Andrey Karpov, profile picture
Uploaded byAndrey Karpov
PPTX, PDF150 views

Does static analysis need machine learning?

This document discusses whether static analysis needs machine learning. It begins with an introduction to static analysis and outlines existing static analysis solutions like DeepCode, Infer, SapFix, Embold, Source{d}, Clever-Commit, and CodeGuru. It then addresses problems with learning manually or from real large code bases, like outdated code and lack of documentation. Finally, it discusses promising approaches like analyzing code style, collecting additional metrics, and best practices for specific frameworks.

Embed presentation

Download to read offline
Does static analysis need machine learning? Anti-Talk Victoria Khanieva PVS-Studio
Speaker 2 Victoria Khanieva • С++ developer in PVS-Studio • Supported the MISRA standard • Wrote articles in checks of open-source projects khanieva@viva64.com www.viva64.com
 Introduction to static analysis  Existing solutions and approaches they implement  Problems and pitfalls when creating an analyzer:  When learning «manually»  When learning on a real large code base  Most promising approaches Agenda 3
About the analysis 4
 Code review Types of code analysis 5
 Code review  Dynamic analysis Types of code analysis 6
 Code review  Dynamic analysis  Static analysis Types of code analysis 7
 How to reveal errors and flaws in the source code of programs.  Detect errors in programs  Get tips on code formatting  Count metrics  …. Static analysis 8
void createCube(float halfExtentsX, float halfExtentsY, float halfExtentsZ, ....){ .... m_model->addVertex(halfExtentsX, halfExtentsY, halfExtentsY, ....); .... } Diagnostics 9
void createCube(float halfExtentsX, float halfExtentsY, float halfExtentsZ, ....){ .... m_model->addVertex(halfExtentsX, halfExtentsY, halfExtentsY, ....); .... } Diagnostics 10 V751 Parameter 'halfExtentsZ' is not used inside function body. TinyRenderer.cpp 375
You'd think… 11
When ML is useful 12  Useful: Scanning photos and videos
When ML is useful 13  Useful: Scanning photos and videos  Unuseful: Calculator
When ML is useful 14  Useful: Scanning photos and videos  Unuseful: Calculator
Possible result 15
Existing solutions 16
Existing solutions 17
Existing solutions 18
 Java, JS, TS, Python, C, C++  Code review and audit  You can check out demos on an open-source project  Related posts DeepCode 19 Link
DeepCode 20
 Java, C, C++, Objective-C  By Facebook  Open-source code  You can try Infer on your projects  Based on the Хоара and separation logic, bi-abduction, and the abstract interpretation theory Infer 21 Link
 Handles Infer results  Suggests possible edits SapFix 22
 Platform to analyze code quality  System of edits suggestion  Searches for dependencies between functions and methods by NLP Embold 23
 Open-source  Related posts  Repository with dataset for learning  Code-style detection  Platform for collecting metrics and statistics Source{d} 24 Link
Fixing code style in Source{d} 25 Based on the article “STYLE-ANALYZER: fixing code style inconsistencies with interpretable unsupervised algorithms” Link
 By Mozilla+Ubisoft  Searches for suspicious commits  Based on the publication: “CLEVER: Combining Code Metrics with Clone Detection for Just-In-Time Fault Prevention and Resolution in Large Industrial Projects” Clever-Commit 26 Link
 Java  By Amazon  Recommendations on best practices from the documentation and code base CodeGuru 27
28
 Analyze code to search for errors  Analyze code to search for deviations from best practices  Analyze artifacts’ code  Collect metrics and data on code  Suggest code-style fixes Main directions 29
 Selected base of open-source repositories  Dataset selected manually  Own project base Ways to learn 30
Problems and pitfalls 31 * in the view of a classic static analyzer developer
How it may look like: • if (X && A == A) • if (A + 1 == A + 1) • if (A[i] == A[i]) • if ((A) == (A)) • … «Manual» dataset selection 32 We need to find: if (A == A)
Example from DeepCode 33
«Manual» learning 34
We need to find: int y = x / 0; In practice 35 How it may look like: template <class T> class numeric_limits { .... } namespace boost { .... } namespace boost { namespace hash_detail { template <class T> void dsizet(size_t x) { size_t length = x / (limits<int>::digits - 31); } } }
@Override public String getText(Mode mode) { StringBuilder sb = new StringBuilder(); .... if (filter.getMessage() .toLowerCase(Locale.ENGLISH) .startsWith("Each ")) { sb.append(" has base power and toughness "); } else { sb.append(" have base power and toughness "); } .... return sb.toString(); } Data flow analysis 36
Data flow analysis 37 uint32_t* BnNew() { uint32_t* result = new uint32_t[kBigIntSize]; memset(result, 0, kBigIntSize * sizeof(uint32_t)); return result; } std::string AndroidRSAPublicKey(crypto::RSAPrivateKey* key) { .... uint32_t* n = BnNew(); .... RSAPublicKey pkey; .... if (pkey.n0inv == 0) return kDummyRSAPublicKey; // <= .... }
 «So many projects on GitHub! The analyzer will learn from their repositories and commits» turns into commits’ collection and markup.  If a manually collected learning base is unreliable, what to expect from an automatically collected one? Learning on many projects 38
 Check out the commit with the word «fix»: Learning on many projects 39
 Analyzer has to be up-to-date in terms of the checked language  Most projects use outdated standards  Most projects don’t use new constructions Outdated code 40
New construction: std::vector<int> numbers; .... for (int num : numbers) foo(num); New error pattern: for (int num : numbers) numbers.push_back(num * 2); Example 41
Documentation 42
 Code example: char check(const uint8 *hash_stage2) { .... return memcmp(hash_stage2, hash_stage2_reassured, SHA1_HASH_SIZE); }  The analyzer hypothetically suggests to fix as follows: int check(const uint8 *hash_stage2) { .... return memcmp(hash_stage2, hash_stage2_reassured, SHA1_HASH_SIZE); } Why documentation matters 43
Classic approach: documentation 44
Code example: ObjectOutputStream out = new ObjectOutputStream(....); SerializedObject obj = new SerializedObject(); obj.state = 100; out.writeObject(obj); obj.state = 200; out.writeObject(obj); out.close(); Why documentation matters 45
The analyzer suggests: ObjectOutputStream out = new ObjectOutputStream(....); SerializedObject obj = new SerializedObject(); obj.state = 100; out.writeObject(obj); obj = new SerializedObject(); // Add this line obj.state = 200; out.writeObject(obj); out.close(); Why documentation matters 46
What happens without the edit: ObjectOutputStream out = new ObjectOutputStream(....); SerializedObject obj = new SerializedObject(); obj.state = 100; out.writeObject(obj); // stores the object with the state = 100 obj.state = 200; out.writeObject(obj); // stores the object with the state = 100 out.close(); Why documentation matters 47
Unambiguous behavior 48
Unambiguous behavior 49
Unambiguous behavior 50
std::vector<int> numbers; .... for (int num : numbers) { if (num < 5) { numbers.push_back(0); break; // or, for example, return } } False positives 51
 Reason for getting a warning may be unclear. Reason for NOT getting a warning may be unclear as well.  How to fix?  Additional learning (will it help?)  Mechanism to hide warnings (not universal) False positives 52
In case of successful analyzer learning 53
 Code style by specific symbols  Collecting additional metrics and information Promising directions 54
 Best-practices for a specific framework/code base/platform Promising directions 55
56 https://pvs-studio.com/en/pvs-studio/download/ Download a PVS-Studio one-month trial version and check your projects using a classic static analysis:
Q&A viva64.com 57 khanieva@viva64.com

More Related Content

PPTX
How To Improve Quality With Static Code Analysis
byPerforce
 
PPTX
Top 10 static code analysis tool
byscmGalaxy Inc
 
PDF
Static code analysis
byPrancer Io
 
ODP
Java code coverage with JCov. Implementation details and use cases.
byAlexandre (Shura) Iline
 
PPTX
PVS-Studio and static code analysis technique
byAndrey Karpov
 
PPTX
Binary Studio Academy: .NET Code Testing
byBinary Studio
 
PPTX
NET Code Testing
byKirill Miroshnichenko
 
PDF
PVS-Studio in 2021 - Feature Overview
byAndrey Karpov
 
How To Improve Quality With Static Code Analysis
byPerforce
 
Top 10 static code analysis tool
byscmGalaxy Inc
 
Static code analysis
byPrancer Io
 
Java code coverage with JCov. Implementation details and use cases.
byAlexandre (Shura) Iline
 
PVS-Studio and static code analysis technique
byAndrey Karpov
 
Binary Studio Academy: .NET Code Testing
byBinary Studio
 
NET Code Testing
byKirill Miroshnichenko
 
PVS-Studio in 2021 - Feature Overview
byAndrey Karpov
 

What's hot

PPT
Parasoft .TEST, Write better C# Code Using Data Flow Analysis
byEngineering Software Lab
 
PPTX
Track code quality with SonarQube - short version
byDmytro Patserkovskyi
 
PDF
Presentation slides: "How to get 100% code coverage"
byRapita Systems Ltd
 
PDF
Secure Coding in C/C++
byDan-Claudiu Dragoș
 
PPTX
Top 5 Code Coverage Tools in DevOps
byscmGalaxy Inc
 
PPTX
Code Coverage and Test Suite Effectiveness: Empirical Study with Real Bugs in...
byPavneet Singh Kochhar
 
PDF
Test driven development_continuous_integration
byhaochenglee
 
PPTX
Debugging C# Applications
byJaliya Udagedara
 
PDF
Continuous code quality_in_java
byManimekalai48
 
PDF
Parasoft fda software compliance part2
byEngineering Software Lab
 
PDF
Code Coverage Revised : EclEmma on JaCoCo
byEvgeny Mandrikov
 
PPTX
How to improve code quality for iOS apps?
byKate Semizhon
 
PPTX
Static Code Analysis
byGeneva, Switzerland
 
PPTX
Java Code Quality Tools
byAnju ML
 
PPTX
A year of SonarQube and TFS/VSTS
byMatteo Emili
 
PDF
Code coverage & tools
byRajesh Kumar
 
PDF
Videos about static code analysis
byPVS-Studio
 
PPT
How to become a testing expert
bygaoliang641
 
PPTX
Building a high quality+ products with SCA
bySuman Sourav
 
PPTX
Let's Explore C# 6
byJaliya Udagedara
 
Parasoft .TEST, Write better C# Code Using Data Flow Analysis
byEngineering Software Lab
 
Track code quality with SonarQube - short version
byDmytro Patserkovskyi
 
Presentation slides: "How to get 100% code coverage"
byRapita Systems Ltd
 
Secure Coding in C/C++
byDan-Claudiu Dragoș
 
Top 5 Code Coverage Tools in DevOps
byscmGalaxy Inc
 
Code Coverage and Test Suite Effectiveness: Empirical Study with Real Bugs in...
byPavneet Singh Kochhar
 
Test driven development_continuous_integration
byhaochenglee
 
Debugging C# Applications
byJaliya Udagedara
 
Continuous code quality_in_java
byManimekalai48
 
Parasoft fda software compliance part2
byEngineering Software Lab
 
Code Coverage Revised : EclEmma on JaCoCo
byEvgeny Mandrikov
 
How to improve code quality for iOS apps?
byKate Semizhon
 
Static Code Analysis
byGeneva, Switzerland
 
Java Code Quality Tools
byAnju ML
 
A year of SonarQube and TFS/VSTS
byMatteo Emili
 
Code coverage & tools
byRajesh Kumar
 
Videos about static code analysis
byPVS-Studio
 
How to become a testing expert
bygaoliang641
 
Building a high quality+ products with SCA
bySuman Sourav
 
Let's Explore C# 6
byJaliya Udagedara
 

Similar to Does static analysis need machine learning?

PPTX
The Use of Static Code Analysis When Teaching or Developing Open-Source Software
byAndrey Karpov
 
PPTX
Static code analysis: what? how? why?
byAndrey Karpov
 
PPTX
Game Engine Code Quality: Is Everything Really That Bad?
byAndrey Karpov
 
PDF
Embedded software static analysis_Polyspace-WhitePaper_final
byTAMILMARAN C
 
PDF
Presentations Unusual Java Bugs And Detecting Them Using Foss Tools
byGanesh Samarthyam
 
PPTX
The operation principles of PVS-Studio static code analyzer
byAndrey Karpov
 
PPTX
Static analysis: Around Java in 60 minutes
byAndrey Karpov
 
PPTX
EVERYTHING ABOUT STATIC CODE ANALYSIS FOR A JAVA PROGRAMMER
byAndrey Karpov
 
PPTX
Story of static code analyzer development
byAndrey Karpov
 
PDF
Errors that static code analysis does not find because it is not used
byAndrey Karpov
 
PPTX
Expanding the idea of static analysis from code check to other development pr...
byAndrey Karpov
 
PDF
Static analysis should be used regularly
byPVS-Studio
 
PDF
Technologies used in the PVS-Studio code analyzer for finding bugs and potent...
byAndrey Karpov
 
PDF
Static analysis as part of the development process in Unreal Engine
byPVS-Studio
 
PDF
Static Analysis: From Getting Started to Integration
byAndrey Karpov
 
PDF
If the coding bug is banal, it doesn't meant it's not crucial
byPVS-Studio
 
PDF
Achieving quality with tools case study
byEosSoftware
 
PDF
Static and Dynamic Code Analysis
byAndrey Karpov
 
PDF
Jdj Foss Java Tools
byGanesh Samarthyam
 
PPT
Verifcation &amp;validation
byssusere50573
 
The Use of Static Code Analysis When Teaching or Developing Open-Source Software
byAndrey Karpov
 
Static code analysis: what? how? why?
byAndrey Karpov
 
Game Engine Code Quality: Is Everything Really That Bad?
byAndrey Karpov
 
Embedded software static analysis_Polyspace-WhitePaper_final
byTAMILMARAN C
 
Presentations Unusual Java Bugs And Detecting Them Using Foss Tools
byGanesh Samarthyam
 
The operation principles of PVS-Studio static code analyzer
byAndrey Karpov
 
Static analysis: Around Java in 60 minutes
byAndrey Karpov
 
EVERYTHING ABOUT STATIC CODE ANALYSIS FOR A JAVA PROGRAMMER
byAndrey Karpov
 
Story of static code analyzer development
byAndrey Karpov
 
Errors that static code analysis does not find because it is not used
byAndrey Karpov
 
Expanding the idea of static analysis from code check to other development pr...
byAndrey Karpov
 
Static analysis should be used regularly
byPVS-Studio
 
Technologies used in the PVS-Studio code analyzer for finding bugs and potent...
byAndrey Karpov
 
Static analysis as part of the development process in Unreal Engine
byPVS-Studio
 
Static Analysis: From Getting Started to Integration
byAndrey Karpov
 
If the coding bug is banal, it doesn't meant it's not crucial
byPVS-Studio
 
Achieving quality with tools case study
byEosSoftware
 
Static and Dynamic Code Analysis
byAndrey Karpov
 
Jdj Foss Java Tools
byGanesh Samarthyam
 
Verifcation &amp;validation
byssusere50573
 

More from Andrey Karpov

PPTX
Static Code Analysis for Projects, Built on Unreal Engine
byAndrey Karpov
 
PPTX
C++ Code as Seen by a Hypercritical Reviewer
byAndrey Karpov
 
PDF
60 terrible tips for a C++ developer
byAndrey Karpov
 
PDF
PVS-Studio in 2021 - Error Examples
byAndrey Karpov
 
PDF
60 антипаттернов для С++ программиста
byAndrey Karpov
 
PPTX
Make Your and Other Programmer’s Life Easier with Static Analysis (Unreal Eng...
byAndrey Karpov
 
PPTX
Safety on the Max: How to Write Reliable C/C++ Code for Embedded Systems
byAndrey Karpov
 
PPTX
The Great and Mighty C++
byAndrey Karpov
 
PDF
PVS-Studio in the Clouds: Azure DevOps
byAndrey Karpov
 
PPTX
How to Fix Hundreds of Bugs in Legacy Code and Not Die (Unreal Engine 4)
byAndrey Karpov
 
PPTX
Ошибки, которые сложно заметить на code review, но которые находятся статичес...
byAndrey Karpov
 
PDF
PVS-Studio in the Clouds: CircleCI
byAndrey Karpov
 
PDF
Zero, one, two, Freddy's coming for you
byAndrey Karpov
 
PDF
PVS-Studio Static Analyzer as a Tool for Protection against Zero-Day Vulnerab...
byAndrey Karpov
 
PPTX
Typical errors in code on the example of C++, C#, and Java
byAndrey Karpov
 
PDF
PVS-Studio Is Now in Chocolatey: Checking Chocolatey under Azure DevOps
byAndrey Karpov
 
PDF
Analysis of commits and pull requests in Travis CI, Buddy and AppVeyor using ...
byAndrey Karpov
 
PPTX
Best Bugs from Games: Fellow Programmers' Mistakes
byAndrey Karpov
 
PDF
PVS-Studio в 2021
byAndrey Karpov
 
PDF
PVS-Studio в 2021 - Примеры ошибок
byAndrey Karpov
 
Static Code Analysis for Projects, Built on Unreal Engine
byAndrey Karpov
 
C++ Code as Seen by a Hypercritical Reviewer
byAndrey Karpov
 
60 terrible tips for a C++ developer
byAndrey Karpov
 
PVS-Studio in 2021 - Error Examples
byAndrey Karpov
 
60 антипаттернов для С++ программиста
byAndrey Karpov
 
Make Your and Other Programmer’s Life Easier with Static Analysis (Unreal Eng...
byAndrey Karpov
 
Safety on the Max: How to Write Reliable C/C++ Code for Embedded Systems
byAndrey Karpov
 
The Great and Mighty C++
byAndrey Karpov
 
PVS-Studio in the Clouds: Azure DevOps
byAndrey Karpov
 
How to Fix Hundreds of Bugs in Legacy Code and Not Die (Unreal Engine 4)
byAndrey Karpov
 
Ошибки, которые сложно заметить на code review, но которые находятся статичес...
byAndrey Karpov
 
PVS-Studio in the Clouds: CircleCI
byAndrey Karpov
 
Zero, one, two, Freddy's coming for you
byAndrey Karpov
 
PVS-Studio Static Analyzer as a Tool for Protection against Zero-Day Vulnerab...
byAndrey Karpov
 
Typical errors in code on the example of C++, C#, and Java
byAndrey Karpov
 
PVS-Studio Is Now in Chocolatey: Checking Chocolatey under Azure DevOps
byAndrey Karpov
 
Analysis of commits and pull requests in Travis CI, Buddy and AppVeyor using ...
byAndrey Karpov
 
Best Bugs from Games: Fellow Programmers' Mistakes
byAndrey Karpov
 
PVS-Studio в 2021
byAndrey Karpov
 
PVS-Studio в 2021 - Примеры ошибок
byAndrey Karpov
 

Recently uploaded

PDF
inSis suite - Laboratory Information Management System
byKondapi V Siva Rama Brahmam
 
PPTX
Building AI agents in Java - Devoxx Belgium 2025
byJulien Dubois
 
PPTX
Future of Software Testing: AI-Powered Open Source Testing Tools
bySophie Lane
 
PDF
Data Integration with Salesforce Bootcamp
byDele Amefo
 
PDF
DSD-INT 2025 Delft3D FM Suite 2026.01 2D3D - New features + Improvements - Sp...
byDeltares
 
PPTX
Presentation on AWS Cloud RDS Deep dive
byBimal Jain
 
PDF
SCORM Cloud: The 5 categories of content distribution
byRustici Software
 
PDF
Presentation Empowerment Technology in ICT
byoryoseiii
 
PDF
DSD-INT 2025 Advancing Urban Flood Modeling with Delft3D FM 1D2D - A Pilot St...
byDeltares
 
PDF
DSD-INT 2025 Timor-Leste Flood exposure and Climate Change assessment - Ogunwumi
byDeltares
 
PDF
DSD-INT 2025 Coupling SFINCS to a flood risk model to evaluate the effects of...
byDeltares
 
PDF
How Device, OS, and Network Variability Affects App Experience - And How to T...
bykalichargn70th171
 
PDF
Internship Project Training Report-3.pdf
byPawank36
 
PDF
DSD-INT 2025 Next-Generation Flood Inundation Mapping for Taiwan - Challenges...
byDeltares
 
PDF
DSD-INT 2025 3D-modelling of salt intrusion into Germany’s busiest waterway -...
byDeltares
 
PDF
DSD-INT 2025 UK Coastal Flooding Incident Guide - Dam
byDeltares
 
PDF
DSD-INT 2025 The Sinterklaas Storm in the Southwest of the Netherlands - Wope...
byDeltares
 
PDF
DSD-INT 2025 Quantifying Flood Mitigation Strategies Under Sea Level Rise - H...
byDeltares
 
PDF
DSD-INT 2025 Building-Aware Flood and Lifeline Scour Modeling with Delft3D FM...
byDeltares
 
PDF
DSD-INT 2025 Modelling Non-Newtonian Slurry Beaching with Delft3D-Slurry - Bi
byDeltares
 
inSis suite - Laboratory Information Management System
byKondapi V Siva Rama Brahmam
 
Building AI agents in Java - Devoxx Belgium 2025
byJulien Dubois
 
Future of Software Testing: AI-Powered Open Source Testing Tools
bySophie Lane
 
Data Integration with Salesforce Bootcamp
byDele Amefo
 
DSD-INT 2025 Delft3D FM Suite 2026.01 2D3D - New features + Improvements - Sp...
byDeltares
 
Presentation on AWS Cloud RDS Deep dive
byBimal Jain
 
SCORM Cloud: The 5 categories of content distribution
byRustici Software
 
Presentation Empowerment Technology in ICT
byoryoseiii
 
DSD-INT 2025 Advancing Urban Flood Modeling with Delft3D FM 1D2D - A Pilot St...
byDeltares
 
DSD-INT 2025 Timor-Leste Flood exposure and Climate Change assessment - Ogunwumi
byDeltares
 
DSD-INT 2025 Coupling SFINCS to a flood risk model to evaluate the effects of...
byDeltares
 
How Device, OS, and Network Variability Affects App Experience - And How to T...
bykalichargn70th171
 
Internship Project Training Report-3.pdf
byPawank36
 
DSD-INT 2025 Next-Generation Flood Inundation Mapping for Taiwan - Challenges...
byDeltares
 
DSD-INT 2025 3D-modelling of salt intrusion into Germany’s busiest waterway -...
byDeltares
 
DSD-INT 2025 UK Coastal Flooding Incident Guide - Dam
byDeltares
 
DSD-INT 2025 The Sinterklaas Storm in the Southwest of the Netherlands - Wope...
byDeltares
 
DSD-INT 2025 Quantifying Flood Mitigation Strategies Under Sea Level Rise - H...
byDeltares
 
DSD-INT 2025 Building-Aware Flood and Lifeline Scour Modeling with Delft3D FM...
byDeltares
 
DSD-INT 2025 Modelling Non-Newtonian Slurry Beaching with Delft3D-Slurry - Bi
byDeltares
 

Does static analysis need machine learning?

  • 1.
    Does static analysisneed machine learning? Anti-Talk Victoria Khanieva PVS-Studio
  • 2.
    Speaker 2 Victoria Khanieva • С++developer in PVS-Studio • Supported the MISRA standard • Wrote articles in checks of open-source projects khanieva@viva64.com www.viva64.com
  • 3.
     Introduction tostatic analysis  Existing solutions and approaches they implement  Problems and pitfalls when creating an analyzer:  When learning «manually»  When learning on a real large code base  Most promising approaches Agenda 3
  • 4.
  • 5.
     Code review Typesof code analysis 5
  • 6.
     Code review Dynamic analysis Types of code analysis 6
  • 7.
     Code review Dynamic analysis  Static analysis Types of code analysis 7
  • 8.
     How toreveal errors and flaws in the source code of programs.  Detect errors in programs  Get tips on code formatting  Count metrics  …. Static analysis 8
  • 9.
    void createCube(float halfExtentsX, floathalfExtentsY, float halfExtentsZ, ....){ .... m_model->addVertex(halfExtentsX, halfExtentsY, halfExtentsY, ....); .... } Diagnostics 9
  • 10.
    void createCube(float halfExtentsX, floathalfExtentsY, float halfExtentsZ, ....){ .... m_model->addVertex(halfExtentsX, halfExtentsY, halfExtentsY, ....); .... } Diagnostics 10 V751 Parameter 'halfExtentsZ' is not used inside function body. TinyRenderer.cpp 375
  • 11.
  • 12.
    When ML isuseful 12  Useful: Scanning photos and videos
  • 13.
    When ML isuseful 13  Useful: Scanning photos and videos  Unuseful: Calculator
  • 14.
    When ML isuseful 14  Useful: Scanning photos and videos  Unuseful: Calculator
  • 15.
  • 16.
  • 17.
  • 18.
  • 19.
     Java, JS,TS, Python, C, C++  Code review and audit  You can check out demos on an open-source project  Related posts DeepCode 19 Link
  • 20.
  • 21.
     Java, C,C++, Objective-C  By Facebook  Open-source code  You can try Infer on your projects  Based on the Хоара and separation logic, bi-abduction, and the abstract interpretation theory Infer 21 Link
  • 22.
     Handles Inferresults  Suggests possible edits SapFix 22
  • 23.
     Platform toanalyze code quality  System of edits suggestion  Searches for dependencies between functions and methods by NLP Embold 23
  • 24.
     Open-source  Relatedposts  Repository with dataset for learning  Code-style detection  Platform for collecting metrics and statistics Source{d} 24 Link
  • 25.
    Fixing code stylein Source{d} 25 Based on the article “STYLE-ANALYZER: fixing code style inconsistencies with interpretable unsupervised algorithms” Link
  • 26.
     By Mozilla+Ubisoft Searches for suspicious commits  Based on the publication: “CLEVER: Combining Code Metrics with Clone Detection for Just-In-Time Fault Prevention and Resolution in Large Industrial Projects” Clever-Commit 26 Link
  • 27.
     Java  ByAmazon  Recommendations on best practices from the documentation and code base CodeGuru 27
  • 28.
  • 29.
     Analyze codeto search for errors  Analyze code to search for deviations from best practices  Analyze artifacts’ code  Collect metrics and data on code  Suggest code-style fixes Main directions 29
  • 30.
     Selected baseof open-source repositories  Dataset selected manually  Own project base Ways to learn 30
  • 31.
    Problems and pitfalls 31 *in the view of a classic static analyzer developer
  • 32.
    How it maylook like: • if (X && A == A) • if (A + 1 == A + 1) • if (A[i] == A[i]) • if ((A) == (A)) • … «Manual» dataset selection 32 We need to find: if (A == A)
  • 33.
  • 34.
  • 35.
    We need tofind: int y = x / 0; In practice 35 How it may look like: template <class T> class numeric_limits { .... } namespace boost { .... } namespace boost { namespace hash_detail { template <class T> void dsizet(size_t x) { size_t length = x / (limits<int>::digits - 31); } } }
  • 36.
    @Override public String getText(Modemode) { StringBuilder sb = new StringBuilder(); .... if (filter.getMessage() .toLowerCase(Locale.ENGLISH) .startsWith("Each ")) { sb.append(" has base power and toughness "); } else { sb.append(" have base power and toughness "); } .... return sb.toString(); } Data flow analysis 36
  • 37.
    Data flow analysis 37 uint32_t*BnNew() { uint32_t* result = new uint32_t[kBigIntSize]; memset(result, 0, kBigIntSize * sizeof(uint32_t)); return result; } std::string AndroidRSAPublicKey(crypto::RSAPrivateKey* key) { .... uint32_t* n = BnNew(); .... RSAPublicKey pkey; .... if (pkey.n0inv == 0) return kDummyRSAPublicKey; // <= .... }
  • 38.
     «So manyprojects on GitHub! The analyzer will learn from their repositories and commits» turns into commits’ collection and markup.  If a manually collected learning base is unreliable, what to expect from an automatically collected one? Learning on many projects 38
  • 39.
     Check outthe commit with the word «fix»: Learning on many projects 39
  • 40.
     Analyzer hasto be up-to-date in terms of the checked language  Most projects use outdated standards  Most projects don’t use new constructions Outdated code 40
  • 41.
    New construction: std::vector<int> numbers; .... for(int num : numbers) foo(num); New error pattern: for (int num : numbers) numbers.push_back(num * 2); Example 41
  • 42.
  • 43.
     Code example: charcheck(const uint8 *hash_stage2) { .... return memcmp(hash_stage2, hash_stage2_reassured, SHA1_HASH_SIZE); }  The analyzer hypothetically suggests to fix as follows: int check(const uint8 *hash_stage2) { .... return memcmp(hash_stage2, hash_stage2_reassured, SHA1_HASH_SIZE); } Why documentation matters 43
  • 44.
  • 45.
    Code example: ObjectOutputStream out= new ObjectOutputStream(....); SerializedObject obj = new SerializedObject(); obj.state = 100; out.writeObject(obj); obj.state = 200; out.writeObject(obj); out.close(); Why documentation matters 45
  • 46.
    The analyzer suggests: ObjectOutputStreamout = new ObjectOutputStream(....); SerializedObject obj = new SerializedObject(); obj.state = 100; out.writeObject(obj); obj = new SerializedObject(); // Add this line obj.state = 200; out.writeObject(obj); out.close(); Why documentation matters 46
  • 47.
    What happens withoutthe edit: ObjectOutputStream out = new ObjectOutputStream(....); SerializedObject obj = new SerializedObject(); obj.state = 100; out.writeObject(obj); // stores the object with the state = 100 obj.state = 200; out.writeObject(obj); // stores the object with the state = 100 out.close(); Why documentation matters 47
  • 48.
  • 49.
  • 50.
  • 51.
    std::vector<int> numbers; .... for (intnum : numbers) { if (num < 5) { numbers.push_back(0); break; // or, for example, return } } False positives 51
  • 52.
     Reason forgetting a warning may be unclear. Reason for NOT getting a warning may be unclear as well.  How to fix?  Additional learning (will it help?)  Mechanism to hide warnings (not universal) False positives 52
  • 53.
    In case ofsuccessful analyzer learning 53
  • 54.
     Code styleby specific symbols  Collecting additional metrics and information Promising directions 54
  • 55.
     Best-practices fora specific framework/code base/platform Promising directions 55
  • 56.
    56 https://pvs-studio.com/en/pvs-studio/download/ Download a PVS-Studioone-month trial version and check your projects using a classic static analysis:
  • 57.