Combining Static and Dynamic Analysis for Bug Detection and Program Understanding

Abstract

This work proposes new combinations of static and dynamic analysis for bug detection and program understanding. There are 3 related but largely independent directions: a) In the area of dynamic invariant inference, we improve the consistency of dynamically discovered invariants by taking into account second-order constraints that encode knowledge about invariants the second-order constraints are either supplied by the programmer or vetted by the programmer (among candidate constraints suggested automatically) b) In the area of testing dataflow (esp. map-reduce) programs, our tool, SEDGE, achieves higher testing coverage by leveraging existing input data and generalizing them using a symbolic reasoning engine (a powerful SMT solver) c) In the area of bug detection, we identify and present the concept of residual investigation: a dynamic analysis that serves as the runtime agent of a static analysis. Residual investigation identifies with higher certainty whether an error reported by the static analysis is likely true.