Konferenzbeitrag
Explainable Static Analysis
Lade...
Volltext URI
Dokumententyp
Text/Conference Paper
Dateien
Zusatzinformation
Datum
2018
Autor:innen
Zeitschriftentitel
ISSN der Zeitschrift
Bandtitel
Verlag
Gesellschaft für Informatik
Zusammenfassung
Static code analysis is an important tool that aids in the early detection of programming mistakes, including functional aws, performance bottlenecks and security vulnerabilities. Past research in static analysis has mainly focused on the precise and e cient detection of programming mistakes, allowing new analyses to return more accurate results in a shorter time. However, end-user experience in industry has shown high abandonment rates for static analysis tools. Previous work has shown that current analysis tools are ill-adapted to meet the needs of their users, taking a long time to yield results and causing warnings to be frequently misinterpreted. This can quickly make the overall bene t of static analyses deteriorate. In this work, we argue for the need of developing a line of research on aiding users of static analysis tools, e.g., code developers, to better understand the findings reported by those tools. We outline how we plan to address this problem space by a novel line of research that ultimately seeks to change static analysis tools from being tools for static analysis experts to tools that can be mastered by general code developers. To achieve this goal, we plan to develop novel techniques for formulating, inspecting and debugging static analyses and the rule sets they validate programs against.