Toward a just-in-time static analysis: TUD-CS-2015-1167

AuthorNguyen Quang Do, Lisa; Ali, Karim; Bodden, Eric; Livshits, Benjamin
TypeReport, Electronic Publication
AbstractDespite years if not decades of research and development on static analysis tools, industrial adaption of much of this tooling remains spotty. Some of this is due to familiar shortcomings with the tooling itself: the effect of false positives on developer satisfaction is well known. However, in this paper, we argue that static-analysis results often run against some cognitive barriers. In other words, the developer is not able to grasp the results easily, leading to higher abandonment rates for analysis tools. In this paper, we propose to improve the current situation with the idea of Just-In-Time (JIT) analyses. In a JIT analysis, results are presented to the user in order of difficulty, starting with easy-to- fix warnings. These warnings are designed to gently train" the developer and prepare them for reasoning about and xing more complex bugs. The analysis itself is designed to operate in layers, so that the next layer of results is being computed while the previous one is being examined. The desired effect is that static-analysis results are available just-in-time, with the developer never needing to wait for them to be computed.
PublisherTU Darmstadt, Darmstadt