WhatsApp—are mostly written in Objec-tive-C and Java. C++ is the main language
of choice for backend services. There are
10s of millions of lines each of mobile
and backend code.
While they use the same development models, the website and mobile
products are deployed differently. This
affects what bugs are considered most
important, and the way that bugs can be
fixed. For the website, Facebook directly
deploys new code to its own datacenters,
and bug fixes can be shipped directly to
our datacenters frequently, several times
daily and immediately when necessary.
For the mobile apps, Facebook relies
on people to download new versions to
from the Android or the Apple store; new
versions are shipped weekly, but mobile
bugs are less under our control because
even if a fix is shipped it might not be
downloaded to some people’s phones.
Common runtime errors—for example, null pointer exceptions, division by
zero—are more difficult to get fixed on
mobile than on the server. On the other
hand, server-side security and privacy
bugs can severely impact both the users
of the Web version of Facebook as well
as our mobile users, since the privacy
checks are performed on the server-side.
As a consequence, Facebook invests in
tools to make the mobile apps more reliable and server-side code more secure.
Moving Fast with Infer
Infer is a static analysis tool applied
to Java, Objective C, and C++ code at
Facebook. 4 It reports errors related to
memory safety, to concurrency, to security (information flow), and many
more specialized errors suggested by
Facebook developers. Infer is run internally on the Android and iOS apps for
Facebook, Instagram, Messenger, and
WhatsApp, as well as on our backend
C++ and Java code.
Infer has its roots in academic research on program analysis with separation logic, 5 research, which led to a
startup company (Monoidics Ltd.) that
was acquired by Facebook in 2013. Infer was open sourced in 2015 (www.
fbinfer.com) and is used at Amazon,
Spotify, Mozilla, and other companies.
Diff-time continuous reasoning. In-
fer’s main deployment model is based
on fast incremental analysis of code
changes. When a diff is submitted to
code review an instance of Infer is run
share are compositionality and careful-
ly crafted abstractions. For most of this
article we will concentrate on what one
gets from applying Infer and Zoncolan,
rather than on their technical proper-
ties, but we outline their foundations
later and provide more technical de-
tails in an online appendix (https://
The challenge related to accuracy is
intimately related to actioned reports
and missed bugs. We try to strike a balance between these issues, informed
by the desires based on the class of
bugs and the intended audience. The
more severe a potentially missed issue
is, the lower the tolerance for missed
bugs. Thus, for issues that indicate a
potential crash or performance regression in a mobile app such as Messenger, WhatsApp, Instagram, or Facebook, our tolerance for missed bugs is
lower than, for example, stylistic lint
suggestions (for example, don’t use
deprecated method). For issues that
could affect the security of our infrastructure or the privacy of the people
using our products, our tolerance for
false positives is higher still.
Software Development at Facebook
Facebook practices continuous software development, 9 where a main
codebase (master) is altered by thousands of programmers submitting
code modifications (diffs). Master and
diffs are the analogues of, respectively,
GitHub master branch and pull requests. The developers share access to
a codebase and they land, or commit, a
diff to the codebase after passing code
review. A continuous integration system
(CI system) is used to ensure code continues to build and passes certain tests.
Analyses run on the code modification
and participate by commenting their
findings directly in the code review tool.
The Facebook website was originally
written in PHP, and then ported to Hack,
a gradually typed version of PHP developed at Facebook (https://hacklang.
org/). The Hack codebase spans over 100
million lines. It includes the Web fron-tend, the internal web tools, the APIs to
access the social graph from first- and
third-party apps, the privacy-aware data
abstractions, and the privacy control logic for viewers and apps. Mobile apps—
for Facebook, Messenger, Instagram and
we are interested
in advanced static
at Facebook might
be understood in
matter to us.