Toward a Just-in-Time Static Analysis
作者: Eric Bodden , Benjamin Livshits , Lisa Nguyen Quang Do , Karim Ali
DOI:
关键词:
摘要: Despite years if not decades of research and development on static analysis tools, industrial adaption much this tooling remains spotty. Some is due to familiar shortcomings with the itself: effect false positives developer satisfaction well known. However, in paper, we argue that static-analysis results often run against some cognitive barriers. In other words, able grasp easily, leading higher abandonment rates for tools. propose improve current situation idea Just-In-Time (JIT) analyses. a JIT analysis, are presented user order difficulty, starting easy-to-fix warnings. These warnings designed gently “train” prepare them reasoning about fixing more complex bugs. The itself operate layers, so next layer being computed while previous one examined. desired available just-in-time, never needing wait be computed.
tu-darmstadt.de参考文章(7)
Karim Ali, Ondřej Lhoták, Application-Only Call Graph Construction ECOOP 2012 – Object-Oriented Programming. pp. 688- 712 ,(2012) , 10.1007/978-3-642-31057-7_30
Shundan Xiao, Jim Witschey, Emerson Murphy-Hill, Social influences on secure development tool adoption: why security tools spread conference on computer supported cooperative work. pp. 1095- 1106 ,(2014) , 10.1145/2531602.2531722
Cristina Cifuentes, Nathan Keynes, Lian Li, Nathan Hawes, Manuel Valdiviezo, Transitioning Parfait into a Development Tool ieee symposium on security and privacy. ,vol. 10, pp. 16- 23 ,(2012) , 10.1109/MSP.2012.30
Cristina Cifuentes, Parfait - A Scalable Bug Checker for C Code source code analysis and manipulation. pp. 263- 264 ,(2008) , 10.1109/SCAM.2008.21
Robert Bowdidge, Brittany Johnson, Yoonki Song, Emerson Murphy-Hill, Why don't software developers use static analysis tools to find bugs? international conference on software engineering. pp. 672- 681 ,(2013) , 10.5555/2486788.2486877
Nathaniel Ayewah, William Pugh, The Google FindBugs fixit international symposium on software testing and analysis. pp. 241- 252 ,(2010) , 10.1145/1831708.1831738
Zhongpeng Lin, E. James Whitehead, Caitlin Sadowski, Chris Lewis, Rong Ou, Xiaoyan Zhu, Does bug prediction support human developers? findings from a google case study international conference on software engineering. pp. 372- 381 ,(2013) , 10.5555/2486788.2486838