Preliminary Results On Using Static Analysis Tools For Software Inspection
ISSRE '04 Proceedings of the 15th International Symposium on Software Reliability Engineering
IEEE Security and Privacy
Static analysis tools as early indicators of pre-release defect density
Proceedings of the 27th international conference on Software engineering
On the Value of Static Analysis for Fault Detection in Software
IEEE Transactions on Software Engineering
| Hi-index | 0.00 |
In this paper, we propose a technique for leveraging historical field failure records in conjunction with automated static analysis alerts to determine which alerts or sets of alerts are predictive of a field failure. Our technique uses singular value decomposition to generate groupings of static analysis alert types, which we call alert signatures, that have been historically linked to field failure-prone files in previous releases of a software system. The signatures can be applied to sets of alerts from a current build of a software system. Files that have a matching alert signature are identified as having similar static analysis alert characteristics to files with known field failures in a previous release of the system. We performed a case study involving an industrial software system at IBM and found three distinct alert signatures that could be applied to the system. We found that 50% of the field failures reported since the last static analysis run could be discovered by examining the 10% of the files and static analysis alerts indicated by these three alert signatures. The remaining failures were either not detected by a signature which could be an indication of a new type of error in the field, or they were on areas of the code where no static analysis alerts were detected.