infer
play

Infer A static analyzer for catching bugs before you ship Jules - PowerPoint PPT Presentation

Jul 30, 2023 •673 likes •1.09k views

Infer A static analyzer for catching bugs before you ship Jules Villard jul@fb.com Facebook London github.com/facebook/infer/ Programming is Hard Need to think of ALL possible cases Keep track of all possible values If it can be null, it

  1. Infer A static analyzer for catching bugs before you ship Jules Villard jul@fb.com Facebook London github.com/facebook/infer/

  2. Programming is Hard Need to think of ALL possible cases Keep track of all possible values If it can be null, it will be null! Shipping bugs has consequences Eg, users need to upgrade to get the fix

  3. Code Quality Coding Good Practices: Tests, Code architecture, More Tests... Language Support: Null values? Try-with-resources? Type system? Cannot always choose your language (legacy code, mobile apps, ...)

  4. Static Analysis/Program Analysis Additional signal to developers Check all program paths and values complement testing Palliative for tricky language features complement compilers/type systems

  5. Infer Infer is a static analyzer written in OCaml for: Java C, C++, Objective-C With the characteristics of being: Inter-procedural Incremental

  6. Infer Community

  7. fbinfer.com

  8. fbinfer.com

  9. Demo

  10. Infer Bug Types for C/C++ Null Dereference Memory Leak Resource Leak Empty Vector Access [C++ only] Static Initialization Order Fiasco (using -a checker ) [C++ only] Premature nil-Termination Argument ...

  11. Infer Bug Types for Objective-C Null Dereference Memory Leak Resource Leak Retain Cycle Ivar not null checked Parameter not null checked ...

  12. Infer Bug Types for Java Null Dereference Resource Leak Taint Analysis (with -a quandary ) Performance Critical Calls Expensive Method (with -a checker ) ...

  13. Infer Bug Types for Android Context Leak Fragment Retains View (with -a checker )

  14. In the Wild: 
 DuckDuckGo

  15. DuckDuckGo’s bug report Resource Leak with Cursor

  16. RESOURCE_LEAK: resource acquired to c by call to query(...) at line 329 is not released This is still a Resource Leak after line 336

  17. DuckDuckGo’s bug report Null Dereference

  18. NULL_DEREFERENCE: object feedObject last assigned on line 866 could be null and is What is INFER? dereferenced by call to feedItemSelected(...) at line 867

  19. NULL_DEREFERENCE: object feedObject last assigned on line 866 could be null and is What is INFER? dereferenced by call to feedItemSelected(...) at line 867 cursor is empty out is null

  20. NULL_DEREFERENCE: object feedObject last assigned on line 866 could be null and is What is INFER? dereferenced by call to feedItemSelected(...) at line 867 feedObject is null

  21. NULL_DEREFERENCE: object feedObject last assigned on line 866 could be null and is What is INFER? dereferenced by call to feedItemSelected(...) at line 867 NullPointerException

  22. How does Infer work?

  23. Infer Architecture Java C Report C++ ObjC Source Code SIL Specs + Frontend ant Analysis buck cmake gradle maven make Build System xcodebuild

  24. Capture: Intermediate Language

  25. Capture: Intermediate Language Let’s focus on the “computeSomething” method

  26. Capture: Intermediate Language Infer generate its Control Flow Graph (CFG) Frontend SIL

  27. Analysis: Pre- and Post-Conditions The way Infer expresses the possible states of the program This is called flag = false flag = true State before PREcondition Analysis This is called return “something” return null State after POSTcondition

  28. Analysis: Pre- and Post-Conditions Infer finds two specifications ▪ Precondition ▪ Precondition ▪ flag = true ▪ flag = false ▪ Postcondition ▪ Postcondition ▪ return = null ▪ return = “something” Specs

  29. Analysis: Interprocedural Let’s now focus on the “doStuff” method ▪ Precondition ▪ Precondition ▪ flag = false ▪ flag = true ▪ Postcondition ▪ Postcondition ▪ return = “something” ▪ return = null object returned by computeSomething(true) Specs could be null and is dereferenced at line 13

  30. Another Analysis for Java: Eradicate Run with -a eradicate Checks that the code is consistently annotated with @Nullable Values not marked @Nullable are assumed non-null Guarantees absence of runtime NPE

  31. Another Analysis for C/C++/ObjC: Linters Run with -a linters AST-based, syntactic checks Add your own checks using the DSL: infer --linters-def-file ./linters.al ... // a property with a pointer type should not be declared `assign` 
 DEFINE-CHECKER ASSIGN_POINTER_WARNING = { 
 SET report_when = WHEN is_assign_property() 
 AND is_property_pointer_type() 
 HOLDS-IN-NODE ObjCPropertyDecl; 
 SET message = ...; SET suggestion = ...; 
 }; linters.al

  32. Deploying Infer

  33. vs ...

  34. Slow Deployment Model Nightly, Bug List

  35. Faster Deployment Model

  36. Code reviewers Product Phabricator Developer CI system CI system Performance tests Continuous UI correctness tests INFER

  37. Phabricator Comments

  38. Code reviewers Product Phabricator Developer CI system CI system Performance tests Continuous UI correctness tests INFER

  39. Diff Analysis 1.Run infer on top revision → report-top.json 2.Run infer on base revision → report-base.json 3.Compute set of new reports: report-top.json - report-base.json 4.Report new issues only Upcoming support for this workflow in infer itself

  40. Current status: In a typical month... Infer runs on thousands of modifications to Facebook's mobile code bases Hundreds of potential bugs are reported by Infer and fixed by FB developers. (Fix rate: 70% approx in recent months)

  41. Infer A static analyzer for catching bugs before you ship Jules Villard jul@fb.com Facebook London github.com/facebook/infer/

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Finding Inter-procedural Bugs at Scale with Infer Jules Villard <jul@fb.com> Facebook London

Finding Inter-procedural Bugs at Scale with Infer Jules Villard <jul@fb.com> Facebook London

Finding Inter-procedural Bugs at Scale with Infer Jules Villard <jul@fb.com> Facebook London Open-source static analyser Inter-procedural analyses + linters Infer For Java and C/C++/Objective-C Infer architecture PROJECT SOURCE CODE

653 views • 20 slides
ABSTRACT The main motivation was to infer about a persons look from the way they speak.

ABSTRACT The main motivation was to infer about a persons look from the way they speak.

EXTRACTION OF FACIAL FEATURES FROM SPEECH (Based ON Speech2FACE CVPR 2019 PAPER) Neelesh Verma (160050062) Ankit (160050044) Saiteja Talluri (160050098) ABSTRACT The main motivation was to infer about a persons look from the way they

298 views • 17 slides
The big question: How do we infer and reason about meanings of sentences? Conceptual importance:

The big question: How do we infer and reason about meanings of sentences? Conceptual importance:

The big question: How do we infer and reason about meanings of sentences? Conceptual importance: Discovering the process of cognition and intelligence. Applications: Automating language-related tasks, such as document search. The big

714 views • 55 slides
Ultra L Low Power er Infer eren ence a e at the v very e edge o of the n netw twork

Ultra L Low Power er Infer eren ence a e at the v very e edge o of the n netw twork

Ultra L Low Power er Infer eren ence a e at the v very e edge o of the n netw twork Tiny ML Summit March 20-21 2019 Sunnyvale Eric Flamand, CTO & CoFounder of Greenwaves Technologies Wh Who a o are w we? French based startup

644 views • 25 slides
Aims of this course: The Use of Molecular Data to To introduce the theory and Infer the

Aims of this course: The Use of Molecular Data to To introduce the theory and Infer the

Aims of this course: The Use of Molecular Data to To introduce the theory and Infer the History of Species practice of phylogenetic inference and Genes from molecular data To introduce some of the most useful methods and programs

210 views • 8 slides
A Correlation-based Methodology to Infer Communication patterns between Cloud Virtual Machines

A Correlation-based Methodology to Infer Communication patterns between Cloud Virtual Machines

A Correlation-based Methodology to Infer Communication patterns between Cloud Virtual Machines Claudia Canali Riccardo Lancellotti Dept of Engineering Enzo Ferrari University of Modena and Reggio Emilia M o t i v a t i o n

544 views • 16 slides
Using Genetic Distance to Infer the Accuracy of Genomic Prediction (for Quantitative Traits)

Using Genetic Distance to Infer the Accuracy of Genomic Prediction (for Quantitative Traits)

Using Genetic Distance to Infer the Accuracy of Genomic Prediction (for Quantitative Traits) Marco Scutari scutari@stats.ox.ac.uk Department of Statistics University of Oxford September 7, 2015 The Problem The extent to which predictive

425 views • 20 slides
What can you infer? 2. What do you 1. What is this think caused this diagram showing change?

What can you infer? 2. What do you 1. What is this think caused this diagram showing change?

Geography Lesson 3 Migration.notebook May 08, 2020 What can you infer? 2. What do you 1. What is this think caused this diagram showing change? you? 3. What other impacts would this change have on London? 1 Geography Lesson 3

301 views • 14 slides
PhySIC IST : cleaning source trees to infer more informative supertrees. Celine Scornavacca ,

PhySIC IST : cleaning source trees to infer more informative supertrees. Celine Scornavacca ,

Introduction VETO methods with desirable proprieties STC preprocess PhySIC IST : cleaning source trees to infer more informative supertrees. Celine Scornavacca , Vincent Berry, Vincent Ranwez et Emmanuel J.P. Douzery LIRMM, UMR CNRS 5506

677 views • 50 slides
CellTrans: Private Car or Public Transportation? Infer Users Main Transportation Modes at

CellTrans: Private Car or Public Transportation? Infer Users Main Transportation Modes at

CellTrans: Private Car or Public Transportation? Infer Users Main Transportation Modes at Urban Scale with Cellular Data Yi Zhao*, Xu Wang*, Jianbo Li , Desheng Zhang , Zheng Yang* *Tsinghua University, Qingdao University,

668 views • 35 slides
Using Bayesian Networks To Infer Product Rankings From User Needs UMAP 2010 Workshop on

Using Bayesian Networks To Infer Product Rankings From User Needs UMAP 2010 Workshop on

Using Bayesian Networks To Infer Product Rankings From User Needs UMAP 2010 Workshop on Intelligent Techniques for Web Personalisation and Recommender Systems Sven Radde and Burkhard Freitag Institute for Information Systems and Software

720 views • 40 slides
Week 1, video 3: Classifiers, Part 1 Prediction Develop a model which can infer a single

Week 1, video 3: Classifiers, Part 1 Prediction Develop a model which can infer a single

Week 1, video 3: Classifiers, Part 1 Prediction Develop a model which can infer a single aspect of the data (predicted variable) from some combination of other aspects of the data (predictor variables) Sometimes used to predict the future

883 views • 56 slides
Attend, Infer, Repeat: Fast Scene Understanding with Generative Models S.M. Eslami,N. Heess, T.

Attend, Infer, Repeat: Fast Scene Understanding with Generative Models S.M. Eslami,N. Heess, T.

Attend, Infer, Repeat: Fast Scene Understanding with Generative Models S.M. Eslami,N. Heess, T. Weber, Y. Tassa, D. Szepesvari, K.Kavukcuoglu, G. E. Hinton Nicolas Brandt nbrandt@cs.toronto.edu Origins Structured generative methods : Deep

1.13k views • 19 slides
Week 1, video 2: Regressors Prediction Develop a model which can infer a single aspect of the

Week 1, video 2: Regressors Prediction Develop a model which can infer a single aspect of the

Week 1, video 2: Regressors Prediction Develop a model which can infer a single aspect of the data (predicted variable) from some combination of other aspects of the data (predictor variables) Sometimes used to predict the future

530 views • 36 slides
Entity Linking to Knowledge Graphs to Infer Column Types and Properties Avijit Thawani , Minda Hu,

Entity Linking to Knowledge Graphs to Infer Column Types and Properties Avijit Thawani , Minda Hu,

Entity Linking to Knowledge Graphs to Infer Column Types and Properties Avijit Thawani , Minda Hu, Erdong Hu, Husain Zafar, Naren Teja Divvala, Amandeep Singh, Ehsan Qasemi, Pedro Szekely, and Jay Pujara About Us Team ISI: Information

877 views • 64 slides
Leveraging Existing Instrumentation to Automatically Infer Invariant-Constrained Models Ivan

Leveraging Existing Instrumentation to Automatically Infer Invariant-Constrained Models Ivan

Leveraging Existing Instrumentation to Automatically Infer Invariant-Constrained Models Ivan Beschastnikh Yuriy Brun Sigurd Schneider Michael Sloan University of Washington Saarland University Michael D. Ernst 1 Synoptic: * ... Mining

890 views • 47 slides
Assurances vs. Capabilities as a Basis for Dispatch William Harrison Trinity College Dublin 1

Assurances vs. Capabilities as a Basis for Dispatch William Harrison Trinity College Dublin 1

Assurances vs. Capabilities as a Basis for Dispatch William Harrison Trinity College Dublin 1 The Problem The Problem: In common OO clients have to know where the implementation is. Several effects in client code: Syntactic distortion to

200 views • 7 slides
Topic 24 More on Classes Classes Part II Classes are programmer defined data types In

Topic 24 More on Classes Classes Part II Classes are programmer defined data types In

Topic 24 More on Classes Classes Part II Classes are programmer defined data types In Java the primitives (int, char, double, "Object-oriented programming as it emerged boolean) are the core data types already in Simula 67 allows

215 views • 6 slides
Iterators Iterator Methods Iterator ix = x.iterator(); constructs and initializes an iterator to

Iterators Iterator Methods Iterator ix = x.iterator(); constructs and initializes an iterator to

Iterators Iterator Methods Iterator ix = x.iterator(); constructs and initializes an iterator to examine the elements of x; constructed iterator is assigned to ix An iterator permits you to examine the elements of a data structure one at a

451 views • 7 slides
Using Static Program Analysis to Aid Intrusion Detection M. Egele M. Szydlowski E. Kirda C.

Using Static Program Analysis to Aid Intrusion Detection M. Egele M. Szydlowski E. Kirda C.

Motivation Analysis Evaluation Summary Using Static Program Analysis to Aid Intrusion Detection M. Egele M. Szydlowski E. Kirda C. Kruegel Secure Systems Lab Vienna University of Technology SIG SIDAR Conference on Detection of

929 views • 78 slides
Studying Mars Exobase Noora Alsaeed Bruce Jakosky, Marek

Studying Mars Exobase Noora Alsaeed Bruce Jakosky, Marek

Studying Mars Exobase Noora Alsaeed Bruce Jakosky, Marek Slipski The Mar?an Atmosphere 6 mbars pressure 95% CO 2 Barely any water Early Mars

795 views • 31 slides
Smoothed Particle Hydrodynamics Techniques for the Physics Based Simulation of Fluids and Solids

Smoothed Particle Hydrodynamics Techniques for the Physics Based Simulation of Fluids and Solids

Smoothed Particle Hydrodynamics Techniques for the Physics Based Simulation of Fluids and Solids Part 3 Multiphase Fluids Dan Jan Barbara Matthias Koschier Bender Solenthaler Teschner Mo Moti tivati tion Fluid Interfaces Complex

511 views • 22 slides
Continuous Expectation and Variance, the Law of Large Numbers, and the Central Limit Theorem 18.05

Continuous Expectation and Variance, the Law of Large Numbers, and the Central Limit Theorem 18.05

Continuous Expectation and Variance, the Law of Large Numbers, and the Central Limit Theorem 18.05 Spring 2014 Jeremy Orloff and Jonathan Bloom 0.5 0.4 0.3 0.2 0.1 0 -4 -3 -2 -1 0 1 2 3 4 Expected value Expected value: measure of

500 views • 29 slides
Root Locus Prof. Seungchul Lee Industrial AI Lab. Most Slides from the Root Locus Method by

Root Locus Prof. Seungchul Lee Industrial AI Lab. Most Slides from the Root Locus Method by

Root Locus Prof. Seungchul Lee Industrial AI Lab. Most Slides from the Root Locus Method by Brian Douglas Motivation for Root Locus For example Unknown parameter affects poles Poles of system are values of when 2 Motivation

591 views • 44 slides

More recommend