TUTCRIS - Tampereen teknillinen yliopisto

TUTCRIS

Some SonarQube issues have a significant but small effect on faults and changes. A large-scale empirical study

Tutkimustuotosvertaisarvioitu

Standard

Some SonarQube issues have a significant but small effect on faults and changes. A large-scale empirical study. / Lenarduzzi, Valentina; Saarimäki, Nyyti; Taibi, Davide.

julkaisussa: Journal of Systems and Software, Vuosikerta 170, 110750, 12.2020.

Tutkimustuotosvertaisarvioitu

Harvard

APA

Vancouver

Author

Bibtex - Lataa

@article{a0eeb4e148c34f29a038123b77de6665,
title = "Some SonarQube issues have a significant but small effect on faults and changes. A large-scale empirical study",
abstract = "Context: Companies frequently invest effort to remove technical issues believed to impact software qualities, such as removing anti-patterns or coding styles violations. Objective: We aim to analyze the diffuseness of SonarQube issues in software systems and to assess their impact on code changes and fault-proneness, considering also their different types and severities. Methods: We conducted a case study among 33 Java projects from the Apache Software Foundation repository. Results: We analyzed 726 commits containing 27K faults and 12M changes in Java files. The projects violated 173 SonarQube rules generating more than 95K SonarQube issues in more than 200K classes. Classes not affected by SonarQube issues are less change-prone than affected ones, but the difference between the groups is small. Non-affected classes are slightly more change-prone than classes affected by SonarQube issues of type Code Smell or Security Vulnerability. As for fault-proneness, there is no difference between non-affected and affected classes. Moreover, we found incongruities in the type and severity assigned by SonarQube. Conclusion: Our result can be useful for practitioners to understand which SonarQube issues should be refactored and for researchers to bridge the missing gaps. Moreover, results can also support companies and tool vendors in identifying SonarQube issues as accurately as possible.",
keywords = "Change-proneness, Empirical study, Fault-proneness, SonarQube",
author = "Valentina Lenarduzzi and Nyyti Saarim{\"a}ki and Davide Taibi",
note = "EXT={"}Lenarduzzi, Valentina{"}",
year = "2020",
month = "12",
doi = "10.1016/j.jss.2020.110750",
language = "English",
volume = "170",
journal = "Journal of Systems and Software",
issn = "0164-1212",
publisher = "Elsevier",

}

RIS (suitable for import to EndNote) - Lataa

TY - JOUR

T1 - Some SonarQube issues have a significant but small effect on faults and changes. A large-scale empirical study

AU - Lenarduzzi, Valentina

AU - Saarimäki, Nyyti

AU - Taibi, Davide

N1 - EXT="Lenarduzzi, Valentina"

PY - 2020/12

Y1 - 2020/12

N2 - Context: Companies frequently invest effort to remove technical issues believed to impact software qualities, such as removing anti-patterns or coding styles violations. Objective: We aim to analyze the diffuseness of SonarQube issues in software systems and to assess their impact on code changes and fault-proneness, considering also their different types and severities. Methods: We conducted a case study among 33 Java projects from the Apache Software Foundation repository. Results: We analyzed 726 commits containing 27K faults and 12M changes in Java files. The projects violated 173 SonarQube rules generating more than 95K SonarQube issues in more than 200K classes. Classes not affected by SonarQube issues are less change-prone than affected ones, but the difference between the groups is small. Non-affected classes are slightly more change-prone than classes affected by SonarQube issues of type Code Smell or Security Vulnerability. As for fault-proneness, there is no difference between non-affected and affected classes. Moreover, we found incongruities in the type and severity assigned by SonarQube. Conclusion: Our result can be useful for practitioners to understand which SonarQube issues should be refactored and for researchers to bridge the missing gaps. Moreover, results can also support companies and tool vendors in identifying SonarQube issues as accurately as possible.

AB - Context: Companies frequently invest effort to remove technical issues believed to impact software qualities, such as removing anti-patterns or coding styles violations. Objective: We aim to analyze the diffuseness of SonarQube issues in software systems and to assess their impact on code changes and fault-proneness, considering also their different types and severities. Methods: We conducted a case study among 33 Java projects from the Apache Software Foundation repository. Results: We analyzed 726 commits containing 27K faults and 12M changes in Java files. The projects violated 173 SonarQube rules generating more than 95K SonarQube issues in more than 200K classes. Classes not affected by SonarQube issues are less change-prone than affected ones, but the difference between the groups is small. Non-affected classes are slightly more change-prone than classes affected by SonarQube issues of type Code Smell or Security Vulnerability. As for fault-proneness, there is no difference between non-affected and affected classes. Moreover, we found incongruities in the type and severity assigned by SonarQube. Conclusion: Our result can be useful for practitioners to understand which SonarQube issues should be refactored and for researchers to bridge the missing gaps. Moreover, results can also support companies and tool vendors in identifying SonarQube issues as accurately as possible.

KW - Change-proneness

KW - Empirical study

KW - Fault-proneness

KW - SonarQube

U2 - 10.1016/j.jss.2020.110750

DO - 10.1016/j.jss.2020.110750

M3 - Article

VL - 170

JO - Journal of Systems and Software

JF - Journal of Systems and Software

SN - 0164-1212

M1 - 110750

ER -