We present the concept of Just-In-Time (JIT) static analysis that interleaves code development and bug fixing in an integrated development environment. Unlike traditional batch-style analysis tools, a JIT analysis tool presents warnings to code developers over time, providing the most relevant results quickly, and computing less relevant results incrementally later. In this paper, we describe general guidelines for designing JIT analyses. We also present a general recipe for transforming static data-flow analyses to JIT analyses through a concept of layered analysis execution. We illustrate this transformation through CHEETAH, a JIT taint analysis for Android applications. Our empirical evaluation of CHEETAH on real-world applications shows that our approach returns warnings quickly enough to avoid disrupting the normal workflow of developers. This result is confirmed by our user study, in which developers fixed data leaks twice as fast when using CHEETAH compared to an equivalent batch-style analysis.
Wed 12 JulDisplayed time zone: Tijuana, Baja California change
15:30 - 17:10 | Static AnalysisTechnical Papers at Bren 1414 Chair(s): William G.J. Halfond University of Southern California | ||
15:30 25mTalk | Just-in-Time Static Analysis Technical Papers Lisa Nguyen Quang Do Fraunhofer IEM, Karim Ali University of Alberta, Benjamin Livshits Imperial College London, UK, Eric Bodden Heinz Nixdorf Institut, Paderborn University and Fraunhofer IEM, Justin Smith North Carolina State University, Emerson Murphy-Hill North Carolina State University DOI | ||
15:55 25mTalk | Refining Interprocedural Change-Impact Analysis using Equivalence Relations Technical Papers Alex Gyori University of Illinois at Urbana-Champaign, USA, Shuvendu Lahiri Microsoft Research, Nimrod Partush Technion DOI | ||
16:20 25mTalk | Boosting the Precision of Virtual Call Integrity Protection with Partial Pointer Analysis for C++ Technical Papers Xiaokang Fan , Yulei Sui , Liao Xiangke National University of Defense Technology, China, Jingling Xue UNSW Australia DOI | ||
16:45 25mTalk | Lightweight Detection of Physical Unit Inconsistencies without Program Annotations Technical Papers John-Paul Ore University of Nebraska-Lincoln, USA, Sebastian Elbaum University of Nebraska-Lincoln, USA, Carrick Detweiler University of Nebraska-Lincoln, USA DOI | ||