$30 off During Our Annual Pro Sale. View Details »

Context Is King: The Developer Perspective on the Usage of Static Analysis Tools

Carmine Vassallo
March 21, 2018
Technology
1
220

Context Is King: The Developer Perspective on the Usage of Static Analysis Tools

Our study about the usage of Automatic Static Analysis Tools in different software development contexts presented at the 25th edition of the IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER '18) in Campobasso, Italy. Preprint of the corresponding paper available at http://www.ifi.uzh.ch/seal/people/vassallo/VassalloSANER18.pdf

Carmine Vassallo

March 21, 2018
Tweet

More Decks by Carmine Vassallo

See All by Carmine Vassallo
Getting Continuous Testing Done Right with CD-Linter
carminevassallo
0
84
Automated Reporting of Anti-patterns and Decay in Continuous Integration
carminevassallo
2
350
Continuous Refactoring in CI: A Preliminary Study on the Perceived Advantages and Barriers.
carminevassallo
1
120
Developer-Oriented Assistance for Build Failure Resolution
carminevassallo
2
89
Continuous Code Quality: Are We (Really) Doing That?
carminevassallo
1
150
Un-Break My Build: Assisting Developers with Build Repair Hints.
carminevassallo
2
190
A Tale of CI Build Failures: an Open Source and a Financial Organization Perspective
carminevassallo
1
210
Toward supporting DevOps during Continuous Software Development
carminevassallo
1
210

Other Decks in Technology

See All in Technology
徹底解説!Power Platform 導入の成功事例から見る DX 推進のコツ / Tips for DX promotion from Power Platform case studies
karamem0
0
310
大規模Webアプリケーションプラットフォームを開発して軌道に乗るまでにやったこと / How to Put Platforms on Track
hhiroshell
0
980
Bedrock & Amazon Q のアプデ、結局これって○○でいう××のこと?? 生成AIトレンドを俯瞰しながら解説!
minorun365
PRO
0
270
トヨタの社内コミュニティについて色々聞いちゃおう ~たった4年の奇跡の軌跡~
taichinakamura
0
370
dbt Coreとdbt-athenaによるAWS上のdbt環境構築ナレッジ
nayuts
0
290
サービスの1等地ホーム画面改善と効果的なステークホルダーマネジメント / Improvement of Prime Location Home Screen for Services and Effective Stakeholder Management
rilmayer
0
220
Go Getでのchecksum不一致に遭遇した話とその対応
replu
0
280
エンタープライズSaaSへの挑戦〜顧客の事業を成長させるプロダクトマネジメントとは?〜 / pmconf2023
route06
2
1k
VS CodeとPostmanを活用した効率的なAPI開発 / Efficient API development using VS Code and Postman
yokawasa
3
340
Repro の開発組織体制の変遷そして Platform Engineering / Platform Engineering Meetup #6
a_bicky
3
760
Azure OpenAI Serviceの採用と挑戦 - Azure AI Hub meetup #1
cimadai
1
310
ライブラリとの上手な付き合い方
sekido
PRO
0
180

Featured

See All Featured
GraphQLとの向き合い方2022年版
quramy
26
12k
Teambox: Starting and Learning
jrom
125
8.2k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
318
20k
Put a Button on it: Removing Barriers to Going Fast.
kastner
56
2.8k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
17
1.4k
A Tale of Four Properties
chriscoyier
150
22k
Art Directing for the Web. Five minutes with CSS Template Areas
malarkey
197
11k
Optimizing for Happiness
mojombo
368
68k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
500
140k
Music & Morning Musume
bryan
38
5.2k
Optimising Largest Contentful Paint
csswizardry
6
2k
Into the Great Unknown - MozCon
thekraken
7
660

Transcript

  1. 1
    Context Is King:
    The Developer Perspective on the Usage of Static Analysis Tools.
    Carmine Vassallo, Sebastiano Panichella, Fabio Palomba,
    Sebastian Proksch, Andy Zaidman, and Harald Gall. @ccvassallo

    View Slide

  2. 2
    Development Context Is King:
    The Developer Perspective on the Usage of Static Analysis Tools.
    Carmine Vassallo, Sebastiano Panichella, Fabio Palomba,
    Sebastian Proksch, Andy Zaidman, and Harald Gall. @ccvassallo

    View Slide

  3. 3
    Development Context Is King:
    The Developer Perspective on the Usage of Static Analysis Tools.
    Carmine Vassallo, Sebastiano Panichella, Fabio Palomba,
    Sebastian Proksch, Andy Zaidman, and Harald Gall. @ccvassallo

    View Slide

  4. 4
    Motivation

    View Slide

  5. 5
    ASAT
    (A) Automatic
    (S) Static
    (A) Analysis
    (T) Tool

    View Slide

  6. 6
    ASATs detect so+ware defects faster and cheaper than human
    inspec6on and tes6ng would do (Johnson et al., ICSE 2013).
    ASATs are common, but not ubiquitous (Beller et al., SANER 2016)

    View Slide

  7. 7
    Barriers when using ASATs
    Lack of effec6vely
    implemented quick fixes
    Johnson et al.,
    “Why don’t software developers use
    Static Analysis Tools to Find Bugs?”
    ICSE 2013
    High rate of false posi6ve
    warnings
    Low understandability of the
    warnings

    View Slide

  8. 8
    Usage of ASATs in one context
    Panichella et al.,
    “Would static analysis tools help
    developers with code reviews?”
    SANER 2015
    Zampetti et al.,
    “How open source projects use static
    code analysis tools in continuous
    integration”
    MSR 2017
    Build failures caused by ASATs are mainly
    due to coding standard viola.ons
    Developers use ASATs mainly for checking
    coding structure
    Code Review
    Continuous
    Integration

    View Slide

  9. ASATs configured differently in
    different contexts.
    9

    View Slide

  10. TO DO List
    10
    Development Contexts where ASATs are used
    Usage of ASATs in different contexts

    View Slide

  11. First Study:
    Development Contexts
    11

    View Slide

  12. First Study: Research Questions
    • RQ1: In which development contexts do
    developers use ASATs? 

    • RQ2: How do developers configure ASATs in
    different development contexts?
    12

    View Slide

  13. The Questionnaire
    13
    19 questions, 2 main topics:
    • Adoption of ASATs
    • Configuration of ASATs
    43 (69% industrial and 31%
    open-source) participants.

    View Slide

  14. Usage of ASATs
    14
    Frequency
    Multiple times per day
    Daily
    Weekly
    Monthly
    % Respondents
    0 10 20 30 40
    12
    19
    31
    38
    ASATs are integrated with the regular development

    View Slide

  15. 15
    Where ASATs are used

    View Slide

  16. Where ASATs are used
    16
    30% 33% 37%
    % Respondents
    Local Development Code Review Continuous Integration

    View Slide

  17. When ASATs are configured
    17
    Frequency
    Kick-off
    Monthly
    Never
    Weekly
    % Respondents
    0 15 30 45 60
    7
    20
    22
    51
    The majority of developers configure ASATs only once.

    View Slide

  18. 18
    How ASATs are configured
    of our respondents use the
    same configuration in
    different contexts.
    %
    75

    View Slide

  19. How ASATs are configured
    19
    Local Development Code Review Continuous Integration

    View Slide

  20. Second Study:
    ASATs usage in different contexts
    20

    View Slide

  21. Extended questionnaire & Interviews
    21
    Context-Based Usage
    25 participants
    11 professional
    developers
    • 6 companies
    Semi-structured
    interviews

    View Slide

  22. Second Study: Research Question
    • RQ3 Do developers pay attention to the same
    warnings in different development contexts?
    22

    View Slide

  23. Warnings in different contexts
    23
    Local Development Code Review Continuous Integration
    Developers pay attention to different warnings depending on the context.
    Code Structure
    Logic
    Error Handling
    Style Convention
    Redundancies
    Naming Conventions
    Error Handling
    Logic
    Style Convention
    1st
    2nd
    3rd
    1st
    2nd
    3rd
    1st
    2nd
    3rd

    View Slide

  24. Other factors while selecting warnings
    24
    Factors
    Severity of the Warnings
    Policies of the Development Team
    Application Type
    Team Composition
    None of the above
    Tool Reputation
    % Respondents
    0 15 30 45 60
    0
    6.1
    6.1
    12.1
    24.2
    51.5
    2.4
    2.4
    9.9
    19.5
    31.7
    34.1
    2.3
    7
    11.6
    18.6
    27.9
    32.6
    Continuous Integration Code Review Local Development
    Blocker, Cri>cal, Major, etc.
    “Team leader decides to adopt a strict
    policy regarding naming conven6ons.”
    “Short-term applica6ons don’t need to
    follow strict rules.”

    View Slide

  25. 25
    Findings

    View Slide

  26. How developers configure ASATs
    26
    Local Development Code Review Continuous Integration

    View Slide

  27. How developers perceive ASATs
    27
    Local Development Code Review Continuous Integration

    View Slide

  28. 28
    Biased Percep6on
    Towards Context-Awareness
    Holis6c Analysis of the
    Developers’ Behaviour

    View Slide

  29. 29
    Context Is King:
    The Developer Perspective on the Usage of Static Analysis
    Tools.
    Carmine Vassallo, Sebastiano Panichella, Fabio Palomba,
    Sebastian Proksch, Andy Zaidman, and Harald Gall.
    @ccvassallo
    [email protected]
    X
    Usage of ASATs in one context
    Panichella et al.,
    “Would static analysis tools help
    developers with code reviews?”
    SANER 2015
    Zampetti et al.,
    “How open source projects use static
    code analysis tools in continuous
    integration”
    MSR 2017
    Code Review
    Continuous
    Integration
    How ASATs are configured
    X
    Local Development Code Review Continuous Integration
    How developers perceive ASATs
    X
    Local Development Code Review Continuous Integration

    View Slide