Explaining Static Analysis - A Perspective
作者: Marcus Nachtigall , Lisa Nguyen Quang Do , Eric Bodden
关键词: Static analysis 、 Software 、 Source code 、 Software engineering 、 Computer science 、 Static program analysis 、 Program analysis 、 User experience design 、 Usability
摘要: Static code analysis is widely used to support the development of high-quality software. It helps developers detect potential bugs and security vulnerabilities in a program's source without executing it. While benefits static tools are beyond question, their usability often criticised prevents software from using its full potential. In past decade, researchers have studied developer needs contrasted them available tool functionalities. this paper, we summarize main design challenges for building usable tools, show that they revolve around notion explainability, which subarea usability. We present existing current research usability, detail how approach those challenges. This leads us proposing lines future work explainability analysis, namely turning into assistants teachers.
bodden.de参考文章(15)
Ondrej Lhotak, Eric Bodden, Patrick Lam, Laurie Hendren, The Soot framework for Java program analysis: a retrospective ,(2011)
Jing Xie, Bill Chu, Heather Richter Lipford, John T. Melton, ASIDE: IDE support for web application security annual computer security applications conference. pp. 267- 276 ,(2011) , 10.1145/2076732.2076770
Nathaniel Ayewah, William Pugh, A report on a survey and study of static analysis users Proceedings of the 2008 workshop on Defects in large software systems - DEFECTS '08. pp. 1- 5 ,(2008) , 10.1145/1390817.1390819
Ravi Mangal, Xin Zhang, Aditya V. Nori, Mayur Naik, A user-guided approach to program analysis foundations of software engineering. pp. 462- 473 ,(2015) , 10.1145/2786805.2786851
Zhongpeng Lin, E. James Whitehead, Caitlin Sadowski, Chris Lewis, Rong Ou, Xiaoyan Zhu, Does bug prediction support human developers? findings from a google case study international conference on software engineering. pp. 372- 381 ,(2013) , 10.5555/2486788.2486838
Steven Arzt, Siegfried Rasthofer, Christian Fritz, Eric Bodden, Alexandre Bartel, Jacques Klein, Yves Le Traon, Damien Octeau, Patrick McDaniel, FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps programming language design and implementation. ,vol. 49, pp. 259- 269 ,(2014) , 10.1145/2594291.2594299
Maria Christakis, Christian Bird, What developers want and need from program analysis: an empirical study automated software engineering. pp. 332- 343 ,(2016) , 10.1145/2970276.2970347
Lisa Nguyen Quang Do, Karim Ali, Benjamin Livshits, Eric Bodden, Justin Smith, Emerson Murphy-Hill, Just-in-time static analysis international symposium on software testing and analysis. pp. 307- 317 ,(2017) , 10.1145/3092703.3092705
Titus Barik, Yoonki Song, Brittany Johnson, Emerson Murphy-Hill, From Quick Fixes to Slow Fixes: Reimagining Static Analysis Resolutions to Enable Design Space Exploration international conference on software maintenance. pp. 211- 221 ,(2016) , 10.1109/ICSME.2016.63
Stefan Kruger, Sarah Nadi, Michael Reif, Karim Ali, Mira Mezini, Eric Bodden, Florian Gopfert, Felix Gunther, Christian Weinert, Daniel Demmler, Ram Kamath, CogniCrypt: supporting developers in using cryptography automated software engineering. pp. 931- 936 ,(2017) , 10.1109/ASE.2017.8115707