2022
Zampetti, Fiorella; Mudbhari, Saghan; Arnaoudova, Venera; Penta, Massimiliano Di; Panichella, Sebastiano; Antoniol, Giuliano
Using Code Reviews to Automatically Configure Static Analysis Tools Journal Article
In: Empirical Software Engineering (EMSE), vol. 11, iss. 1, 2022.
Abstract | Links | BibTeX | Tags: automated tool configuration, Code Review, static analysis
@article{Zampetti:emse21:ConfiguringSAT,
title = {Using Code Reviews to Automatically Configure Static Analysis Tools},
author = {Fiorella Zampetti and Saghan Mudbhari and Venera Arnaoudova and Massimiliano {Di Penta} and Sebastiano Panichella and Giuliano Antoniol},
url = {http://35.88.184.16/wp-content/uploads/2021/10/2021-EMSE-Auto-SCAT.pdf},
year = {2022},
date = {2022-01-01},
urldate = {2021-10-22},
journal = {Empirical Software Engineering (EMSE)},
volume = {11},
issue = {1},
abstract = {Developers often use Static Code Analysis Tools (SCAT) to au- tomatically detect different kinds of quality flaws in their source code. Since many warnings raised by SCATs may be irrelevant for a project/organization, it can be possible to leverage information from the project development his- tory, to automatically configure which warnings a SCAT should raise, and which not. In this paper, we propose an automated approach (Auto-SCAT) to leverage (statement-level) code review comments for recommending SCAT warnings, or warning categories, to be enabled. To this aim, we trace code review comments onto SCAT warnings by leveraging their descriptions and messages, as well as review comments made in other different projects. We apply Auto-SCAT to study how CheckStyle, a well-known SCAT, can be con- figured in the context of six Java open source projects, all using Gerrit for handling code reviews. Our results show that, Auto-SCAT is able to classify code review comments into CheckStyle checks with a precision of 61% and a recall of 52%. While considering also the code review comments not re- lated to CheckStyle warnings Auto-SCAT has a precision and a recall of ≈ 75%. Furthermore, Auto-SCAT can configuring CheckStyle with a precision of 72.7% at checks level and a precision of 96.3% at category level. Finally, our findings highlight that Auto-SCAT outperforms state-of-art baselines based on default CheckStyle configurations, or leveraging the history of previously- removed warnings.
},
keywords = {automated tool configuration, Code Review, static analysis},
pubstate = {published},
tppubtype = {article}
}
Developers often use Static Code Analysis Tools (SCAT) to au- tomatically detect different kinds of quality flaws in their source code. Since many warnings raised by SCATs may be irrelevant for a project/organization, it can be possible to leverage information from the project development his- tory, to automatically configure which warnings a SCAT should raise, and which not. In this paper, we propose an automated approach (Auto-SCAT) to leverage (statement-level) code review comments for recommending SCAT warnings, or warning categories, to be enabled. To this aim, we trace code review comments onto SCAT warnings by leveraging their descriptions and messages, as well as review comments made in other different projects. We apply Auto-SCAT to study how CheckStyle, a well-known SCAT, can be con- figured in the context of six Java open source projects, all using Gerrit for handling code reviews. Our results show that, Auto-SCAT is able to classify code review comments into CheckStyle checks with a precision of 61% and a recall of 52%. While considering also the code review comments not re- lated to CheckStyle warnings Auto-SCAT has a precision and a recall of ≈ 75%. Furthermore, Auto-SCAT can configuring CheckStyle with a precision of 72.7% at checks level and a precision of 96.3% at category level. Finally, our findings highlight that Auto-SCAT outperforms state-of-art baselines based on default CheckStyle configurations, or leveraging the history of previously- removed warnings.