Just-in-time static analysis
File(s)issta17 (1).pdf (1.43 MB)
Accepted version
Author(s)
Type
Conference Paper
Abstract
We present the concept of Just-In-Time (JIT) static analysis that interleaves code development and bug fixing in an integrated development environment. Unlike traditional batch-style analysis tools, a JIT analysis tool presents warnings to code developers over time, providing the most relevant results quickly, and computing less relevant results incrementally later. In this paper, we describe general guidelines for designing JIT analyses. We also present a general recipe for transforming static data-flow analyses to JIT analyses through a concept of layered analysis execution. We illustrate this transformation through CHEETAH, a JIT taint analysis for Android applications. Our empirical evaluation of CHEETAH on real-world applications shows that our approach returns warnings quickly enough to avoid disrupting the normal workflow of developers. This result is confirmed by our user study, in which developers fixed data leaks twice as fast when using CHEETAH compared to an equivalent batch-style analysis.
Date Issued
2017-07-10
Date Acceptance
2017-07-10
Citation
ISSTA 2017 Proceedings of the 26th ACM SIGSOFT International Symposium on Software Testing and Analysis, 2017
ISBN
9781450350761
Publisher
ACM
Journal / Book Title
ISSTA 2017 Proceedings of the 26th ACM SIGSOFT International Symposium on Software Testing and Analysis
Copyright Statement
© 2017 Copyright held by the owner/author(s). Publication rights licensed to ACM.
Source
26th ACM SIGSOFT International Symposium on Software Testing and Analysis
Subjects
Science & Technology
Technology
Computer Science, Software Engineering
Computer Science, Theory & Methods
Computer Science
Static analysis
Just-in-Time
Layered analysis
Start Date
2017-07-10
Finish Date
2017-07-14
Coverage Spatial
Santa Barbara, CA, USA
Date Publish Online
2017-07-10