A few billion lines of code later

  title={A few billion lines of code later},
  author={Al Bessey and Ken Block and Benjamin Chelf and Andy Chou and Bryan Fulton and Seth Hallem and Charles-Henri Gros and Asya Kamsky and Scott McPeak and Dawson R. Engler},
  journal={Communications of the ACM},
  pages={66 - 75}
How Coverity built a bug-finding tool, and a business, around the unlimited supply of bugs in software systems. 
XIAO: tuning code clones at hands of engineers in practice
The experiences of carrying out successful technology transfer of the new approach of code-clone detection, called XIAO, are reported, which has been integrated into Microsoft Visual Studio 2012 and its main success factors include its high tunability, scalability, compatibility, and explorability.
Deterministic parallel fixpoint computation
Pikos, a deterministic parallel algorithm for fixpoint computation by introducing the notion of weak partial order (WPO), and an algorithm for constructing a WPO in almost-linear time are presented.
The Adoption of JavaScript Linters in Practice: A Case Study on ESLint
Why and how developers use linters along with the challenges they face while using such tools are studied along with several feature suggestions for tool makers and future work for researchers are proposed.
Static Code Analysis on Networking Code : Identifying the possibilities of finding implementation flaws using Abstract Syntax Trees July 26 , 2019
This research paper explores the technique of using ASTs, whilst it also contains an assessment of the capabilities and limitations, and shows that ASTs can be effective in analyzing static code.
The False False Positives of Static Analysis
Various use cases where a false positive report is not false and the issue is caused by another aspects of static analysis are discussed, which exemplify the importance of careful false positive classification.
Software Vulnerability Analysis and Discovery Using Machine-Learning and Data-Mining Techniques
An extensive review of the many different works in the field of software vulnerability analysis and discovery that utilize machine-learning and data-mining techniques that utilize both advantages and shortcomings in this domain is provided.
What developers want and need from program analysis: An empirical study
  • M. Christakis, C. Bird
  • Computer Science
    2016 31st IEEE/ACM International Conference on Automated Software Engineering (ASE)
  • 2016
A multi-method investigation at Microsoft is mounted to understand what makes a program analyzer most attractive to developers, and sheds light on what functionality developers want from analyzers, including the types of code issues that developers care about.
Comparing static bug finders and statistical prediction
This paper uses historical defect data to apprise the two approaches, compare them, and seek synergies, and finds that under some accounting principles, they provide comparable benefits; it is found that in some settings, the performance of certain static bug-finders can be enhanced using information provided by statistical defect prediction.
Improving the accuracy of static analysis based on state partition
This paper proposes a path merging strategy with state partition to avoid accuracy loss caused by untimely merging of data flow information, and it has been implemented in the static analysis tool, Defect Testing System.
Scaling Software Security Analysis to Millions of Malicious Programs and Billions of Lines of Code
It is argued that automatic code reuse detection enables an efficient data reduction of a high volume of incoming malware for downstream analysis and enhances software security by efficiently finding known vulnerabilities across large code bases and automatically discover highly correlated features and malware groups.


Extended static checking for Java
The Extended Static Checker for Java (ESC/Java) is introduced, an experimental compile-time program checker that finds common programming errors and provides programmers with a simple annotation language with which programmer design decisions can be expressed formally.
A system and language for building system-specific, static analyses
A flexible, easy-to-use extension language for specifying analyses and an efficent algorithm for executing these extensions, which believe is an effective framework for deploying new bug-finding analyses quickly and easily.
Flow-sensitive type qualifiers
An efficient constraint-based inference algorithm is obtained that integrates flow-insensitive alias analysis, effect inference, and ideas from linear type systems to support strong updates.
A static analyzer for finding dynamic programming errors
A compile‐time analyzer that detects these dynamic errors in large, real‐world programs, and provides valuable contextual information to the programmer who needs to understand and repair the defects.
Automatically validating temporal safety properties of interfaces
A process for validating temporal safety properties of software that uses a well-defined interface is presented, and it is found that the process converges on a set of predicates powerful enough to validate properties in just a few iterations.
Context- and path-sensitive memory leak detection
A context- and path-sensitive algorithm for detecting memory leaks in programs with explicit memory management based on an underlying escape analysis that achieves very precise context-and path-sensitivity by expressing the analysis using boolean constraints.
ESP: path-sensitive program verification in polynomial time
This paper presents a new algorithm for partial program verification that runs in polynomial time and space, and shows that property simulation scales to large programs and is accurate enough to verify meaningful properties.