Tampere University of Technology

TUTCRIS Research Portal

Some SonarQube issues have a significant but small effect on faults and changes. A large-scale empirical study

Research output: Contribution to journalArticleScientificpeer-review

Details

Original languageEnglish
Article number110750
Number of pages15
JournalJournal of Systems and Software
Volume170
DOIs
Publication statusPublished - Dec 2020
Publication typeA1 Journal article-refereed

Abstract

Context: Companies frequently invest effort to remove technical issues believed to impact software qualities, such as removing anti-patterns or coding styles violations. Objective: We aim to analyze the diffuseness of SonarQube issues in software systems and to assess their impact on code changes and fault-proneness, considering also their different types and severities. Methods: We conducted a case study among 33 Java projects from the Apache Software Foundation repository. Results: We analyzed 726 commits containing 27K faults and 12M changes in Java files. The projects violated 173 SonarQube rules generating more than 95K SonarQube issues in more than 200K classes. Classes not affected by SonarQube issues are less change-prone than affected ones, but the difference between the groups is small. Non-affected classes are slightly more change-prone than classes affected by SonarQube issues of type Code Smell or Security Vulnerability. As for fault-proneness, there is no difference between non-affected and affected classes. Moreover, we found incongruities in the type and severity assigned by SonarQube. Conclusion: Our result can be useful for practitioners to understand which SonarQube issues should be refactored and for researchers to bridge the missing gaps. Moreover, results can also support companies and tool vendors in identifying SonarQube issues as accurately as possible.

Keywords

  • Change-proneness, Empirical study, Fault-proneness, SonarQube

Publication forum classification

Field of science, Statistics Finland