VisuFlow: A Debugging Environment for Static Analyses

Code developers in industry frequently use static analysis tools to detect and fix software defects in their code. But what about defects in the static analyses themselves? While debugging application code is a difficult, time-consuming task, debugging a static analysis is even harder. We have surveyed 115 static analysis writers to determine what makes static analysis difficult to debug, and to identify which debugging features would be desirable for static analysis. Based on this information, we have created VisuFlow, a debugging environment for static data-flow analysis. VisuFlow is built as an Eclipse plugin, and supports analyses written on top of the program analysis framework Soot. The different components in VisuFlow provide analysis writers with visualizations of the internal computations of the analysis, and actionable debugging features to support debugging static analyses. A video demo of Visuflow is available online: https://www.youtube.com/watch?v=BkEfBDwiuH4

[1]  Eric Bodden,et al.  Debugging Static Analysis , 2020, IEEE Transactions on Software Engineering.

[2]  Andreas Zeller,et al.  Simplifying and Isolating Failure-Inducing Input , 2002, IEEE Trans. Software Eng..

[3]  Bil Lewis,et al.  Debugging Backwards in Time , 2003, ArXiv.

[4]  Cristiano Calcagno,et al.  Infer: An Automatic Program Verifier for Memory Safety of C Programs , 2011, NASA Formal Methods.

[5]  Suresh Kothari,et al.  Atlas: a new way to explore software, build analysis tools , 2014, ICSE Companion.

[6]  Brad A. Myers,et al.  Designing the whyline: a debugging interface for asking questions about program behavior , 2004, CHI.

[7]  Vibha Sazawal,et al.  Path projection for user-centered static analysis tools , 2008, PASTE '08.

[8]  F. Reichheld The one number you need to grow. , 2003, Harvard business review.

[9]  Jianjun Zhao,et al.  EFindBugs: Effective Error Ranking for FindBugs , 2011, 2011 Fourth IEEE International Conference on Software Testing, Verification and Validation.

[10]  Benjamin Livshits,et al.  Just-in-time static analysis , 2016, ISSTA.

[11]  Laurie J. Hendren,et al.  Optimizing Java Bytecode Using the Soot Framework: Is It Feasible? , 2000, CC.

[12]  Eric Bodden,et al.  Inter-procedural data-flow analysis with IFDS/IDE and Soot , 2012, SOAP '12.

[13]  Roderick M. Kramer Caída desde las alturas , 2003 .