Program analysis with risk-based classification of dynamic invariants for logical error detection

The logical errors in programs causing deviations from the intended functionality cannot be detected by automated source code analysis, which mainly focuses on known defects and code vulnerabilities. To this end, we introduce a combination of analysis techniques implemented in a proof-of-concept prototype called PLATO. First, a set of dynamic invariants is inferred from the source code that represents the program's logic. The code is instrumented with assertions from the invariants, which are subsequently valuated through the program's symbolic execution. The findings are ranked using a fuzzy logic system with two scales characterizing their impact: (i) a Severity scale for the execution paths' characteristics and their Information Gain, (ii) a Reliability scale based on the measured Computational Density. Real, as well as synthetic applications with at least four different types of logical errors were analyzed. The method's effectiveness was assessed based on a dataset from 25 experiments. Albeit not without restrictions, the proposed automated analysis seems able to detect a wide variety of logical errors, while it filters out the false positives.