Tracking defect warnings across versions

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

Tracking defect warnings across versions

Full text

Pdf (119 KB)

Source

International Conference on Software Engineering archive
Proceedings of the 2006 international workshop on Mining software repositories table of contents

Shanghai, China

SESSION: Defects table of contents

Pages: 133 - 136

Year of Publication: 2006

ISBN:1-59593-397-2

Authors

Jaime Spacco	University of Maryland, College Park, MD
David Hovemeyer	Vassar College, Poughkeepsie, NY
William Pugh	University of Maryland, College Park, MD

Sponsors

ACM: Association for Computing Machinery
SIGSOFT: ACM Special Interest Group on Software Engineering

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 8, Downloads (12 Months): 69, Citation Count: 8

Additional Information:

abstract references cited by index terms collaborative colleagues

Tools and Actions:	Review this Article Save this Article to a Binder Display Formats: BibTex EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/1137983.1138014 What is a DOI?

ABSTRACT

Various static analysis tools will analyze a software artifact in order to identify potential defects, such as misused APIs, race conditions and deadlocks, and security vulnerabilities. For a number of reasons, it is important to be able to track the occurrence of each potential defect over multiple versions of a software artifact understudy: in other words, to determine when warnings reported in multiple versions of the software all correspond the same underlying issue. One motivation for this capability is to remember decisions about code that has been reviewed and found to be safe despite the occurrence of a warning. Another motivation is constructing warning deltas between versions, showing which warnings are new, which have persisted,and which have disappeared. This allows reviewers to focus their efforts on inspecting new warnings. Finally, tracking warnings through a series of software versions reveals where potential defects are introduced and fixed, and how long they persist, exposing interesting trends and patterns.We will discuss two different techniques we have implemented in FindBugs (a static analysis tool to find bugs in Java programs) for tracking defects across versions, discuss their relative merits and how they can be incorporated into the software development process, and discuss the results of tracking defect warnings across Sun's Java runtime library.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Bug tracking across multiple code streams? http://ask.slashdot.org/article.pl?sid=05/10/06/2248259&tid=128, 2006.
	2	bugzilla.org. http://www.bugzilla.org/, 2006.
	3	FindBugs--Find Bugs in Java Programs. http://findbugs.sourceforge.net, 2006.
	4	Fortify Software. http://www.fortifysoftware.com, 2006.
	5	David Hovemeyer , William Pugh, Finding bugs is easy, Companion to the 19th annual ACM SIGPLAN conference on Object-oriented programming systems, languages, and applications, October 24-28, 2004, Vancouver, BC, CANADA [doi>10.1145/1028664.1028717]

CITED BY 8

	Nathaniel Ayewah , William Pugh , J. David Morgenthaler , John Penix , YuQian Zhou, Using FindBugs on production software, Companion to the 22nd ACM SIGPLAN conference on Object oriented programming systems and applications companion, October 21-25, 2007, Montreal, Quebec, Canada
	Jeffrey S. Foster , Michael W. Hicks , William Pugh, Improving software quality with static analysis, Proceedings of the 7th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering, p.83-84, June 13-14, 2007, San Diego, California, USA
	Chadd C. Williams , Jaime W. Spacco, Branching and merging in the repository, Proceedings of the 2008 international working conference on Mining software repositories, May 10-11, 2008, Leipzig, Germany
	Nathaniel Ayewah , William Pugh , J. David Morgenthaler , John Penix , YuQian Zhou, Evaluating static analysis defect warnings on production software, Proceedings of the 7th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering, p.1-8, June 13-14, 2007, San Diego, California, USA
	Sunghun Kim , Michael D. Ernst, Prioritizing Warning Categories by Analyzing Software History, Proceedings of the Fourth International Workshop on Mining Software Repositories, p.27, May 20-26, 2007
	Nathaniel Ayewah , William Pugh, A report on a survey and study of static analysis users, Proceedings of the 2008 workshop on Defects in large software systems, July 20-20, 2008, Seattle, Washington
	Joseph R. Ruthruff , John Penix , J. David Morgenthaler , Sebastian Elbaum , Gregg Rothermel, Predicting accurate and actionable static analysis warnings: an experimental approach, Proceedings of the 30th international conference on Software engineering, May 10-18, 2008, Leipzig, Germany
	Sunghun Kim , Michael D. Ernst, Which warnings should I fix first?, Proceedings of the the 6th joint meeting of the European software engineering conference and the ACM SIGSOFT symposium on The foundations of software engineering, September 03-07, 2007, Dubrovnik, Croatia