Comment Re:KWIM (Score 1) 345
But this discussion isn't about automated *debugging*; it's about the automated *detection* of certain kinds of bugs. That's very different: with the former, you're asking the machine to actually make a change to the code, and I think we can all agree that at present this facility exists only in science fiction.
But with automated bug *detection*, you're merely asking the machine to issue diagnostics about constructs that could lead to undefined behavior. A machine can be well-suited to this task, because there are many kinds of bugs whose detection does not require any knowledge of the intentions of the human programmer; some bugs are just going to make the program crash. And static analysis tools have had a great deal of success at flagging those kinds of bugs for several decades now (not to mention the modest success that can be enjoyed with the limited static analysis provided by modern compilers).
For example, a static analyzer can perform a data flow analysis (similar to analyses performed by compilers for the purpose of determining which optimizations would be safe), and in the process determine whether it's possible for an object to be accessed while it's in an uninitialized state. Typically, static analysis tools also process each translation unit in a program, and so are able to report about things like unreferenced entities; violations of the One Definition Rule (which are generally invisible to compilers, since they only see one translation unit per run); the polymorphic destruction of an object whose class's destructor is non-virtual; and many other things that can go wrong.
But with automated bug *detection*, you're merely asking the machine to issue diagnostics about constructs that could lead to undefined behavior. A machine can be well-suited to this task, because there are many kinds of bugs whose detection does not require any knowledge of the intentions of the human programmer; some bugs are just going to make the program crash. And static analysis tools have had a great deal of success at flagging those kinds of bugs for several decades now (not to mention the modest success that can be enjoyed with the limited static analysis provided by modern compilers).
For example, a static analyzer can perform a data flow analysis (similar to analyses performed by compilers for the purpose of determining which optimizations would be safe), and in the process determine whether it's possible for an object to be accessed while it's in an uninitialized state. Typically, static analysis tools also process each translation unit in a program, and so are able to report about things like unreferenced entities; violations of the One Definition Rule (which are generally invisible to compilers, since they only see one translation unit per run); the polymorphic destruction of an object whose class's destructor is non-virtual; and many other things that can go wrong.
