Static Analysis at Google

November 12, 2015

2:50 pm - 4:00 pm

Halligan 102

Speaker: Eddie Aftandilian, Google

Host: Sam Guyer

Abstract

Software bugs cause critical problems for software companies and their users. For example, a bug in Apple’s SSL implementation (“goto fail”) caused it to accept invalid SSL certificates. Heartbleed allowed attackers to read the memory contents of any server that used OpenSSL. A bug related to date formatting caused a large-scale Twitter outage. Many of these bugs are statically detectable, and in fact are obvious with a close reading of the code, yet they make it into production software anyway.

Previous work has reported on reasons why engineers don't use static analysis tools or why they ignore their warnings. These reasons include: (1) Tools are not integrated into the workflow, (2) warnings are not actionable, (2) engineers do not trust the tool, (3) “survivor bias" means the bug does not manifest in practice, (4) fixing the bug is too expensive or risky, and (5) the tool's explanation doesn’t adequately explain the problem.

In this talk, I will describe how we have applied these lessons, as well as lessons from Google's previous experience with the FindBugs static analysis tool, to build a successful static analysis infrastructure that is used daily by the almost all engineers at Google. Our tools scale to over 25,000 engineers and two billion lines of code, and detect over 2500 bugs per day, before the problematic code is checked into the codebase. The bugs our tools detect are fixed by engineers, by their own choice, rather than because of a mandate from managers, and we solicit and address feedback to ensure that our tools are providing value to users.

Bio: Eddie Aftandilian is a Senior Software Engineer at Google, where he leads the Java Compilation and Static Analysis team. He completed his PhD at Tufts University, working with Sam Guyer to help Java developers better understand the memory behavior of their programs. His team helps Google’s developers write better Java code -- more correct, more readable, and with better performance. Their static analysis tool Error Prone is integrated into Google’s build system and code review tool and catches hundreds of bugs each day.