Quantitative Assessment of the Impact of Automatic Static Analysis Issues on Time Efficiency

Background: Automatic Static Analysis (ASA) tools analyze source code and look for code patterns (aka smells) that might cause defective behavior or might degrade other dimensions of software quality, e.g. efficiency. There are many potentially negative code patterns, and ASA tools typically report a huge list of them even in small programs. Moreover, so far, little evidence is available about the negative impact on performance of code patterns identified by such tools. A consequence is that programmers cannot appreciate the benefits of ASA tools and tend not to include them in their workflow. Aims: Quantitatively assess the impact of issues signaled by ASA tools on time efficiency. Method: We select 20 issues and for each of them we set up two source code fragments: one containing the issue and the corresponding refactored version, functionally identical but without the issue. We set up three different platforms, isolated from network and other user programs, then we execute the code fragments, and measure the execution time of both code versions. Results: We find that eleven issues have an actual negative impact on performance. We also compute for each issue an estimation for the delay provoked by a single execution. Conclusions: We produce a set of issues with a verified negative impact on performance. They can be checked easily with an analysis tool and code can be refactored to obtain a provably more efficient code. We also provide the estimated delay cost of each issue in the environments where we conduct the tests. These results can be improved with the help of other researchers: repeating the tests in several platforms would make it possible to build up a wider benchmark

[1]  Alan Burns,et al.  Portable worst-case execution time analysis using Java Byte Code , 2000, Proceedings 12th Euromicro Conference on Real-Time Systems. Euromicro RTS 2000.

[2]  Michael D. Ernst,et al.  Prioritizing Warning Categories by Analyzing Software History , 2007, Fourth International Workshop on Mining Software Repositories (MSR'07:ICSE Workshops 2007).

[3]  Jakob Engblom,et al.  The worst-case execution-time problem—overview of methods and survey of tools , 2008, TECS.

[4]  Philip H. Ramsey Nonparametric Statistical Methods , 1974, Technometrics.

[5]  David Hardin Real-time objects on the bare metal: an efficient hardware realization of the Java/sup TM/ Virtual Machine , 2001, Fourth IEEE International Symposium on Object-Oriented Real-Time Distributed Computing. ISORC 2001.

[6]  Andy J. Wellings,et al.  Addressing dynamic dispatching issues in WCET analysis for object-oriented hard real-time systems , 2002, Proceedings Fifth IEEE International Symposium on Object-Oriented Real-Time Distributed Computing. ISIRC 2002.

[7]  Stefan Wagner,et al.  An Evaluation of Two Bug Pattern Tools for Java , 2008, 2008 1st International Conference on Software Testing, Verification, and Validation.

[8]  J. David Morgenthaler,et al.  Evaluating static analysis defect warnings on production software , 2007, PASTE '07.

[9]  David Hovemeyer,et al.  Finding bugs is easy , 2004, SIGP.

[10]  Douglas A. Wolfe,et al.  Nonparametric Statistical Methods , 1973 .

[11]  Michael D. Ernst,et al.  Which warnings should I fix first? , 2007, ESEC-FSE '07.

[12]  Iain Bate,et al.  Low-level analysis of a portable Java byte code WCET analysis framework , 2000, Proceedings Seventh International Conference on Real-Time Computing Systems and Applications.

[13]  Raymond Klefstad,et al.  A Survey of Worst-Case Execution Time Analysis for Real-Time Java , 2007, 2007 IEEE International Parallel and Distributed Processing Symposium.

[14]  Marco Torchiano,et al.  Assessing the precision of FindBugs by mining Java projects developed at a university , 2010, 2010 7th IEEE Working Conference on Mining Software Repositories (MSR 2010).

[15]  Jan Jürjens,et al.  Comparing Bug Finding Tools with Reviews and Tests , 2005, TestCom.

[16]  Iain Bate,et al.  Java virtual-machine support for portable worst-case execution-time analysis , 2002, Proceedings Fifth IEEE International Symposium on Object-Oriented Real-Time Distributed Computing. ISIRC 2002.

[17]  William Pugh,et al.  The Google FindBugs fixit , 2010, ISSTA '10.

[18]  Matthew Arnold,et al.  A Survey of Adaptive Optimization in Virtual Machines , 2005, Proceedings of the IEEE.