SlideShare a Scribd company logo

Automatically Customizing Static Analysis Tools to Coding Rules Really Followed by Developers

Download as PPTX, PDF
Y
Yuki Ueda

The document discusses a system called linter-maintainer that customizes static analysis tools to align with the coding rules actually followed by developers, aiming to reduce false positives and negatives in code analysis. It details a study involving four JavaScript projects, revealing that a significant percentage of rules were not default or were ignored by developers. The preliminary evaluations show that the tool effectively reduces false positives by over 49% while tracing the latest followed coding rules.

Software
1 of 18
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
Automatically Customizing Static Analysis Tools to Coding Rules Really Followed by Developers Yuki Ueda, Takashi Ishio and Kenichi Matsumoto Nara Institute of Science and Technology SANER2021
Static Analysis Tools or Linters 2 Static analysis tools or linters can detect: 1. Security Vulnerabilities, 2. Performance Issues, 3. Bad Programming Practices, Code Smells These violations are defined by Coding Rules
Example of coding rule violations 3 if (a=b) { return True } else { threw new Error(); } return False JavaScript Rule 1: Limit the assignment in conditional statement a=b a==b
Example of coding rule violations 4 if (a=b) { return True } else { threw new Error(); } return False JavaScript Rule 2: Limit the unreachable code return False
Linters in SE Research 5 Code Review [1] [1] Carvalho, A., Luz, W., Marc´ılio, D., Bonif´acio, R.,Pinto, G. and Canedo, E. D.: C-3PR: A Bot for Fixing Static Analysis Violations via Pull Requests, SANER’20 [2] Bavishi, Rohan, Hiroaki Yoshida, and Mukul R. Prasad. "Phoenix: Automated data-driven synthesis of repairs for static analysis violations." ESEC/FSE’19 [3] Trautsch, Alexander, Steffen Herbold, and Jens Grabowski. "Static source code metrics and static analysis warnings for fine-grained just-in-time defect prediction." ICSME’20 Defect Prediction [3] Bug Repair [2]
Linters in SE Research 6 Code Review [1] These Studies Assume the Linters Are Correct [1] Carvalho, A., Luz, W., Marc´ılio, D., Bonif´acio, R.,Pinto, G. and Canedo, E. D.: C-3PR: A Bot for Fixing Static Analysis Violations via Pull Requests, SANER’20 [2] Bavishi, Rohan, Hiroaki Yoshida, and Mukul R. Prasad. "Phoenix: Automated data-driven synthesis of repairs for static analysis violations." ESEC/FSE’19 [3] Trautsch, Alexander, Steffen Herbold, and Jens Grabowski. "Static source code metrics and static analysis warnings for fine-grained just-in-time defect prediction." ICSME’20 Defect Prediction [3] Bug Repair [2]
Default Rules != Followed Rules 7 Dataset: 4 JavaScript Projects • Used in BugsJS [4] • Using ESLint [5] [4] Gyimesi, Péter, et al. "BUGSJS: a benchmark and taxonomy of JavaScript bugs." Software Testing, Verification and Reliability (2019): e1751. [5] N. C. Zakas, B. Mills, T. Nagashima, and M. Djermanovic, “ES-Lint - Pluggable JavaScript linter,” https://eslint.org/, 2020 N = 241 Default Rules: 57 Non-default Rules: 184 Followed by All Projects: 64 True Positives: 38 False Negatives: 26 Unfollowed by 1+ Projects: 177 False: Positives: 19 True Negatives: 158 1. 40% (26 / 64) of followed rules are not default
Default Rules != Followed Rules 8 N = 241 Default Rules: 57 Non-default Rules: 184 Followed by All Projects: 64 True Positives: 38 False Negatives: 26 Unfollowed by 1+ Projects: 177 False: Positives: 19 True Negatives: 158 1. 40% (26 / 64) of followed rules are not default 2. 33% (19 / 57) of default rules are ignored Dataset: 4 JavaScript Projects • Used in BugsJS [4] • Using ESLint [5] [4] Gyimesi, Péter, et al. "BUGSJS: a benchmark and taxonomy of JavaScript bugs." Software Testing, Verification and Reliability (2019): e1751. [5] N. C. Zakas, B. Mills, T. Nagashima, and M. Djermanovic, “ES-Lint - Pluggable JavaScript linter,” https://eslint.org/, 2020
Default Rules != Followed Rules 9 N = 241 Default Rules: 57 Non-default Rules: 184 Followed by All Projects: 64 True Positives: 38 False Negatives: 26 Unfollowed by 1+ Projects: 177 False: Positives: 19 True Negatives: 158 1. 40% (26 / 64) of followed rules are not default 2. 33% (19 / 57) of default rules are ignored Dataset: 4 JavaScript Projects • Used in BugsJS [4] • Using ESLint [5] [4] Gyimesi, Péter, et al. "BUGSJS: a benchmark and taxonomy of JavaScript bugs." Software Testing, Verification and Reliability (2019): e1751. [5] N. C. Zakas, B. Mills, T. Nagashima, and M. Djermanovic, “ES-Lint - Pluggable JavaScript linter,” https://eslint.org/, 2020 Linter Rules should be customized
Goal: Optimizing the Coding Rules 1. Reduce False Negative (non-default but followed) rules Enabling the rules that are followed by the all of project files 2. Reduce False Positive (default but unfollowed) rules Disabling the rules that are violated by the one or more files 10
Linter-Maintainer: Tracing Followed Coding Rules 11 Project Code Files Coding Rule Configuration File Followed Rule List When developer installed linter, execute Input Output $linter-maintainer --generate --eslint-js ./your/project/path > .eslintrc.json
Evaluation Process 1 / 4 12 Generate Version 1.0.0 Configuration File 1.0.0
Evaluation Process 2 / 4 13 Apply and Calc False Positive/Negative Version 1.0.1 Version 1.0.0 Configuration File 1.0.0
Evaluation Process 3 / 4 14 Generate Version 1.0.1 Version 1.0.2 Configuration File 1.0.1
Evaluation Process 4 / 4 15 Version 1.0.2 Apply both of Major and Maintainance Rules Version 1.0.1 Version 1.0.0 Configuration File 1.0.0 Configuration File 1.0.1
Rule Updates Reduce Median False Positives by >49% 16 0.00-0.89 Precision 1.00 0.70-0.99 Maintainance Major 0.00-0.39 Recall 1.00 0.88-0.99 Original 1.0.0 -> 1.0.2 1.0.1 -> 1.0.2
Rule Updates Reduce Median False Positives by >49% 17 0.00-0.89 Precision 1.00 0.70-0.99 Maintainance Major 0.00-0.39 Recall 1.00 0.88-0.99 Original Rule updates for each major version are effective enough 1.0.0 -> 1.0.2 1.0.1 -> 1.0.2
Conclusion • Linter-Maintainer traces the latest followed rules • Linter-maintainer reduced false negatives by >49% Future Plan • Increasing evaluated languages and projects • Improving rule selecting approach by using Git history 18 Install Source Unsupported Supported Evaluated C/C++ Java JavaScript Ruby Python TypeScript

More Related Content

PPTX
Impact of Coding Style Checker on Code Review -A case study on the OpenStack ...
Yuki Ueda
 
PPT
Using Developer Information as a Prediction Factor
Tim Menzies
 
PPT
Assessing the Reliability of a Human Estimator
Tim Menzies
 
PDF
Reproducible Crashes: Fuzzing Pharo by Mutating the Test Methods
University of Antwerp
 
PDF
Mobile trends v3.0
Samer Desouky
 
PPT
Complexity Measures for Secure Service-Orieted Software Architectures
Tim Menzies
 
ODT
Iseb question from book
Natalia Iurii
 
PDF
Do you have a #bug? Your unit tests are not well planned
José San Román A. de Lara
 
Impact of Coding Style Checker on Code Review -A case study on the OpenStack ...
Yuki Ueda
 
Using Developer Information as a Prediction Factor
Tim Menzies
 
Assessing the Reliability of a Human Estimator
Tim Menzies
 
Reproducible Crashes: Fuzzing Pharo by Mutating the Test Methods
University of Antwerp
 
Mobile trends v3.0
Samer Desouky
 
Complexity Measures for Secure Service-Orieted Software Architectures
Tim Menzies
 
Iseb question from book
Natalia Iurii
 
Do you have a #bug? Your unit tests are not well planned
José San Román A. de Lara
 

What's hot (20)

PPT
Crowd debugging (FSE 2015)
Sung Kim
 
PPTX
Software Testing and Quality Assurance (Error, Bug, Fault)
Yogesh Late
 
PDF
Leveraging HPC Resources to Improve the Experimental Design of Software Analy...
Chakkrit (Kla) Tantithamthavorn
 
PPTX
Developer + tester = quality++
Mikalai Alimenkou
 
PDF
Www.istqb.guru istqb question-paper5
Tomas Vileikis
 
PDF
Personalized Defect Prediction
Sung Kim
 
PPT
Introduction to software engineering
สาโรจน์ แสงผ่องอำไพ
 
PDF
Istqb question-paper-dump-2
TestingGeeks
 
ODT
FEB-08 ISTQB PAPER
Suhas Yerrapureddy
 
PPT
Thinking in software testing
สาโรจน์ แสงผ่องอำไพ
 
ODT
AUG-17 (2013) ISTQB PAPER
Suhas Yerrapureddy
 
PDF
Software testing
prasad g
 
PDF
Software testing lab manual
Tanzeem Syed
 
PDF
Block 1 ms-034 unit-1
Nirmal Jasmatiya
 
PDF
Can Automated Impact Analysis Technique Help Predicting Decaying Modules?
Institute of Science Tokyo
 
PDF
312 50-demo
Tomas Vileikis
 
PDF
Wa
Tomas Vileikis
 
PDF
When Testing Meets Code Review: Why and How Developers Review Tests
Delft University of Technology
 
PDF
Istqb question-paper-dump-3
TestingGeeks
 
PDF
Istqb question-paper-dump-5
TestingGeeks
 
Crowd debugging (FSE 2015)
Sung Kim
 
Software Testing and Quality Assurance (Error, Bug, Fault)
Yogesh Late
 
Leveraging HPC Resources to Improve the Experimental Design of Software Analy...
Chakkrit (Kla) Tantithamthavorn
 
Developer + tester = quality++
Mikalai Alimenkou
 
Www.istqb.guru istqb question-paper5
Tomas Vileikis
 
Personalized Defect Prediction
Sung Kim
 
Introduction to software engineering
สาโรจน์ แสงผ่องอำไพ
 
Istqb question-paper-dump-2
TestingGeeks
 
FEB-08 ISTQB PAPER
Suhas Yerrapureddy
 
Thinking in software testing
สาโรจน์ แสงผ่องอำไพ
 
AUG-17 (2013) ISTQB PAPER
Suhas Yerrapureddy
 
Software testing
prasad g
 
Software testing lab manual
Tanzeem Syed
 
Block 1 ms-034 unit-1
Nirmal Jasmatiya
 
Can Automated Impact Analysis Technique Help Predicting Decaying Modules?
Institute of Science Tokyo
 
312 50-demo
Tomas Vileikis
 
Wa
Tomas Vileikis
 
When Testing Meets Code Review: Why and How Developers Review Tests
Delft University of Technology
 
Istqb question-paper-dump-3
TestingGeeks
 
Istqb question-paper-dump-5
TestingGeeks
 
Ad

Similar to Automatically Customizing Static Analysis Tools to Coding Rules Really Followed by Developers (20)

PDF
1506.08725v1
Sandeep Sivanandan
 
PDF
Mining Fix Patterns for FindBugs Violations
Dongsun Kim
 
PDF
Machine programming
DESMOND YUEN
 
PPTX
How to improve code quality for iOS apps?
Kate Semizhon
 
PPTX
Static code analyzers as a DevSecOps solution
Andrey Karpov
 
PDF
01 - Course setup software sustainability
Seyidali
 
PDF
boughtonalexand jdjdjfjjfjfjfjnfjfjjjfkdifij
akd3143
 
PPTX
Code Coverage and Test Suite Effectiveness: Empirical Study with Real Bugs in...
Pavneet Singh Kochhar
 
PDF
Problems of testing 64-bit applications
PVS-Studio
 
PDF
poster_3.0
Stefano Sansone
 
PDF
Improvement of Software Maintenance and Reliability using Data Mining Techniques
ijdmtaiir
 
DOC
V1_I2_2012_Paper3.doc
praveena06
 
PPTX
Static analysis by tools
winy setya ningrum
 
PDF
Istqb question-paper-dump-1
TestingGeeks
 
PPT
Final Survey On Rule Base Development Slideshare
Valentin Zacharias
 
PDF
5 Ways to Accelerate Standards Compliance with Static Code Analysis
Perforce
 
PDF
Vulnerability Detection Based on Git History
Kenta Yamamoto
 
PPTX
Characterizing Defective Configuration Scripts Used for Continuous Deployment
Akond Rahman
 
PPTX
debuggingSession.pptx
marawanwael
 
PPTX
No liftoff, touchdown, or heartbeat shall miss because of a software failure
Rogue Wave Software
 
1506.08725v1
Sandeep Sivanandan
 
Mining Fix Patterns for FindBugs Violations
Dongsun Kim
 
Machine programming
DESMOND YUEN
 
How to improve code quality for iOS apps?
Kate Semizhon
 
Static code analyzers as a DevSecOps solution
Andrey Karpov
 
01 - Course setup software sustainability
Seyidali
 
boughtonalexand jdjdjfjjfjfjfjnfjfjjjfkdifij
akd3143
 
Code Coverage and Test Suite Effectiveness: Empirical Study with Real Bugs in...
Pavneet Singh Kochhar
 
Problems of testing 64-bit applications
PVS-Studio
 
poster_3.0
Stefano Sansone
 
Improvement of Software Maintenance and Reliability using Data Mining Techniques
ijdmtaiir
 
V1_I2_2012_Paper3.doc
praveena06
 
Static analysis by tools
winy setya ningrum
 
Istqb question-paper-dump-1
TestingGeeks
 
Final Survey On Rule Base Development Slideshare
Valentin Zacharias
 
5 Ways to Accelerate Standards Compliance with Static Code Analysis
Perforce
 
Vulnerability Detection Based on Git History
Kenta Yamamoto
 
Characterizing Defective Configuration Scripts Used for Continuous Deployment
Akond Rahman
 
debuggingSession.pptx
marawanwael
 
No liftoff, touchdown, or heartbeat shall miss because of a software failure
Rogue Wave Software
 
Ad

Recently uploaded (20)

PPTX
Lecture 3: Operating Systems Introduction to Computer Hardware Systems
hci7se
 
PPTX
ai tools demonstartion for schools and inter college
harshavardhanreddyka11
 
PDF
Understanding Forklifts - TECH EHS Solution
TECH EHS Solution
 
PPTX
Agentic AI : A Practical Guide. Undersating, Implementing and Scaling Autono...
IT IDOL Technologies
 
PDF
AI in Product Development-omnex systems
omnex systems
 
PDF
Navsoft: AI-Powered Business Solutions & Custom Software Development
Navsoft
 
PPTX
VVF-Customer-Presentation2025-Ver1.9.pptx
blackmambaettijean
 
PDF
Why TechBuilder is the Future of Pickup and Delivery App Development (1).pdf
TechBuilder
 
PPTX
Agentic AI Use Case- Contract Lifecycle Management (CLM).pptx
mhxyzzp
 
PDF
T3DD25 TYPO3 Content Blocks - Deep Dive by André Kraus
Andre Kraus
 
PDF
Digital Strategies for Manufacturing Companies
Virendra Rai, PMP
 
PDF
How to Choose the Right IT Partner for Your Business in Malaysia
Asian Business Services & Technologies
 
PDF
Flood Susceptibility Mapping Using Image-Based 2D-CNN Deep Learnin. Overview ...
lawrenceomai2
 
PPTX
Oracle E-Business Suite: A Comprehensive Guide for Modern Enterprises
Conacent Consulting
 
PDF
top salesforce developer skills in 2025.pdf
CloudMetic
 
PDF
Adobe Premiere Pro 2025 (v24.5.0.057) Crack free
ghrom2211g
 
PDF
Nekopoi APK 2025 free lastest update
umarali35kp
 
PDF
Claude Code: Everyone is a 10x Developer - A Comprehensive AI-Powered CLI Tool
William Chong
 
PDF
Raksha Bandhan Grocery Pricing Trends in India 2025.pdf
Actowiz Solustions
 
PDF
System and Network Administraation Chapter 3
jaramharo
 
Lecture 3: Operating Systems Introduction to Computer Hardware Systems
hci7se
 
ai tools demonstartion for schools and inter college
harshavardhanreddyka11
 
Understanding Forklifts - TECH EHS Solution
TECH EHS Solution
 
Agentic AI : A Practical Guide. Undersating, Implementing and Scaling Autono...
IT IDOL Technologies
 
AI in Product Development-omnex systems
omnex systems
 
Navsoft: AI-Powered Business Solutions & Custom Software Development
Navsoft
 
VVF-Customer-Presentation2025-Ver1.9.pptx
blackmambaettijean
 
Why TechBuilder is the Future of Pickup and Delivery App Development (1).pdf
TechBuilder
 
Agentic AI Use Case- Contract Lifecycle Management (CLM).pptx
mhxyzzp
 
T3DD25 TYPO3 Content Blocks - Deep Dive by André Kraus
Andre Kraus
 
Digital Strategies for Manufacturing Companies
Virendra Rai, PMP
 
How to Choose the Right IT Partner for Your Business in Malaysia
Asian Business Services & Technologies
 
Flood Susceptibility Mapping Using Image-Based 2D-CNN Deep Learnin. Overview ...
lawrenceomai2
 
Oracle E-Business Suite: A Comprehensive Guide for Modern Enterprises
Conacent Consulting
 
top salesforce developer skills in 2025.pdf
CloudMetic
 
Adobe Premiere Pro 2025 (v24.5.0.057) Crack free
ghrom2211g
 
Nekopoi APK 2025 free lastest update
umarali35kp
 
Claude Code: Everyone is a 10x Developer - A Comprehensive AI-Powered CLI Tool
William Chong
 
Raksha Bandhan Grocery Pricing Trends in India 2025.pdf
Actowiz Solustions
 
System and Network Administraation Chapter 3
jaramharo
 

Automatically Customizing Static Analysis Tools to Coding Rules Really Followed by Developers

  • 1. Automatically Customizing Static Analysis Tools to Coding Rules Really Followed by Developers Yuki Ueda, Takashi Ishio and Kenichi Matsumoto Nara Institute of Science and Technology SANER2021
  • 2. Static Analysis Tools or Linters 2 Static analysis tools or linters can detect: 1. Security Vulnerabilities, 2. Performance Issues, 3. Bad Programming Practices, Code Smells These violations are defined by Coding Rules
  • 3. Example of coding rule violations 3 if (a=b) { return True } else { threw new Error(); } return False JavaScript Rule 1: Limit the assignment in conditional statement a=b a==b
  • 4. Example of coding rule violations 4 if (a=b) { return True } else { threw new Error(); } return False JavaScript Rule 2: Limit the unreachable code return False
  • 5. Linters in SE Research 5 Code Review [1] [1] Carvalho, A., Luz, W., Marc´ılio, D., Bonif´acio, R.,Pinto, G. and Canedo, E. D.: C-3PR: A Bot for Fixing Static Analysis Violations via Pull Requests, SANER’20 [2] Bavishi, Rohan, Hiroaki Yoshida, and Mukul R. Prasad. "Phoenix: Automated data-driven synthesis of repairs for static analysis violations." ESEC/FSE’19 [3] Trautsch, Alexander, Steffen Herbold, and Jens Grabowski. "Static source code metrics and static analysis warnings for fine-grained just-in-time defect prediction." ICSME’20 Defect Prediction [3] Bug Repair [2]
  • 6. Linters in SE Research 6 Code Review [1] These Studies Assume the Linters Are Correct [1] Carvalho, A., Luz, W., Marc´ılio, D., Bonif´acio, R.,Pinto, G. and Canedo, E. D.: C-3PR: A Bot for Fixing Static Analysis Violations via Pull Requests, SANER’20 [2] Bavishi, Rohan, Hiroaki Yoshida, and Mukul R. Prasad. "Phoenix: Automated data-driven synthesis of repairs for static analysis violations." ESEC/FSE’19 [3] Trautsch, Alexander, Steffen Herbold, and Jens Grabowski. "Static source code metrics and static analysis warnings for fine-grained just-in-time defect prediction." ICSME’20 Defect Prediction [3] Bug Repair [2]
  • 7. Default Rules != Followed Rules 7 Dataset: 4 JavaScript Projects • Used in BugsJS [4] • Using ESLint [5] [4] Gyimesi, Péter, et al. "BUGSJS: a benchmark and taxonomy of JavaScript bugs." Software Testing, Verification and Reliability (2019): e1751. [5] N. C. Zakas, B. Mills, T. Nagashima, and M. Djermanovic, “ES-Lint - Pluggable JavaScript linter,” https://eslint.org/, 2020 N = 241 Default Rules: 57 Non-default Rules: 184 Followed by All Projects: 64 True Positives: 38 False Negatives: 26 Unfollowed by 1+ Projects: 177 False: Positives: 19 True Negatives: 158 1. 40% (26 / 64) of followed rules are not default
  • 8. Default Rules != Followed Rules 8 N = 241 Default Rules: 57 Non-default Rules: 184 Followed by All Projects: 64 True Positives: 38 False Negatives: 26 Unfollowed by 1+ Projects: 177 False: Positives: 19 True Negatives: 158 1. 40% (26 / 64) of followed rules are not default 2. 33% (19 / 57) of default rules are ignored Dataset: 4 JavaScript Projects • Used in BugsJS [4] • Using ESLint [5] [4] Gyimesi, Péter, et al. "BUGSJS: a benchmark and taxonomy of JavaScript bugs." Software Testing, Verification and Reliability (2019): e1751. [5] N. C. Zakas, B. Mills, T. Nagashima, and M. Djermanovic, “ES-Lint - Pluggable JavaScript linter,” https://eslint.org/, 2020
  • 9. Default Rules != Followed Rules 9 N = 241 Default Rules: 57 Non-default Rules: 184 Followed by All Projects: 64 True Positives: 38 False Negatives: 26 Unfollowed by 1+ Projects: 177 False: Positives: 19 True Negatives: 158 1. 40% (26 / 64) of followed rules are not default 2. 33% (19 / 57) of default rules are ignored Dataset: 4 JavaScript Projects • Used in BugsJS [4] • Using ESLint [5] [4] Gyimesi, Péter, et al. "BUGSJS: a benchmark and taxonomy of JavaScript bugs." Software Testing, Verification and Reliability (2019): e1751. [5] N. C. Zakas, B. Mills, T. Nagashima, and M. Djermanovic, “ES-Lint - Pluggable JavaScript linter,” https://eslint.org/, 2020 Linter Rules should be customized
  • 10. Goal: Optimizing the Coding Rules 1. Reduce False Negative (non-default but followed) rules Enabling the rules that are followed by the all of project files 2. Reduce False Positive (default but unfollowed) rules Disabling the rules that are violated by the one or more files 10
  • 11. Linter-Maintainer: Tracing Followed Coding Rules 11 Project Code Files Coding Rule Configuration File Followed Rule List When developer installed linter, execute Input Output $linter-maintainer --generate --eslint-js ./your/project/path > .eslintrc.json
  • 12. Evaluation Process 1 / 4 12 Generate Version 1.0.0 Configuration File 1.0.0
  • 13. Evaluation Process 2 / 4 13 Apply and Calc False Positive/Negative Version 1.0.1 Version 1.0.0 Configuration File 1.0.0
  • 14. Evaluation Process 3 / 4 14 Generate Version 1.0.1 Version 1.0.2 Configuration File 1.0.1
  • 15. Evaluation Process 4 / 4 15 Version 1.0.2 Apply both of Major and Maintainance Rules Version 1.0.1 Version 1.0.0 Configuration File 1.0.0 Configuration File 1.0.1
  • 16. Rule Updates Reduce Median False Positives by >49% 16 0.00-0.89 Precision 1.00 0.70-0.99 Maintainance Major 0.00-0.39 Recall 1.00 0.88-0.99 Original 1.0.0 -> 1.0.2 1.0.1 -> 1.0.2
  • 17. Rule Updates Reduce Median False Positives by >49% 17 0.00-0.89 Precision 1.00 0.70-0.99 Maintainance Major 0.00-0.39 Recall 1.00 0.88-0.99 Original Rule updates for each major version are effective enough 1.0.0 -> 1.0.2 1.0.1 -> 1.0.2
  • 18. Conclusion • Linter-Maintainer traces the latest followed rules • Linter-maintainer reduced false negatives by >49% Future Plan • Increasing evaluated languages and projects • Improving rule selecting approach by using Git history 18 Install Source Unsupported Supported Evaluated C/C++ Java JavaScript Ruby Python TypeScript

Editor's Notes

  • #2: Hello, I am Yuki Ueda at Nara Institute of Science and Technology in Japan. Today, I will present about "Automatically Customizing Static Analysis Tools to Coding Rules Really Followed by Developers"
  • #3: First, I introduce what static analysis tools and coding rules are. The tools detect Security Vulnerabilities, Performance Issues, and Bad Programming Practices that are called Code Smells. And, Coding rules are documents that defined these violations.
  • #4: As the example, the right side source code violates for two coding rules in JavaScript. First is the assignment in conditional statement it should be double equal
  • #5: Second is unreachable code. The orange code has no impact for the execution process. So, it should be removed. Using static analysis tool, developer can avoid bugs automatically.
  • #6: These tools are not only for the real development.. The linters are also widely used in the software engineering research fields. Such as the Code Review, Auto Bug repair, and Defect Prediction researches.
  • #7: These great studies Assume the Linters violations and rules Are Correct for the developers
  • #8: However widely used coding rules are different with actually followed coding rules. Sometimes coding rules are too much or too little for developers In our preliminary study, we selected 4 JavaScript Projects as the Dataset, these are used in BugsJS for bug benchmark, and using JavaScript Linter ESLint. ESLint has 241 rules and enables only 57 rules. We found two problems in target projects. First for the False Negative, all of the target projects followed 64 rules, however 40% of rules are not enabled as the default rules
  • #9: Another problem is about False Positives. One or more our target projects unfollowed 177 rules. From these rules, 19 rules are enabled as the default rules Not only in our preliminal study, similar results are reported by the many exisitng researches
  • #10: Totally, current linter rules should be customized for the each developers  ここまで5ふん
  • #11: To solving current coding rules problems, our goal is optimizing the linters’ coding rules We have two ideas for the sub-goals. First for the reducing false negative rules. We enable the rules that are followed by the all of the projects’ files Next for the reducing false positve rules. We disable the rules that are violated by the one or more files.
  • #12: To achieve our goals, we developed the tool linter-maintainer, that trace the followed coding rules from project source code files. It is available as the command line interface. As the Input, the tool will use project source code file, and illuminate the followed rule list. Finally as the output, the tool generate linter configuration file
  • #13: In the evaluation process, First we generate linter configuration file that has followed rule list from one versions’ source code files.
  • #14: Next we applied generater configuration file to the next version of source code file. And we caluculate the false positives and false negatives by comparing with configurations rules and latest followed rules.
  • #15: We repeat this process in the next and subsequent versions.
  • #16: Finally, We also evaluated the major, minor, and maintenance version configuration files to investigate the optimal rule update frequency. In that case, we use major versions’ file 1.0.0 and maintainance version file 1.0.1
  • #17: Here is the result for the rule precision and recall from the projects’ original configuration file and our updated configuration files. Totally, our approach improve the both of the values. Especially for the recall, using our tool is effective for finding potential coding rules.
  • #18: Even rough major updates, it is better than nothing.
  • #19: I will summarize our researh We developed the tool Linter-Maintainer that will traces the latest followed rules And in the evaluation, Linter-maintainer reduced false negatives by >49% As the Future Plan Increasing evaluated languages and projects Improving rule selecting approach by using Git history Finally our tool is available as the npm packages and we published our source code on the github from right QR code. Please send me the your feedback. Thank you