Static code analysis has been proven to be a promising technique for reducing defects and improving the reliability of software systems. Applying static code analysis in practice faces many technical and non-technical challenges. Based on our experiences of commercializing a static code analysis system, those challenges can be represented as three hard-tos: hard-to-employ, hard-to-scale, and hard-to-be-recognized. In this thesis, we present systematic approaches that address these challenges. We first present a system that automates the whole build-analysis process, which enables seamlessly analyzing thousands of different projects on a daily base. Then, we propose two techniques to scale up and speed up the analyzing process: SMOKE, which is designed for optimizing the performa...[ Read more ]

Static code analysis has been proven to be a promising technique for reducing defects and improving the reliability of software systems. Applying static code analysis in practice faces many technical and non-technical challenges. Based on our experiences of commercializing a static code analysis system, those challenges can be represented as three hard-tos: hard-to-employ, hard-to-scale, and hard-to-be-recognized. In this thesis, we present systematic approaches that address these challenges. We first present a system that automates the whole build-analysis process, which enables seamlessly analyzing thousands of different projects on a daily base. Then, we propose two techniques to scale up and speed up the analyzing process: SMOKE, which is designed for optimizing the performance for analyzing typestate problems (e.g., memory leak detection), uses the staged design together with sparse analysis techniques. Experimental results demonstrated that SMOKE could finish checking industrial-sized projects, up to 8MLoC, in forty minutes with an average false positive rate of 24.4%; VeriBuild is an approach to detecting dependency bugs in build systems. VeriBuild uses static analysis to complement conventional dynamic approaches for constructing a unified dependency graph (UDG), which facilitates efficient and precise detecting dependency errors via simple graph traversals. The experimental results have demonstrated its good performance in efficiency and precision. Lastly, we propose a new objective indicator, the ”perceived false positive rate”, to better understand the recognization degree of the analyzing results from users. We also discuss the design choices we have made to reduce the perceived false positive rate.