Just-in-time static analysis

Lisa Nguyen Quang Do, Karim Ali, Benjamin Livshits, Eric Bodden, Justin Smith, Emerson Murphy-Hill

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

We present the concept of Just-In-Time (JIT) static analysis that interleaves code development and bug fixing in an integrated development environment. Unlike traditional batch-style analysis tools, a JIT analysis tool presents warnings to code developers over time, providing the most relevant results quickly, and computing less relevant results incrementally later. In this paper, we describe general guidelines for designing JIT analyses. We also present a general recipe for transforming static data-flow analyses to JIT analyses through a concept of layered analysis execution. We illustrate this transformation through Cheetah, a JIT taint analysis for Android applications. Our empirical evaluation of Cheetah on real-world applications shows that our approach returns warnings quickly enough to avoid disrupting the normal worklow of developers. This result is confirmed by our user study, in which developers fixed data leaks twice as fast when using Cheetah compared to an equivalent batch-style analysis.

Original languageEnglish (US)
Title of host publicationISSTA 2017 - Proceedings of the 26th ACM SIGSOFT International Symposium on Software Testing and Analysis
EditorsKoushik Sen, Tevfik Bultan
PublisherAssociation for Computing Machinery, Inc
Pages307-317
Number of pages11
ISBN (Electronic)9781450350761
DOIs
StatePublished - Jul 10 2017
Event26th ACM SIGSOFT International Symposium on Software Testing and Analysis, ISSTA 2017 - Santa Barbara, United States
Duration: Jul 10 2017Jul 14 2017

Publication series

NameISSTA 2017 - Proceedings of the 26th ACM SIGSOFT International Symposium on Software Testing and Analysis

Conference

Conference26th ACM SIGSOFT International Symposium on Software Testing and Analysis, ISSTA 2017
Country/TerritoryUnited States
CitySanta Barbara
Period7/10/177/14/17

Keywords

  • Just-in-Time
  • Layered analysis
  • Static analysis

ASJC Scopus subject areas

  • Computational Theory and Mathematics
  • Computer Science Applications
  • Software

Fingerprint

Dive into the research topics of 'Just-in-time static analysis'. Together they form a unique fingerprint.

Cite this