BugAuditor: Detecting Bugs via Inconsistent Defensive Code Auditing

BugAuditor is an LLM-driven bug detection framework that uses inconsistent defensive handling as a new oracle for detecting project-specific bugs. Its key insight is that large software systems already contain abundant defensive code, where developers apply defensive operations to prevent bugs in security-sensitive contexts. When similar security-sensitive behaviors are handled defensively in some places but not in others, the inconsistency may indicate a real bug. BugAuditor first identifies defensive code snippets across the codebase, then infers defensive patterns that capture both the security-sensitive behavior and the required defensive handling. It finally applies these patterns to audit similar code contexts and detect missing or inconsistent handling.
The submitted artifact supports the main workflow of BugAuditor, including code for locating defensive snippets, reasoning about defensive patterns, and performing bug detection.