On the use of static analysis to engage students with software quality improvement: An experience with PMD

Static analysis tools are frequently used to scan the source code and detect deviations from the project coding guidelines. Given their importance, linters are often introduced to classrooms to educate students on how to detect and potentially avoid these code anti-patterns. However, little is known about their effectiveness in raising students’ awareness, given that these linters tend to generate a large number of false positives. To increase the awareness of potential coding issues that violate coding standards, in this paper, we aim to reflect on our experience with teaching the use of static analysis for the purpose of evaluating its effectiveness in helping students with respect to improving software quality. This paper discusses the results of an experiment in the classroom, over a period of 3 academic semesters, involving 65 submissions that carried out code review activity of 690 rules using PMD. The results of the quantitative and qualitative analysis show that the presence of a set of PMD quality issues influences the acceptance or rejection of the issues, design, and best practices-related categories that take longer time to be resolved, and students acknowledge the potential of using static analysis tools during code review. Through this experiment, code review can turn into a vital part of the educational computing plan. We envision our findings enabling educators to support students with code review strategies in order to raise students’ awareness about static analysis tools and scaffold their coding skills.

[1]  M. T. Baldassarre,et al.  Do Static Analysis Tools Affect Software Quality when Using Test-driven Development? , 2022, ESEM.

[2]  Sherlock A. Licorish,et al.  Combining GIN and PMD for code improvements , 2022, GECCO Companion.

[3]  Jussi Kasurinen,et al.  ASPA: A Static Analyser to Support Learning and Continuous Feedback on Programming Courses. An Empirical Validation , 2022, 2022 IEEE/ACM 44th International Conference on Software Engineering: Software Engineering Education and Training (ICSE-SEET).

[4]  Mohamed Wiem Mkaouer,et al.  Code Review Practices for Refactoring Changes: An Empirical Study on OpenStack , 2022, 2022 IEEE/ACM 19th International Conference on Mining Software Repositories (MSR).

[5]  S. Edwards,et al.  Helping Student Programmers Through Industrial-Strength Static Analysis: A Replication Study , 2022, SIGCSE.

[6]  Mohamed Wiem Mkaouer,et al.  Refactoring Practices in the Context of Modern Code Review: An Industrial Case Study at Xerox , 2021, 2021 IEEE/ACM 43rd International Conference on Software Engineering: Software Engineering in Practice (ICSE-SEIP).

[7]  Chakkrit Tantithamthavorn,et al.  Assessing the Students' Understanding and their Mistakes in Code Review Checklists: An Experience Report of 1,791 Code Review Checklist Questions from 394 Students , 2021, 2021 IEEE/ACM 43rd International Conference on Software Engineering: Software Engineering Education and Training (ICSE-SEET).

[8]  Yann-Gaël Guéhéneuc,et al.  Code Smells and Refactoring: A Tertiary Systematic Review of Challenges and Observations , 2020, J. Syst. Softw..

[9]  Jens Grabowski,et al.  A longitudinal study of static analysis warning evolution and the effects of PMD on software quality in Apache open source projects , 2019, Empirical Software Engineering.

[10]  Daniel M. German,et al.  An empirical study of security warnings from static application security testing tools , 2019, J. Syst. Softw..

[11]  Harald C. Gall,et al.  How developers engage with static analysis tools in different contexts , 2019, Empirical Software Engineering.

[12]  Claudia Raibulet,et al.  Teaching Software Engineering Tools to Undergraduate Students , 2019, ICETC.

[13]  Peter W. O'Hearn,et al.  Scaling static analyses at Facebook , 2019, Commun. ACM.

[14]  Igor Steinmacher,et al.  Training Software Engineers Using Open-Source Software: The Students' Perspective , 2019, 2019 IEEE/ACM 41st International Conference on Software Engineering: Software Engineering Education and Training (ICSE-SEET).

[15]  Edna Dias Canedo,et al.  Are Static Analysis Violations Really Fixed? A Closer Look at Realistic Usage of SonarQube , 2019, 2019 IEEE/ACM 27th International Conference on Program Comprehension (ICPC).

[16]  Stephen H. Edwards,et al.  Can Industrial-Strength Static Analysis Be Used to Help Students Who Are Struggling to Complete Programming Activities? , 2019, HICSS.

[17]  Peter C. Rigby,et al.  WarningsGuru: integrating statistical bug models with static analysis to provide timely and specific bug warnings , 2018, ESEC/SIGSOFT FSE.

[18]  Andrea De Lucia,et al.  Detecting code smells using machine learning techniques: Are we there yet? , 2018, 2018 IEEE 25th International Conference on Software Analysis, Evolution and Reengineering (SANER).

[19]  Ciera Jaspan,et al.  Lessons from building static analysis tools at Google , 2018, Commun. ACM.

[20]  Apostolos Ampatzoglou,et al.  How do developers fix issues and pay back technical debt in the Apache ecosystem? , 2018, 2018 IEEE 25th International Conference on Software Analysis, Evolution and Reengineering (SANER).

[21]  Shin Yoo,et al.  Mining Fix Patterns for FindBugs Violations , 2017, IEEE Transactions on Software Engineering.

[22]  Kathryn T. Stolee,et al.  Evaluating how static analysis tools can reduce code review effort , 2017, 2017 IEEE Symposium on Visual Languages and Human-Centric Computing (VL/HCC).

[23]  Eduardo Figueiredo,et al.  On the evaluation of code smells and detection tools , 2017, Journal of Software Engineering Research and Development.

[24]  Gabriele Bavota,et al.  On the diffuseness and the impact on maintainability of code smells: a large scale empirical investigation , 2017, Empirical Software Engineering.

[25]  Luke Church,et al.  Modern Code Review: A Case Study at Google , 2017, 2018 IEEE/ACM 40th International Conference on Software Engineering: Software Engineering in Practice Track (ICSE-SEIP).

[26]  Christian Bird,et al.  What developers want and need from program analysis: An empirical study , 2016, 2016 31st IEEE/ACM International Conference on Automated Software Engineering (ASE).

[27]  Marco Tulio Valente,et al.  Why we refactor? confessions of GitHub contributors , 2016, SIGSOFT FSE.

[28]  Mika Mäntylä,et al.  Comparing and experimenting machine learning techniques for code smell detection , 2015, Empirical Software Engineering.

[29]  Andy Zaidman,et al.  Analyzing the State of Static Analysis: A Large-Scale Evaluation in Open Source Software , 2016, 2016 IEEE 23rd International Conference on Software Analysis, Evolution, and Reengineering (SANER).

[30]  A. D. Lucia,et al.  Are test smells really harmful? An empirical study , 2015, Empirical Software Engineering.

[31]  Giuliano Antoniol,et al.  Would static analysis tools help developers with code reviews? , 2015, 2015 IEEE 22nd International Conference on Software Analysis, Evolution, and Reengineering (SANER).

[32]  Georgios Gousios,et al.  Work Practices and Challenges in Pull-Based Development: The Integrator's Perspective , 2014, ICSE.

[33]  Robert W. Bowdidge,et al.  Why don't software developers use static analysis tools to find bugs? , 2013, 2013 35th International Conference on Software Engineering (ICSE).

[34]  Alberto Bacchelli,et al.  Expectations, outcomes, and challenges of modern code review , 2013, 2013 35th International Conference on Software Engineering (ICSE).

[35]  Daniela Cruzes,et al.  Recommended Steps for Thematic Synthesis in Software Engineering , 2011, 2011 International Symposium on Empirical Software Engineering and Measurement.

[36]  Salamah Salamah,et al.  Read before you write , 2011, 2011 24th IEEE-CS Conference on Software Engineering Education and Training (CSEE&T).

[37]  Fernando Brito e Abreu,et al.  Reducing Subjectivity in Code Smells Detection: Experimenting with the Long Method , 2010, 2010 Seventh International Conference on the Quality of Information and Communications Technology.

[38]  Tony Clear,et al.  An introduction to program comprehension for computer science educators , 2010, ITiCSE-WGR '10.

[39]  Foutse Khomh,et al.  An Exploratory Study of the Impact of Code Smells on Software Change-proneness , 2009, 2009 16th Working Conference on Reverse Engineering.

[40]  Lerina Aversano,et al.  The life and death of statically detected vulnerabilities: An empirical study , 2009, Inf. Softw. Technol..

[41]  Reinhold Plösch,et al.  On the Relation between External Software Quality and Static Code Analysis , 2008, 2008 32nd Annual IEEE Software Engineering Workshop.

[42]  Michael D. Ernst,et al.  Which warnings should I fix first? , 2007, ESEC-FSE '07.

[43]  M. Mäntylä,et al.  Subjective evaluation of software evolvability using code smells: An empirical study , 2006, Empirical Software Engineering.

[44]  Henrik Bærbak Christensen,et al.  Frameworks: putting design patterns into perspective , 2004, ITiCSE '04.

[45]  Rini van Solingen,et al.  Goal Question Metric (GQM) Approach , 2002 .

[46]  Susan A. Mengel,et al.  A case study of the static analysis of the quality of novice student programs , 1999, SIGCSE '99.

[47]  Landon P. Cox,et al.  Design patterns: an essential component of CS curricula , 1998, SIGCSE '98.

[48]  Francesca Arcelli Fontana,et al.  Automatic detection of bad smells in code: An experimental assessment , 2012, J. Object Technol..

[49]  Cyril S. Ku,et al.  Design Patterns , 2008, Wiley Encyclopedia of Computer Science and Engineering.

[50]  Deborah Allen,et al.  The power of problem-based learning : a practical "how to" for teaching undergraduate courses in any discipline , 2001 .