“Soundness” in static and dynamic program analysis is an oft-used term with an evasive meaning. Part of the difficulty is the ambiguity in terminology: typically a sound dynamic analysis is one that only warns of true bugs, whereas a sound static analysis is one that catches all bugs–the complement of the previous definition. Beyond terminology, however, there is a deeper issue. Static analyses that are sound for a restricted language model are typically not sound for full-fledged languages. Indeed, no practical static analysis framework (yes, this includes virtually any static analysis framework you can name, if it is meant to run on real programs) is sound in practice. The goal of the talk is to explain why this is the case and to discuss what can be done going forward.
Research Interests: applied programming languages and software engineering
- Language mechanisms for abstraction (declarative languages, program generation, DSLs, modules and components, generics, extensible languages, multi-paradigm programming)
- Program analysis and testing (pointer analysis, automatic test generation, invariant inference, symbolic execution)
- Languages and tools for systems (programming models for concurrency, language support for distributed computing, memory management and program locality)