Ready for a live demonstration?
At Curry On Conference, Cam Tenny introduced us to r2r a platform for ecosystem-wide program analysis. With so many tools on this platform, this talk will make your day!
Beyond the Paper: End-to-End Program Analysis
Automated program analysis is responsible for a majority of vulnerability discoveries in modern programming languages, but program analysis tools are usually run on only a handful of projects. Authors must manually approach developers with a few high signal results which at best lead to changes in a smaller number of programs. Once research has been published, the tools are rarely run again by anyone, authors included. Even when a few use the work again, the industry rarely benefits from these tools and research. We can all do better. We introduce r2c, a platform for ecosystem-wide program analysis. r2c allows authors to test program analysis against entire ecosystems of code, such as npm, getting results on hundreds of thousands of projects per hour. r2c includes tools to triage and filter results, label data sets, and reuse the labeled data and results from other program analysis projects. r2c is currently in use by more than 50 researchers at 8 universities and growing quickly. We present a case study of the kind of work made uniquely possible by r2c and how the results of such program analysis can be integrated with community developer tools, helping program analysis tools to live beyond the paper and to change the way we write software.
This talk will include a live demonstration of the r2c platform, measuring program features across millions of commits in the span of the talk.
This talk was given by Cam Tenny at Curry On Conference.