26th International Symposium on
Logic-Based Program Synthesis and Transformation
LOPSTR 2016

Edinburgh, Scotland UK
September 6-8, 2016

Co-located with PPDP 2016 and SAS 2016

LOPSTR 2016 Invited Talk

Static analysis for security at the Facebook scale

Francesco Logozzo, Facebook, USA (jointly with PPDP)


Abstract. The scale and continuous growth of commercial code bases are the greatest challenges for adoption of automated analysis tools in Industry. Alas, scale is largely ignored by academic research. We developed a new static analysis tool for security to scale to Facebook scale. It relies on abstract interpretation to focus on the properties that really matter to security engineers and provides fine control on the cost/precision ratio. It was designed from day one for "real world" security and privacy problems at scale. Facebook codebase is huge, and we can analyze it, from scratch in 13 minutes. This talk will give attendees a peek at some of the secret sauce we use to achieve such amazing performance and precision.