Today's small and medium-sized enterprises (SMEs) in the software industryare faced with major challenges. While having to work efficiently using limitedresources they have to perform quality assurance on their code to avoid therisk of further effort for bug fixes or compensations. Automated staticanalysis can reduce this risk because it promises little effort for running ananalysis. We report on our experience in analysing five projects from and withSMEs by three different static analysis techniques: code clone detection, bugpattern detection and architecture conformance analysis. We found that theeffort that was needed to introduce those techniques was small (mostly belowone person-hour), that we can detect diverse defects in production code andthat the participating companies perceived the usefulness of the presentedtechniques as well as our analysis results high enough to include thetechniques in their quality assurance.
展开▼