/* ---- Google Analytics Code Below */

Sunday, August 27, 2017

Facebook's Static vs Dynamic Software Analysis for Bugs

Recall using just such tools a long time ago,  to test out simulations of software in operational conditions, now there are open source tools, produced by Facebook, which manages some of the most used software on earth.  Open source.   Many resources at the link:

Facebook’s evolutionary search for crashing software bugs
Ars gets the first look at Facebook's fancy new dynamic analysis tool.  By Sebastian Anthony in Ars Technica.  

" ...   There are two ways of automatically analysing a piece of software in the hunt for bugs, security vulnerabilities, and other potential issues. Static analysis, as the name implies, is only interested in the source code of the program. Dynamic analysis is the opposite: you run the program, feed it a bunch of inputs, and record how it behaves.

Each technique serves a different purpose, and a big software company would usually use both. Static analysis is perfect for formally verifying that an algorithm works as intended, or for highlighting bad code that might allow for a buffer overflow or other security vulnerability. Dynamic analysis is better at finding the gnarly edge cases that cause crashes. Humans can manually perform both analyses, of course, but computers are obviously a lot quicker when it comes to testing millions of possible inputs.

Facebook's static analyser is called Infer. The company open-sourced the tool in 2013, and a lot of big names (Uber, Spotify, Mozilla) use it. There isn't a whole lot to say about it, other than it seems to be very popular and effective; download it today!  ... " 

No comments: