A report on a survey and study of static analysis users

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

A report on a survey and study of static analysis users

Full text

Pdf (223 KB)

Source

International Symposium on Software Testing and Analysis archive
Proceedings of the 2008 workshop on Defects in large software systems table of contents

Seattle, Washington

SESSION: Technical papers table of contents

Pages 1-5

Year of Publication: 2008

ISBN:978-1-60558-051-7

Authors

Nathaniel Ayewah	Univ. of Maryland, College Park, MD
William Pugh	Univ. of Maryland, College Park, MD

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 28, Downloads (12 Months): 196, Citation Count: 2

Additional Information:

abstract references cited by index terms collaborative colleagues

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/1390817.1390819 What is a DOI?

ABSTRACT

As static analysis tools mature and attract more users, vendors and researchers have an increased interest in understanding how users interact with them, and how they impact the software development process. The FindBugs project has conducted a number of studies including online surveys, interviews and a preliminary controlled user study to better understand the practices, experiences and needs of its users. Through these studies we have learned that many users are interested in even low priority warnings, and some organizations are building custom solutions to more seamlessly and automatically integrate FindBugs into their software processes. We've also observed that developers can make decisions about the accuracy and severity of warnings fairly quickly and independent reviewers will generally reach the same conclusions about warnings.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Dspace. http://dspace.org/, 2008.
	2	Fortify software. http://fortify.com/, 2008.
	3	Hackystat. http://hackystat.org, 2008.
	4	Static analysis tool exposition, organized by software assurance metrics and tool evaluation (samate) project at nist. http://samate.nist.gov/index.php/SATE, 2008.
	5	Survey monkey. http://surveymonkey.com/, 2008.
	6	N. Ayewah, D. Hovemeyer, J. D. Morgenthaler, J. Penix, and W. Pugh. Experiences using static analysis to find bugs. Software, IEEE, 25(5), 2008. To appear.
	7	Nathaniel Ayewah , William Pugh , J. David Morgenthaler , John Penix , YuQian Zhou, Evaluating static analysis defect warnings on production software, Proceedings of the 7th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering, p.1-8, June 13-14, 2007, San Diego, California, USA [doi>10.1145/1251535.1251536]
	8	David Hovemeyer , William Pugh, Finding more null pointer bugs, but not too many, Proceedings of the 7th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering, p.9-14, June 13-14, 2007, San Diego, California, USA [doi>10.1145/1251535.1251537]
	9	David Hovemeyer , Jaime Spacco , William Pugh, Evaluating and tuning a static analysis to find null pointer bugs, Proceedings of the 6th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering, September 05-06, 2005, Lisbon, Portugal
	10	Ciera Jaspan , I-Chin Chen , Anoop Sharma, Understanding the value of program analysis tools, Companion to the 22nd ACM SIGPLAN conference on Object oriented programming systems and applications companion, October 21-25, 2007, Montreal, Quebec, Canada [doi>10.1145/1297846.1297964]
	11	Philip M. Johnson , Hongbing Kou , Joy Agustin , Christopher Chan , Carleton Moore , Jitender Miglani , Shenyan Zhen , William E. J. Doane, Beyond the Personal Software Process: metrics collection and analysis for the differently disciplined, Proceedings of the 25th International Conference on Software Engineering, May 03-10, 2003, Portland, Oregon
	12	Lucas Layman , Laurie Williams , Robert St. Amant, Toward Reducing Fault Fix Time: Understanding Developer Behavior for the Design of Automated Fault Detection Tools, Proceedings of the First International Symposium on Empirical Software Engineering and Measurement, p.176-185, September 20-21, 2007 [doi>10.1109/ESEM.2007.82]
	13	Joseph R. Ruthruff , John Penix , J. David Morgenthaler , Sebastian Elbaum , Gregg Rothermel, Predicting accurate and actionable static analysis warnings: an experimental approach, Proceedings of the 30th international conference on Software engineering, May 10-18, 2008, Leipzig, Germany [doi>10.1145/1368088.1368135]
	14	Jaime Spacco , David Hovemeyer , William Pugh, Tracking defect warnings across versions, Proceedings of the 2006 international workshop on Mining software repositories, May 22-23, 2006, Shanghai, China [doi>10.1145/1137983.1138014]

CITED BY 2

	Nathaniel Ayewah , William Pugh, Using checklists to review static analysis warnings, Proceedings of the 2nd International Workshop on Defects in Large Software Systems: Held in conjunction with the ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA 2009), July 19-19, 2009, Chicago, Illinois
	Matthew M. North , Max M. North , Sarah M. North, Security from the bottom-up: compliance regulations and the trend toward design-oriented web applications, Journal of Computing Sciences in Colleges, v.24 n.4, April 2009