Learning a Static Bug Finder from Data
This approach addresses the challenge of creating static bug finders without relying on human expertise, offering a more efficient and accurate method for detecting bugs like null pointer dereferences in software code.
The authors tackled the problem of static bug finding by training deep neural networks directly from data, framing it as a classification task with Graph Neural Networks and a novel interval-based propagation mechanism. Results show that NeurSA, their framework, is more precise than existing static analyzers like Facebook Infer and Pinpoint, catching 50 new bugs in Java projects with 9 fixed and 3 confirmed.
We present an alternative approach to creating static bug finders. Instead of relying on human expertise, we utilize deep neural networks to train static analyzers directly from data. In particular, we frame the problem of bug finding as a classification task and train a classifier to differentiate the buggy from non-buggy programs using Graph Neural Network (GNN). Crucially, we propose a novel interval-based propagation mechanism that leads to a significantly more efficient, accurate and scalable generalization of GNN. We have realized our approach into a framework, NeurSA, and extensively evaluated it. In a cross-project prediction task, three neural bug detectors we instantiate from NeurSA are effective in catching null pointer dereference, array index out of bound and class cast bugs in unseen code. We compare NeurSA against several static analyzers (e.g. Facebook Infer and Pinpoint) on a set of null pointer dereference bugs. Results show that NeurSA is more precise in catching the real bugs and suppressing the spurious warnings. We also apply NeurSA to several popular Java projects on GitHub and discover 50 new bugs, among which 9 have been fixed, and 3 have been confirmed.