TY - GEN
T1 - Just-in-time static analysis
AU - Do, Lisa Nguyen Quang
AU - Ali, Karim
AU - Livshits, Benjamin
AU - Bodden, Eric
AU - Smith, Justin
AU - Murphy-Hill, Emerson
N1 - Publisher Copyright:
© 2017 Association for Computing Machinery.
PY - 2017/7/10
Y1 - 2017/7/10
N2 - We present the concept of Just-In-Time (JIT) static analysis that interleaves code development and bug fixing in an integrated development environment. Unlike traditional batch-style analysis tools, a JIT analysis tool presents warnings to code developers over time, providing the most relevant results quickly, and computing less relevant results incrementally later. In this paper, we describe general guidelines for designing JIT analyses. We also present a general recipe for transforming static data-flow analyses to JIT analyses through a concept of layered analysis execution. We illustrate this transformation through Cheetah, a JIT taint analysis for Android applications. Our empirical evaluation of Cheetah on real-world applications shows that our approach returns warnings quickly enough to avoid disrupting the normal worklow of developers. This result is confirmed by our user study, in which developers fixed data leaks twice as fast when using Cheetah compared to an equivalent batch-style analysis.
AB - We present the concept of Just-In-Time (JIT) static analysis that interleaves code development and bug fixing in an integrated development environment. Unlike traditional batch-style analysis tools, a JIT analysis tool presents warnings to code developers over time, providing the most relevant results quickly, and computing less relevant results incrementally later. In this paper, we describe general guidelines for designing JIT analyses. We also present a general recipe for transforming static data-flow analyses to JIT analyses through a concept of layered analysis execution. We illustrate this transformation through Cheetah, a JIT taint analysis for Android applications. Our empirical evaluation of Cheetah on real-world applications shows that our approach returns warnings quickly enough to avoid disrupting the normal worklow of developers. This result is confirmed by our user study, in which developers fixed data leaks twice as fast when using Cheetah compared to an equivalent batch-style analysis.
KW - Just-in-Time
KW - Layered analysis
KW - Static analysis
UR - http://www.scopus.com/inward/record.url?scp=85026641935&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85026641935&partnerID=8YFLogxK
U2 - 10.1145/3092703.3092705
DO - 10.1145/3092703.3092705
M3 - Conference contribution
AN - SCOPUS:85026641935
T3 - ISSTA 2017 - Proceedings of the 26th ACM SIGSOFT International Symposium on Software Testing and Analysis
SP - 307
EP - 317
BT - ISSTA 2017 - Proceedings of the 26th ACM SIGSOFT International Symposium on Software Testing and Analysis
A2 - Sen, Koushik
A2 - Bultan, Tevfik
PB - Association for Computing Machinery, Inc
T2 - 26th ACM SIGSOFT International Symposium on Software Testing and Analysis, ISSTA 2017
Y2 - 10 July 2017 through 14 July 2017
ER -