ABSTRACT
In this paper we introduce InfERL, an open source, scalable, and extensible static analyzer for Erlang, based on Meta’s Infer tool. InfERL has been developed at WhatsApp and it is deployed to regularly scan WhatsApp server’s Erlang code- base, detecting reliability issues and checking user-defined properties. The paper describes the Erlang specific technical challenges we had to address and our design choices. We also report on our experience in running InfERL on Erlang code at scale, supporting the messaging app used everyday by over 2 billion people.
- Nadia Alshahwan, Xinbo Gao, Mark Harman, Yue Jia, Ke Mao, Alexander Mols, Taijin Tei, and Ilya Zorin. 2018. Deploying Search Based Software Engineering with Sapienz at Facebook. In Search-Based Software Engineering (Lecture Notes in Computer Science, Vol. 11036 ), Thelma Elita Colanzi and Phil McMinn (Eds.). Springer, 3-45. https://doi.org/10.1007/978-3-319-99241-9_1 Google ScholarCross Ref
- Amazon. 2021. Amazon CodeGuru now includes recommendations powered by Infer. http://aws.amazon.com/about-aws/whatsnew/2021/10/amazon-codeguru-recommendations-infer/. Online, accessed 29 July 2022. Google Scholar
- Josh Berdine, Cristiano Calcagno, and Peter W. O'Hearn. 2005. Smallfoot: Modular Automatic Assertion Checking with Separation Logic. In Formal Methods for Components and Objects (Lecture Notes in Computer Science, Vol. 4111 ), Frank S. de Boer, Marcello M. Bonsangue, Susanne Graf, and Willem P. de Roever (Eds.). Springer, 115-137. https://doi.org/10.1007/11804192_6 Google ScholarDigital Library
- Cristiano Calcagno and Dino Distefano. 2011. Infer: An Automatic Program Verifier for Memory Safety of C Programs. In NASA Formal Methods (Lecture Notes in Computer Science, Vol. 6617 ), Mihaela Gheorghiu Bobaru, Klaus Havelund, Gerard J. Holzmann, and Rajeev Joshi (Eds.). Springer, 459-465. https://doi.org/10.1007/978-3-642-20398-5_33 Google ScholarCross Ref
- Cristiano Calcagno, Dino Distefano, Jérémy Dubreil, Dominik Gabi, Pieter Hooimeijer, Martino Luca, Peter W. O'Hearn, Irene Papakonstantinou, Jim Purbrick, and Dulma Rodriguez. 2015. Moving Fast with Software Verification. In NASA Formal Methods (Lecture Notes in Computer Science, Vol. 9058 ), Klaus Havelund, Gerard J. Holzmann, and Rajeev Joshi (Eds.). Springer, 3-11. https://doi.org/10.1007/978-3-319-17524-9_1 Google ScholarCross Ref
- Cristiano Calcagno, Dino Distefano, Peter W. O'Hearn, and Hongseok Yang. 2009. Compositional shape analysis by means of bi-abduction. In Proceedings of the 36th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, Zhong Shao and Benjamin C. Pierce (Eds.). ACM, 289-300. https://doi.org/10.1145/1480881.1480917 Google ScholarDigital Library
- Maria Christakis and Christian Bird. 2016. What developers want and need from program analysis: An empirical study. In Proceedings of the 31st IEEE/ACM International Conference on Automated Software Engineering, David Lo, Sven Apel, and Sarfraz Khurshid (Eds.). ACM, 332-343. https://doi.org/10.1145/2970276.2970347 Google ScholarDigital Library
- Dino Distefano, Manuel Fähndrich, Francesco Logozzo, and Peter W. O'Hearn. 2019. Scaling static analyses at Facebook. Commun. ACM 62, 8 ( 2019 ), 62-70. https://doi.org/10.1145/3338112 Google ScholarDigital Library
- Radu Grigore, Dino Distefano, Rasmus Lerchedahl Petersen, and Nikos Tzevelekos. 2013. Runtime Verification Based on Register Automata. In Tools and Algorithms for the Construction and Analysis of Systems (Lecture Notes in Computer Science, Vol. 7795 ), Nir Piterman and Scott A. Smolka (Eds.). Springer, 260-276. https://doi.org/10.1007/978-3-642-36742-7_19 Google ScholarDigital Library
- C. A. R. Hoare. 1969. An Axiomatic Basis for Computer Programming. Commun. ACM 12, 10 ( 1969 ), 576-580. https://doi.org/10.1145/363235. 363259 Google ScholarDigital Library
- Brittany Johnson, Yoonki Song, Emerson R. Murphy-Hill, and Robert W. Bowdidge. 2013. Why don't software developers use static analysis tools to find bugs?. In Proceedings of the 35th International Conference on Software Engineering, David Notkin, Betty H. C. Cheng, and Klaus Pohl (Eds.). IEEE, 672-681. https://doi.org/10.1109/ICSE. 2013.6606613 Google ScholarCross Ref
- Tobias Lindahl and Konstantinos Sagonas. 2004. Detecting Software Defects in Telecom Applications Through Lightweight Static Analysis: A War Story. In Programming Languages and Systems (Lecture Notes in Computer Science, Vol. 3302 ), Wei-Ngan Chin (Ed.). Springer, 91-106. https://doi.org/10.1007/978-3-540-30477-7_7 Google ScholarCross Ref
- Tobias Lindahl and Konstantinos Sagonas. 2006. Practical type inference based on success typings. In Proceedings of the 8th International ACM SIGPLAN Conference on Principles and Practice of Declarative Programming, Annalisa Bossi and Michael J. Maher (Eds.). ACM, 167-178. https://doi.org/10.1145/1140335.1140356 Google ScholarDigital Library
- Ke Mao, Timotej Kapus, Lambros Petrou, Ákos Hajdu, Matteo Marescotti, Andreas Löscher, Mark Harman, and Dino Distefano. 2022. FAUSTA: Scaling Dynamic Analysis with Trafic Generation at WhatsApp. In Proceedings of 15th IEEE Conference on Software Testing, Verification and Validation. IEEE, 267-278. https://doi.org/10.1109/ ICST53961. 2022.00036 Google ScholarCross Ref
- Azalea Raad, Josh Berdine, Hoang-Hai Dang, Derek Dreyer, Peter W. O'Hearn, and Jules Villard. 2020. Local Reasoning About the Presence of Bugs: Incorrectness Separation Logic. In Computer Aided Verification, Shuvendu K. Lahiri and Chao Wang (Eds.). Lecture Notes in Computer Science, Vol. 12225. Springer, 225-252. https://doi.org/10.1007/978-3-030-53291-8_14 Google ScholarDigital Library
- Franco Raimondi and Bor-Yuh Evan Chang. 2021. How automated reasoning improves the Prime Video experience. http://amazon.science/blog/how-automated-reasoning-improvesthe-prime-video-experience. Online, accessed 29 July 2022. Google Scholar
- John C. Reynolds. 1972. Definitional interpreters for higher-order programming languages. In Proceedings of the ACM annual conference, Volume 2, John J. Donovan and Rosemary Shields (Eds.). ACM, 717-740. https://doi.org/10.1145/800194.805852 Google ScholarDigital Library
- Xin S. 2020. Infer#: Interprocedural Memory Safety Analysis For C#. http://devblogs.microsoft.com/dotnet/infer-interproceduralmemory-safety-analysis-for-c/. Online, accessed 29 July 2022. Google Scholar
- Josef Svenningsson. 2022. Gradualizer. https://github.com/josefs/Gradualizer. Online, accessed 29 July 2022. Google Scholar
Index Terms
- InfERL: scalable and extensible Erlang static analysis
Recommendations
Machine-learning-guided selectively unsound static analysis
ICSE '17: Proceedings of the 39th International Conference on Software EngineeringWe present a machine-learning-based technique for selectively applying unsoundness in static analysis. Existing bug-finding static analyzers are unsound in order to be precise and scalable in practice. However, they are uniformly unsound and hence at ...
Machine-Learning-Guided Typestate Analysis for Static Use-After-Free Detection
ACSAC '17: Proceedings of the 33rd Annual Computer Security Applications ConferenceTypestate analysis relies on pointer analysis for detecting temporal memory safety errors, such as use-after-free (UAF). For large programs, scalable pointer analysis is usually imprecise in analyzing their hard "corner cases", such as infeasible paths, ...
Relda2: an effective static analysis tool for resource leak detection in Android apps
ASE '16: Proceedings of the 31st IEEE/ACM International Conference on Automated Software EngineeringResource leak is a common bug in Android applications (apps for short). In general, it is caused by missing release operations of the resources provided by Android (like Camera, Media Player and Sensors) that require programmers to explicitly release ...
Comments