After one year of finishing the ICSE’13 paper Segmented Symbolic Analysis, I’d like to share some of the excitements I have had when I wrote this paper. Essentially, this paper reflects the three visions I have had about program analysis.
1. Program analysis on segments. Traditionally, functions are important units to perform program analysis on. For example, intra-procedural analysis is a type of program analysis that only focuses on the information within a function, while inter-procedural analysis considers the program information in the context of calling relations. An important reason is that the implementation of the analysis is heavily reliant on compilers to get static information such as types or scopes, or to produce executables for dynamic analysis. In this paper, we developed a type of program analysis that breaks function boundaries and flexibly performs on selected code segments based on demand. This year, we did great amount of work on analyzing code repositories. We found that many revisions are not compilable or not very easy to be compiled, which largely restricts the use of the powerful semantic analysis for legacy code. We need to make semantic program analyses to be applicable to any piece of code rather than compilable units. This paper suggests it is potentially feasible.
2. Data analysis with program analysis: In this paper, we use linear regression to infer transfer functions useful for program analysis. Here, the data analysis is not used to infer declarative program properties, such as what are the relations of variables at a program point. Rather, I consider it as an initial step to synthesize instructions, steps of computation from the data.
3. Hybrid static and dynamic techniques： This idea is not new. The interesting direction is to invent various ways to combine static and dynamic techniques for maximum precision and scalability.