| As very long term goal, I want to work on a project like this but on much larger scale. I have a tiny prototype based on Go and soufflé. The overall goal would be to figure out classical error conditions like nill pointers deference. If I can figure out if a pointer will be nil in some execution branch, there is no reason why a computer cannot do the same. However it is very hard work and the part I am currently stuck in is creating a reasonable abstraction level where I can reason (in soufflé) about code and not about an AST. I personally would see this as an human race level upgrades. Imagine feeding your code to a CI that spit back something like: "you will have a panic at line 156 when your input is > 4" Moreover we will be able to check the "real code" starting from main down to all execution paths. Which is much more powerful than current static analysis that usually analyse a single function without considering how the function itself is invoked. Beside the actual implementation difficulties, the other big elephant in the room is the amount of resources needed to run this kind of analysis. (I am less concerned about that as computation resources exploded due to AI and solving SAT is getting faster and faster) |
> I am less concerned about that as computation resources exploded due to AI and solving SAT is getting faster and faster
Sadly we are usually very concerned about this. The complexity of these problems are usually NP-hard, so we usually have either heuristics (imprecise), exponential algorithms, or fixed-parameter tractable algorithms (practically speaking, O(2^c n) for a pretty large c), which are either imprecise or too slow. This is still an area with active research. The main problem is that, even if your computational power gets 2x faster, you cannot solve problems 2x larger within the same amount of time. It doesn't scale... (but of cause, usually we are dealing with sparse problems so the scaling is not in LOC for example)