Explaining Static Analysis - A Perspective
Static code analysis is widely used to support the development of secure software. It helps developers detect potential bugs and security vulnerabilities in a program’s source code without executing it. While the potential benefits of static analysis tools are beyond question, their usability is often criticised and prevents software developers from using static analysis to its full potential. In the past decade, researchers have studied developer needs and opposed them to available static analysis tool functionalities. In this paper, we summarize the main design challenges for building usable static analysis tools, and show that they revolve around the notion of explainability. We present existing analysis tools and current research in static analysis usability, and detail how they approach those challenges. This leads us to proposing potential lines of future work in explainability for static analysis, namely turning static analysis tools into assistants and teachers.
Fri 15 NovDisplayed time zone: Tijuana, Baja California change
11:00 - 12:30 | Explainability and CodeEXPLAIN at Cortez 1B Chair(s): Ilias Gerostathopoulos Technical University of Munich | ||
11:00 30mTalk | Explaining Static Analysis - A Perspective EXPLAIN Marcus Nachtigall , Lisa Nguyen Quang Do Google, Eric Bodden Heinz Nixdorf Institut, Paderborn University and Fraunhofer IEM | ||
11:30 30mTalk | A Hybrid Editor for Fast Robot Mission Prototyping EXPLAIN | ||
12:00 30mTalk | Explaining Business Process Software with Fulib-Scenarios EXPLAIN Albert Zündorf Kassel University, Sebastian Copei Kassel University, Ira Diethelm Carl von Ossietzky Universität Oldenburg / University of Oldenburg, Claude Draude Kassel University, Adrian Kunz Kassel University, Ulrich Norbisrath University of Applied Sciences Upper Austria | ||