Abstract
For a static analysis project to succeed, developers must feel they benefit from and enjoy using it.
- Aftandilian, E., Sauciuc, R., Priya, S., and Krishnan, S. Building useful program analysis tools using an extensible compiler. In Proceedings of the International Working Conference on Source Code Analysis and Manipulation (Riva del Garda, Italy, Sept. 23--24). IEEE Computer Society Press, 2012, 14--23. Google ScholarDigital Library
- Ayewah, N., Hovemeyer, D., Morgenthaler, J.D., Penix, J., and Pugh, W. Using static analysis to find bugs. IEEE Software 25, 5 (Sept.-Oct. 2008), 22--29. Google ScholarDigital Library
- Ayewah, N. and Pugh, W. The Google FindBugs fixit. In Proceedings of the International Symposium on Software Testing and Analysis (Trento, Italy, July 12--16). ACM Press, New York, 2010. Google ScholarDigital Library
- Ball, T., Bounimova, E., Cook, B., Levin, V., Lichtenberg, J., McGarvey, C., Ondrusek, B., Rajamani, S.K., and Ustuner, A. Thorough static analysis of device drivers ACM SIGOPS Operating Systems Review 40, 4 (Oct. 2006), 73--85. Google ScholarDigital Library
- Bazel; http://www.bazel.ioGoogle Scholar
- Bessey, A., Block, K., Chelf, B., Chou, A., Fulton, B., Hallem, S., Henri-Gros, C., Kamsky, A., McPeak, S., and Engler, D. A few billion lines of code later. Commun. ACM 53, 2 (Feb. 2010), 66--75. Google ScholarDigital Library
- Calcagno, C., Distefano, D., Dubreil, J., Gabi, D., Hooimeijer, P., Luca, M., O'Hearn, P.W., Papakonstantinou, I., Purbrick, J., and Rodriguez, D. Moving fast with software verification. In Proceedings of the NASA Formal Method Symposium (Pasadena, CA, Apr. 27--29). Springer, 2015.Google ScholarCross Ref
- Chambers, C., Raniwala, A., Perry, F., Adams, S., Henry, R., Bradshaw, R., and Weizenbaum, N. FlumeJava: Easy, efficient data-parallel pipelines. In Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation (Toronto, Canada, June 5--10). ACM Press, New York, 2010. Google ScholarDigital Library
- The Checker Framework; https://checkerframework.orgGoogle Scholar
- Checkstyle Java Linter; http://checkstyle.sourceforge.net/Google Scholar
- Clang Thread Safety Analysis; http://clang.llvm.org/docs/ThreadSafetyAnalysis.htmlGoogle Scholar
- ClangTidy; http://clang.llvm.org/extra/clang-tidy.htmlGoogle Scholar
- Cousot, P., Cousot, R., Feret, J., Mauborgne, L., Miné, A., Monniaux, D., and Rival, X. The ASTRÉE analyzer. In Proceedings of the European Symposium on Programming (Edinburgh, Scotland, Apr. 2--10). Springer, Berlin, Heidelberg, 2005.Google Scholar
- Dynamic Sanitizer Tools; https://github.com/google/sanitizersGoogle Scholar
- Error Prone; http://errorprone.infoGoogle Scholar
- FindBugs; http://findbugs.sourceforge.net/Google Scholar
- Go vet; https://golang.org/cmd/vetGoogle Scholar
- Golint; https://github.com/golang/lintGoogle Scholar
- Grammatech; https://resources.grammatech.com/medicalGoogle Scholar
- Griesmayer, A., Bloem, R., Cook, B. Repair of Boolean programs with an application to C. In Proceedings of the 18th International Conference on Computer Aided Verification (Seattle, WA, Aug. 17--20). Springer, Berlin, New York, 2006. Google ScholarDigital Library
- Guava: Google Core Libraries for Java 1.6+; https://code.google.com/p/guava-libraries/Google Scholar
- Gupta, P., Ivey, M., and Penix, J. Testing at the speed and scale of Google. Google Engineering Tools Blog, 2011; http://google-engtools.blogspot.com/2011/06/testing-at-speed-and-scale-of-google.htmlGoogle Scholar
- Hacker News. Twitter outage report, 2016; https://news.ycombinator.com/item?id=8810157Google Scholar
- Hovemeyer, D. and Pugh, W. Finding bugs is easy. ACM SIGPLAN Notices 39, 12 (Dec. 2004), 92--106. Google ScholarDigital Library
- Infer; http://fbinfer.com/Google Scholar
- Johnson, B., Song, Y., Murphy-Hill, E.R., and Bowdidge, R.W. Why don't software developers use static analysis tools to find bugs? In Proceedings of the 35th International Conference on Software Engineering (San Francisco, CA, May 18--26). ACM Press, New York, 2013. Google ScholarDigital Library
- Klein, D.V., Betser, D.M., and Monroe, M.G. Making 'push on green' a reality: Issues and actions involved in maintaining a production service. ;login: 39, 5 (2014), 26--32.Google Scholar
- Kneuss, E., Koukoutos, M., and Kuncak, V. Deductive program repair. In Proceedings of the 27th International Conference on Computer Aided Verification (San Francisco, CA, July 18--24). Springer, 2015.Google ScholarCross Ref
- Larus, J.R., Ball, T., Das, M., DeLine, R., Fahndrich, M., Pincus, J., Rajamani, S.K., and Venkatapathy, R. Righting software. IEEE Software 21, 3 (May 2004), 92--100. Google ScholarDigital Library
- Lewis, C., Lin, Z., Sadowski, C., Zhu, X., Ou, R., and Whitehead, Jr., E. J. Does bug prediction support human developers' findings?: From a Google case study. In Proceedings of the 35th International Conference on Software Engineering (San Francisco, CA, May 18--26). ACM Press, New York, 2013. Google ScholarDigital Library
- Logozzo, F. and Ball, T. Modular and verified automatic program repair. ACM SIGPLAN Notices 46, 10 (Oct. 19, 2012), 133--146. Google ScholarDigital Library
- Potvin, R. and Levenburg, J. Why Google stores billions of lines of code in a single repository. Commun. ACM 59, 7 (July 2016), 78--87. Google ScholarDigital Library
- Protocol buffers; http://code.google.com/p/protobuf/Google Scholar
- Pylint Python Linter; http://www.pylint.org/Google Scholar
- Sadowski, C., van Gogh, J., Jaspan, C., Söderberg, E., and Winter, C. Tricorder: Building a program analysis ecosystem. In Proceedings of the 37th International Conference on Software Engineering (Firenze, Italy, May 16--24). ACM Press, New York, 2015. Google ScholarDigital Library
- Synopsys Editorial Team. Coverity Report on the 'Goto Fail' Bug. Blog post, Synopsys, Mountain View, CA, Feb. 25, 2014; http://security.coverity.com/blog/2014/Feb/a-quick-post-on-apple-security-55471-aka-goto-fail.htmlGoogle Scholar
- Wasserman, L. Scalable, example-based refactorings with Refaster. In Proceedings of the Workshop on Refactoring Tools (Indianapolis, IN, Oct. 26). ACM Press, New York, 2013. Google ScholarDigital Library
- Wright, H., Jasper, D., Klimek, M., Carruth, C., and Wan, Z. Large-scale automated refactoring using ClangMR. In Proceedings of the 29th IEEE International Conference on Software Maintenance (Eindhoven, the Netherlands, Sept. 22--28). IEEE Computer Society Press, 2013. Google ScholarDigital Library
Index Terms
- Lessons from building static analysis tools at Google
Recommendations
Security Analysis of Cordova Applications in Google Play
ARES '17: Proceedings of the 12th International Conference on Availability, Reliability and SecurityMobile Cross-Platform Tools (CPTs) provide an alternative to native application development that allows mobile app developers to drastically reduce the development time and cost when targeting multiple platforms. They allow sharing a significant part of ...
Comments