Static analysis tools are commonly used to assist with program verification. Most existing tools, however, identify defects using a predefined repertoire of defect specifications. These repertoires are rarely extended by users due to the effort and complexity involved in producing new specifications.
I propose a supervised approach for learning defective code patterns directly from coarsely labelled examples, allowing users to produce new defect classifiers with minimal effort. This approach represents a program as a directed multi-graph modelling operations and their dependencies, and aims to identify defects caused by incorrect, or missing, dependencies between operations. Given this representation, the task of identifying these defects can be seen as identifying specific partial subgraphs.
The proposed approach is evaluated against several open source projects and test suites targeting the Java virtual machine. The proposed approach performs well against an adapted subset of the Juliet test suite, and demonstrates a modest ability to transfer to unseen natural code.