On the Benefit of Automated Static Analysis for Small and Medium-Sized Software Enterprises

TL;DR

This paper demonstrates that automated static analysis techniques are highly beneficial for small and medium-sized software enterprises, providing effective quality assurance with minimal effort and high perceived usefulness.

Contribution

It presents practical evidence that static analysis can be easily integrated into SME workflows, detecting defects and improving quality assurance.

Findings

Effort to implement static analysis was mostly below one person-hour.

Detected diverse defects in production code.

Participating companies valued the analysis results highly.

Abstract

Today's small and medium-sized enterprises (SMEs) in the software industry are faced with major challenges. While having to work efficiently using limited resources they have to perform quality assurance on their code to avoid the risk of further effort for bug fixes or compensations. Automated static analysis can reduce this risk because it promises little effort for running an analysis. We report on our experience in analysing five projects from and with SMEs by three different static analysis techniques: code clone detection, bug pattern detection and architecture conformance analysis. We found that the effort that was needed to introduce those techniques was small (mostly below one person-hour), that we can detect diverse defects in production code and that the participating companies perceived the usefulness of the presented techniques as well as our analysis results high enough to include the techniques in their quality assurance.