Static analysis evaluates software and flags silly mistakes, confusing code, bad practices and property violations. But developers are ultimately looking for incorrect behavior. In practice, organizations decide to heed some warnings and ignore others. My research is discovering what factors influence this judgement, identifying the bugs users care about, developing best practices, process and metrics, and helping to set the right expectations for static analysis tools. I learn from users through case studies, surveys and other ethnographic methods. I also investigate software artifacts by mining code repositories. Finally I am exploring new modes to enable users to express the bug patterns they would like to find with static analysis. More...
More: FindBugs
Ayewah and Pugh, "Using Checklists to Review Static Analysis Warnings", DEFECTS 2009 | doi
Ayewah and Pugh, "Learning from Defect Removals", MSR 2009 | doi
Ayewah et al., "Using Static Analysis to Find Bugs", IEEE Software, Sep 2008 | doi
Ayewah and Pugh, "A report on a survey and study of static analysis users", DEFECTS 2008 | doi
Unit testing small concurrent abstractions with MultithreadedTC | project page | google code | short paper (pdf)
Visualize the results of searching audio. For IBM Research | patent pending
Speech analysis and machine learning to identify spam voice messages. For Sipera Systems | patent pending
Interactive Visualization of proofs to verify a pipelined microprocessor | paper | Master's Thesis (pdf)
{ ayewah@cs.umd.edu }