ABSTRACT
Code developers in industry frequently use static analysis tools to detect and fix software defects in their code. But what about defects in the static analyses themselves? While debugging application code is a difficult, time-consuming task, debugging a static analysis is even harder. We have surveyed 115 static analysis writers to determine what makes static analysis difficult to debug, and to identify which debugging features would be desirable for static analysis. Based on this information, we have created Visijflow, a debugging environment for static data-flow analysis. Visuflow is built as an Eclipse plugin, and supports analyses written on top of the program analysis framework Soot. The different components in Visuflow provide analysis writers with visualizations of the internal computations of the analysis, and actionable debugging features to support debugging static analyses. A video demo of Visuflow is available online: https://www.youtube.com/watch?v=BkEfBDwiuH4
- 2017. Apache License 2.0. https://www.apache.org/licenses/LICENSE-2.0. (2017).Google Scholar
- 2017. GraphStream. http://graphstream-project.org/. (2017).Google Scholar
- Eric Bodden. 2012. Inter-procedural data-flow analysis with IFDS/IDE and Soot. In International Workshop on State of the Art in Java Program Analysis (SOAP). 3--8. Google ScholarDigital Library
- Cristiano Calcagno and Dino Distefano. 2011. Infer: An Automatic Program Verifier for Memory Safety of C Programs. In NASA Formal Methods (NFM) (Lecture Notes in Computer Science), Vol. 6617. 459--465. Google ScholarDigital Library
- Tom Deering, Suresh Kothari, Jeremias Sauceda, and Jon Mathews. 2014. Atlas: A New Way to Explore Software, Build Analysis Tools (ICSE Companion 2014). ACM, New York, NY, USA, 588--591. Google ScholarDigital Library
- Yit Phang Khoo, Jeffrey S. Foster, Michael Hicks, and Vibha Sazawal. 2008. Path Projection for User-centered Static Analysis Tools (PASTE '08). ACM, New York, NY, USA, 57--63. Google ScholarDigital Library
- Andrew Jensen Ko and Brad A. Myers. 2004. Designing the whyline: a debugging interface for asking questions about program behavior. In CHI 2004, Vienna, Austria, April 24 -- 29, 2004. 151--158. Google ScholarDigital Library
- Bil Lewis. 2003. Debugging Backwards in Time. CoRR cs.SE/0310016 (2003). http://arxiv.org/abs/cs.SE/0310016Google Scholar
- Lisa Nguyen Quang Do, Karim Ali, Benjamin Livshits, Eric Bodden, Justin Smith, and Emerson Murphy-Hill. 2017. Just-in-time Static Analysis (ISSTA 2017). ACM, New York, NY, USA, 307--317. Google ScholarDigital Library
- Lisa Nguyen Quang Do, Stefan Krüger, Patrick Hill, Karim Ali, and Eric Bodden. 2017. VisuFlow. https://blogs.uni-paderborn.de/sse/tools/visuflow-debugging-static-analysis/. (2017).Google Scholar
- Lisa Nguyen Quang Do, Stefan Krüger, Patrick Hill, Karim Ali, and Eric Bodden. 2018. Debugging Static Analysis. Technical Report. arXiv:cs.SE/1801.04894Google Scholar
- Frederick F Reichheld. 2003. The one number you need to grow. Harvard Business Review 81, 12 (2003), 46--55.Google Scholar
- Haihao Shen, Jianhong Fang, and Jianjun Zhao. 2011. Efindbugs: Effective error ranking for findbugs. In International Conference on Software Testing, Verification and Validation (ICST). 299--308. Google ScholarDigital Library
- Raja Vallée-Rai, Etienne Gagnon, Laurie J. Hendren, Patrick Lam, Patrice Pominville, and Vijay Sundaresan. 2000. Optimizing Java Bytecode Using the Soot Framework: Is It Feasible?. In CC. 18--34. Google ScholarDigital Library
- Andreas Zeller and Ralf Hildebrandt. 2002. Simplifying and Isolating Failure-Inducing Input. IEEE Trans. Software Eng. 28, 2 (2002), 183--200. Google ScholarDigital Library
Index Terms
- VISUFLOW: a debugging environment for static analyses
Recommendations
A study on the use of IDE features for debugging
MSR '18: Proceedings of the 15th International Conference on Mining Software RepositoriesIntegrated development environments (IDEs) provide features to help developers both create and understand code. As maintenance and bug repair are time-consuming and costly activities, IDEs have long integrated debugging features to simplify these tasks. ...
Static flow-sensitive & context-sensitive information-flow analysis for software product lines: position paper
PLAS '12: Proceedings of the 7th Workshop on Programming Languages and Analysis for SecurityA software product line encodes a potentially large variety of software products as variants of some common code base, e.g., through the use of #ifdef statements or other forms of conditional compilation. Traditional information-flow analyses cannot ...
Studying the fix-time for bugs in large open source projects
Promise '11: Proceedings of the 7th International Conference on Predictive Models in Software EngineeringBackground: Bug fixing lies at the core of most software maintenance efforts. Most prior studies examine the effort needed to fix a bug (fix-effort). However, the effort needed to fix a bug may not correlate with the calendar time needed to fix it (fix-...
Comments