Source-Level Dataflow-Based Fixes: Experiences From Using Intraj and Magpiebridge
Static program analysis plays an essential role in software development and helps prevent bugs such as null pointer exceptions or security vulnerabilities. In this talk, we will discuss the static source-code analyser IntraJ, and its integration with one of the most used IDE, i.e., VSCode. IntraJ is built as an extension of the ExtendJ Java compiler. It superimposes the control-flow graph on top of the Abstract Syntax Tree, enabling the programmers to develop accurate (low false-positive rate) and efficient (competitive with existing static analysers, e.g., SonarQube) dataflow analyses. We used the MagpieBridge framework, which provides a level of abstraction on top of LSP, to export IntraJ’s functionality into a VSCode plug-in, unlocking new opportunities for an enhanced user experience, e.g., quick fixes. MagpieBridge drastically simplified the integration between our CLI utility and VSCode.
Tue 7 JunDisplayed time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change
13:30 - 15:00
|Source-Level Dataflow-Based Fixes: Experiences From Using Intraj and Magpiebridge|
Idriss Riouak Department of Computer Science, Lund University, SwedenFile Attached
|Property Probes: Source Code Based Exploration of Program Analysis Results|
Anton Risberg Alaküla Department of Computer Science, Lund University, SwedenFile Attached