Record Details
From uncertainty to bugs : inferring defects in software systems with static analysis, statistical methods, and probabilistic graphical models
ScholarsArchive at Oregon State University
| Field | Value |
|---|---|
| Title | From uncertainty to bugs : inferring defects in software systems with static analysis, statistical methods, and probabilistic graphical models |
| Names |
Kremenek, Theodore
(creator) |
| Date Issued | 2009 (iso8601) |
| Note | Access restricted to the OSU Community |
| Abstract | This thesis shows how probabilistic graphical models may be applied in conjunction with static program analysis to automatically uncover software errors in large, complex, real-world systems. In particular, we show how probabilistic graphical models can be employed to tackle two critical problems in software bug-finding: (1) suppressing false error reports (false positives) emitted by bug-finding tools that arise due to analysis imprecision and (2) the automatic extraction of program-specific specifications directly from programs. For the first problem, we present two algorithms based on the use of statistical reasoning and Bayesian networks that are highly effective at suppressing false positives. Both algorithms are applicable to tools that check a variety of program properties, and we observe that they very often improve the effective precision of a bug-finding tool to the point where false positives have little or no practical impact on the tool's user. For the second problem, we present a generic framework for specification inference built on the use of factor graphs and static program analysis. A key feature of the framework is that it cleanly fuses together seemingly disparate sources of information that are each indicative or suggestive of a program's specification. This includes information gleamed both from program semantics (obtained via program analysis) and program syntax. To our knowledge, this is the only specification inference technique that is able to combine arbitrary sources of information in this way, thus potentially gleaming far more information from a program than otherwise possible. We illustrate the technique's power by inferring resource management specifications in several large open-source projects; the specifications inferred are highly accurate, and led to the discovery of many serious bugs that are highly system-specific. |
| Genre | Thesis |
| Topic | Debugging in computer science |
| Identifier | http://hdl.handle.net/1957/55379 |
