YU
Uploaded byYuki Ueda
PPTX, PDF75 views

Automatically Customizing Static Analysis Tools to Coding Rules Really Followed by Developers

The document discusses a system called linter-maintainer that customizes static analysis tools to align with the coding rules actually followed by developers, aiming to reduce false positives and negatives in code analysis. It details a study involving four JavaScript projects, revealing that a significant percentage of rules were not default or were ignored by developers. The preliminary evaluations show that the tool effectively reduces false positives by over 49% while tracing the latest followed coding rules.

Embed presentation

Download to read offline
Automatically Customizing Static Analysis Tools to Coding Rules Really Followed by Developers Yuki Ueda, Takashi Ishio and Kenichi Matsumoto Nara Institute of Science and Technology SANER2021
Static Analysis Tools or Linters 2 Static analysis tools or linters can detect: 1. Security Vulnerabilities, 2. Performance Issues, 3. Bad Programming Practices, Code Smells These violations are defined by Coding Rules
Example of coding rule violations 3 if (a=b) { return True } else { threw new Error(); } return False JavaScript Rule 1: Limit the assignment in conditional statement a=b a==b
Example of coding rule violations 4 if (a=b) { return True } else { threw new Error(); } return False JavaScript Rule 2: Limit the unreachable code return False
Linters in SE Research 5 Code Review [1] [1] Carvalho, A., Luz, W., Marc´ılio, D., Bonif´acio, R.,Pinto, G. and Canedo, E. D.: C-3PR: A Bot for Fixing Static Analysis Violations via Pull Requests, SANER’20 [2] Bavishi, Rohan, Hiroaki Yoshida, and Mukul R. Prasad. "Phoenix: Automated data-driven synthesis of repairs for static analysis violations." ESEC/FSE’19 [3] Trautsch, Alexander, Steffen Herbold, and Jens Grabowski. "Static source code metrics and static analysis warnings for fine-grained just-in-time defect prediction." ICSME’20 Defect Prediction [3] Bug Repair [2]
Linters in SE Research 6 Code Review [1] These Studies Assume the Linters Are Correct [1] Carvalho, A., Luz, W., Marc´ılio, D., Bonif´acio, R.,Pinto, G. and Canedo, E. D.: C-3PR: A Bot for Fixing Static Analysis Violations via Pull Requests, SANER’20 [2] Bavishi, Rohan, Hiroaki Yoshida, and Mukul R. Prasad. "Phoenix: Automated data-driven synthesis of repairs for static analysis violations." ESEC/FSE’19 [3] Trautsch, Alexander, Steffen Herbold, and Jens Grabowski. "Static source code metrics and static analysis warnings for fine-grained just-in-time defect prediction." ICSME’20 Defect Prediction [3] Bug Repair [2]
Default Rules != Followed Rules 7 Dataset: 4 JavaScript Projects • Used in BugsJS [4] • Using ESLint [5] [4] Gyimesi, Péter, et al. "BUGSJS: a benchmark and taxonomy of JavaScript bugs." Software Testing, Verification and Reliability (2019): e1751. [5] N. C. Zakas, B. Mills, T. Nagashima, and M. Djermanovic, “ES-Lint - Pluggable JavaScript linter,” https://eslint.org/, 2020 N = 241 Default Rules: 57 Non-default Rules: 184 Followed by All Projects: 64 True Positives: 38 False Negatives: 26 Unfollowed by 1+ Projects: 177 False: Positives: 19 True Negatives: 158 1. 40% (26 / 64) of followed rules are not default
Default Rules != Followed Rules 8 N = 241 Default Rules: 57 Non-default Rules: 184 Followed by All Projects: 64 True Positives: 38 False Negatives: 26 Unfollowed by 1+ Projects: 177 False: Positives: 19 True Negatives: 158 1. 40% (26 / 64) of followed rules are not default 2. 33% (19 / 57) of default rules are ignored Dataset: 4 JavaScript Projects • Used in BugsJS [4] • Using ESLint [5] [4] Gyimesi, Péter, et al. "BUGSJS: a benchmark and taxonomy of JavaScript bugs." Software Testing, Verification and Reliability (2019): e1751. [5] N. C. Zakas, B. Mills, T. Nagashima, and M. Djermanovic, “ES-Lint - Pluggable JavaScript linter,” https://eslint.org/, 2020
Default Rules != Followed Rules 9 N = 241 Default Rules: 57 Non-default Rules: 184 Followed by All Projects: 64 True Positives: 38 False Negatives: 26 Unfollowed by 1+ Projects: 177 False: Positives: 19 True Negatives: 158 1. 40% (26 / 64) of followed rules are not default 2. 33% (19 / 57) of default rules are ignored Dataset: 4 JavaScript Projects • Used in BugsJS [4] • Using ESLint [5] [4] Gyimesi, Péter, et al. "BUGSJS: a benchmark and taxonomy of JavaScript bugs." Software Testing, Verification and Reliability (2019): e1751. [5] N. C. Zakas, B. Mills, T. Nagashima, and M. Djermanovic, “ES-Lint - Pluggable JavaScript linter,” https://eslint.org/, 2020 Linter Rules should be customized
Goal: Optimizing the Coding Rules 1. Reduce False Negative (non-default but followed) rules Enabling the rules that are followed by the all of project files 2. Reduce False Positive (default but unfollowed) rules Disabling the rules that are violated by the one or more files 10
Linter-Maintainer: Tracing Followed Coding Rules 11 Project Code Files Coding Rule Configuration File Followed Rule List When developer installed linter, execute Input Output $linter-maintainer --generate --eslint-js ./your/project/path > .eslintrc.json
Evaluation Process 1 / 4 12 Generate Version 1.0.0 Configuration File 1.0.0
Evaluation Process 2 / 4 13 Apply and Calc False Positive/Negative Version 1.0.1 Version 1.0.0 Configuration File 1.0.0
Evaluation Process 3 / 4 14 Generate Version 1.0.1 Version 1.0.2 Configuration File 1.0.1
Evaluation Process 4 / 4 15 Version 1.0.2 Apply both of Major and Maintainance Rules Version 1.0.1 Version 1.0.0 Configuration File 1.0.0 Configuration File 1.0.1
Rule Updates Reduce Median False Positives by >49% 16 0.00-0.89 Precision 1.00 0.70-0.99 Maintainance Major 0.00-0.39 Recall 1.00 0.88-0.99 Original 1.0.0 -> 1.0.2 1.0.1 -> 1.0.2
Rule Updates Reduce Median False Positives by >49% 17 0.00-0.89 Precision 1.00 0.70-0.99 Maintainance Major 0.00-0.39 Recall 1.00 0.88-0.99 Original Rule updates for each major version are effective enough 1.0.0 -> 1.0.2 1.0.1 -> 1.0.2
Conclusion • Linter-Maintainer traces the latest followed rules • Linter-maintainer reduced false negatives by >49% Future Plan • Increasing evaluated languages and projects • Improving rule selecting approach by using Git history 18 Install Source Unsupported Supported Evaluated C/C++ Java JavaScript Ruby Python TypeScript

More Related Content

PPTX
Impact of Coding Style Checker on Code Review -A case study on the OpenStack ...
byYuki Ueda
 
PPT
Using Developer Information as a Prediction Factor
byTim Menzies
 
PPT
Assessing the Reliability of a Human Estimator
byTim Menzies
 
PDF
Reproducible Crashes: Fuzzing Pharo by Mutating the Test Methods
byUniversity of Antwerp
 
PDF
Mobile trends v3.0
bySamer Desouky
 
PPT
Complexity Measures for Secure Service-Orieted Software Architectures
byTim Menzies
 
ODT
Iseb question from book
byNatalia Iurii
 
PDF
Do you have a #bug? Your unit tests are not well planned
byJosé San Román A. de Lara
 
Impact of Coding Style Checker on Code Review -A case study on the OpenStack ...
byYuki Ueda
 
Using Developer Information as a Prediction Factor
byTim Menzies
 
Assessing the Reliability of a Human Estimator
byTim Menzies
 
Reproducible Crashes: Fuzzing Pharo by Mutating the Test Methods
byUniversity of Antwerp
 
Mobile trends v3.0
bySamer Desouky
 
Complexity Measures for Secure Service-Orieted Software Architectures
byTim Menzies
 
Iseb question from book
byNatalia Iurii
 
Do you have a #bug? Your unit tests are not well planned
byJosé San Román A. de Lara
 

What's hot

PPT
Crowd debugging (FSE 2015)
bySung Kim
 
PPTX
Software Testing and Quality Assurance (Error, Bug, Fault)
byYogesh Late
 
PDF
Leveraging HPC Resources to Improve the Experimental Design of Software Analy...
byChakkrit (Kla) Tantithamthavorn
 
PPTX
Developer + tester = quality++
byMikalai Alimenkou
 
PDF
Www.istqb.guru istqb question-paper5
byTomas Vileikis
 
PDF
Personalized Defect Prediction
bySung Kim
 
PPT
Introduction to software engineering
byสาโรจน์ แสงผ่องอำไพ
 
PDF
Istqb question-paper-dump-2
byTestingGeeks
 
ODT
FEB-08 ISTQB PAPER
bySuhas Yerrapureddy
 
PPT
Thinking in software testing
byสาโรจน์ แสงผ่องอำไพ
 
ODT
AUG-17 (2013) ISTQB PAPER
bySuhas Yerrapureddy
 
PDF
Software testing
byprasad g
 
PDF
Software testing lab manual
byTanzeem Syed
 
PDF
Block 1 ms-034 unit-1
byNirmal Jasmatiya
 
PDF
Can Automated Impact Analysis Technique Help Predicting Decaying Modules?
byInstitute of Science Tokyo
 
PDF
312 50-demo
byTomas Vileikis
 
PDF
Wa
byTomas Vileikis
 
PDF
When Testing Meets Code Review: Why and How Developers Review Tests
byDelft University of Technology
 
PDF
Istqb question-paper-dump-3
byTestingGeeks
 
PDF
Istqb question-paper-dump-5
byTestingGeeks
 
Crowd debugging (FSE 2015)
bySung Kim
 
Software Testing and Quality Assurance (Error, Bug, Fault)
byYogesh Late
 
Leveraging HPC Resources to Improve the Experimental Design of Software Analy...
byChakkrit (Kla) Tantithamthavorn
 
Developer + tester = quality++
byMikalai Alimenkou
 
Www.istqb.guru istqb question-paper5
byTomas Vileikis
 
Personalized Defect Prediction
bySung Kim
 
Introduction to software engineering
byสาโรจน์ แสงผ่องอำไพ
 
Istqb question-paper-dump-2
byTestingGeeks
 
FEB-08 ISTQB PAPER
bySuhas Yerrapureddy
 
Thinking in software testing
byสาโรจน์ แสงผ่องอำไพ
 
AUG-17 (2013) ISTQB PAPER
bySuhas Yerrapureddy
 
Software testing
byprasad g
 
Software testing lab manual
byTanzeem Syed
 
Block 1 ms-034 unit-1
byNirmal Jasmatiya
 
Can Automated Impact Analysis Technique Help Predicting Decaying Modules?
byInstitute of Science Tokyo
 
312 50-demo
byTomas Vileikis
 
Wa
byTomas Vileikis
 
When Testing Meets Code Review: Why and How Developers Review Tests
byDelft University of Technology
 
Istqb question-paper-dump-3
byTestingGeeks
 
Istqb question-paper-dump-5
byTestingGeeks
 

Similar to Automatically Customizing Static Analysis Tools to Coding Rules Really Followed by Developers

PDF
DLint: dynamically checking bad coding practices in JavaScript (ISSTA'15 Slides)
byLiang Gong
 
PPT
Static Code Analysis and AutoLint
byLeander Hasty
 
PDF
Writing Custom Lint for Android.pdf
byFBeigirad
 
PDF
Don't Leave Windows Broken
byKen William
 
PDF
Achieving quality with tools case study
byEosSoftware
 
PDF
The state of JavaScript Linting - English version
byMichael Kühnel
 
PPT
Static Analysis
byalice yang
 
PDF
An Empirical Study of Refactorings and Technical Debt in Machine Learning Sys...
byRaffi Khatchadourian
 
PDF
20151117 es lint
byNakajima Shigeru
 
PDF
Surviving javascript.pptx
byTamas Rev
 
PPT
Static and Adaptive Bug Fix Patterns
bySung Kim
 
PDF
Mining Source Code Improvement Patterns from Similar Code Review Works
byYuki Ueda
 
PPTX
Understanding the Longevity of Code Smells - Preliminary Results of an Explan...
byroberta arcoverde
 
PPTX
Amin Milani Fard: Directed Model Inference for Testing and Analysis of Web Ap...
byknowdiff
 
PDF
Property-based testing an open-source compiler, pflua (FOSDEM 2015)
byIgalia
 
PPTX
A Multidimensional Empirical Study on Refactoring Activity
byNikolaos Tsantalis
 
PDF
Linter Static Analysis (Scala Workshop 2013)
byHairy Fotr
 
PDF
Presentations Unusual Java Bugs And Detecting Them Using Foss Tools
byGanesh Samarthyam
 
PDF
Can ML help software developers? (TEQnation 2022)
byMaurício Aniche
 
PDF
Software bug prediction
byMuthukumaran Kasinathan
 
DLint: dynamically checking bad coding practices in JavaScript (ISSTA'15 Slides)
byLiang Gong
 
Static Code Analysis and AutoLint
byLeander Hasty
 
Writing Custom Lint for Android.pdf
byFBeigirad
 
Don't Leave Windows Broken
byKen William
 
Achieving quality with tools case study
byEosSoftware
 
The state of JavaScript Linting - English version
byMichael Kühnel
 
Static Analysis
byalice yang
 
An Empirical Study of Refactorings and Technical Debt in Machine Learning Sys...
byRaffi Khatchadourian
 
20151117 es lint
byNakajima Shigeru
 
Surviving javascript.pptx
byTamas Rev
 
Static and Adaptive Bug Fix Patterns
bySung Kim
 
Mining Source Code Improvement Patterns from Similar Code Review Works
byYuki Ueda
 
Understanding the Longevity of Code Smells - Preliminary Results of an Explan...
byroberta arcoverde
 
Amin Milani Fard: Directed Model Inference for Testing and Analysis of Web Ap...
byknowdiff
 
Property-based testing an open-source compiler, pflua (FOSDEM 2015)
byIgalia
 
A Multidimensional Empirical Study on Refactoring Activity
byNikolaos Tsantalis
 
Linter Static Analysis (Scala Workshop 2013)
byHairy Fotr
 
Presentations Unusual Java Bugs And Detecting Them Using Foss Tools
byGanesh Samarthyam
 
Can ML help software developers? (TEQnation 2022)
byMaurício Aniche
 
Software bug prediction
byMuthukumaran Kasinathan
 

Recently uploaded

PDF
DSD-INT 2025 An Introduction to MODFLOW 6 Solver Settings (Without the Agoniz...
byDeltares
 
PDF
DSD-INT 2025 Modelling cold water infiltration with the Groundwater Energy (G...
byDeltares
 
PPTX
Google Trips Data Scraping for Tourism & Demand Analysis.pptx
byWeb Data Crawler
 
PPTX
Best Application Development Consulting Company in Houston
byDesss Applying Technologies
 
PDF
IT Asset Lifecycle Management Solution | Infraon
byEverestIMS Technologies Pvt. Ltd
 
PDF
CodeFulcrum Company Profile - Engineering Scalable Software for High-Growth E...
byCodeFulcrum
 
PPTX
The Triple Bottom Line of Software: Uses, Misuses, and Strategic Risks
byrawaisah124
 
PPTX
Odoo vs SAP – Which ERP Is Better for Growing Businesses?
bySatishKumar2651
 
PPTX
ManageIQ - Sprint 278 Review - Slide Deck
byManageIQ
 
PPTX
Aviation Fleet Management Software for Airlines & Operators
bySISGAIN
 
PDF
Job Interview for Global Federal Government MD Panel Presentation
byafnupe09
 
PPTX
How MathCo Solved Enterprise AI Validation Challenges
byIT IDOL Technologies
 
PPTX
UAE-Based Insurer Transforms Operations with InsureEdge
byInsurance Tech Services
 
PDF
From Sound Workflow Nets to LTLf Declarative Specifications
byLucaBarbaro3
 
PDF
Salesforce Agentforce Service Agent​.pdf
byRobert Mark
 
PDF
Cloud Engineering Services | Infysion Technologies
bysolutioninginfysion
 
PPT
Data Structure & Algorithm Lec- HeapSort.ppt
bypanhra1
 
PDF
Prasenjit Bhaumik Plano - Specializing In Web Applications
byPrasenjit Bhaumik Plano
 
PDF
AI Concepts - MCP Neurons - part of a series
byPhilip Schwarz
 
PPTX
Testing Strategies for Agile Teams in 2026
byMatt Calder
 
DSD-INT 2025 An Introduction to MODFLOW 6 Solver Settings (Without the Agoniz...
byDeltares
 
DSD-INT 2025 Modelling cold water infiltration with the Groundwater Energy (G...
byDeltares
 
Google Trips Data Scraping for Tourism & Demand Analysis.pptx
byWeb Data Crawler
 
Best Application Development Consulting Company in Houston
byDesss Applying Technologies
 
IT Asset Lifecycle Management Solution | Infraon
byEverestIMS Technologies Pvt. Ltd
 
CodeFulcrum Company Profile - Engineering Scalable Software for High-Growth E...
byCodeFulcrum
 
The Triple Bottom Line of Software: Uses, Misuses, and Strategic Risks
byrawaisah124
 
Odoo vs SAP – Which ERP Is Better for Growing Businesses?
bySatishKumar2651
 
ManageIQ - Sprint 278 Review - Slide Deck
byManageIQ
 
Aviation Fleet Management Software for Airlines & Operators
bySISGAIN
 
Job Interview for Global Federal Government MD Panel Presentation
byafnupe09
 
How MathCo Solved Enterprise AI Validation Challenges
byIT IDOL Technologies
 
UAE-Based Insurer Transforms Operations with InsureEdge
byInsurance Tech Services
 
From Sound Workflow Nets to LTLf Declarative Specifications
byLucaBarbaro3
 
Salesforce Agentforce Service Agent​.pdf
byRobert Mark
 
Cloud Engineering Services | Infysion Technologies
bysolutioninginfysion
 
Data Structure & Algorithm Lec- HeapSort.ppt
bypanhra1
 
Prasenjit Bhaumik Plano - Specializing In Web Applications
byPrasenjit Bhaumik Plano
 
AI Concepts - MCP Neurons - part of a series
byPhilip Schwarz
 
Testing Strategies for Agile Teams in 2026
byMatt Calder
 

Automatically Customizing Static Analysis Tools to Coding Rules Really Followed by Developers

  • 1.
    Automatically Customizing Static AnalysisTools to Coding Rules Really Followed by Developers Yuki Ueda, Takashi Ishio and Kenichi Matsumoto Nara Institute of Science and Technology SANER2021
  • 2.
    Static Analysis Toolsor Linters 2 Static analysis tools or linters can detect: 1. Security Vulnerabilities, 2. Performance Issues, 3. Bad Programming Practices, Code Smells These violations are defined by Coding Rules
  • 3.
    Example of codingrule violations 3 if (a=b) { return True } else { threw new Error(); } return False JavaScript Rule 1: Limit the assignment in conditional statement a=b a==b
  • 4.
    Example of codingrule violations 4 if (a=b) { return True } else { threw new Error(); } return False JavaScript Rule 2: Limit the unreachable code return False
  • 5.
    Linters in SEResearch 5 Code Review [1] [1] Carvalho, A., Luz, W., Marc´ılio, D., Bonif´acio, R.,Pinto, G. and Canedo, E. D.: C-3PR: A Bot for Fixing Static Analysis Violations via Pull Requests, SANER’20 [2] Bavishi, Rohan, Hiroaki Yoshida, and Mukul R. Prasad. "Phoenix: Automated data-driven synthesis of repairs for static analysis violations." ESEC/FSE’19 [3] Trautsch, Alexander, Steffen Herbold, and Jens Grabowski. "Static source code metrics and static analysis warnings for fine-grained just-in-time defect prediction." ICSME’20 Defect Prediction [3] Bug Repair [2]
  • 6.
    Linters in SEResearch 6 Code Review [1] These Studies Assume the Linters Are Correct [1] Carvalho, A., Luz, W., Marc´ılio, D., Bonif´acio, R.,Pinto, G. and Canedo, E. D.: C-3PR: A Bot for Fixing Static Analysis Violations via Pull Requests, SANER’20 [2] Bavishi, Rohan, Hiroaki Yoshida, and Mukul R. Prasad. "Phoenix: Automated data-driven synthesis of repairs for static analysis violations." ESEC/FSE’19 [3] Trautsch, Alexander, Steffen Herbold, and Jens Grabowski. "Static source code metrics and static analysis warnings for fine-grained just-in-time defect prediction." ICSME’20 Defect Prediction [3] Bug Repair [2]
  • 7.
    Default Rules !=Followed Rules 7 Dataset: 4 JavaScript Projects • Used in BugsJS [4] • Using ESLint [5] [4] Gyimesi, Péter, et al. "BUGSJS: a benchmark and taxonomy of JavaScript bugs." Software Testing, Verification and Reliability (2019): e1751. [5] N. C. Zakas, B. Mills, T. Nagashima, and M. Djermanovic, “ES-Lint - Pluggable JavaScript linter,” https://eslint.org/, 2020 N = 241 Default Rules: 57 Non-default Rules: 184 Followed by All Projects: 64 True Positives: 38 False Negatives: 26 Unfollowed by 1+ Projects: 177 False: Positives: 19 True Negatives: 158 1. 40% (26 / 64) of followed rules are not default
  • 8.
    Default Rules !=Followed Rules 8 N = 241 Default Rules: 57 Non-default Rules: 184 Followed by All Projects: 64 True Positives: 38 False Negatives: 26 Unfollowed by 1+ Projects: 177 False: Positives: 19 True Negatives: 158 1. 40% (26 / 64) of followed rules are not default 2. 33% (19 / 57) of default rules are ignored Dataset: 4 JavaScript Projects • Used in BugsJS [4] • Using ESLint [5] [4] Gyimesi, Péter, et al. "BUGSJS: a benchmark and taxonomy of JavaScript bugs." Software Testing, Verification and Reliability (2019): e1751. [5] N. C. Zakas, B. Mills, T. Nagashima, and M. Djermanovic, “ES-Lint - Pluggable JavaScript linter,” https://eslint.org/, 2020
  • 9.
    Default Rules !=Followed Rules 9 N = 241 Default Rules: 57 Non-default Rules: 184 Followed by All Projects: 64 True Positives: 38 False Negatives: 26 Unfollowed by 1+ Projects: 177 False: Positives: 19 True Negatives: 158 1. 40% (26 / 64) of followed rules are not default 2. 33% (19 / 57) of default rules are ignored Dataset: 4 JavaScript Projects • Used in BugsJS [4] • Using ESLint [5] [4] Gyimesi, Péter, et al. "BUGSJS: a benchmark and taxonomy of JavaScript bugs." Software Testing, Verification and Reliability (2019): e1751. [5] N. C. Zakas, B. Mills, T. Nagashima, and M. Djermanovic, “ES-Lint - Pluggable JavaScript linter,” https://eslint.org/, 2020 Linter Rules should be customized
  • 10.
    Goal: Optimizing theCoding Rules 1. Reduce False Negative (non-default but followed) rules Enabling the rules that are followed by the all of project files 2. Reduce False Positive (default but unfollowed) rules Disabling the rules that are violated by the one or more files 10
  • 11.
    Linter-Maintainer: Tracing Followed CodingRules 11 Project Code Files Coding Rule Configuration File Followed Rule List When developer installed linter, execute Input Output $linter-maintainer --generate --eslint-js ./your/project/path > .eslintrc.json
  • 12.
    Evaluation Process 1/ 4 12 Generate Version 1.0.0 Configuration File 1.0.0
  • 13.
    Evaluation Process 2/ 4 13 Apply and Calc False Positive/Negative Version 1.0.1 Version 1.0.0 Configuration File 1.0.0
  • 14.
    Evaluation Process 3/ 4 14 Generate Version 1.0.1 Version 1.0.2 Configuration File 1.0.1
  • 15.
    Evaluation Process 4/ 4 15 Version 1.0.2 Apply both of Major and Maintainance Rules Version 1.0.1 Version 1.0.0 Configuration File 1.0.0 Configuration File 1.0.1
  • 16.
    Rule Updates ReduceMedian False Positives by >49% 16 0.00-0.89 Precision 1.00 0.70-0.99 Maintainance Major 0.00-0.39 Recall 1.00 0.88-0.99 Original 1.0.0 -> 1.0.2 1.0.1 -> 1.0.2
  • 17.
    Rule Updates ReduceMedian False Positives by >49% 17 0.00-0.89 Precision 1.00 0.70-0.99 Maintainance Major 0.00-0.39 Recall 1.00 0.88-0.99 Original Rule updates for each major version are effective enough 1.0.0 -> 1.0.2 1.0.1 -> 1.0.2
  • 18.
    Conclusion • Linter-Maintainer tracesthe latest followed rules • Linter-maintainer reduced false negatives by >49% Future Plan • Increasing evaluated languages and projects • Improving rule selecting approach by using Git history 18 Install Source Unsupported Supported Evaluated C/C++ Java JavaScript Ruby Python TypeScript

Editor's Notes

  • #2 Hello, I am Yuki Ueda at Nara Institute of Science and Technology in Japan. Today, I will present about "Automatically Customizing Static Analysis Tools to Coding Rules Really Followed by Developers"
  • #3 First, I introduce what static analysis tools and coding rules are. The tools detect Security Vulnerabilities, Performance Issues, and Bad Programming Practices that are called Code Smells. And, Coding rules are documents that defined these violations.
  • #4 As the example, the right side source code violates for two coding rules in JavaScript. First is the assignment in conditional statement it should be double equal
  • #5 Second is unreachable code. The orange code has no impact for the execution process. So, it should be removed. Using static analysis tool, developer can avoid bugs automatically.
  • #6 These tools are not only for the real development.. The linters are also widely used in the software engineering research fields. Such as the Code Review, Auto Bug repair, and Defect Prediction researches.
  • #7 These great studies Assume the Linters violations and rules Are Correct for the developers
  • #8 However widely used coding rules are different with actually followed coding rules. Sometimes coding rules are too much or too little for developers In our preliminary study, we selected 4 JavaScript Projects as the Dataset, these are used in BugsJS for bug benchmark, and using JavaScript Linter ESLint. ESLint has 241 rules and enables only 57 rules. We found two problems in target projects. First for the False Negative, all of the target projects followed 64 rules, however 40% of rules are not enabled as the default rules
  • #9 Another problem is about False Positives. One or more our target projects unfollowed 177 rules. From these rules, 19 rules are enabled as the default rules Not only in our preliminal study, similar results are reported by the many exisitng researches
  • #10 Totally, current linter rules should be customized for the each developers  ここまで5ふん
  • #11 To solving current coding rules problems, our goal is optimizing the linters’ coding rules We have two ideas for the sub-goals. First for the reducing false negative rules. We enable the rules that are followed by the all of the projects’ files Next for the reducing false positve rules. We disable the rules that are violated by the one or more files.
  • #12 To achieve our goals, we developed the tool linter-maintainer, that trace the followed coding rules from project source code files. It is available as the command line interface. As the Input, the tool will use project source code file, and illuminate the followed rule list. Finally as the output, the tool generate linter configuration file
  • #13 In the evaluation process, First we generate linter configuration file that has followed rule list from one versions’ source code files.
  • #14 Next we applied generater configuration file to the next version of source code file. And we caluculate the false positives and false negatives by comparing with configurations rules and latest followed rules.
  • #15 We repeat this process in the next and subsequent versions.
  • #16 Finally, We also evaluated the major, minor, and maintenance version configuration files to investigate the optimal rule update frequency. In that case, we use major versions’ file 1.0.0 and maintainance version file 1.0.1
  • #17 Here is the result for the rule precision and recall from the projects’ original configuration file and our updated configuration files. Totally, our approach improve the both of the values. Especially for the recall, using our tool is effective for finding potential coding rules.
  • #18  Even rough major updates, it is better than nothing.
  • #19 I will summarize our researh We developed the tool Linter-Maintainer that will traces the latest followed rules And in the evaluation, Linter-maintainer reduced false negatives by >49% As the Future Plan Increasing evaluated languages and projects Improving rule selecting approach by using Git history Finally our tool is available as the npm packages and we published our source code on the github from right QR code. Please send me the your feedback. Thank you