Static correspondence and correlation between field defects and warnings reported by a bug finding tool

Authors:
Cesar Couto;João Eduardo Montandon;Christofer Silva;Marco Tulio Valente
Affiliations:
Department of Computer Science, UFMG, Belo Horizonte, Brazil and Department of Computing, CEFET-MG, Belo Horizonte, Brazil;Department of Computer Science, UFMG, Belo Horizonte, Brazil;Department of Computing, CEFET-MG, Belo Horizonte, Brazil;Department of Computer Science, UFMG, Belo Horizonte, Brazil
Venue:
Software Quality Control
Year:
2013

Citing 19
Cited 1

Experimental design and analysis in software engineering, part 5: analyzing the data

ACM SIGSOFT Software Engineering Notes
A primer on empirical studies (tutorial)

ICSE '97 Proceedings of the 19th international conference on Software engineering
Empirical Analysis of CK Metrics for Object-Oriented Design Complexity: Implications for Software Defects

IEEE Transactions on Software Engineering
Finding bugs is easy

ACM SIGPLAN Notices
Static analysis tools as early indicators of pre-release defect density

Proceedings of the 27th international conference on Software engineering
Object-Oriented Metrics in Practice

Object-Oriented Metrics in Practice
Mining metrics to predict component failures

Proceedings of the 28th international conference on Software engineering
Static Code Analysis

IEEE Software
Improving software quality with static analysis

PASTE '07 Proceedings of the 7th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering
Which warnings should I fix first?

Proceedings of the the 6th joint meeting of the European software engineering conference and the ACM SIGSOFT symposium on The foundations of software engineering
Extraction of bug localization benchmarks from history

Proceedings of the twenty-second IEEE/ACM international conference on Automated software engineering
An Evaluation of Two Bug Pattern Tools for Java

ICST '08 Proceedings of the 2008 International Conference on Software Testing, Verification, and Validation
Righting Software

IEEE Software
On the Value of Static Analysis for Fault Detection in Software

IEEE Transactions on Software Engineering
Using Static Analysis to Find Bugs

IEEE Software
A few billion lines of code later: using static analysis to find bugs in the real world

Communications of the ACM
Relating Identifier Naming Flaws and Code Quality: An Empirical Study

WCRE '09 Proceedings of the 2009 16th Working Conference on Reverse Engineering
On the Impact of Design Flaws on Software Defects

QSIC '10 Proceedings of the 2010 10th International Conference on Quality Software
Comparing bug finding tools with reviews and tests

TestCom'05 Proceedings of the 17th IFIP TC6/WG 6.1 international conference on Testing of Communicating Systems

Mining the impact of evolution categories on object-oriented metrics

Software Quality Control

Quantified Score

Hi-index	0.00

Visualization

Abstract

Despite the interest and the increasing number of static analysis tools for detecting defects in software systems, there is still no consensus on the actual gains that such tools introduce in software development projects. Therefore, this article reports a study carried out to evaluate the degree of correspondence and correlation between post-release defects (i.e., field defects) and warnings issued by FindBugs, a bug finding tool widely used in Java systems. The study aimed to evaluate two types of relations: static correspondence (when warnings contribute to find the static program locations changed to remove field defects) and statistical correlation (when warnings serve as early indicators for future field defects). As a result, we have concluded that there is no static correspondence between field defects and warnings. However, statistical tests showed that there is a moderate level of correlation between warnings and such kinds of software defects.