On Limitations of Modern Static Analysis Tools

被引：2

作者：

Walker, Andrew ^{[1
]}

Coffey, Michael ^{[1
]}

Tisnovsky, Pavel ^{[2
]}

Cerny, Tomas ^{[1
]}

机构：

[1] Baylor Univ, Comp Sci, Waco, TX 76798 USA

[2] Red Hat Czech, FBC Purkyova 99, Brno 61200, Czech Republic

来源：

INFORMATION SCIENCE AND APPLICATIONS | 2020年 / 621卷

基金：

美国国家科学基金会;

关键词：

Static; Analysis; Multi-repository; Automation;

D O I：

10.1007/978-981-15-1465-4_57

中图分类号：

TP39 [计算机的应用];

学科分类号：

081203 ; 0835 ;

摘要：

Static analysis is one of the most important tools for developers in the modern software industry. However, due to limitations by current tools, many developers opt out of using static analysis in their development process. Some of these limitations include the lack of a concise, coherent overview, missing support for multiple repository applications and multiple languages and lastly a lack of standardized integration mechanisms for third-party frameworks. We propose an evaluation metric for static analysis tools and offer a comparison of many common static analysis tools. To demonstrate the goal of our metric we introduce the Fabric8-Analytics Quality Assurance Tool as a benchmark of a tool which successfully passes our evaluation metric. We demonstrate usage of this tool via a case study on the Fabric8-Analytics Framework, a framework for finding vulnerabilities in application dependencies. We issue a challenge to developers of modern static analysis tools to make their tools more usable and appealing to developers.

引用

页码：577 / 586

页数：10

共 50 条

[1] The Impact of Modern Graphics Tools on Science, and their Limitations.
Etienne, F.
INTERNATIONAL JOURNAL OF MODERN PHYSICS C, 1991, 2 (01): : 58 - 65
[2] Analysis of the Tools for Static Code Analysis
Nikolic, Danilo
Stefanovic, Darko
Dakic, Dusanka
Sladojevic, Srdan
Ristic, Sonja
2021 20TH INTERNATIONAL SYMPOSIUM INFOTEH-JAHORINA (INFOTEH), 2020,
[3] Modern analysis, old tools
Stark, J
AVIATION WEEK & SPACE TECHNOLOGY, 2003, 158 (25): : 7 - 7
[4] Comparison of Static Code Analysis Tools
Mantere, Matti
Uusitalo, Ilkka
Roning, Juha
2009 THIRD INTERNATIONAL CONFERENCE ON EMERGING SECURITY INFORMATION, SYSTEMS, AND TECHNOLOGIES, 2009, : 15 - +
[5] Quantitative Evaluation of Static Analysis Tools
Shiraishi, Shin'ichi
Mohan, Veena
Marimuthu, Hemalatha
2014 IEEE INTERNATIONAL SYMPOSIUM ON SOFTWARE RELIABILITY ENGINEERING WORKSHOPS (ISSREW), 2014, : 96 - 99
[6] Designing UIs for Static Analysis Tools
Tiganov D.
Nguyen Quang Do L.
Ali K.
Queue, 2021, 19 (04): : 97 - 118
[7] On Implementational Variations in Static Analysis Tools
Muske, Tukaram
Bokil, Prasad
2015 22ND INTERNATIONAL CONFERENCE ON SOFTWARE ANALYSIS, EVOLUTION, AND REENGINEERING (SANER), 2015, : 512 - 515
[8] Static analysis: A survey of techniques and tools
Gosain, Anjana
Sharma, Ganga
Advances in Intelligent Systems and Computing, 2015, 343 : 581 - 591
[9] Demonstration of COSAK static analysis tools
DaCosta, D
Dahn, C
Mancoridis, S
Prevelakis, V
DARPA INFORMATION SURVIVABILITY CONFERENCE AND EXPOSITION, VOL II, PROCEEDINGS, 2003, : 7 - 9
[10] Modern Static Analysis of Obfuscated Code
Wagner, Rusty
SPRO'19: PROCEEDINGS OF THE 3RD ACM WORKSHOP ON SOFTWARE PROTECTION, 2019, : 1 - 1

← 1 2 3 4 5 →