Results 1 -
9 of
9
A report on a survey and study of static analysis users
- In DEFECTS ’08: Proceedings of the 2008 workshop on Defects in large software systems
, 2008
"... As static analysis tools mature and attract more users, vendors and researchers have an increased interest in understanding how users interact with them, and how they impact the software development process. The FindBugs project has conducted a number of studies including online surveys, interviews ..."
Abstract
-
Cited by 8 (3 self)
- Add to MetaCart
(Show Context)
As static analysis tools mature and attract more users, vendors and researchers have an increased interest in understanding how users interact with them, and how they impact the software development process. The FindBugs project has conducted a number of studies including online surveys, interviews and a preliminary controlled user study to better understand the practices, experiences and needs of its users. Through these studies we have learned that many users are interested in even low priority warnings, and some organizations are building custom solutions to more seamlessly and automatically integrate FindBugs into their software processes. We’ve also observed that developers can make decisions about the accuracy and severity of warnings fairly quickly and independent reviewers will generally reach the same conclusions about warnings.
Answering reachability questions
, 2011
"... Software developers understanding and exploring code spend much of their time asking questions and searching for answers. Yet little has been known about the questions devel-‐ opers ask, the strategies used to answer them, and the challenges developers face. Through interviews, surveys, and observat ..."
Abstract
-
Cited by 5 (3 self)
- Add to MetaCart
(Show Context)
Software developers understanding and exploring code spend much of their time asking questions and searching for answers. Yet little has been known about the questions devel-‐ opers ask, the strategies used to answer them, and the challenges developers face. Through interviews, surveys, and observations, a series of 7 studies were conducted that begin to address this gap, contributing a better understanding of developers ’ tools, practices, prob-‐ lems, questions, and strategies, and a model of how developers reconstruct design decisions from code. A design process is described for using studies of developers ’ work to design more useful tools for developers. These studies reveal that reachability questions are a central part of understanding and ex-‐ ploring code. A reachability question is a search along paths through code. Developers ask reachability questions when reasoning about causality, ordering, type membership, repeti-‐ tion, and choice. For example, to debug a deadlock, a developer searched downstream for calls acquiring resources to reconstruct how and why resources were acquired. Existing tools make these questions challenging to answer by forcing developers to guess which
Tricorder: Building a program analysis ecosystem.
- In Proceedings of the 37th International Conference on Software Engineering - Volume 1, ICSE ’15,
, 2015
"... Abstract-Static analysis tools help developers find bugs, improve code readability, and ensure consistent style across a project. However, these tools can be difficult to smoothly integrate with each other and into the developer workflow, particularly when scaling to large codebases. We present TRI ..."
Abstract
-
Cited by 4 (1 self)
- Add to MetaCart
(Show Context)
Abstract-Static analysis tools help developers find bugs, improve code readability, and ensure consistent style across a project. However, these tools can be difficult to smoothly integrate with each other and into the developer workflow, particularly when scaling to large codebases. We present TRICORDER, a program analysis platform aimed at building a data-driven ecosystem around program analysis. We present a set of guiding principles for our program analysis tools and a scalable architecture for an analysis platform implementing these principles. We include an empirical, in-situ evaluation of the tool as it is used by developers across Google that shows the usefulness and impact of the platform.
Path Projection for User-Centered Static Analysis Tools
"... The research and industrial communities have made great strides in developing sophisticated defect detection tools based on static analysis. However, to date most of the work in this area has focused on developing novel static analysis algorithms, and neglected study of other aspects of static analy ..."
Abstract
-
Cited by 3 (0 self)
- Add to MetaCart
The research and industrial communities have made great strides in developing sophisticated defect detection tools based on static analysis. However, to date most of the work in this area has focused on developing novel static analysis algorithms, and neglected study of other aspects of static analysis tools, in particular user interfaces. In this work, we present a novel user interface toolkit called Path Projection that helps users visualize, navigate, and understand program paths, a common component of many static analysis tools ’ error reports. We performed a controlled user study to measure the benefit of Path Projection in triaging error reports from Locksmith, a data race detection tool for C. We found that Path Projection improved participants’ time to complete this task, without affecting accuracy, and that participants felt Path Projection was useful.
Designing useful tools for developers
- Work-‐ shop on Evaluation and Usability of Programming Languages and Tools (PLAT-‐ EAU
, 2011
"... Designing useful tools for developers requires identifying and understanding an important problem developers face and designing a solution that addresses this problem. This paper describes a design process that uses data to understand problems, design solutions, and evaluate solutions’ usefulness. ..."
Abstract
-
Cited by 1 (1 self)
- Add to MetaCart
(Show Context)
Designing useful tools for developers requires identifying and understanding an important problem developers face and designing a solution that addresses this problem. This paper describes a design process that uses data to understand problems, design solutions, and evaluate solutions’ usefulness.
General Terms
"... Designing useful tools for developers requires identifying and understanding an important problem developers face and designing a solution that addresses this problem. This paper describes a design process that uses data to understand problems, design solutions, and evaluate solutions’ usefulness. C ..."
Abstract
- Add to MetaCart
(Show Context)
Designing useful tools for developers requires identifying and understanding an important problem developers face and designing a solution that addresses this problem. This paper describes a design process that uses data to understand problems, design solutions, and evaluate solutions’ usefulness. Categories and Subject Descriptors D.2.6 [Software
Triaging Checklists: a Substitute for a PhD in Static Analysis
"... Static analysis tools have achieved great success in recent years in automating the process of detecting defects in software. However, these sophisticated tools have yet to gain widespread adoption, since many of these tools remain too difficult to understand and use. In previous work, we discovered ..."
Abstract
- Add to MetaCart
(Show Context)
Static analysis tools have achieved great success in recent years in automating the process of detecting defects in software. However, these sophisticated tools have yet to gain widespread adoption, since many of these tools remain too difficult to understand and use. In previous work, we discovered that even with an effective code visualization tool, users still found it hard to determine if warnings reported by these tools were true errors or false warnings. The fundamental problem users face is to understand enough of the underlying algorithm to determine if a warning is caused by imprecision in the algorithm, a challenge that even experts with PhDs may take a while to achieve. In our current work, we propose to use triaging checklists to provide users with systematic guidance to identify false warnings by taking into account specific sources of imprecision in the particular tool. Additionally, we plan to provide checklist assistants, which is a library of simple analyses designed to aid users in answering checklist questions. 1.
unknown title
"... In May 2009, Google conducted a company wide FindBugs “fixit”. Hundreds of engineers reviewed thousands of Find-Bugs warnings, and fixed or filed reports against many of them. In this paper, we discuss the lessons learned from this exercise, and analyze the resulting dataset, which contains data abo ..."
Abstract
- Add to MetaCart
(Show Context)
In May 2009, Google conducted a company wide FindBugs “fixit”. Hundreds of engineers reviewed thousands of Find-Bugs warnings, and fixed or filed reports against many of them. In this paper, we discuss the lessons learned from this exercise, and analyze the resulting dataset, which contains data about how warnings in each bug pattern were classified. Significantly, we observed that even though most issues were flagged for fixing, few appeared to be causing any serious problems in production. This suggests that most interesting software quality problems were eventually found and fixed without FindBugs, but FindBugs could have found these problems early, when they are cheap to remediate. We compared this observation to bug trends observed in code snapshots from student projects. The full dataset from the Google fixit, with confidential details encrypted, will be published along with this paper.
Instrumenting Static Analysis Tools on the Desktop
"... At Microsoft we use a number of static analysis tools to ensure the quality of the code we produce. Over several years, we have solved problems associated with deploying these tools in a large development environment, including problems of performance, policies for using tools, and methods for encou ..."
Abstract
- Add to MetaCart
(Show Context)
At Microsoft we use a number of static analysis tools to ensure the quality of the code we produce. Over several years, we have solved problems associated with deploying these tools in a large development environment, including problems of performance, policies for using tools, and methods for encouraging their usage. One challenge is getting appropriate feedback from users about the effectiveness of these methods. In particular, we do not get feedback about errors and warnings that are found and resolved on the desktop and do not make it into the code repository. To address this problem, we have developed an instrumentation framework called ATMetrics, which allows us to collect usage metrics that we can use to analyze how static analysis tools are used in the field. In this paper, we discuss our experiences putting together this metrics system in a complex industrial setting and shed light on how it can help to guide key business decisions around the deployment of static analysis tools.
