Skip to main content
SpringerLink
Log in

On the Benefit of Automated Static Analysis for Small and Medium-Sized Software Enterprises

  • Conference paper
Software Quality. Process Automation in Software Development (SWQD 2012)

Part of the book series: Lecture Notes in Business Information Processing ((LNBIP,volume 94))

Included in the following conference series:

Abstract

Today’s small and medium-sized enterprises (SMEs) in the software industry are faced with major challenges. While having to work efficiently using limited resources they have to perform quality assurance on their code to avoid the risk of further effort for bug fixes or compensations. Automated static analysis can reduce this risk because it promises little effort for running an analysis. We report on our experience in analysing five projects from and with SMEs by three different static analysis techniques: code clone detection, bug pattern detection and architecture conformance analysis. We found that the effort that was needed to introduce those techniques was small (mostly below one person-hour), that we can detect diverse defects in production code and that the participating companies perceived the usefulness of the presented techniques as well as our analysis results high enough to include the techniques in their quality assurance.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Ahsan, S.N., Ferzund, J., Wotawa, F.: Are there language specific bug patterns? Results obtained from a case study using Mozilla. In: Proc. Fourth International Conference on Software Engineering Advances (ICSEA 2009), pp. 210–215. IEEE Computer Society (2009)

    Google Scholar 

  2. Ayewah, N., Pugh, W., Morgenthaler, J.D., Penix, J., Zhou, Y.: Evaluating static analysis defect warnings on production software. In: Proc. 7th Workshop on Program Analysis for Software Tools and Engineering (PASTE 2007), pp. 1–8. ACM Press (2007)

    Google Scholar 

  3. de Moor, O., Verbaere, M., Hajiyev, E., Avgustinov, P., Ekman, T., Ongkingco, N., Sereni, D., Tibble, J.: QL for source code analysis. In: Proc. Seventh IEEE International Working Conference on Source Code Analysis and Manipulation (SCAM 2007), pp. 3–16. IEEE Computer Society (2007)

    Google Scholar 

  4. Deissenboeck, F., Heinemann, L., Hummel, B., Juergens, E.: Flexible architecture conformance assessment with ConQAT. In: Proc. 32nd ACM/IEEE International Conference on Software Engineering, vol. 2, pp. 247–250. ACM Press (2010)

    Google Scholar 

  5. European Commission. Commission recommendation of May 6 2003 concerning the definition of micro, small and medium-sized enterprises. Official Journal of the European Union L 124, 36–41 (May 2003)

    Google Scholar 

  6. Feilkas, M., Ratiu, D., Juergens, E.: The loss of architectural knowledge during system evolution: An industrial case study. In: Proc. IEEE 17th International Conference on Program Comprehension (ICPC 2009), pp. 188–197. IEEE Computer Society (2009)

    Google Scholar 

  7. Ferzund, J., Ahsan, S.N., Wotawa, F.: Analysing Bug Prediction Capabilities of Static Code Metrics in Open Source Software. In: Dumke, R.R., Braungarten, R., Büren, G., Abran, A., Cuadrado-Gallego, J.J. (eds.) IWSM 2008. LNCS, vol. 5338, pp. 331–343. Springer, Heidelberg (2008)

    Google Scholar 

  8. Fiutem, R., Antoniol, G.: Identifying design-code inconsistencies in object-oriented software: A case study. In: Proc. International Conference on Software Maintenance (ICSM 1998). IEEE Computer Society (1998)

    Google Scholar 

  9. Foster, J., Hicks, M., Pugh, W.: Improving software quality with static analysis. In: Proc. 7th ACM SIGPLAN-SIGSOFT Workshop on Program Analysis for Software Tools and Engineering (PASTE 2007), pp. 83–84. ACM Press (2007)

    Google Scholar 

  10. Hofer, C.: Software development in Austria: Results of an empirical study among small and very small enterprises. In: Proc. 28th Euromicro Conference, pp. 361–366. IEEE Computer Society (2002)

    Google Scholar 

  11. Juergens, E., Deissenboeck, F., Hummel, B.: CloneDetective – A workbench for clone detection research. In: Proc. 31th International Conference on Software Engineering (ICSE 2009), pp. 603–606. IEEE Computer Society (2009)

    Google Scholar 

  12. Juergens, E., Deissenboeck, F., Hummel, B., Wagner, S.: Do code clones matter? In: Proc. 31th International Conference on Software Engineering (ICSE 2009), pp. 485–495. IEEE Computer Society (2009)

    Google Scholar 

  13. Juergens, E., Göde, N.: Achieving accurate clone detection results. In: Proceedings 4th International Workshop on Software Clones, pp. 1–8. ACM Press (2010)

    Google Scholar 

  14. Kautz, K.: Making sense of measurement for small organizations. IEEE Software 16, 14–20 (1999)

    Google Scholar 

  15. Knodel, J., Popescu, D.: A comparison of static architecture compliance checking approaches. In: Proc. IEEE/IFIP Working Conference on Software Architecture (WICSA 2007), p. 12. IEEE Computer Society (2007)

    Google Scholar 

  16. Koschke, R.: Survey of research on software clones. In: Duplication, Redundancy, and Similarity in Software, Schloss Dagstuhl, Germany (2007)

    Google Scholar 

  17. Koschke, R., Simon, D.: Hierarchical reflexion models. In: Proc. 10th Working Conference on Reverse Engineering (WCRE 2003), p. 368. IEEE Computer Society (2003)

    Google Scholar 

  18. Lague, B., Proulx, D., Mayrand, J., Merlo, E.M., Hudepohl, J.: Assessing the benefits of incorporating function clone detection in a development process. In: Proc. International Conference on Software Maintenance (ICSM 1997), pp. 314–321. IEEE Computer Society (1997)

    Google Scholar 

  19. Lanubile, F., Mallardo, T.: Finding function clones in web applications. In: Proc. 7th European Conference on Software Maintenance and Reengineering (CSMR 2003), pp. 379–388. IEEE Computer Society (2003)

    Google Scholar 

  20. Littlewood, B., Popov, P.T., Strigini, L., Shryane, N.: Modeling the effects of combining diverse software fault detection techniques. IEEE Transactions on Software Engineering 26, 1157–1167 (2000)

    Google Scholar 

  21. Mattsson, A., Lundell, B., Lings, B., Fitzgerald, B.: Experiences from representing software architecture in a large industrial project using model driven development. In: Proc. Second Workshop on SHAring and Reusing architectural Knowledge Architecture, Rationale, and Design Intent (SHARK-ADI 2007). IEEE Computer Society (2007)

    Google Scholar 

  22. Mishra, A., Mishra, D.: Software quality assurance models in small and medium organisations: A comparison. International Journal of Information Technology and Management 5(1), 4–20 (2006)

    Google Scholar 

  23. Passos, L., Terra, R., Valente, M.T., Diniz, R., das Chagas Mendonca, N.: Static architecture-conformance checking: An illustrative overview. IEEE Software 27, 82–89 (2010)

    Google Scholar 

  24. Richardson, I., Von Wangenheim, C.: Guest editors’ introduction: Why are small software organizations different? IEEE Software 24(1), 18–22 (2007)

    Google Scholar 

  25. Rosik, J., Le Gear, A., Buckley, J., Babar, M.: An industrial case study of architecture conformance. In: Proc. 2nd ACM-IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM 2008), pp. 80–89. ACM Press (2008)

    Google Scholar 

  26. Roy, C.K., Cordy, J.R.: A survey on software clone detection research. Technical report, Queen’s University at Kingston (2007)

    Google Scholar 

  27. Sangal, N., Jordan, E., Sinha, V., Jackson, D.: Using dependency models to manage complex software architecture. In: Proc. 20th Annual ACM SIGPLAN Conference on Object-oriented Programming, Systems, Languages, and Applications (OOPSLA 2005), pp. 167–176. ACM Press (2005)

    Google Scholar 

  28. von Wangenheim, C.G., Anacleto, A., Salviano, C.F.: Helping small companies assess software processes. IEEE Software 23, 91–98 (2006)

    Google Scholar 

  29. Wagner, S.: Defect classification and defect types revisited. In: Proc. 2008 Workshop on Defects in Large Software Systems (DEFECTS 2008), pp. 39–40. ACM Press (2008)

    Google Scholar 

  30. Wagner, S., Deissenboeck, F., Aichner, M., Wimmer, J., Schwalb, M.: An evaluation of two bug pattern tools for java. In: Proc. First International Conference on Software Testing, Verification, and Validation (ICST 2008), pp. 248–257. IEEE Computer Society (2008)

    Google Scholar 

  31. Wagner, S., Jürjens, J., Koller, C., Trischberger, P.: Comparing Bug Finding Tools with Reviews and Tests. In: Khendek, F., Dssouli, R. (eds.) TestCom 2005. LNCS, vol. 3502, pp. 40–55. Springer, Heidelberg (2005)

    Google Scholar 

  32. Wikipedia. List of tools for static code analysis — wikipedia, the free encyclopedia (2011) (accessed May 6, 2011)

    Google Scholar 

  33. Zheng, J., Williams, L., Nagappan, N., Snipes, W., Hudepohl, J.P., Vouk, M.A.: On the value of static analysis for fault detection in software. IEEE Transactions on Software Engineering 32, 240–253 (2006)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Institut für Informatik, Technische Universität München, Germany

    Mario Gleirscher, Dmitriy Golubitskiy & Maximilian Irlbeck

  2. Software Engineering Group, Institute of Software Technology, University of Stuttgart, Germany

    Stefan Wagner

Authors
  1. Mario Gleirscher
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Dmitriy Golubitskiy
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Maximilian Irlbeck
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Stefan Wagner
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Institute of Software Technology and Interactive Systems, Vienna University of Technology, Favoritenstrasse 9/188, 1040, Vienna, Austria

    Stefan Biffl  & Dietmar Winkler  & 

  2. Software Quality Lab GmbH, Gewerbepark Urfahr 30, BG4, 4041, Linz, Austria

    Johannes Bergsmann

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Gleirscher, M., Golubitskiy, D., Irlbeck, M., Wagner, S. (2012). On the Benefit of Automated Static Analysis for Small and Medium-Sized Software Enterprises. In: Biffl, S., Winkler, D., Bergsmann, J. (eds) Software Quality. Process Automation in Software Development. SWQD 2012. Lecture Notes in Business Information Processing, vol 94. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-27213-4_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-27213-4_3

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-27212-7

  • Online ISBN: 978-3-642-27213-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation