Code reviews have been conducted since decades in
software projects, with the aim of improving code quality from
many different points of view. During code reviews, developers are supported by checklists, coding standards and, possibly, by various kinds of static analysis tools. This paper investigates whether warnings highlighted by static analysis tools are taken care of during code reviews and, whether there are kinds of warnings that tend to be removed more than others. Results of a study conducted by mining the Gerrit repository of six Java open source projects indicate that the density of warnings only slightly vary after each review. The overall percentage of warnings removed during reviews is slightly higher than what previous studies found for the overall project evolution history. However, when looking (quantitatively and qualitatively) at specific categories of warnings, we found that during code reviews developers focus on certain kinds of problems. For such
categories of warnings the removal percentage tend to be very high—often above 50% and sometimes 100%. Examples of those are warnings in the imports, regular expression, and type resolution categories. In conclusion, while a broad warning detection might produce way too many false positives, enforcing the removal of certain warnings prior to the patch submission could reduce the
amount of effort provided during the code review process.
5. CODE REVIEWS
Why: concrete benefits…
Improved
Code
Quality
Fewer
defects
in
Code
Improved
Knowledge
Transfer
Education
of
Junior
Programmers
Benefits
“Expectations, Outcomes, and Challenges of Modern Code Review”
Alberto Bacchelli and Christian Bird - ICSE 2013
“Common Outcomes of Code Review”
6. CODE REVIEWS
What: types of peer code reviews?
Formal
Inspection
Process
Over
The
Shoulder
Reviews
Email
Pass
Around
Interviews
Tool
assisted
reviews
Pair
Programming
7. CODE REVIEWS
What: types of peer code reviews?
Over
The
Shoulder
Reviews
Email
Pass
Around
Interviews
Tool
assisted
reviews
Pair
Programming
“Modern code review is a
form of code inspection
which has the qualities of
being informal, tool-based
and frequent.”
“Expectations, Outcomes, and Challenges of Modern Code Review”
Alberto Bacchelli and Christian Bird - ICSE 2013
Formal
Inspection
Process
8. MODERN CODE REVIEWS
“Modern code review is a
form of code inspection
which has the qualities of
being informal, tool-based
and frequent.”
“Expectations, Outcomes, and Challenges of Modern Code Review”
Alberto Bacchelli and Christian Bird - ICSE 2013
17. MODERN CODE REVIEWS
(I)
Code Reviews
Management
(II)
Bugs/Issues
Detection
LIMITATION:
provide a too extensive list
of recommendations
18. Past Work
Kim et al. - FSE 2007
Only10%, of suggested
warnings are removed
by bug fix changes
19. To What Extend Static Analysis Tools Help
Developers During Code Reviews?
20. To What Extent Static Analysis Tools Help
Developers During Code Reviews?
Project History
21. To What Extent Static Analysis Tools Help
Developers During Code Reviews?
Project History
During Code Reviews
We argue that the Use of
Static AnalysisTools
Would be Highly Beneficial
During Code Reviews…
23. Goal: understanding how static analysis tools could
have helped in dealing with warnings developers solved
during code reviews.
Quality focus: reducing developers’ effort during the
code review task.
Perspective: develop tool to support the
configuration of static analysis tools towards warnings
that are considered relevant by developers.
CASE STUDY
24. RESEARCH QUESTIONS
RQ1: To what extent warnings detected by static
analysis tools are removed during code reviews?
RQ2: What kinds of warnings detected by static
analysis tool are mainly considered during code
reviews?