TU Darmstadt / ULB / TUbiblio

Just-in-Time Static Analysis

Do, Lisa Nguyen Quang and Ali, Karim and Livshits, Benjamin and Bodden, Eric and Smith, Justin and Murphy-Hill, Emerson (2017):
Just-in-Time Static Analysis.
In: Proceedings of ISSTA ’17, ACM, Santa Barbara, California, United States, ISBN 978-1-4503-5076-1,
DOI: 10.1145/3092703.3092705,
[Conference or Workshop Item]

Abstract

We present the concept of Just-In-Time (JIT) static analysis that interleaves code development and bug fixing in an integrated development environment. Unlike traditional batch-style analysis tools, a JIT analysis tool presents warnings to code developers over time, providing the most relevant results quickly, and computing less relevant results incrementally later. In this paper, we describe general guidelines for designing JIT analyses. We also present a general recipe for transforming static data-flow analyses to JIT analyses through a concept of layered analysis execution. We illustrate this transformation through Cheetah, a JIT taint analysis for Android applications. Our empirical evaluation of Cheetah on real-world applications shows that our approach returns warnings quickly enough to avoid disrupting the normal workflow of developers. This result is confirmed by our user study, in which developers fixed data leaks twice as fast when using Cheetah compared to an equivalent batch-style analysis.

Item Type: Conference or Workshop Item
Erschienen: 2017
Creators: Do, Lisa Nguyen Quang and Ali, Karim and Livshits, Benjamin and Bodden, Eric and Smith, Justin and Murphy-Hill, Emerson
Title: Just-in-Time Static Analysis
Language: English
Abstract:

We present the concept of Just-In-Time (JIT) static analysis that interleaves code development and bug fixing in an integrated development environment. Unlike traditional batch-style analysis tools, a JIT analysis tool presents warnings to code developers over time, providing the most relevant results quickly, and computing less relevant results incrementally later. In this paper, we describe general guidelines for designing JIT analyses. We also present a general recipe for transforming static data-flow analyses to JIT analyses through a concept of layered analysis execution. We illustrate this transformation through Cheetah, a JIT taint analysis for Android applications. Our empirical evaluation of Cheetah on real-world applications shows that our approach returns warnings quickly enough to avoid disrupting the normal workflow of developers. This result is confirmed by our user study, in which developers fixed data leaks twice as fast when using Cheetah compared to an equivalent batch-style analysis.

Title of Book: Proceedings of ISSTA ’17
Publisher: ACM
ISBN: 978-1-4503-5076-1
Uncontrolled Keywords: Static analysis, Just-in-Time, Layered analysis
Divisions: Profile Areas
Profile Areas > Cybersecurity (CYSEC)
Event Location: Santa Barbara, California, United States
Date Deposited: 07 Aug 2017 14:42
DOI: 10.1145/3092703.3092705
Identification Number: TUD-CS-2017-0216
Export:
Suche nach Titel in: TUfind oder in Google

Optionen (nur für Redakteure)

View Item View Item