Automated Patch Impact Analysis (PATCH)

Software is in constant evolution. Software changes to implement new features, adapt to new hardware and platforms, fix bugs and security vulnerabilities, or improve non-functional properties, such as performance and energy consumption.

Reasoning about all possible new behaviours introduced by a software change is hard. As a result, software changes -- usually called patches -- frequently introduce new bugs and security vulnerabilities, often with disastrous consequences.

In this project, we aim to leverage recent research results from the ERC Consolidator Grant "PASS: Program Analysis for Safe and Secure Software Evolution" to provide an automatic patch impact analysis as part of a continuous integration platform. The key ideas are to reuse the work performed while analysing previous versions of the system and to target the analysis toward the code impacted by the patch.

The end result of the analysis will be a set of test inputs that trigger the new behaviours introduced by the patch and detect any bugs that may have been introduced. The generated inputs can be either directly added to the test suite or extended to validate that the patch reflects the programmers' intended changes.