ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Using checklists to review static analysis warnings
Full text PdfPdf (658 KB)
Source International Symposium on Software Testing and Analysis archive
Proceedings of the 2nd International Workshop on Defects in Large Software Systems: Held in conjunction with the ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA 2009) table of contents
Chicago, Illinois
SESSION: Empirical studies table of contents
Pages 11-15  
Year of Publication: 2009
ISBN:978-1-60558-654-0
Authors
Nathaniel Ayewah  Univ. of Maryland, College Park, MD
William Pugh  Univ. of Maryland, College Park, MD
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 18,   Downloads (12 Months): 56,   Citation Count: 0
Additional Information:

abstract   references   index terms   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/1555860.1555864
What is a DOI?

ABSTRACT

Static analysis tools find silly mistakes, confusing code, bad practices and property violations. But software developers and organizations may or may not care about all these warnings, depending on how they impact code behavior and other factors. In the past, we have tried to identify important warnings by asking users to rate them as severe, low impact or not a bug. In this paper, we observe that the user's rating may be more complicated depending on whether the warning is feasible, changes code behavior, occurs in deployed code and other factors. To better model this, we ask users to review warnings using a checklist which enables more detailed reviews. We find that reviews are consistent across users and across checklist questions, though some users may disagree about whether to fix or filter out certain bug classes.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

1
Nathaniel Ayewah , William Pugh, A report on a survey and study of static analysis users, Proceedings of the 2008 workshop on Defects in large software systems, July 20-20, 2008, Seattle, Washington  [doi>10.1145/1390817.1390819]
2
Nathaniel Ayewah , William Pugh , J. David Morgenthaler , John Penix , YuQian Zhou, Evaluating static analysis defect warnings on production software, Proceedings of the 7th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering, p.1-8, June 13-14, 2007, San Diego, California, USA  [doi>10.1145/1251535.1251536]
3
David Hovemeyer , William Pugh, Finding bugs is easy, Companion to the 19th annual ACM SIGPLAN conference on Object-oriented programming systems, languages, and applications, October 24-28, 2004, Vancouver, BC, CANADA  [doi>10.1145/1028664.1028717]
4
David Hovemeyer , William Pugh, Finding more null pointer bugs, but not too many, Proceedings of the 7th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering, p.9-14, June 13-14, 2007, San Diego, California, USA  [doi>10.1145/1251535.1251537]
5
Yit Phang Khoo , Jeffrey S. Foster , Michael Hicks , Vibha Sazawal, Path projection for user-centered static analysis tools, Proceedings of the 8th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering, November 09-10, 2008, Atlanta, Georgia  [doi>10.1145/1512475.1512488]
6
Sunghun Kim , Michael D. Ernst, Which warnings should I fix first?, Proceedings of the the 6th joint meeting of the European software engineering conference and the ACM SIGSOFT symposium on The foundations of software engineering, September 03-07, 2007, Dubrovnik, Croatia  [doi>10.1145/1287624.1287633]
7
Nachiappan Nagappan , Thomas Ball, Static analysis tools as early indicators of pre-release defect density, Proceedings of the 27th international conference on Software engineering, May 15-21, 2005, St. Louis, MO, USA  [doi>10.1145/1062455.1062558]

INDEX TERMS

Primary Classification:
  F. Theory of Computation
  F.3 LOGICS AND MEANINGS OF PROGRAMS
      F.3.2 Semantics of Programming Languages

Additional Classification:
  D. Software
  D.2 SOFTWARE ENGINEERING
      D.2.4 Software/Program Verification


General Terms:
Experimentation, Reliability, Security


Keywords:
FindBugs, Java, bug patterns, bugs, false positives, software defects, software quality, static analysis

Collaborative Colleagues:
Nathaniel Ayewah: colleagues
William Pugh: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player