AL is a simple, declarative language for reasoning about abstract syntax trees that allows to extend Facebook Infer static analyzer.
AL is a simple, declarative language for reasoning about abstract syntax trees that allows to extend Facebook Infer static analyzer.
Written in OCaml, Infer is able to signal Null pointer accesses, resource and memory leaks, and other detectable errors in C, Java, and Objective-C code. According to Facebook, Infer correctly identifies bugs in 80% of the cases in their mobile apps for iOS and Android.
AL tries to overcome one of Infer’s limitations by making it more easy to extend it, a task that required both static analysis expertise and knowledge about Infer’s internals. In particular, AL aims to simplify the definitions of checkers of new types of intra-procedural bugs, i.e. bugs confined to the code of a single procedure. Such bugs can be detected through simpler analysis leveraging the syntax of the program, common language idioms, and custom conventions. For example, in Objective-C a delegate of an object should not be usually treated as a strong reference to avoid retain cycles. Using AL, a checker for this requirement could be defined as:
The most interesting part in the AL code above is the report_when clause, which defines a condition on a ObjCPropertyDecl object – the AST node associated to a property declaration in Objective-C – that is declared as a strong reference (is_strong_property) .
According to Facebook, a new checker can normally be defined with few lines of AL code and immediately used, without requiring re-building Infer, which ensures quick feedback on the new checker. AL supports, though, the definition of more complex formulas based on a temporal logic model where an AST node is associated to a point in time and all its descendants can be seen as possible futures. AL provides operators to define properties of future nodes, e.g. the HOLDS-EVENTUALLY operator can be associated to an expression that shall be verified at some future point in time for the program to be valid.
AL is part of Infer, available on GitHub, and can be used for C, C++, and Objective-C.
