Towards Practical Reuse of Custom Static Analysis Rules for Defect Localization


[Context] Several static analysis tools allow the development of custom rules for locating application-specific defects. Although this feature is powerful and commonly available, it is not well explored in practice. Custom static analysis rules can check design and policies that are shared between applications, allowing the reuse of rules. However, the benefits, scope, and concerns that software engineers should have on reusing custom static analysis rules are unknown. [Goal] In this preliminary study, we investigate the reuse of custom static analysis rules produced by applying Pattern-Driven Maintenance (PDM). PDM is a method to locate defect patterns in web applications that produces custom static analysis rules as output. [Method] We selected a set of rules produced by a previous usage of the PDM method and applied them to other three applications in two contexts, within the same company where the rules were produced, and in other companies. [Results] We successfully reused some rules in both scenarios with minor adjustments, finding new defects to be fixed. The reuse of rules could discard from 58-90% of source code locations found by a naive search for the defects, reducing verification effort. However, the reused rules need adjustments to improve precision for defect localization, as precision ranged from 40-75%. Finally, we identified factors that have an impact on reusing custom rules. [Conclusions] We put forward that reusing customized static analysis rules can be beneficial, in particular when similarities in the architecture and programming style are observed. However, adjustment of the rules might be needed to enable effective reuse. We shared our insights and methodology on how to reuse custom static analysis rules properly.
Palavras-chave: Custom static analysis rules, reuse, pattern-driven maintenance
MENDONÇA, Diogo Silveira; KALINOWSKI, Marcos. Towards Practical Reuse of Custom Static Analysis Rules for Defect Localization. In: SIMPÓSIO BRASILEIRO DE QUALIDADE DE SOFTWARE (SBQS), 19. , 2020, São Luiz do Maranhão. Anais [...]. Porto Alegre: Sociedade Brasileira de Computação, 2020 . p. 234-243.