A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf
.
Scaling static analyses at Facebook
2019
Communications of the ACM
key insights ˽ Advanced static analysis techniques performing deep reasoning about source code can scale to large industrial codebases, for example, with 100-million LOC. ˽ Static analyses should strike a balance between missed bugs (false negatives) and un-actioned reports (false positives). ˽ A "diff time" deployment, where issues are given to developers promptly as part of code review, is important to catching bugs early and getting high fix rates.
doi:10.1145/3338112
fatcat:dlr5pddvozge3e5qxiktz3emmi