Abstract
Background. Static analyzers can be useful to software developers in detecting and locating code issues and, in addition, classifying their nature. The main problem of static analyzers, however, is that they may signal too many false alarms. Objective. In this paper, we investigate whether code issues that are detected by SpotBugs persist in software code, or if they get removed. We chose SpotBugs because it is one of the best-known and most used static analyzers. Method. We carried out an empirical study on five open-source Java programs and took into account two versions of each of them, to check whether the issues signaled by SpotBugs on the older version had been removed by the time the newer version was released. A total of 1,006 issues were signaled by SpotBugs. Results. Our results show that about half of the issues signaled disappeared between the two versions, but the correction rate was uneven across projects. Issues about the correctness of software code were more likely to be no longer present in the newer version than other types of warnings. Conclusions. Further investigations are required, to understand why some projects appear more active than others in correcting SpotBugs issues, and why very few high-severity warnings were observed in the analyzed code. Nonetheless, the fact that about half of the issues flagged by SpotBugs were removed indicates that the tool is effective in detecting incorrect or otherwise problematic code.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
FindBugs website (2020). http://findbugs.sourceforge.net/
SpotBugs documentation website (2020). https://spotbugs.readthedocs.io/en/latest/
SpotBugs website (2020). https://spotbugs.github.io/
Ayewah, N., Pugh, W., Morgenthaler, J.D., Penix, J., Zhou, Y.: Evaluating static analysis defect warnings on production software (2007)
Canfora, G., Ceccarelli, M., Cerulo, L., Di Penta, M.: How Long Does a Bug Survive? An Empirical Study. In: 2011 18th Working Conference on Reverse Engineering, pp. 191–200 (2011)
Hovemeyer, D., Pugh, W.: Finding bugs is easy. ACM SIGPLAN Not. 39(12), 92–106 (2004)
Li, J., Beba, S., Karlsen, M.M.: Evaluation of open-source IDE plugins for detecting security vulnerabilities. In: EASE, pp. 200–209. ACM (2019)
Rahman, F., Khatri, S., Barr, E.T., Devanbu, P.: Comparing static bug finders and statistical prediction. In: International Conference on Software Engineering, pp. 424–434 (2014)
Rwemalika, R., Kintis, M., Papadakis, M., Le Traon, Y., Lorrach, P.: An industrial study on the differences between pre-release and post-release bugs. In: IEEE International Conference on Software Maintenance and Evolution (ICSME), pp. 92–102 (2019)
Tomassi, D.A.: Bugs in the wild: examining the effectiveness of static analyzers at finding real-world bugs. In: ESEC/FSE 2018, pp. 980–982. ACM (2018)
Vestola, M.: Evaluating and enhancing FindBugs to detect bugs from mature software; case study in valuatum (2012)
Vetrò, A., Morisio, M., Torchiano, M.: An empirical validation of FindBugs issues related to defects. In: EASE, pp. 144–153. IET (2011)
Vetrò, A., Torchiano, M., Morisio, M.: Assessing the precision of FindBugs by mining Java projects developed at a university. In: 7th Mining Software Repositories, pp. 110–113. IEEE (2010)
Zhou, B., Neamtiu, I., Gupta, R.: A cross-platform analysis of bugs and bug-fixing in open source projects: desktop vs. Android vs. IOS. In: 19th EASE. ACM (2015)
Acknowledgments
This work has been partially supported by the “Fondo di ricerca d’Ateneo” of the Università degli Studi dell’Insubria.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Lavazza, L., Tosi, D., Morasca, S. (2020). An Empirical Study on the Persistence of SpotBugs Issues in Open-Source Software Evolution. In: Shepperd, M., Brito e Abreu, F., Rodrigues da Silva, A., Pérez-Castillo, R. (eds) Quality of Information and Communications Technology. QUATIC 2020. Communications in Computer and Information Science, vol 1266. Springer, Cham. https://doi.org/10.1007/978-3-030-58793-2_12
Download citation
DOI: https://doi.org/10.1007/978-3-030-58793-2_12
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-58792-5
Online ISBN: 978-3-030-58793-2
eBook Packages: Computer ScienceComputer Science (R0)