Static Code Analysis Tools

Abstract

Nowadays, many different tools to perform static analysis on software (ASATs) are available. These can be used as standalone tools, but also integrated into code reviews, build processes, or continuous integration. ASATs can be configured by their user and report a list of warnings for each rule that has been violated by the analyzed code. While some research has been performed regarding ASATs, little is currently known about the correlations between use of ASATs and other properties of projects or their communities, or about the extent to which developers solve violations reported by ASATs. In this thesis, we attempt to answer these questions by obtaining information about a large number of relevant open source projects hosted on GitHub. We found that the usage rate for ASATs is relatively low, while ASAT usage can be associated with several positive changes in other properties; in general, popular and successful projects are more likely to use ASATs. Furthermore, projects that use ASATs typically have a more active community, and receive more contributions. The amount of warnings generated varies between projects, but projects with large code bases tend to have fewer warnings. When looking at the types of warnings reported, not all categories are equally represented; violations of Style Conventions are most common. We also found that warnings of different categories are solved at different rates; warnings with more impact on maintainability were solved faster, while warnings with little impact on correctness or maintainability were left unattended for longer.