Software engineer

Explaining static analysis – a perspective

Marcus Nachtigall, Lisa Nguyen Quang Do, Eric Bodden

[pdf][proceedings]

Static code analysis is widely used to support the development of high-quality software. It helps developers detect potential bugs and security vulnerabilities in a program’s source code without executing it. While the potential benefits of static analysis tools are beyond question, their usability is often criticised and prevents software developers from using static analysis to its full potential. In the past decade, researchers have studied developer needs and contrasted them to available static analysis tool functionalities. In this paper, we summarize the main design challenges for building usable static analysis tools, and show that they revolve around the notion of explainability, which is a subarea of usability. We present existing analysis tools and current research in static analysis usability, and detail how they approach those challenges. This leads us to proposing potential lines of future work in explainability for static analysis, namely turning static analysis tools into assistants and teachers.

@INPROCEEDINGS {8967437,
  author = {M. Nachtigall and L. Nguyen Quang Do and E. Bodden},
  booktitle = {2019 34th IEEE/ACM International Conference on Automated Software Engineering Workshop (ASEW)},
  title = {Explaining Static Analysis - A Perspective},
  year = {2019},
  volume = {},
  issn = {2151-0830},
  pages = {29-32},
  keywords = {},
  doi = {10.1109/ASEW.2019.00023},
  url = {https://doi.ieeecomputersociety.org/10.1109/ASEW.2019.00023},
  publisher = {IEEE Computer Society},
  address = {Los Alamitos, CA, USA},
  month = {nov}
}