Abstract
Key lessons for designing static analyses tools deployed to find bugs in hundreds of millions of lines of code.
Supplemental Material
Available for Download
Supplemental material.
- Bessey, A. et al. A few billion lines of code later: using static analysis to find bugs in the real world. Commun. ACM 53, 2 (Feb. 2010), 66--75. Google ScholarDigital Library
- Blackshear, S., Gorogiannis, N., Sergey, I. and O'Hearn P. Racerd: Compositional static race detection. In Proceedings of OOPSLA, 2018. Google ScholarDigital Library
- Brookes, S. and O'Hearn, P.W. Concurrent separation logic. SIGLOG News 3, 3 (2016), 47--65. Google ScholarDigital Library
- Calcagno, C. et al. Moving fast with software verification. In Proceedings of NASA Formal Methods Symposium, 2015, 3--11.Google ScholarCross Ref
- Calcagno, C., Distefano, D. O'Hearn, P.W and Yang, H. Compositional shape analysis by means of bi-abduction. J. ACM 58, 6 (2011), 26. Google ScholarDigital Library
- Cook, B. Formal reasoning about the security of Amazon Web services. LICS (2018), 38--47.Google Scholar
- Cousot, P. and Cousot, R. Abstract interpretation: A unified lattice model for static analysis of programs by construction or approximation of fixpoints. In Proceedings of the 4<sup>th</sup> POPL, 1977, 238--252. Google ScholarDigital Library
- Cousot, P. and Cousot, R. Modular static program analysis. In Proceedings of 2002 CC, 159--178. Google ScholarDigital Library
- Feitelson, D.G., Frachtenberg, E. and Beck, K.L. Development and deployment at Facebook. IEEE Internet Computing 17, 4 (2013), 8--17. Google ScholarDigital Library
- Gorogiannis, N., Sergey, I. and O'Hearn, P. A true positives theorem for a static race detector. In Proceedings of the 2019 POPL. Google ScholarDigital Library
- Harman, M. and O'Hearn, P. From start-ups to scale-ups: Open problems and challenges in static and dynamic program analysis for testing and verification). In Proceedings of SCAM, 2018.Google Scholar
- Iqbal, S.T and Horvitz, E. Disruption and recovery of computing tasks: Field study, analysis, and directions. In Proceedings of 2007 CHI, 677--686. Google ScholarDigital Library
- Larus, J.R. et al. Righting software. IEEE Software 21, 3 (2004), 92--100. Google ScholarDigital Library
- O'Hearn, P. Continuous reasoning: Scaling the impact of formal methods. LICS, 2018. Google ScholarDigital Library
- O'Hearn, P.W. Experience developing and deploying concurrency analysis at Facebook. SAS, 2018, 56--70.Google Scholar
- O'Hearn, P.W. Separation logic. Comm. ACM 62, 2 (Feb 2019), 86--95. Google ScholarDigital Library
- Sadowski, C., Aftandilian, E., Eagle, A., Miller-Cushion, L. and Jaspan, C. Lessons from building static analysis tools at Google. Commun. ACM 61, 4 (Apr. 2018), 58--66. Google ScholarDigital Library
- Xie, Y. and Aiken, A. Static detection of security vulnerabilities in scripting languages. In Proceedings of USENIX Security Symposium, 2006. Google ScholarDigital Library
- Yorsh, G., Yahav, E. and Chandra, S. Generating precise and concise procedure summaries. In Proceedings of 2008 POPL. Google ScholarDigital Library
Index Terms
- Scaling static analyses at Facebook
Recommendations
Making offline analyses continuous
ESEC/FSE 2013: Proceedings of the 2013 9th Joint Meeting on Foundations of Software EngineeringDevelopers use analysis tools to help write, debug, and understand software systems under development. A developer's change to the system source code may affect analysis results. Typically, to learn those effects, the developer must explicitly initiate ...
Testing static analyses for precision and soundness
CGO 2020: Proceedings of the 18th ACM/IEEE International Symposium on Code Generation and OptimizationStatic analyses compute properties of programs that are true in all executions, and compilers use these properties to justify optimizations such as dead code elimination. Each static analysis in a compiler should be as precise as possible while ...
Cross-language code search using static and dynamic analyses
ESEC/FSE 2021: Proceedings of the 29th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software EngineeringAs code search permeates most activities in software development,code-to-code search has emerged to support using code as a query and retrieving similar code in the search results. Applications include duplicate code detection for refactoring, patch ...
Comments