Tricorder: Building a Program Analysis Ecosystem

Static analysis tools help developers find bugs, improve code readability, and ensure consistent style across a project. However, these tools can be difficult to smoothly integrate with each other and into the developer workflow, particularly when scaling to large codebases. We present Tricorder, a program analysis platform aimed at building a data-driven ecosystem around program analysis. We present a set of guiding principles for our program analysis tools and a scalable architecture for an analysis platform implementing these principles. We include an empirical, in-situ evaluation of the tool as it is used by developers across Google that shows the usefulness and impact of the platform.

[1]  Ciera Jaspan,et al.  Understanding the value of program analysis tools , 2007, OOPSLA '07.

[2]  David Hovemeyer,et al.  Using Static Analysis to Find Bugs , 2008, IEEE Software.

[3]  Xiaoyan Zhu,et al.  Does bug prediction support human developers? Findings from a Google case study , 2013, 2013 35th International Conference on Software Engineering (ICSE).

[4]  James A. Whittaker,et al.  How Google tests software , 2012, CSIIRW '10.

[5]  Dawson R. Engler,et al.  A few billion lines of code later , 2010, Commun. ACM.

[6]  Mangala Gowri Nanda,et al.  Making defect-finding tools work for you , 2010, 2010 ACM/IEEE 32nd International Conference on Software Engineering.

[7]  Louis Wasserman Scalable, example-based refactorings with refaster , 2013, WRT '13.

[8]  Thomas D. LaToza,et al.  Maintaining mental models: a study of developer work habits , 2006, ICSE.

[9]  Sundaresan Krishnan,et al.  Building Useful Program Analysis Tools Using an Extensible Java Compiler , 2012, 2012 IEEE 12th International Working Conference on Source Code Analysis and Manipulation.

[10]  Caitlin Sadowski,et al.  How Developers Use Data Race Detection Tools , 2014, PLATEAU.

[11]  William Pugh,et al.  The Google FindBugs fixit , 2010, ISSTA '10.

[12]  Lucas Layman,et al.  Toward Reducing Fault Fix Time: Understanding Developer Behavior for the Design of Automated Fault Detection Tools , 2007, ESEM 2007.

[13]  J. David Morgenthaler,et al.  Evaluating static analysis defect warnings on production software , 2007, PASTE '07.

[14]  S. V. Subrahmanya,et al.  A Survey of Enterprise Software Development Risks in a Flat World , 2007, ESEM 2007.

[15]  Gregg Rothermel,et al.  Techniques for improving regression testing in continuous integration development environments , 2014, SIGSOFT FSE.

[16]  Konstantin Serebryany,et al.  Dynamic Race Detection with LLVM Compiler - Compile-Time Instrumentation for ThreadSanitizer , 2011, RV.

[17]  Kwee Heong Tan How Google tests software by James A. Whittaker, Jason Arbon and Jeff Carollo , 2012, SOEN.

[18]  Robert W. Bowdidge,et al.  Programmers' build errors: a case study (at google) , 2014, ICSE.

[19]  Ulf Nilsson,et al.  A Comparative Study of Industrial Static Analysis Tools , 2008, SSV.

[20]  Mazin S. Yousif,et al.  Microservices , 2016, IEEE Cloud Comput..

[21]  James R. Larus,et al.  Righting software , 2004, IEEE Software.

[22]  Vipin Balachandran,et al.  Fix-it: An extensible code auto-fix component in Review Bot , 2013, 2013 IEEE 13th International Working Conference on Source Code Analysis and Manipulation (SCAM).

[23]  Robert W. Bowdidge,et al.  Why don't software developers use static analysis tools to find bugs? , 2013, 2013 35th International Conference on Software Engineering (ICSE).

[24]  Torbjörn Ekman,et al.  .QL: Object-Oriented Queries Made Easy , 2007, GTTSE.

[25]  Konstantin Serebryany,et al.  ThreadSanitizer: data race detection in practice , 2009, WBIA '09.

[26]  Vipin Balachandran,et al.  Reducing human effort and improving quality in peer code reviews using automatic static analysis and reviewer recommendation , 2013, 2013 35th International Conference on Software Engineering (ICSE).