Software quality is becoming more important with the increasing reliance on software systems. There are different ways to ensure quality in software, including code reviews and rigorous testing. Software defects, or bugs, can cost companies significant amounts of money, especially when they lead to software failure.
Static analysis tools provide a means for analyzing code without having to run the code, helping ensure higher quality software throughout the development process. There are a variety of ways to perform automatic static analyses including at the developers request, continuously while creating the software in a development environment, and just before the software is committed to a version control system. The tool may allow the developer to configure what kinds of bugs it finds, and sometimes even define new bug patterns.
Static analysis tools use well-defined programming rules to find defects early in the development process, when they are cheap to fix. For example, there are static analysis tools that can alert developers to synchronization issues which can lead to unsafe thread interactions. Developers have been able to eliminate many defects that were previously overlooked at large companies using the warnings produced by static analysis tools.
Despite the benefits of using static analysis tools to find bugs, consistent usage of these tools is not very frequent. We conducted a user study involving 20 software developers who have an average of about 10 years of experience with using static analysis tools to find bugs. We also discussed the implications of our results.
Our results confirmed that false positives and developer overload play a part in developers’ dissatisfaction with current static analysis tools. Each of the factors presented in this paper should also be considered when implementing a tool that will lead to higher usage of static analysis tools for improving software code quality and maintaining coding standards.
Future static analysis tools could improve adoption by software developers by enhancing support for team development while using static analysis tools, improving integration of the tool into developers’ processes, having intuitive defect presenta- tion and detailed explanation of defects with automatic fixes where appropriate, and including easy and useful configuration options for the tool.
To read this external content in full, download the complete paper from the author archives online at North Carolinia State University.