Finding inter-procedural bugs at scale with Infer static analyzer

Visit the post for more.

Peter O'Hearn
14 min readadvanced
--
View Original

Overview

The article discusses the capabilities of the Infer static analyzer in detecting inter-procedural bugs across large codebases. It highlights the importance of inter-procedural analysis, provides examples from the DuckDuckGo Android app and OpenSSL, and emphasizes the effectiveness of Infer in identifying complex bugs that other tools may miss.

What You'll Learn

1

How to identify inter-procedural bugs using the Infer static analyzer

2

Why inter-procedural analysis is crucial for large codebases

3

How to implement compositional, summary-based analysis in static analysis tools

Prerequisites & Requirements

  • Understanding of static analysis concepts and tools
  • Familiarity with Java and C programming languages(optional)

Key Questions Answered

What are inter-procedural bugs and why are they significant?
Inter-procedural bugs involve interactions between multiple procedures and are significant because they make up the majority of bugs found by Infer. These bugs can lead to critical issues like null pointer dereferences, which are often missed by tools that only perform intra-procedural analysis.
How does Infer find inter-procedural bugs in large codebases?
Infer uses a technique called compositional, summary-based analysis, which allows it to compute summaries of methods without re-evaluating them at every call site. This approach enables Infer to efficiently analyze large and rapidly changing codebases, identifying complex bugs that other tools may overlook.
How does Infer's performance compare when analyzing code changes versus the entire project?
Infer performs significantly faster when analyzing code changes incrementally. For example, after fixing a bug in OpenSSL, the incremental analysis took only 41 seconds compared to 22 minutes for analyzing the entire project, demonstrating the efficiency of Infer's reactive mode.

Key Statistics & Figures

Number of inter-procedural bugs fixed by Facebook developers
Thousands
This indicates the significant impact of using Infer for static analysis in large codebases.
Steps in the error trace for the DuckDuckGo issue
18
This trace illustrates the complexity of the inter-procedural bug that Infer was able to identify.
Steps in the error trace for the OpenSSL issue
61
This highlights the depth of analysis Infer performs to trace back the source of potential null dereferences.

Technologies & Tools

Static Analysis Tool
Infer
Used to detect inter-procedural bugs in large codebases for Java and C.
Software Library
Openssl
Example of a codebase where Infer identified null dereferences and memory leaks.
Mobile Application
Duckduckgo
Example of an Android app where Infer found critical inter-procedural bugs.

Key Actionable Insights

1
Utilize Infer's inter-procedural analysis capabilities to catch complex bugs that other tools may miss.
By integrating Infer into your development workflow, especially for large codebases, you can proactively identify and fix bugs that arise from interactions between different procedures.
2
Implement compositional, summary-based analysis techniques in your static analysis tools.
This approach can enhance the efficiency of bug detection in large projects, allowing for quicker iterations and fewer runtime errors.
3
Regularly review and address inter-procedural bugs identified by Infer to improve code quality.
Given that inter-procedural bugs constitute a significant portion of the issues found, prioritizing these fixes can lead to more stable and reliable software.

Common Pitfalls

1
Over-reliance on intra-procedural analysis tools can lead to missed bugs.
Many static analysis tools focus on intra-procedural checks, which may overlook complex interactions between procedures that could lead to runtime errors.

Related Concepts

Static Analysis
Compositional Analysis
Inter-procedural Reasoning
Null Dereferencing