Guest Speaker

Combining Static And Dynamic Analyses For Automated Bug-Finding

Christoph Csallner
College of Computing
Georgia Institute of Technology

Mar 11 2008 3:30PM
480 Dreese Labs
All interested parties are invited to attend.
Refreshments will be served prior to the talk.

Abstract:

Finding bugs is like finding a few needles in an infinitely large haystack of program execution paths. False bug warnings are one of the biggest problems, both for automated correctness provers (such as type systems and model-checkers) and for automated bug-finders (such as static bug-pattern matchers). To address this problem, I will present three techniques for turning an existing, powerful, but false-positive-ridden, static analysis into a precise tool for automatic bug-finding.

First, we will automatically convert the output of a static analysis to concrete JUnit test cases, using constraint solving techniques. We thereby eliminate language-level false bug warnings and make the results easier to understand for human consumers. We will then add a dynamic invariant inference step to also address the harder problem of bug warnings that are technically correct but still irrelevant to the user (these bugs could occur, but only under obscure conditions). Finally, we will adapt dynamic invariant inference to work correctly with subtyping. Previous approaches do not take behavioral subtyping into account and therefore produce imprecise or inconsistent results, which can throw off automated analyses such as the ones we are performing for bug-finding.

I have implemented these techniques in the JCrasher, Check 'n' Crash, and DSD-Crasher automatic testing tools, which have been used by multiple research groups.

Host: Atanas Rountev

* Christoph Csallner is a CSE faculty candidate