Feature Slice Matching for Precise Bug Detection

TL;DR

MATUS is a novel method that improves bug detection accuracy by extracting and comparing semantic feature slices from code, effectively reducing noise interference and identifying previously unknown bugs in real-world projects.

Contribution

The paper introduces MATUS, a new approach that uses feature slice matching guided by prior knowledge to precisely detect bugs, outperforming existing methods in real-world scenarios.

Findings

Detected 31 unknown bugs in Linux kernel, confirmed by developers.

Achieved effective bug detection with acceptable efficiency.

Identified 11 bugs assigned CVEs.

Abstract

Measuring the function similarity to detect bugs is effective, but the statements unrelated to the bugs can impede the performance due to the noise interference. Suppressing the noise interference in existing works does not manage the tough job, i.e., eliminating the noise in the targets. In this paper, we propose MATUS to mitigate the target noise for precise bug detection based on similarity measurement. Feature slices are extracted from both the buggy query and the targets to represent the semantic feature of (potential) bug logics. In particular, MATUS guides the target slicing with the prior knowledge from the buggy code, in an end-to-end way to pinpoint the slicing criterion in the targets. All feature slices are embedded and compared based on the vector similarity. Buggy candidates are audited to confirm unknown bugs in the targets. Experiments show that MATUS holds advantages in bug detection for real-world projects with acceptable efficiency. In total, MATUS has spotted 31 unknown bugs in the Linux kernel. All of them have been confirmed by the kernel developers, and 11 have been assigned CVEs.