Rahul Kumar
ABSTRACT
Static analysis tools have experienced a dichotomy over the span of the last decade. They have proven themselves to be useful in many domains, but at the same time have not (in general) experienced any notable concrete integration into a development environment. This is partly due to the inherent complexity of the tools themselves, as well as due to other intangible factors. Such factors usually tend to include questions about the return on investment of the tool and the value the tool provides in a development environment. In this paper, we present an empirical model for evaluating static analysis tools from the perspective of the economic value they provide. We further apply this model to a case study of the Static Driver Verier (SDV) tool that ships with the Windows Driver Kit and show the usefulness of the model and the tool.
- T. Ball, B. Cook, V. Levin, and S. K. Rajamani. Slam and static driver verifier: Technology transfer of formal methods inside microsoft. In Integrated formal methods, pages 1–20. Springer, 2004.Google Scholar
- P. J. Guo, T. Zimmermann, N. Nagappan, and B. Murphy. Characterizing and predicting which bugs get fixed: An empirical study of microsoft windows. In Software Engineering, 2010 ACM/IEEE 32nd International Conference on, volume 1, pages 495–504. IEEE, 2010. Google ScholarDigital Library
- P. J. Guo, T. Zimmermann, N. Nagappan, and B. Murphy. Not my bug! and other reasons for software bug report reassignments. In Proceedings of the ACM 2011 conference on Computer supported cooperative work, pages 395–404. ACM, 2011. Google ScholarDigital Library
- G. J. Holzmann. Economics of software verification. In Proceedings of the 2001 ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering, pages 80–89. ACM, 2001. Google ScholarDigital Library
- S. T. Knox. Modeling the cost of software quality. Digital Technical Journal, 5:9–9, 1993. Google ScholarDigital Library
- M. Lata and R. Kumar. An approach to optimize the cost of software quality assurance analysis. International Journal of Computer Applications, 5(8), 2010.Google ScholarCross Ref
- MSDN. Code analysis for drivers. http://msdn.microsoft.com/en-us/library/ windows/hardware/hh454182(v=vs.85).aspx, 2012.Google Scholar
- MSDN. Driver verifier. http://msdn.microsoft.com/en-us/library/ windows/hardware/ff545448(v=vs.85).aspx, 2012.Google Scholar
- S. Sinofsky. Building robust USB 3.0 support. http://blogs.msdn.com/b/b8/archive/2011/08/22/ building-robust-usb-3-0-support.aspx, 2011.Google Scholar
- S. Wagner and T. Seifert. Software quality economics for defect-detection techniques using failure prediction. In ACM SIGSOFT Software Engineering Notes, volume 30, pages 1–6. ACM, 2005. Google ScholarDigital Library
Index Terms
- The economics of static analysis tools
Recommendations
Can static analysis tools find more defects?: A qualitative study of design rule violations found by code review
AbstractStatic analysis tools find defects in code, checking code against rules to reveal potential defects. Many studies have evaluated these tools by measuring their ability to detect known defects in code. But these studies measure the current state of ...
Static analysis tools as early indicators of pre-release defect density
ICSE '05: Proceedings of the 27th international conference on Software engineeringDuring software development it is helpful to obtain early estimates of the defect density of software components. Such estimates identify fault-prone areas of code requiring further testing. We present an empirical approach for the early prediction of ...
Of Massive Static Analysis Data
SERE-C '13: Proceedings of the 2013 IEEE Seventh International Conference on Software Security and Reliability CompanionThe Software Assurance Metrics and Tool Evaluation (SAMATE) project at the National Institute of Standards and Technology (NIST) has organized four Static Analysis Tool Expositions (SATE). SATE is designed to advance research in static analysis tools ...
Comments