BT

InfoQ Homepage News Facebook’s New AL Language Aims to Simplify Static Program Analysis

Facebook’s New AL Language Aims to Simplify Static Program Analysis

Bookmarks

AL is a simple, declarative language for reasoning about abstract syntax trees that allows a developer to extend the Facebook Infer static analyzer.

Written in OCaml, Infer is able to signal Null pointer accesses, resource and memory leaks, and other detectable errors in C, Java, and Objective-C code. According to Facebook, Infer correctly identifies bugs in 80% of the cases in their mobile apps for iOS and Android.

AL tries to overcome one of Infer’s limitations by making it more easy to extend it, a task that required both static analysis expertise and knowledge about Infer’s internals. In particular, AL aims to simplify the definitions of checkers of new types of intra-procedural bugs, i.e. bugs confined to the code of a single procedure. Such bugs can be detected through simpler analysis leveraging the syntax of the program, common language idioms, and custom conventions. For example, in Objective-C a delegate of an object should not be usually treated as a strong reference to avoid retain cycles. Using AL, a checker for this requirement could be defined as:

DEFINE-CHECKER STRONG_DELEGATE_WARNING = {
    
    LET name_contains_delegate =     
        declaration_has_name(REGEXP("[dD]elegate"));
      
    SET report_when =
        WHEN
           name_contains_delegate 
           AND is_strong_property()
        HOLDS-IN-NODE ObjCPropertyDecl;
    
    SET message = "Property or ivar %decl_name% declared strong";
    SET suggestion = "In general delegates should be declared weak or assign";
  };

The most interesting part in the AL code above is the report_when clause, which defines a condition on a ObjCPropertyDecl object – the AST node associated to a property declaration in Objective-C – that is declared as a strong reference (is_strong_property).

According to Facebook, a new checker can normally be defined with few lines of AL code and immediately used, without requiring re-building Infer, which ensures quick feedback on the new checker. AL supports, though, the definition of more complex formulas based on a temporal logic model where an AST node is associated to a point in time and all its descendants can be seen as possible futures. AL provides operators to define properties of future nodes, e.g. the HOLDS-EVENTUALLY operator can be associated to an expression that shall be verified at some future point in time for the program to be valid.

AL is part of Infer, available on GitHub, and can be used for C, C++, and Objective-C.

Rate this Article

Adoption
Style

Hello stranger!

You need to Register an InfoQ account or or login to post comments. But there's so much more behind being registered.

Get the most out of the InfoQ experience.

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Community comments

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

BT

Is your profile up-to-date? Please take a moment to review and update.

Note: If updating/changing your email, a validation request will be sent

Company name:
Company role:
Company size:
Country/Zone:
State/Province/Region:
You will be sent an email to validate the new email address. This pop-up will close itself in a few moments.