2020
DOI: 10.1007/s10664-020-09880-1
|View full text |Cite
|
Sign up to set email alerts
|

A longitudinal study of static analysis warning evolution and the effects of PMD on software quality in Apache open source projects

Abstract: Automated static analysis tools (ASATs) have become a major part of the software development workflow. Acting on the generated warnings, i.e., changing the code indicated in the warning, should be part of, at latest, the code review phase. Despite this being a best practice in software development, there is still a lack of empirical research regarding the usage of ASATs in the wild. In this work, we want to study ASAT warning trends in software via the example of PMD as an ASAT and its usage in open source pro… Show more

Help me understand this report
View preprint versions

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
2
1

Citation Types

0
21
0

Year Published

2021
2021
2024
2024

Publication Types

Select...
3
2
2

Relationship

2
5

Authors

Journals

citations
Cited by 29 publications
(21 citation statements)
references
References 52 publications
0
21
0
Order By: Relevance
“…SORALD is extensible and is not bound to only use SONARJAVA. Extending SORALD to use other rule-based static analyzers like SpotBugs [26] and PMD [27] is a straightforward endeavour. The only requirement from SO-RALD is that the static analyzer in question provides an accurate source code position for the violation.…”
Section: Methodsmentioning
confidence: 99%
See 1 more Smart Citation
“…SORALD is extensible and is not bound to only use SONARJAVA. Extending SORALD to use other rule-based static analyzers like SpotBugs [26] and PMD [27] is a straightforward endeavour. The only requirement from SO-RALD is that the static analyzer in question provides an accurate source code position for the violation.…”
Section: Methodsmentioning
confidence: 99%
“…There are many common static code analyzers that perform static analysis on programs to identify potential bugs, vulnerabilities, or code smells [30], such as SONARQUBE, SPOTBUGS [26], FINDBUGS [31], and PMD [27].…”
Section: Related Workmentioning
confidence: 99%
“…One of the results of Herbold et al (2021) is that non-production code is often tangled with bug fixing changes. Therefore we only add files that are production files to our final data analogous to Trautsch et al (2020a). This also helps us to provide a clearer picture of warning density based features as production code may have a different evolution of warning density than, e.g., test or example code.…”
Section: Methodsmentioning
confidence: 99%
“…In prior work (Trautsch et al, 2020a) we investigated trends of ASAT warnings and investigated whether usage of an ASAT has an influence on software quality measured via defect density (Fenton and Bieman, 2014). However, our analysis with regards to bugs via defect density was coarse grained.…”
Section: Introductionmentioning
confidence: 99%
See 1 more Smart Citation