As all aspects of human society increasingly rely on software systems, there is an urgent need for scalable techniques and tools that can detect and eliminate software bugs effectively. In the last decade, hybrid approaches that combine software analysis techniques of different strengths have resulted in powerful tools for automated software testing and repair. However, despite the significant progress that has been made so far, fully automated techniques often fail to scale in practice. The key strength of automated techniques is their ability to quickly analyze many program behaviors by performing repetitive, computational tasks at a rate far beyond the human attention span and computation speed. However, they do not know how to intelligently navigate complex state spaces, which often requires contextual and common-sense reasoning that humans excel at. The goal of this project is to combine the strengths of human ingenuity and automated tools in order to achieve bug and vulnerability detection and repair at scale, while keeping the human intervention at a minimum. All the techniques developed within the context of this project will be transitionable to scalable software testing products by industry and government, leading to better software dependability in all application domains, including critical national infrastructures. The project will also seek to broaden participation in computing by training students from under-represented groups.
The project will develop human-guided hybrid techniques that combine fuzz testing, symbolic execution, and search strategies that will aim to optimize the search towards efficient and scalable bug detection; annotations for controlling the search and for pruning the search space; input generation techniques and human-guided value generation; and automated and semi-automated synthesis of repairs. All these techniques will be integrated into open-source tools targeting multiple programming languages. To minimize the human effort, the framework will incorporate self-monitoring mechanisms to detect when the automatic analysis fails, which will provide detailed feedback to the developers to remedy the problem. This will result in an interactive testing and analysis process that leverages human input in a principled way to best guide the automated techniques, resulting in scalable bug detection and software repair.
This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
