Automatically Fixing Static Analysis Tools Violations
Resumo
Static analysis tools analyze source code to find deviations, or violations, from recommended programming practices defined as rules. A warning is raised when a piece of code violates any rule. Even though these tools can help to identify defects, developers still face several barriers when using them. Among the challenges are the significant number of reported warnings, often caused by false-positives, and the need to devise fixes, a repetitive and error-prone process. In this work, we addressed these two difficulties in two stages: 1) we identified which kind of rules are mostly fixed by Java developers when using SonarQube (a widely used static analysis tools); 2) we implemented a tool that provides automatic fixes for a subset of the previously commonly fixed found rules. The results obtained indicate that providing automatic fixes for commonly fixed warnings is feasible and welcomed by developers.
Palavras-chave:
Static analysis, Software evolution
Referências
Marcilio, D., Bonifácio, R., Monteiro, E., Canedo, E., Luz, W., and Pinto, G. (2019a). Are static analysis violations really fixed?: A closer look at realistic usage of SonarQube. In Proceedings of the 27th International Conference on Program Comprehension, ICPC ’19, pages 209–219, Piscataway, NJ, USA. IEEE Press.
Marcilio, D., Furia, C. A., Bonifácio, R., and Pinto, G. (2019b). Automatically generating fix suggestions in response to static code analysis warnings. In 19th International Working Conference on Source Code Analysis and Manipulation, SCAM 2019, Cleveland, OH, USA, September 30 - October 1, 2019, pages 34–44. IEEE.
Marcilio, D., Furia, C. A., Bonifácio, R., and Pinto, G. (2020). Spongebugs: Automatically generating fix suggestions in response to static code analysis warnings. Journal of Systems and Software.
Marcilio, D., Furia, C. A., Bonifácio, R., and Pinto, G. (2019b). Automatically generating fix suggestions in response to static code analysis warnings. In 19th International Working Conference on Source Code Analysis and Manipulation, SCAM 2019, Cleveland, OH, USA, September 30 - October 1, 2019, pages 34–44. IEEE.
Marcilio, D., Furia, C. A., Bonifácio, R., and Pinto, G. (2020). Spongebugs: Automatically generating fix suggestions in response to static code analysis warnings. Journal of Systems and Software.
Publicado
19/10/2020
Como Citar
MARCILIO, Diego; BONIFÁCIO, Rodrigo.
Automatically Fixing Static Analysis Tools Violations. In: CONCURSO DE TESES E DISSERTAÇÕES EM ENGENHARIA DE SOFTWARE (CTD-ES) - CONGRESSO BRASILEIRO DE SOFTWARE: TEORIA E PRÁTICA (CBSOFT), 11. , 2020, Evento Online.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2020
.
p. 163-164.
DOI: https://doi.org/10.5753/cbsoft_estendido.2020.14625.
