This project aims to improve tool support for software debugging, by providing automatic assistance in the identification of root causes of a software failure using static and dynamic program analysis techniques. A flexible diagnosis framework first identifies candidate root causes of a failure and then uses a broad, open-ended series of diagnosic "filters" to narrow down the most likely root causes. A key innovation is that the system automatically generates "passing" and "failing" inputs for diagnosis that are close to the original failing input, making it less likely that root causes are missed. The work develops two approaches for this difficult step, based on concolic testing and on string rewriting using the application's input grammar, and investigates various types of program properties ("likely invariants") for effective localization of various classes of bugs. Candidates are then winnowed using novel filters based on existing and new program analyses to pinpoint root causes with few false positives.
This research will significantly increase programmer productivity by reducing manual debugging effort and improve reliability and security by reducing the time to fix critical software failures. A fully-automated diagnosis tool based on the widely-used LLVM compiler will be publicly distributed for developers to use. It will also be used for teaching debugging techniques and program analysis techniques in university classes.