DeepAI
Log In Sign Up

The Cost and Benefits of Static Analysis During Development

03/06/2020
by   William R. Nichols Jr, et al.
0

Without quantitative data, deciding whether and how to use static analysis in a development workflow is a matter of expert opinion and guesswork rather than an engineering trade-off. Moreover, relevant data collected under real-world conditions is scarce. Important but unknown quantitative parameters include, but are not limited to, the effort to apply the techniques, the effectiveness of removing defects, where in the workflow the analysis should be applied, and how static analysis interacts with other quality techniques. This study examined the detailed development process data 35 industrial development projects that included static analysis and that were also instrumented with the Team Software Process. We collected data project plans, logs of effort, defect, and size and post mortem reports and analyzed performance of their development activities to populate a parameterized performance model. We compared effort and defect levels with and without static analysis using a planning model that includes feedback for defect removal effectiveness and fix effort. We found evidence that using each tool developers found and removed defects at a higher rate than alternative removal techniques. Moreover, the early and inexpensive removal reduced not only final defect density but also total development effort. The contributions of this paper include real-world benchmarks of process data from projects using static analysis tools, a demonstration of a cost-effectiveness analysis using this data, and a recommendation these tools were consistently cost effective operationally.

READ FULL TEXT

page 1

page 2

page 3

page 4

03/18/2022

Development Effort Estimation in Free/Open Source Software from Activity in Version Control Systems

Effort estimation models are a fundamental tool in software management, ...
05/19/2021

Statistical Learning for Best Practices in Tattoo Removal

The causes behind complications in laser-assisted tattoo removal are cur...
05/04/2021

Interactive Static Software Performance Analysis in the IDE

Detecting performance issues due to suboptimal code during the developme...
04/19/2022

Using a Semantic Knowledge Base to Improve the Management of Security Reports in Industrial DevOps Projects

Integrating security activities into the software development lifecycle ...
06/07/2021

The CESAW dataset: a conversation

An analysis of the 61,817 tasks performed by developers working on 45 pr...