Usage of Static Analysis Tools in the Integrated Development Environment

Abstract

Developers make use of automation to perform repetitive and potentially error- prone tasks. One such automation can be categorised as, which aims to analyse program properties. The particular focus of this investigation are so-called ASATs (Automatic Static Analysis Tools). These ASATs are readily available for many programming languages and can be used to check coding style guidelines, elements of functional correctness and maintainability related issues. Previous studies on static analysis involved qualitative developer interviews and quantitative repository mining studies. This thesis uses automated telemetry to carry out a field study within the Integrated Development Environment (IDE), to obtain fine-grained data on developer behavior with regard to the actual use of ASATs. In addition, we have carried out a survey to validate the observed patterns. The field study is based on the Eclipse and IntelliJ plugin WatchDog, for which we elaborate upon an extensive investigation of static analysis observation techniques in the IDEs. Based on the quantitative data, we conclude the majority of all observed static analysis IDE events originate from few categories of warnings.
Moreover, most of the warnings are resolved within one minute, with warnings related to type resolution being resolved the quickest.
Developers corroborate these findings, but also confirm perceptions of earlier research that warnings contain large numbers of false positives.
Based on both datapoints, we envision a data-driven future of static analysis tooling to optimize for usefulness for the developer rather than absolute correctness of tool implementations.