oriented Approach
ACM Transactions on Software Engineering and Methodology (TOSEM)
Hi-index | 0.00 |
We present a study of how Linux kernel developers respond to bug reports issued by a static analysis tool. We found that developers prefer to triage reports in younger, smaller, and more actively-maintained files (§2), first address easy-to-fix bugs and defer difficult (but possibly critical) bugs (§3), and triage bugs in batches rather than individually (§4). Also, although automated tools cannot find many types of bugs, they can be effective at directing developers' attentions towards parts of the codebase that contain up to 3X more user-reported bugs (§5). Our insights into developer attitudes towards static analysis tools allow us to make suggestions for improving their usability and effectiveness. We feel that it could be effective to run static analysis tools continuously while programming and before committing code, to rank reports so that those most likely to be triaged are shown to developers first, to show the easiest reports to new developers, to perform deeper analysis on more actively-maintained code, and to use reports as indirect indicators of code quality and importance.