Reliable AI code generation through sound program analysis
Abstract
Sound program analysis promises to catch every instance of particular kinds of bugs in a program. In practice, though, it has never been able to fulfill that promise in a practical way, and despite some limited success in the form of bug finding tools used at large companies, it has never become part of the standard toolkit used by programmers. In this talk, I will argue that AI is about to change that. On the one hand, Language Models enable new forms of sound program analysis that get around many of the limitations of traditional program analysis tools. On the other hand, they also make the use of program analysis essential as coding tools enable attackers to turn a vulnerability into an exploit with the push of a button. The contents of this talk will be based on the work in collaboration with my student Michael Wang.