SpringerLink
Log in

An Empirical Study on the Persistence of SpotBugs Issues in Open-Source Software Evolution

  • Conference paper
  • First Online:
Quality of Information and Communications Technology (QUATIC 2020)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 1266))

Abstract

Background. Static analyzers can be useful to software developers in detecting and locating code issues and, in addition, classifying their nature. The main problem of static analyzers, however, is that they may signal too many false alarms. Objective. In this paper, we investigate whether code issues that are detected by SpotBugs persist in software code, or if they get removed. We chose SpotBugs because it is one of the best-known and most used static analyzers. Method. We carried out an empirical study on five open-source Java programs and took into account two versions of each of them, to check whether the issues signaled by SpotBugs on the older version had been removed by the time the newer version was released. A total of 1,006 issues were signaled by SpotBugs. Results. Our results show that about half of the issues signaled disappeared between the two versions, but the correction rate was uneven across projects. Issues about the correctness of software code were more likely to be no longer present in the newer version than other types of warnings. Conclusions. Further investigations are required, to understand why some projects appear more active than others in correcting SpotBugs issues, and why very few high-severity warnings were observed in the analyzed code. Nonetheless, the fact that about half of the issues flagged by SpotBugs were removed indicates that the tool is effective in detecting incorrect or otherwise problematic code.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
EUR 32.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or Ebook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
EUR 29.95
Price includes VAT (Germany)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
EUR 42.79
Price includes VAT (Germany)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
EUR 53.49
Price includes VAT (Germany)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free ship** worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. FindBugs website (2020). http://findbugs.sourceforge.net/

  2. SpotBugs documentation website (2020). https://spotbugs.readthedocs.io/en/latest/

  3. SpotBugs website (2020). https://spotbugs.github.io/

  4. Ayewah, N., Pugh, W., Morgenthaler, J.D., Penix, J., Zhou, Y.: Evaluating static analysis defect warnings on production software (2007)

    Google Scholar 

  5. Canfora, G., Ceccarelli, M., Cerulo, L., Di Penta, M.: How Long Does a Bug Survive? An Empirical Study. In: 2011 18th Working Conference on Reverse Engineering, pp. 191–200 (2011)

    Google Scholar 

  6. Hovemeyer, D., Pugh, W.: Finding bugs is easy. ACM SIGPLAN Not. 39(12), 92–106 (2004)

    Article  Google Scholar 

  7. Li, J., Beba, S., Karlsen, M.M.: Evaluation of open-source IDE plugins for detecting security vulnerabilities. In: EASE, pp. 200–209. ACM (2019)

    Google Scholar 

  8. Rahman, F., Khatri, S., Barr, E.T., Devanbu, P.: Comparing static bug finders and statistical prediction. In: International Conference on Software Engineering, pp. 424–434 (2014)

    Google Scholar 

  9. Rwemalika, R., Kintis, M., Papadakis, M., Le Traon, Y., Lorrach, P.: An industrial study on the differences between pre-release and post-release bugs. In: IEEE International Conference on Software Maintenance and Evolution (ICSME), pp. 92–102 (2019)

    Google Scholar 

  10. Tomassi, D.A.: Bugs in the wild: examining the effectiveness of static analyzers at finding real-world bugs. In: ESEC/FSE 2018, pp. 980–982. ACM (2018)

    Google Scholar 

  11. Vestola, M.: Evaluating and enhancing FindBugs to detect bugs from mature software; case study in valuatum (2012)

    Google Scholar 

  12. Vetrò, A., Morisio, M., Torchiano, M.: An empirical validation of FindBugs issues related to defects. In: EASE, pp. 144–153. IET (2011)

    Google Scholar 

  13. Vetrò, A., Torchiano, M., Morisio, M.: Assessing the precision of FindBugs by mining Java projects developed at a university. In: 7th Mining Software Repositories, pp. 110–113. IEEE (2010)

    Google Scholar 

  14. Zhou, B., Neamtiu, I., Gupta, R.: A cross-platform analysis of bugs and bug-fixing in open source projects: desktop vs. Android vs. IOS. In: 19th EASE. ACM (2015)

    Google Scholar 

Download references

Acknowledgments

This work has been partially supported by the “Fondo di ricerca d’Ateneo” of the Università degli Studi dell’Insubria.

Author information

Authors and Affiliations

  1. Università degli Studi dell’Insubria, Varese, Italy

    Luigi Lavazza, Davide Tosi & Sandro Morasca

Authors
  1. Luigi Lavazza
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Davide Tosi
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Sandro Morasca
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Luigi Lavazza .

Editor information

Editors and Affiliations

  1. Brunel University, London, UK

    Martin Shepperd

  2. Lisbon University Institute, Lisbon, Portugal

    Fernando Brito e Abreu

  3. University of Lisbon, Lisbon, Portugal

    Alberto Rodrigues da Silva

  4. University of Castilla-La Mancha, Talavera de la Reina, Spain

    Ricardo Pérez-Castillo

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Lavazza, L., Tosi, D., Morasca, S. (2020). An Empirical Study on the Persistence of SpotBugs Issues in Open-Source Software Evolution. In: Shepperd, M., Brito e Abreu, F., Rodrigues da Silva, A., Pérez-Castillo, R. (eds) Quality of Information and Communications Technology. QUATIC 2020. Communications in Computer and Information Science, vol 1266. Springer, Cham. https://doi.org/10.1007/978-3-030-58793-2_12

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-58793-2_12

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-58792-5

  • Online ISBN: 978-3-030-58793-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation