We present Rapid, an industrial-strength analysis developed at AWS that aims to help developers by providing automatic, fast and actionable feedback about correct usage of cloud-service APIs. Rapid’s design is based on the insight that cloud service APIs are structured around short-lived request- and response-objects whose usage patterns can be specified as value-dependent type-state automata and be verified by combining local type-state with global value-flow analyses.We describe various challenges that arose to deploy Rapid at scale. Finally, we present an evaluation that validates our design choices, deployment heuristics, and shows that Rapid is able to quickly and precisely report a wide variety of useful API misuse violations in large, industrial-strength code bases.
Research areas