The Just-in-Time analysis concept aims at making static analysis more usable to the end user, often the code developer. It allows analysis writers to encode prioritization properties into the analysis. At runtime, certain paths are analyzed before others, allowing important results to be returned first. CHEETAH is an implementation of the Just-in-Time analysis concept for taint analysis for Android applications. It is integrated in the Eclipse IDE as a plugin.

Artefacts:

• Source code of CHEETAH: https://github.com/secure-software-engineering/cheetah
• Video demonstration: https://www.youtube.com/watch?v=AMq9sFo7gjc
• User study documents: https://blogs.uni-paderborn.de/sse/files/2016/08/JITA_UserStudy.pdf
  • Survey template, participants’ responses, interview protocol.

Publications:

• ISSTA 2017: Just-in-Time Static Analysis (Lisa Nguyen Quang Do, Karim Ali, Benjamin Livshits, Eric Bodden, Justin Smith, and Emerson Murphy-Hill).
  Awarded: Distinguished Paper Award, Artifact Evaluation Award.
• ICSE 2017 Demonstration: Cheetah: Just-in-Time Taint Analysis for Android Apps (Lisa Nguyen Quang Do, Karim Ali, Benjamin Livshits, Eric Bodden, Justin Smith, and Emerson Murphy-Hill).
• Technical Report: Just-in-Time Static Analysis (Lisa Nguyen Quang Do, Karim Ali, Benjamin Livshits, Eric Bodden, Justin Smith, and Emerson Murphy-Hill).
• Technical Report: Toward a Just-In-Time Static Analysis (Lisa Nguyen Quang Do, Karim Ali, Eric Bodden, and Benjamin Livshits).