Automatically Tailoring Static Analysis to Custom Usage Scenarios
This addresses a major hurdle in integrating static analyzers into the software-development life cycle for developers, though it is incremental as it builds on existing static analysis methods.
The paper tackles the problem of tuning static analyzer options for custom usage scenarios, such as specific code bases or resource constraints, by proposing an automatic technique implemented in the TAILOR framework, which shows that generated configurations are vastly better than defaults and remain tailored across code versions.
In recent years, there has been significant progress in the development and industrial adoption of static analyzers. Such analyzers typically provide a large, if not huge, number of configurable options controlling the precision and performance of the analysis. A major hurdle in integrating static analyzers in the software-development life cycle is tuning their options to custom usage scenarios, such as a particular code base or certain resource constraints. In this paper, we propose a technique that automatically tailors a static analyzer, specifically an abstract interpreter, to the code under analysis and any given resource constraints. We implement this technique in a framework called TAILOR, which we use to perform an extensive evaluation on real-world benchmarks. Our experiments show that the configurations generated by TAILOR are vastly better than the default analysis options, vary significantly depending on the code under analysis, and most remain tailored to several subsequent code versions.