Past research in the usability of static analysis tools has focused on usability issues encountered by software developers, and the causes of those issues in analysis tools. We adopt a user-centered approach, to understand how developers use analysis tools, which decisions they make, what they look for when making those decisions, and the motivations behind their strategies.
Through a survey of 87 developers in industry, we report on the usage context and motivations of developers for using static analysis tools in practice, and explain how they motivate different usage strategies.
In another study, we focus on four static analysis tools and perform a heuristic walkthrough and a user study to identify recurring problems in the UIs of static analysis tools.
Those two studies allow us to derive new tool requirements that closely support software developers, and open novel avenues for further static-analysis research such as collaborative problem-solving for analysis warnings.
In a position paper, we discuss the application of those requirements to SWAN, a security-focused static-analysis tool for the Swift programming language.
Artifacts
- Developer survey:
- Heuristic walkthrough and user study:
- Evaluation guide.
- List of issues.
- Security tool interface dimensions.
- The user study questions and some anonymized answers are in the paper’s appendix.
Publications
- CACM 2022: Designing UIs for static analysis tools: evaluating tool design guidelines with SWAN (Daniil Tiganov, Lisa Nguyen Quang Do, Karim Ali).
- TSE 2022: Why do software developers use static analysis tools? A user-centered study of developer needs and motivations (Lisa Nguyen Quang Do, James R. Wright, Karim Ali).
- SOUPS 2020: Why can’t Johnny fix vulnerabilities: a usability evaluation of static analysis tools for security (Justin Smith, Lisa Nguyen Quang Do, Emerson Murphy-Hill).