ECOOP 2020
Mon 13 - Fri 17 July 2020 Berlin, Germany

Numerous program analyses have been presented at research conferences over the years, typically with detailed analysis using appropriate specific metrics to show that the new analysis improves results compared to previous approaches. While such evaluation shows the new analysis improves analysis per se, it is not always entirely clear how much impact these improvements would have on an overall system of which the analysis is one component. Our focus, in particular, is on one especially challenging aspect of this: programming tools and understanding how much new analysis improves the information displayed by a tool. In this case, creating the needed tools is a challenge since it requires mastering the workflows and idioms of IDE tools and integrating the analysis code into the IDE. While most IDE tools have plugin architectures to make this process more manageable, even plugins often require significant expertise and programming. Worse yet, there is much diversity in IDE tools, and nothing that can be considered dominant except in certain niches, e.g. Xcode for iOS and AndroidStudio for Android. On the one hand, it does not seem reasonable to expect analysis experts to expend the effort to master and use diverse IDE ecosystems; on the other hand, it would be nice to be able to evaluate new analysis work in the context of IDE usage.

The recent MagpieBridge system provides a potential way out of this dilema; MagpieBridge provides a way to connect arbitrary program analyses to most popular IDE tools, in particular any that support the Language Server Protocol. Experiments with MagpieBridge (published at ECOOP 2019) have shown its ability to integrate several existing analyses into many IDE tools with minimal effort. These analyses include FlowDroid, CogniCrypt and Ariadne, and similar analyses. These analyses span multiple languages—Java, JavaScript, Python—multiple domains—privacy, cryptography, data science—multiple analysis frameworks—WALA and Soot—and have been shown in many IDE tools—Eclipse, Visual Studio Code, IntelliJ—and editors—Sublime Text, Microsoft Monaco. The analyses have been integrated into all these tools using MagpieBridge with glue code comprising a couple of hundred lines of code in total that provides rich information such as highlighting program traces and enabling quick fixes. Thus, MagpieBridge could allow numerous analyses to easily render their results in many IDE tools to provide a new form of evaluation. If such evaluation became standard where appropriate, it could greatly accelerate the process of incorporating novel analyses into existing tools.

The purpose of this workshop would be to assess how amenable work appearing at recent conferences is to being incorporated into modern IDE tools, and to actually incorporate at least some of the work to the extent possible. To facilitate this process, we propose a hack-a-thon style workshop in which the creators of novel analyses would work with the creators of MagpieBridge to create IDE integrations of their results and show it in a range of IDE tools. We hope that the ease of IDE integration that MagpieBridge has enabled in out work so far will encourage others to assess, as part of their analysis work, how easily it can also be included in an IDE. To provide a demonstration, we propose to invite the authors of relevant papers to submit their accepted papers to PRIDE, and work with the MagpieBridge authors at PRIDE to integrate their work into IDE tools. To highlight any successful IDE integration of papers, we propose that such integrations be shown at the poster session.

Call for Papers