OOPSLA '04 Companion to the 19th annual ACM SIGPLAN conference on Object-oriented programming systems, languages, and applications
Evaluating static analysis defect warnings on production software
PASTE '07 Proceedings of the 7th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering
Improving software quality with static analysis
PASTE '07 Proceedings of the 7th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering
Prioritizing Warning Categories by Analyzing Software History
MSR '07 Proceedings of the Fourth International Workshop on Mining Software Repositories
Which warnings should I fix first?
Proceedings of the the 6th joint meeting of the European software engineering conference and the ACM SIGSOFT symposium on The foundations of software engineering
Using FindBugs on production software
Companion to the 22nd ACM SIGPLAN conference on Object-oriented programming systems and applications companion
Predicting accurate and actionable static analysis warnings: an experimental approach
Proceedings of the 30th international conference on Software engineering
Branching and merging in the repository
Proceedings of the 2008 international working conference on Mining software repositories
A report on a survey and study of static analysis users
DEFECTS '08 Proceedings of the 2008 workshop on Defects in large software systems
Using a pilot study to derive a GUI model for automated testing
ACM Transactions on Software Engineering and Methodology (TOSEM)
Accurate Interprocedural Null-Dereference Analysis for Java
ICSE '09 Proceedings of the 31st International Conference on Software Engineering
Tracking code patterns over multiple software versions with Herodotos
Proceedings of the 9th International Conference on Aspect-Oriented Software Development
Null dereference analysis in practice
Proceedings of the 9th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering
UsabML: formalising the exchange of usability findings
Proceedings of the 2nd ACM SIGCHI symposium on Engineering interactive computing systems
The fluid software metadata framework (FSM)
Proceedings of the 2nd ACM SIGCHI symposium on Engineering interactive computing systems
Proceedings of the 19th international symposium on Software testing and analysis
Automatic construction of an effective training set for prioritizing static analysis warnings
Proceedings of the IEEE/ACM international conference on Automated software engineering
Dealing with noise in defect prediction
Proceedings of the 33rd International Conference on Software Engineering
Usability reporting with UsabML
HCSE'12 Proceedings of the 4th international conference on Human-Centered Software Engineering
Hi-index | 0.00 |
Various static analysis tools will analyze a software artifact in order to identify potential defects, such as misused APIs, race conditions and deadlocks, and security vulnerabilities. For a number of reasons, it is important to be able to track the occurrence of each potential defect over multiple versions of a software artifact understudy: in other words, to determine when warnings reported in multiple versions of the software all correspond the same underlying issue. One motivation for this capability is to remember decisions about code that has been reviewed and found to be safe despite the occurrence of a warning. Another motivation is constructing warning deltas between versions, showing which warnings are new, which have persisted,and which have disappeared. This allows reviewers to focus their efforts on inspecting new warnings. Finally, tracking warnings through a series of software versions reveals where potential defects are introduced and fixed, and how long they persist, exposing interesting trends and patterns.We will discuss two different techniques we have implemented in FindBugs (a static analysis tool to find bugs in Java programs) for tracking defects across versions, discuss their relative merits and how they can be incorporated into the software development process, and discuss the results of tracking defect warnings across Sun's Java runtime library.