research-article

Free access

A few billion lines of code later: using static analysis to find bugs in the real world

Authors:

Dawson EnglerAuthors Info & Claims

Communications of the ACM, Volume 53, Issue 2

Pages 66 - 75

https://doi.org/10.1145/1646353.1646374

Published: 01 February 2010 Publication History

All formats PDF

Abstract

How Coverity built a bug-finding tool, and a business, around the unlimited supply of bugs in software systems.

References

[1]

Ball, T. and Rajamani, S.K. Automatically validating temporal safety properties of interfaces. In Proceedings of the Eighth international SPIN Workshop on Model Checking of Software (Toronto, Ontario, Canada). M. Dwyer, Ed. Springer-Verlag, New York, 2001, 103--122.

Digital Library

Google Scholar

[2]

Bush, W., Pincus, J., and Sielaff, D. A static analyzer for finding dynamic programming errors. Software: Practice and Experience 30, 7 (June 2000), 775--802.

Digital Library

Google Scholar

[3]

Coverity static analysis; http://www.coverity.com

Google Scholar

[4]

Das, M., Lerner, S., and Seigle, M. ESP: Path-sensitive program verification in polynomial time. In Proceedings of the ACM SIGPLAN 2002 Conference on Programming Language Design and Implementation (Berlin, Germany, June 17--19). ACM Press, New York, 2002, 57--68.

Digital Library

Google Scholar

[5]

Edison Design Group. EDG C compiler front-end; http://www.edg.com

Google Scholar

[6]

Engler, D., Chelf, B., Chou, A., and Hallem, S. Checking system rules using system-specific, programmer-written compiler extensions. In Proceedings of the Fourth Conference on Operating System Design & Implementation (San Diego, Oct. 22--25). USENIX Association, Berkeley, CA, 2000, 1--1.

Digital Library

Google Scholar

[7]

Flanagan, C., Leino, K.M., Lillibridge, M., Nelson, G., Saxe, J.B., and Stata, R. Extended static checking for Java. In Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation (Berlin, Germany, June 17--19). ACM Press, New York, 2002, 234--245.

Digital Library

Google Scholar

[8]

Foster, J.S., Terauchi, T., and Aiken, A. Flow-sensitive type qualifiers. In Proceedings of the ACM SIGPLAN 2002 Conference on Programming Language Design and Implementation (Berlin, Germany, June 17--19). ACM Press, New York, 2002, 1--12.

Digital Library

Google Scholar

[9]

Hallem, S., Chelf, B., Xie, Y., and Engler, D. A system and language for building system-specific, static analyses. In Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation (Berlin, Germany, June 17--19). ACM Press, New York, 2002, 69--82.

Digital Library

Google Scholar

[10]

Hastings, R. and Joyce, B. Purify: Fast detection of memory leaks and access errors. In Proceedings of the Winter 1992 USENIX Conference (Berkeley, CA, Jan. 20--24). USENIX Association, Berkeley, CA, 1992, 125--138.

Google Scholar

[11]

Xie, Y. and Aiken, A. Context- and path-sensitive memory leak detection. In Proceedings of the 10th European Software Engineering Conference Held Jointly with 13th ACM SIGSOFT International Symposium on Foundations of Software Engineering (Lisbon, Portugal, Sept. 5--9). ACM Press, New York, 2005, 115--125.

Digital Library

Google Scholar

Cited By

View all

Gerogiannis VTzimos DKakarontzas GTsoni EIatrellis OSon LKanavos A(2024)An Approach Based on Intuitionistic Fuzzy Sets for Considering Stakeholders’ Satisfaction, Dissatisfaction, and Hesitation in Software Features PrioritizationMathematics10.3390/math1205068012:5(680)Online publication date: 26-Feb-2024
https://doi.org/10.3390/math12050680
Umann KHorváth GPorkoláb Z(2024)Uncovering Hidden Dependencies: Constructing Intelligible Path Witnesses using Dataflow AnalysesActa Cybernetica10.14232/actacyb.29980526:3(713-747)Online publication date: 4-Mar-2024
https://doi.org/10.14232/actacyb.299805
Schaef MCirisci BLuo LMansur MTripp OSanchez DZhou QZafar MFilkov VRay BZhou M(2024)Understanding Developer-Analyzer Interactions in Code ReviewsProceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering10.1145/3691620.3695257(1945-1955)Online publication date: 27-Oct-2024
https://dl.acm.org/doi/10.1145/3691620.3695257
Show More Cited By

Index Terms

A few billion lines of code later: using static analysis to find bugs in the real world

Recommendations

Flow-sensitive pointer analysis for millions of lines of code
CGO '11: Proceedings of the 9th Annual IEEE/ACM International Symposium on Code Generation and Optimization

Many program analyses benefit, both in precision and performance, from precise pointer analysis. An important dimension of pointer analysis precision is flow-sensitivity, which has been shown to be useful for applications such as program verification ...
Bug localization via searching crowd-contributed code
Internetware '14: Proceedings of the 6th Asia-Pacific Symposium on Internetware

Bug localization, i.e., locating bugs in code snippets, is a frequent task in software development. Although static bug-finding tools are available to reduce manual effort in bug localization, these tools typically detect bugs with known project-...
Understanding code snippets in code reviews: a preliminary study of the OpenStack community
ICPC '22: Proceedings of the 30th IEEE/ACM International Conference on Program Comprehension

Code review is a mature practice for software quality assurance in software development with which reviewers check the code that has been committed by developers, and verify the quality of code. During the code review discussions, reviewers and ...

Reviews

Reviewer: Andrew Brooks

Commercializing academic research is not easy. When a company is up and running, people rarely take the time to reflect and report on their experiences for the benefit of others. Fortunately, Coverity staff members have done so, sharing anecdotes and recounting lessons learned from the commercialization of their static analysis tool. A major lesson learned from this article is that working with build systems is difficult. The solution adopted by Coverity allows the build engineer to supply the build command as an argument to the Coverity tool. Another major lesson learned is that you cannot check code you cannot parse. What matters are the compilers that customers use, and many compilers diverge in the code they accept and the extensions they provide. The paper's only table lists 18 different C/C++ compilers that Coverity supports. The table also shows the number of lines of transformer code written by Coverity staff to turn the personal language of each compiler into something that can be accepted by the Edison Design Group's parser for C/C++, the de facto industry standard. Yet another major lesson learned is that more analysis is not necessarily good. The authors found that complex static analyses typically lead to complex explanations, which can get ignored, misunderstood, or, worse, labeled as false positives by developers. The article fails to discuss how individual developers can make use of static analyses prior to merging their code for build purposes. Despite this criticism, I strongly recommend this article to computer science academics and industrial software development teams. Online Computing Reviews Service

Access critical reviews of Computing literature here

Become a reviewer for Computing Reviews.

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

Communications of the ACM Volume 53, Issue 2

February 2010

147 pages

ISSN:0001-0782

EISSN:1557-7317

DOI:10.1145/1646353

Issue’s Table of Contents

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 February 2010

Published in CACM Volume 53, Issue 2

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Research-article
Popular
Refereed

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

575
Total Citations
View Citations
301,619
Total Downloads

Downloads (Last 12 months)2,925
Downloads (Last 6 weeks)626

Reflects downloads up to 05 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Gerogiannis VTzimos DKakarontzas GTsoni EIatrellis OSon LKanavos A(2024)An Approach Based on Intuitionistic Fuzzy Sets for Considering Stakeholders’ Satisfaction, Dissatisfaction, and Hesitation in Software Features PrioritizationMathematics10.3390/math1205068012:5(680)Online publication date: 26-Feb-2024
https://doi.org/10.3390/math12050680
Umann KHorváth GPorkoláb Z(2024)Uncovering Hidden Dependencies: Constructing Intelligible Path Witnesses using Dataflow AnalysesActa Cybernetica10.14232/actacyb.29980526:3(713-747)Online publication date: 4-Mar-2024
https://doi.org/10.14232/actacyb.299805
Schaef MCirisci BLuo LMansur MTripp OSanchez DZhou QZafar MFilkov VRay BZhou M(2024)Understanding Developer-Analyzer Interactions in Code ReviewsProceedings of the 39th IEEE/ACM International Conference on Automated Software Engineering10.1145/3691620.3695257(1945-1955)Online publication date: 27-Oct-2024
https://dl.acm.org/doi/10.1145/3691620.3695257
Paltenghi MPradel M(2024)Analyzing Quantum Programs with LintQ: A Static Analysis Framework for QiskitProceedings of the ACM on Software Engineering10.1145/36608021:FSE(2144-2166)Online publication date: 12-Jul-2024
https://dl.acm.org/doi/10.1145/3660802
Beyer DKettl MLemberger T(2024)Decomposing Software Verification using Distributed Summary SynthesisProceedings of the ACM on Software Engineering10.1145/36607661:FSE(1307-1329)Online publication date: 12-Jul-2024
https://dl.acm.org/doi/10.1145/3660766
Yao PZhou JXiao XShi QWu RZhang C(2024)Falcon: A Fused Approach to Path-Sensitive Sparse Data Dependence AnalysisProceedings of the ACM on Programming Languages10.1145/36564008:PLDI(567-592)Online publication date: 20-Jun-2024
https://dl.acm.org/doi/10.1145/3656400
Wen CCai YZhang BSu JXu ZLiu DQin SMing ZCong T(2024)Automatically Inspecting Thousands of Static Bug Warnings with Large Language Model: How Far Are We?ACM Transactions on Knowledge Discovery from Data10.1145/365371818:7(1-34)Online publication date: 26-Mar-2024
https://dl.acm.org/doi/10.1145/3653718
Silva TBispo JCarvalho TShrivastava ASui Y(2024)Foundations for a Rust-Like Borrow Checker for CProceedings of the 25th ACM SIGPLAN/SIGBED International Conference on Languages, Compilers, and Tools for Embedded Systems10.1145/3652032.3657579(155-165)Online publication date: 20-Jun-2024
https://dl.acm.org/doi/10.1145/3652032.3657579
Guo YYao PZhang CChristakis MPradel M(2024)Precise Compositional Buffer Overflow Detection via Heap DisjointnessProceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis10.1145/3650212.3652110(63-75)Online publication date: 11-Sep-2024
https://dl.acm.org/doi/10.1145/3650212.3652110
Gong LLin HLiu DYang LWang HQiu JLi ZQian F(2024)Who Should We Blame for Android App Crashes? An In-Depth Study at Scale and Practical ResolutionsACM Transactions on Sensor Networks10.1145/364989520:3(1-24)Online publication date: 13-Apr-2024
https://dl.acm.org/doi/10.1145/3649895
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Digital Edition

View this article in digital edition.

Digital Edition

Magazine Site

View this article on the magazine site (external)

Magazine Site

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Abstract

References

Cited By

Index Terms

Recommendations

Flow-sensitive pointer analysis for millions of lines of code

Bug localization via searching crowd-contributed code

Understanding code snippets in code reviews: a preliminary study of the OpenStack community

Reviews

Access critical reviews of Computing literature here

Comments

Information

Published In

Publisher

Publication History

Permissions

Check for updates

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

PDF

eReader

Digital Edition

Magazine Site

Get Access

Login options

Full Access

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations