SCPL: A Markup Language for Source Code Patterns Localization
Resumo
Context: Static analysis tools (SATs) have become commonly used to locate defects in source code. Many SATs allow for development of custom static analysis rules, which intend to help users to find application-specific defects. However, custom static analysis rules are not well adopted in practice. One possible reason for the low adoption is the difficulty to develop custom rules. Aims: In this paper, we present Source Code Pattern Language (SCPL), a pattern-finding language which uses markups in code examples, instead of more complex abstractions, to facilitate development of custom static analysis rules. Method: SCPL uses markups in the source code and tree isomorphism methods to locate the patterns. In order to perform a proof-of-concept, we developed custom static analysis rules to automatically check four GoF design patterns. Result: We spent approximately 30 man-hours to develop 33 custom static analysis rules that automatically check the four design patterns. Conclusion: SCPL provide a rich feature set and potentially facilitates the programming of custom static analysis rules by using markups directly in source code. Video: https://youtu.be/B-Ovi3zurnM