SlideShare a Scribd company logo

Repair dagstuhl jan2017

Abhik Roychoudhury
Abhik Roychoudhury

Overview talk given at Dagstuhl Seminar on Automated Program Repair, January 2017

Education
1 of 38
General Summary of Program Repair, and Semantic Repair Abhik Roychoudhury National University of Singapore Dagstuhl seminar, 2017
Bug Fixing o Most software has many bugs. o Security-related bugs should be fixed before they are exploited by malicious users. o Oftentimes, bugs are not fixed even a few months after they were reported. o E.g. Bug 18665 of glibc • Reported and responded on July 2015 • Patched on Feb 2016 • CVSS score: 8.1 / 10 (buffer overflow) o “Thanks for the bug report. Do you have a test case that triggers this scenario? Do you have a patch or suggested fix?” Dagstuhl seminar, 2017
(Why) Program Repair 1. “Patches as better bug reports” [Weimer 2006]. 2. Automating the simple one-line fixes as patch suggestions • Work with companies with commercial testing tools. • automating targeted repair techniques with template fixes e.g. overflows. 3. Grading and understanding of programming assignments • … if only the education business takes off 4. … Note: 2 & 3 are very different businesses. Dagstuhl seminar, 2017
DARPA CGC 4 A team of hackers won $2 million by building a machine that could hack better than they could Read more at http://www.businessinsider.sg/forallsecure-mayhem- darpa-cyber-grand-challenge-2016- 8/#ZuIF7Dmq3aaCAdaq.99 DARPA Cyber Grand Challenge -> Automation of Security [detecting and fixing vulnerabilities automatically]
(Troubles with) Repair • Weak description of intended behavior / correctness criterion e.g. tests • Possibility to use “Bugs as deviant behavior” philosophy • Weak applicability of repair techniques e.g. only overflow errors • Large search space of candidate patches for general-purpose repair tools. • Patch suggestions and Interactive Repair Dagstuhl seminar, 2017
Correctness Criterion • Assertions or Specifications o May be suitable for targeted repair e.g. access control policy • Bugs as deviant behavior o A property which is rarely violated – dynamic invariants! o Make sure that it is never violated [Clearview paper, SOSP 2009] • Test-driven repair o Repair based on test cases, to pass them. o Most works we talk about use this criterion. o Brings us to issues like strength of test oracle, quality of test-suite … Dagstuhl seminar, 2017
Large search space – syntax directed view 1. Where to fix – in which line? 2. Generate the candidate patches in this line. 3. Validate the candidate patches. Dagstuhl seminar, 2017
Large search space – semantic view 1. Where to fix – in which line? 2. What values should be returned by these lines? <inp=1, ret=0> 3. What are the expressions which will return these values? Dagstuhl seminar, 2017
High level view Dagstuhl seminar, 2017 Test input Concrete values Expected output of program Output: Value-set or Constraint Symbolic execution Program Concrete Execution
General purpose repair • … given a test-suite [Conceptual characterization] o Generate –and-test patches (GenProg) o Specification inference and patch synthesis • Infer specification or properties about the patch to be synthesized. • Meet the specification by enumeration, or by solving constraints. • Various works – SemFix, Nopol, SPR, … o Ordering of search space of patches • Use minimality to prioritize the search space. • Use learning approaches to prioritize the search space. o Patch templates can be learnt from human fixes. Dagstuhl seminar, 2017
General purpose repair • … given a test-suite [Technical characterization] o Generate –and-test patches (heuristic search) • Use a well-known search framework GP for program repair o Specification inference and patch synthesis • Infer specification or properties about the patch to be synthesized. • Meet the specification by searching in a space, or by solving constraints. • Develop a customized search algorithm for each of the repair sub-problems, or use symbolic execution to infer specifications about the patch. o Embed a patch quality criterion in repair. • Use minimality to prioritize the search space. • Patch templates can be learnt from human fixes, or favor small fixes. • Machine learning is used to re-order the search space. Dagstuhl seminar, 2017
Specification Inference • Infer specification or properties about the patch to be synthesized. o Meet the specification by searching in a space, or by solving constraints. o Develop a customized search algorithm for each of the repair sub-problems, or use symbolic execution to infer specifications about the patch. Dagstuhl seminar, 2017 1. Where to fix – in which line? 2. What values should be returned by these lines? <inp=1, ret=0> 3. What are the expressions which will return these values? a. Enumerate values within a restricted domain e.g. T/F values for conditions [SPR] b. Use symbolic exec. to get sample values. [Angelix] c. Use symbolic exec. to infer all possible values as constraint. [SemFix]
Interactive Repair RQ1: Can users help the tool to improve the accuracy of the fix localization process? RQ2: Can users help the tool to quickly and effectively find a correct patch? ● Interactive Fault Localization Using Test Information ○ Recommend checking points or breakpoints ○ Patch suggestions at or around break-points ● Iterative Bug Isolation
Interactive Repair if( a || b) Branch is never executed line 2 Branch is never executed line 3 void getLargest(int a, int b, int c){ if( a > b && b > a) printf(“%d”, b) else if( b >= a && b >= c ) printf(“%d”, b) else if( c >= a && c >= b ) printf(“%d”, c) } Branch is never executed • Change condition to a > b && a > c • Remove b > a • Remove branch Automatic breakpoint Insertion Anti-patterns as fault explanation in natural language • a > b && b > a is a trivial condition Dagstuhl seminar, 2017 Multiple buggy locations
if( a || b) Expected c but got b line 3 void getLargest(int a, int b, int c){ if( a > b && a > c) printf(“%d”, b) else if( b >= a && b >= c ) printf(“%d”, b) else if( c >= a && c >= b ) printf(“%d”, c) } Expected c but got b • Change b to a Interactive Repair • Iterative Bug Isolation Dagstuhl seminar, 2017 Interactive & Iterative fault localization
Syntax and semantics based Syntax-based Schematic for 𝑒 𝜖 𝑆𝑒𝑎𝑟𝑐ℎ𝑆𝑝𝑎𝑐𝑒 do validate 𝑒 done Semantics-based Schematic for 𝑝𝑎𝑟𝑡𝑖𝑡𝑖𝑜𝑛 𝜋: ∃𝛼. 𝜋 𝛼 do synthesize 𝑒 done Dagstuhl seminar, 2017
Comparison Dagstuhl seminar, 2017 Syntax-based Schematic for 𝑒 𝜖 𝑆𝑒𝑎𝑟𝑐ℎ𝑆𝑝𝑎𝑐𝑒 do validate 𝑒 // break if possible done Semantics-based Schematic for 𝑝𝑎𝑟𝑡𝑖𝑡𝑖𝑜𝑛 𝜋: ∃𝛼. 𝜋 𝛼 do synthesize 𝑒 // cannot break done Syntax-based Schematic for 𝑒 𝜖 𝑆𝑒𝑎𝑟𝑐ℎ𝑆𝑝𝑎𝑐𝑒 do // long loop validate 𝑒 done Semantics-based Schematic for 𝑝𝑎𝑟𝑡𝑖𝑡𝑖𝑜𝑛 𝜋: ∃𝛼. 𝜋 𝛼 do // efficient grouping synthesize 𝑒 done
Expand the schematic Dagstuhl seminar, 2017 Semantics-based Schematic for 𝑝𝑎𝑟𝑡𝑖𝑡𝑖𝑜𝑛 𝜋: ∃𝛼. 𝜋 𝛼 do synthesize 𝑒 done Semantics-based Schematic for 𝑝𝑎𝑡ℎ 𝜋: ∃𝛼. 𝜋 𝛼 do synthesize 𝑒 done Semantics-based Schematic for each path do Get repair constraint  and Solve  to construct e done Semantics based schematic Get repair constraint from tests; Conjoin repair constraint from each test.
Conjure up a function Dagstuhl seminar, 2017 Buggy Program … var = a + b – c;x Failing test input Concrete Execution Symbolic Execution with x as the only unknown Path conditions, Output Expressions x = f(Live Vars) Get properties of function f via symbolic execution. Construct a function f which satisfies these properties !
Example 1 int is_upward( int inhibit, int up_sep, int down_sep){ 2 int bias; 3 if (inhibit) 4 bias = down_sep; // bias= up_sep + 100 5 else bias = up_sep ; 6 if (bias > down_sep) 7 return 1; 8 else return 0; 9 } inhibit up_sep down_se p Observed output Expected Output Result 1 0 100 0 0 pass 1 11 110 0 1 fail 0 100 50 1 1 pass 1 -20 60 0 1 fail 0 0 10 0 0 pass 20
Repair Constraint 1 int is_upward( int inhibit, int up_sep, int down_sep){ 2 int bias; 3 if (inhibit) 4 bias = down_sep; // bias= up_sep + 100 5 else bias = up_sep ; 6 if (bias > down_sep) 7 return 1; 8 else return 0; 9 } inhibit up_sep down_se p Observed output Expected Output Result 1 11 110 0 1 fail inhibit = 1, up_sep = 11, down_sep = 110 bias = X, path condition = true inhibit = 1, up_sep = 11, down_sep = 110 bias = X, path condition = X> 110 inhibit = 1, up_sep = 11, down_sep = 110 bias = X, path condition = X ≤ 110 Line 4 Line 7 Line 8 21
Repair Constraint 1 int is_upward( int inhibit, int up_sep, int down_sep){ 2 int bias; 3 if (inhibit) 4 bias = f(inhibit, up_sep, down_sep) 5 else bias = up_sep ; 6 if (bias > down_sep) 7 return 1; 8 else return 0; 9 } Inhibit == 1 up_sep == 11 down_se p == 110 Symbolic Execution f(1,11,110) > 110 22
Function synthesis • Instead of solving • Select primitive components to be used by the synthesized program based on complexity • Look for a program that uses only these primitive components and satisfy the repair constraint o Done via another constraint solving problem – pgm. synthesis • Solving the repair constraint is the key, not how it is solved • Enumerate expressions over a given set of components / operators o Enforce axioms of the operators o If candidate repair contains a constant, solve using SMT Repair Constraint: f(1,11,110) > 110  f(1,0,100) ≤ 100  f(1,-20,60) > 60 23
Patch as minimal change 24 Failing tests Debugging DSE Synthesis Failing tests MaxSMT solver Conjure a function which represents minimal change to buggy program.
Example 25 if (x > y) if (x > z) out =10; else out = 20; else out = 30; return out; if (x >= y) if (x >= z) out =10; else out = 20; else out = 30; return out; if (x > y) if (x > z) out =10; else out = 20; else out = 30; return ((x==y)? ((x==z)?10: 20)): out); SemFix DirectFix Test cases: all possible orderings of x,y,z
No fault localization 26 int foo(int x, int y){ if (x > y) y = y + 1; else y = y – 1; return y + 2; } Test: foo(0,0) == 3? x = 0  y = 0  result = 3 ( if (x1 > y1) then (y2 = y1 + 1) else (y2 = y1 – 1)  (result = y2 + 2) )  = UNSAT
Constraint = Whole Pgm. 27 27 x = 0  y = 0  result = 3 ( if (x1 > y1) then (y2 = y1 + 1) else (y2 = y1 – 1)  (result = y2 + 2) )  = UNSAT ( if (x1 >= y1) then (y2 = y1 + 1) else (y2 = y1 – 1)  (result = y2 + 2) )  x = 0  y = 0  result = 3 = SAT
Comparison with SemFix 0 2 4 6 8 10 12 SemFix DirectFix 28 #Pgm Equiv Same Loc Diff Regression SemFix 44 17% 46% 6.36 54% DirectFix 44 53% 95% 2.31 31%
Need Concise Constraints 29 Failing tests MaxSMT solver Minimized Mutations for Repair Failing tests DSE Concise Semantics Signature MaxSMT solver
Remember the schematic? Dagstuhl seminar, 2017 Semantics-based Schematic for 𝑝𝑎𝑟𝑡𝑖𝑡𝑖𝑜𝑛 𝜋: ∃𝛼. 𝜋 𝛼 do synthesize 𝑒 done Semantics-based Schematic for 𝑝𝑎𝑡ℎ 𝜋: ∃𝛼. 𝜋 𝛼 do synthesize 𝑒 done Semantics-based Schematic for 𝑝𝑎𝑡ℎ 𝜋: ∃𝛼. 𝜋 𝛼 do for all test t get constraint t Solve t t to construct 𝑒 done Semantics-based Schematic for 𝑝𝑎𝑡ℎ 𝜋: ∃𝛼. 𝜋 𝛼 do Get repair constraint  Solve  to construct 𝑒 done
Value based “Constraint” Dagstuhl seminar, 2017 Semantics-based Schematic for 𝑝𝑎𝑡ℎ 𝜋: ∃𝛼. 𝜋 𝛼 do for all test t get constraint t Solve t t to construct 𝑒 done Instead of representing t as a SMT constraint represent it using values. Value that is arbitrarily set during execution to a selected expression and that makes the program pass. Can be found by solving path condition of failing test case 𝐼, 𝑂 : 𝑝𝑎𝑡ℎ𝑐𝑜𝑛𝑑𝑖𝑡𝑖𝑜𝑛 𝛼 ∧ 𝑖𝑛𝑝𝑢𝑡 = 𝐼 ∧ 𝑜𝑢𝑡𝑝𝑢𝑡 = 𝑂
Angelic Forest 32 E1 E2 E3 Failing Test Angelic Paths SAT angelic1 angelic2 angelic3
Angelic Forest 33 E1 E2 E3 Failing Test Angelic Paths UNSAT angelic1 angelic2 angelic3 angelic1 angelic3
Repair Constraint • SemFix work (ICSE 2013) o Example: for an identified expression e to be fixed • [ e > 0 ] ∧ f(t) == e for each test t • DirectFix work (ICSE 2015) o Whole Program as repair constraint o Use the principle of minimality to synthesize a minimal patch. • Angelix work (ICSE 2016) o Example: for identified expressions e1, e2, … to be fixed o [ (e == 1) ∨ (e == 2) ∨ (e== 3)] ∧ f(t) ==e for each test t. o [ (e1 == 0 ∧ e2 == 1) ∨ (e1==1 ∧e2 ==0)] ∧ f(t) ==e1∧g(t)==e2 for each test t. Dagstuhl seminar, 2017
Implementation 35KLEE Clang Runtime Synthesis Z3 Buggy Source Instrumented Source Suspicious Locations Debugger Angelic Forest Clang Instrumented Source Patch
Results 36 0 10 20 30 40 wireshark php gzip gmp libtiff Overall Angelix SPR GenProg #Fixes Del Del, Per Angelix 28 5 18% SPR 31 13 42% Subject LoC wireshark 2814K php 1046K gzip 491K gmp 145K libtiff 77K
Multiline Results Defect Fixed Expressions Libtiff-4a24508-cc79c2b 2 Libtiff-829d8c4-036d7bb 2 CoreUtils-00743a1f-ec48bead 3 CoreUtils-1dd8a331-d461bfd2 2 CoreUtils-c5ccf29b-a04ddb8d 3 37
“Latest” Results 38 1 i f ( hbtype == TLS1 HB REQUEST) { 2 . . . 3 memcpy (bp , pl , payload ) ; 4 . . . 5 } (a) The buggy part of the Heartbleed- vulnerable OpenSSL 1 i f ( hbtype == TLS1 HB REQUEST 2 && payload + 18 < s->s3->rrec.length) { 3 . . . 4 } (b) A fix generated automatically 1 if (1 + 2 + payload + 16 > s->s3->rrec.length) 2 return 0; 3 . . . 4 i f ( hbtype == TLS1_HB_REQUEST) { 5 . . . 6 } 7 e l s e i f ( hbtype == TLS1_HB_RESPONSE) { 8 . . . 9 } 10 r e t u r n 0 ; (c) The developer-provided repair The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs). --- Source: heartbleed.com

Recommended

Abhik-Satish-dagstuhl
Abhik-Satish-dagstuhlAbhik-Satish-dagstuhl
Abhik-Satish-dagstuhlAbhik Roychoudhury
 
Automated Repair - ISSTA Summer School
Automated Repair - ISSTA Summer SchoolAutomated Repair - ISSTA Summer School
Automated Repair - ISSTA Summer SchoolAbhik Roychoudhury
 
Mobilesoft 2017 Keynote
Mobilesoft 2017 KeynoteMobilesoft 2017 Keynote
Mobilesoft 2017 KeynoteAbhik Roychoudhury
 
Isorc18 keynote
Isorc18 keynoteIsorc18 keynote
Isorc18 keynoteAbhik Roychoudhury
 
Repair dagstuhl
Repair dagstuhlRepair dagstuhl
Repair dagstuhlAbhik Roychoudhury
 
Symbexecsearch
SymbexecsearchSymbexecsearch
SymbexecsearchAbhik Roychoudhury
 
Automated Program Repair Keynote talk
Automated Program Repair Keynote talkAutomated Program Repair Keynote talk
Automated Program Repair Keynote talkAbhik Roychoudhury
 
APSEC2020 Keynote
APSEC2020 KeynoteAPSEC2020 Keynote
APSEC2020 KeynoteAbhik Roychoudhury
 

Recommended

Abhik-Satish-dagstuhl
Abhik-Satish-dagstuhlAbhik-Satish-dagstuhl
Abhik-Satish-dagstuhlAbhik Roychoudhury
 
Automated Repair - ISSTA Summer School
Automated Repair - ISSTA Summer SchoolAutomated Repair - ISSTA Summer School
Automated Repair - ISSTA Summer SchoolAbhik Roychoudhury
 
Mobilesoft 2017 Keynote
Mobilesoft 2017 KeynoteMobilesoft 2017 Keynote
Mobilesoft 2017 KeynoteAbhik Roychoudhury
 
Isorc18 keynote
Isorc18 keynoteIsorc18 keynote
Isorc18 keynoteAbhik Roychoudhury
 
Repair dagstuhl
Repair dagstuhlRepair dagstuhl
Repair dagstuhlAbhik Roychoudhury
 
Symbexecsearch
SymbexecsearchSymbexecsearch
SymbexecsearchAbhik Roychoudhury
 
Automated Program Repair Keynote talk
Automated Program Repair Keynote talkAutomated Program Repair Keynote talk
Automated Program Repair Keynote talkAbhik Roychoudhury
 
APSEC2020 Keynote
APSEC2020 KeynoteAPSEC2020 Keynote
APSEC2020 KeynoteAbhik Roychoudhury
 
LSRepair: Live Search of Fix Ingredients for Automated Program Repair
LSRepair: Live Search of Fix Ingredients for Automated Program RepairLSRepair: Live Search of Fix Ingredients for Automated Program Repair
LSRepair: Live Search of Fix Ingredients for Automated Program RepairDongsun Kim
 
MuVM: Higher Order Mutation Analysis Virtual Machine for C
MuVM: Higher Order Mutation Analysis Virtual Machine for CMuVM: Higher Order Mutation Analysis Virtual Machine for C
MuVM: Higher Order Mutation Analysis Virtual Machine for CSusumu Tokumoto
 
You Cannot Fix What You Cannot Find! --- An Investigation of Fault Localizati...
You Cannot Fix What You Cannot Find! --- An Investigation of Fault Localizati...You Cannot Fix What You Cannot Find! --- An Investigation of Fault Localizati...
You Cannot Fix What You Cannot Find! --- An Investigation of Fault Localizati...Dongsun Kim
 
Symbolic Execution And KLEE
Symbolic Execution And KLEESymbolic Execution And KLEE
Symbolic Execution And KLEEShauvik Roy Choudhary, Ph.D.
 
Impact of Tool Support in Patch Construction
Impact of Tool Support in Patch ConstructionImpact of Tool Support in Patch Construction
Impact of Tool Support in Patch ConstructionDongsun Kim
 
TBar: Revisiting Template-based Automated Program Repair
TBar: Revisiting Template-based Automated Program RepairTBar: Revisiting Template-based Automated Program Repair
TBar: Revisiting Template-based Automated Program RepairDongsun Kim
 
Static Analysis and Verification of C Programs
Static Analysis and Verification of C ProgramsStatic Analysis and Verification of C Programs
Static Analysis and Verification of C ProgramsNew York City College of Technology Computer Systems Technology Colloquium
 
A Closer Look at Real-World Patches
A Closer Look at Real-World PatchesA Closer Look at Real-World Patches
A Closer Look at Real-World PatchesDongsun Kim
 
Mining Fix Patterns for FindBugs Violations
Mining Fix Patterns for FindBugs ViolationsMining Fix Patterns for FindBugs Violations
Mining Fix Patterns for FindBugs ViolationsDongsun Kim
 
Learning to Spot and Refactor Inconsistent Method Names
Learning to Spot and Refactor Inconsistent Method NamesLearning to Spot and Refactor Inconsistent Method Names
Learning to Spot and Refactor Inconsistent Method NamesDongsun Kim
 
Test final jav_aaa
Test final jav_aaaTest final jav_aaa
Test final jav_aaaBagusBudi11
 
Navigating the xDD Alphabet Soup
Navigating the xDD Alphabet SoupNavigating the xDD Alphabet Soup
Navigating the xDD Alphabet SoupDror Helper
 
Boetticher Presentation Promise 2008v2
Boetticher Presentation Promise 2008v2Boetticher Presentation Promise 2008v2
Boetticher Presentation Promise 2008v2gregoryg
 
Code Analysis-run time error prediction
Code Analysis-run time error predictionCode Analysis-run time error prediction
Code Analysis-run time error predictionNIKHIL NAWATHE
 
#OSSPARIS19: Introduction to scikit-learn - Olivier Grisel, Inria
#OSSPARIS19: Introduction to scikit-learn - Olivier Grisel, Inria#OSSPARIS19: Introduction to scikit-learn - Olivier Grisel, Inria
#OSSPARIS19: Introduction to scikit-learn - Olivier Grisel, InriaParis Open Source Summit
 
C++ CoreHard Autumn 2018. Debug C++ Without Running - Anastasia Kazakova
C++ CoreHard Autumn 2018. Debug C++ Without Running - Anastasia KazakovaC++ CoreHard Autumn 2018. Debug C++ Without Running - Anastasia Kazakova
C++ CoreHard Autumn 2018. Debug C++ Without Running - Anastasia Kazakovacorehard_by
 
White Box Testing
White Box TestingWhite Box Testing
White Box Testingalessandro100
 
Experiences from Designing and Validating a Software Modernization Transforma...
Experiences from Designing and Validating a Software Modernization Transforma...Experiences from Designing and Validating a Software Modernization Transforma...
Experiences from Designing and Validating a Software Modernization Transforma...Alexandru-Florin Iosif-Lazăr
 
Comp102 lec 5.1
Comp102 lec 5.1Comp102 lec 5.1
Comp102 lec 5.1Fraz Bakhsh
 
Thesis+of+étienne+duclos.ppt
Thesis+of+étienne+duclos.pptThesis+of+étienne+duclos.ppt
Thesis+of+étienne+duclos.pptPtidej Team
 
UNIT-2-PPTS-DAA.ppt
UNIT-2-PPTS-DAA.pptUNIT-2-PPTS-DAA.ppt
UNIT-2-PPTS-DAA.pptGovindUpadhyay25
 
System Verilog 2009 & 2012 enhancements
System Verilog 2009 & 2012 enhancementsSystem Verilog 2009 & 2012 enhancements
System Verilog 2009 & 2012 enhancementsSubash John
 

More Related Content

What's hot

LSRepair: Live Search of Fix Ingredients for Automated Program Repair
LSRepair: Live Search of Fix Ingredients for Automated Program RepairLSRepair: Live Search of Fix Ingredients for Automated Program Repair
LSRepair: Live Search of Fix Ingredients for Automated Program RepairDongsun Kim
 
MuVM: Higher Order Mutation Analysis Virtual Machine for C
MuVM: Higher Order Mutation Analysis Virtual Machine for CMuVM: Higher Order Mutation Analysis Virtual Machine for C
MuVM: Higher Order Mutation Analysis Virtual Machine for CSusumu Tokumoto
 
You Cannot Fix What You Cannot Find! --- An Investigation of Fault Localizati...
You Cannot Fix What You Cannot Find! --- An Investigation of Fault Localizati...You Cannot Fix What You Cannot Find! --- An Investigation of Fault Localizati...
You Cannot Fix What You Cannot Find! --- An Investigation of Fault Localizati...Dongsun Kim
 
Impact of Tool Support in Patch Construction
Impact of Tool Support in Patch ConstructionImpact of Tool Support in Patch Construction
Impact of Tool Support in Patch ConstructionDongsun Kim
 
TBar: Revisiting Template-based Automated Program Repair
TBar: Revisiting Template-based Automated Program RepairTBar: Revisiting Template-based Automated Program Repair
TBar: Revisiting Template-based Automated Program RepairDongsun Kim
 
A Closer Look at Real-World Patches
A Closer Look at Real-World PatchesA Closer Look at Real-World Patches
A Closer Look at Real-World PatchesDongsun Kim
 
Mining Fix Patterns for FindBugs Violations
Mining Fix Patterns for FindBugs ViolationsMining Fix Patterns for FindBugs Violations
Mining Fix Patterns for FindBugs ViolationsDongsun Kim
 
Learning to Spot and Refactor Inconsistent Method Names
Learning to Spot and Refactor Inconsistent Method NamesLearning to Spot and Refactor Inconsistent Method Names
Learning to Spot and Refactor Inconsistent Method NamesDongsun Kim
 
Test final jav_aaa
Test final jav_aaaTest final jav_aaa
Test final jav_aaaBagusBudi11
 
Navigating the xDD Alphabet Soup
Navigating the xDD Alphabet SoupNavigating the xDD Alphabet Soup
Navigating the xDD Alphabet SoupDror Helper
 
Boetticher Presentation Promise 2008v2
Boetticher Presentation Promise 2008v2Boetticher Presentation Promise 2008v2
Boetticher Presentation Promise 2008v2gregoryg
 
Code Analysis-run time error prediction
Code Analysis-run time error predictionCode Analysis-run time error prediction
Code Analysis-run time error predictionNIKHIL NAWATHE
 
#OSSPARIS19: Introduction to scikit-learn - Olivier Grisel, Inria
#OSSPARIS19: Introduction to scikit-learn - Olivier Grisel, Inria#OSSPARIS19: Introduction to scikit-learn - Olivier Grisel, Inria
#OSSPARIS19: Introduction to scikit-learn - Olivier Grisel, InriaParis Open Source Summit
 
C++ CoreHard Autumn 2018. Debug C++ Without Running - Anastasia Kazakova
C++ CoreHard Autumn 2018. Debug C++ Without Running - Anastasia KazakovaC++ CoreHard Autumn 2018. Debug C++ Without Running - Anastasia Kazakova
C++ CoreHard Autumn 2018. Debug C++ Without Running - Anastasia Kazakovacorehard_by
 
Experiences from Designing and Validating a Software Modernization Transforma...
Experiences from Designing and Validating a Software Modernization Transforma...Experiences from Designing and Validating a Software Modernization Transforma...
Experiences from Designing and Validating a Software Modernization Transforma...Alexandru-Florin Iosif-Lazăr
 
Thesis+of+étienne+duclos.ppt
Thesis+of+étienne+duclos.pptThesis+of+étienne+duclos.ppt
Thesis+of+étienne+duclos.pptPtidej Team
 

What's hot (20)

LSRepair: Live Search of Fix Ingredients for Automated Program Repair
LSRepair: Live Search of Fix Ingredients for Automated Program RepairLSRepair: Live Search of Fix Ingredients for Automated Program Repair
LSRepair: Live Search of Fix Ingredients for Automated Program Repair
 
MuVM: Higher Order Mutation Analysis Virtual Machine for C
MuVM: Higher Order Mutation Analysis Virtual Machine for CMuVM: Higher Order Mutation Analysis Virtual Machine for C
MuVM: Higher Order Mutation Analysis Virtual Machine for C
 
You Cannot Fix What You Cannot Find! --- An Investigation of Fault Localizati...
You Cannot Fix What You Cannot Find! --- An Investigation of Fault Localizati...You Cannot Fix What You Cannot Find! --- An Investigation of Fault Localizati...
You Cannot Fix What You Cannot Find! --- An Investigation of Fault Localizati...
 
Symbolic Execution And KLEE
Symbolic Execution And KLEESymbolic Execution And KLEE
Symbolic Execution And KLEE
 
Impact of Tool Support in Patch Construction
Impact of Tool Support in Patch ConstructionImpact of Tool Support in Patch Construction
Impact of Tool Support in Patch Construction
 
TBar: Revisiting Template-based Automated Program Repair
TBar: Revisiting Template-based Automated Program RepairTBar: Revisiting Template-based Automated Program Repair
TBar: Revisiting Template-based Automated Program Repair
 
Static Analysis and Verification of C Programs
Static Analysis and Verification of C ProgramsStatic Analysis and Verification of C Programs
Static Analysis and Verification of C Programs
 
A Closer Look at Real-World Patches
A Closer Look at Real-World PatchesA Closer Look at Real-World Patches
A Closer Look at Real-World Patches
 
Mining Fix Patterns for FindBugs Violations
Mining Fix Patterns for FindBugs ViolationsMining Fix Patterns for FindBugs Violations
Mining Fix Patterns for FindBugs Violations
 
Learning to Spot and Refactor Inconsistent Method Names
Learning to Spot and Refactor Inconsistent Method NamesLearning to Spot and Refactor Inconsistent Method Names
Learning to Spot and Refactor Inconsistent Method Names
 
Test final jav_aaa
Test final jav_aaaTest final jav_aaa
Test final jav_aaa
 
Navigating the xDD Alphabet Soup
Navigating the xDD Alphabet SoupNavigating the xDD Alphabet Soup
Navigating the xDD Alphabet Soup
 
Boetticher Presentation Promise 2008v2
Boetticher Presentation Promise 2008v2Boetticher Presentation Promise 2008v2
Boetticher Presentation Promise 2008v2
 
Code Analysis-run time error prediction
Code Analysis-run time error predictionCode Analysis-run time error prediction
Code Analysis-run time error prediction
 
#OSSPARIS19: Introduction to scikit-learn - Olivier Grisel, Inria
#OSSPARIS19: Introduction to scikit-learn - Olivier Grisel, Inria#OSSPARIS19: Introduction to scikit-learn - Olivier Grisel, Inria
#OSSPARIS19: Introduction to scikit-learn - Olivier Grisel, Inria
 
C++ CoreHard Autumn 2018. Debug C++ Without Running - Anastasia Kazakova
C++ CoreHard Autumn 2018. Debug C++ Without Running - Anastasia KazakovaC++ CoreHard Autumn 2018. Debug C++ Without Running - Anastasia Kazakova
C++ CoreHard Autumn 2018. Debug C++ Without Running - Anastasia Kazakova
 
White Box Testing
White Box TestingWhite Box Testing
White Box Testing
 
Experiences from Designing and Validating a Software Modernization Transforma...
Experiences from Designing and Validating a Software Modernization Transforma...Experiences from Designing and Validating a Software Modernization Transforma...
Experiences from Designing and Validating a Software Modernization Transforma...
 
Comp102 lec 5.1
Comp102 lec 5.1Comp102 lec 5.1
Comp102 lec 5.1
 
Thesis+of+étienne+duclos.ppt
Thesis+of+étienne+duclos.pptThesis+of+étienne+duclos.ppt
Thesis+of+étienne+duclos.ppt
 

Similar to Repair dagstuhl jan2017

System Verilog 2009 & 2012 enhancements
System Verilog 2009 & 2012 enhancementsSystem Verilog 2009 & 2012 enhancements
System Verilog 2009 & 2012 enhancementsSubash John
 
lab-8 (1).pptx
lab-8 (1).pptxlab-8 (1).pptx
lab-8 (1).pptxShimoFcis
 
Optimization in Programming languages
Optimization in Programming languagesOptimization in Programming languages
Optimization in Programming languagesAnkit Pandey
 
White Box testing by Pankaj Thakur, NITTTR Chandigarh
White Box testing by Pankaj Thakur, NITTTR ChandigarhWhite Box testing by Pankaj Thakur, NITTTR Chandigarh
White Box testing by Pankaj Thakur, NITTTR ChandigarhPankaj Thakur
 
Week1 programming challenges
Week1 programming challengesWeek1 programming challenges
Week1 programming challengesDhanu Srikar
 
Software testing strategies
Software testing strategiesSoftware testing strategies
Software testing strategiesKrishna Sujeer
 
Pi j1.3 operators
Pi j1.3 operatorsPi j1.3 operators
Pi j1.3 operatorsmcollison
 
2-Algorithms and Complexit data structurey.pdf
2-Algorithms and Complexit data structurey.pdf2-Algorithms and Complexit data structurey.pdf
2-Algorithms and Complexit data structurey.pdfishan743441
 
Real-time Face Recognition & Detection Systems 1
Real-time Face Recognition & Detection Systems 1Real-time Face Recognition & Detection Systems 1
Real-time Face Recognition & Detection Systems 1Suvadip Shome
 
C++ unit-1-part-11
C++ unit-1-part-11C++ unit-1-part-11
C++ unit-1-part-11Jadavsejal
 
Production model lifecycle management 2016 09
Production model lifecycle management 2016 09Production model lifecycle management 2016 09
Production model lifecycle management 2016 09Greg Makowski
 
Acm aleppo cpc training introduction 1
Acm aleppo cpc training introduction 1Acm aleppo cpc training introduction 1
Acm aleppo cpc training introduction 1Ahmad Bashar Eter
 
XGBoost: the algorithm that wins every competition
XGBoost: the algorithm that wins every competitionXGBoost: the algorithm that wins every competition
XGBoost: the algorithm that wins every competitionJaroslaw Szymczak
 
Complete C++ programming Language Course
Complete C++ programming Language CourseComplete C++ programming Language Course
Complete C++ programming Language CourseVivek chan
 
制約解消によるプログラム検証・合成 (第1回ステアラボソフトウェア技術セミナー)
制約解消によるプログラム検証・合成 (第1回ステアラボソフトウェア技術セミナー)制約解消によるプログラム検証・合成 (第1回ステアラボソフトウェア技術セミナー)
制約解消によるプログラム検証・合成 (第1回ステアラボソフトウェア技術セミナー)STAIR Lab, Chiba Institute of Technology
 
Cracking OCA and OCP Java 8 Exams
Cracking OCA and OCP Java 8 ExamsCracking OCA and OCP Java 8 Exams
Cracking OCA and OCP Java 8 ExamsGanesh Samarthyam
 

Similar to Repair dagstuhl jan2017 (20)

UNIT-2-PPTS-DAA.ppt
UNIT-2-PPTS-DAA.pptUNIT-2-PPTS-DAA.ppt
UNIT-2-PPTS-DAA.ppt
 
System Verilog 2009 & 2012 enhancements
System Verilog 2009 & 2012 enhancementsSystem Verilog 2009 & 2012 enhancements
System Verilog 2009 & 2012 enhancements
 
lab-8 (1).pptx
lab-8 (1).pptxlab-8 (1).pptx
lab-8 (1).pptx
 
Optimization in Programming languages
Optimization in Programming languagesOptimization in Programming languages
Optimization in Programming languages
 
White Box testing by Pankaj Thakur, NITTTR Chandigarh
White Box testing by Pankaj Thakur, NITTTR ChandigarhWhite Box testing by Pankaj Thakur, NITTTR Chandigarh
White Box testing by Pankaj Thakur, NITTTR Chandigarh
 
Week1 programming challenges
Week1 programming challengesWeek1 programming challenges
Week1 programming challenges
 
Software testing strategies
Software testing strategiesSoftware testing strategies
Software testing strategies
 
16May_ICSE_MIP_APR_2023.pptx
16May_ICSE_MIP_APR_2023.pptx16May_ICSE_MIP_APR_2023.pptx
16May_ICSE_MIP_APR_2023.pptx
 
Daa unit 1
Daa unit 1Daa unit 1
Daa unit 1
 
Pi j1.3 operators
Pi j1.3 operatorsPi j1.3 operators
Pi j1.3 operators
 
2-Algorithms and Complexit data structurey.pdf
2-Algorithms and Complexit data structurey.pdf2-Algorithms and Complexit data structurey.pdf
2-Algorithms and Complexit data structurey.pdf
 
Real-time Face Recognition & Detection Systems 1
Real-time Face Recognition & Detection Systems 1Real-time Face Recognition & Detection Systems 1
Real-time Face Recognition & Detection Systems 1
 
C++ unit-1-part-11
C++ unit-1-part-11C++ unit-1-part-11
C++ unit-1-part-11
 
Production model lifecycle management 2016 09
Production model lifecycle management 2016 09Production model lifecycle management 2016 09
Production model lifecycle management 2016 09
 
Acm aleppo cpc training introduction 1
Acm aleppo cpc training introduction 1Acm aleppo cpc training introduction 1
Acm aleppo cpc training introduction 1
 
XGBoost: the algorithm that wins every competition
XGBoost: the algorithm that wins every competitionXGBoost: the algorithm that wins every competition
XGBoost: the algorithm that wins every competition
 
Complete C++ programming Language Course
Complete C++ programming Language CourseComplete C++ programming Language Course
Complete C++ programming Language Course
 
制約解消によるプログラム検証・合成 (第1回ステアラボソフトウェア技術セミナー)
制約解消によるプログラム検証・合成 (第1回ステアラボソフトウェア技術セミナー)制約解消によるプログラム検証・合成 (第1回ステアラボソフトウェア技術セミナー)
制約解消によるプログラム検証・合成 (第1回ステアラボソフトウェア技術セミナー)
 
FASTEST: Test Case Generation from Z Specifications
FASTEST: Test Case Generation from Z SpecificationsFASTEST: Test Case Generation from Z Specifications
FASTEST: Test Case Generation from Z Specifications
 
Cracking OCA and OCP Java 8 Exams
Cracking OCA and OCP Java 8 ExamsCracking OCA and OCP Java 8 Exams
Cracking OCA and OCP Java 8 Exams
 

More from Abhik Roychoudhury

Singapore International Cyberweek 2020
Singapore International Cyberweek 2020Singapore International Cyberweek 2020
Singapore International Cyberweek 2020Abhik Roychoudhury
 
Art of Computer Science Research Planning
Art of Computer Science Research PlanningArt of Computer Science Research Planning
Art of Computer Science Research PlanningAbhik Roychoudhury
 
Automated Program Repair, Distinguished lecture at MPI-SWS
Automated Program Repair, Distinguished lecture at MPI-SWSAutomated Program Repair, Distinguished lecture at MPI-SWS
Automated Program Repair, Distinguished lecture at MPI-SWSAbhik Roychoudhury
 

More from Abhik Roychoudhury (11)

IFIP2023-Abhik.pptx
IFIP2023-Abhik.pptxIFIP2023-Abhik.pptx
IFIP2023-Abhik.pptx
 
Fuzzing.pptx
Fuzzing.pptxFuzzing.pptx
Fuzzing.pptx
 
Dagstuhl2021
Dagstuhl2021Dagstuhl2021
Dagstuhl2021
 
Singapore International Cyberweek 2020
Singapore International Cyberweek 2020Singapore International Cyberweek 2020
Singapore International Cyberweek 2020
 
NUS PhD e-open day 2020
NUS PhD e-open day 2020NUS PhD e-open day 2020
NUS PhD e-open day 2020
 
Art of Computer Science Research Planning
Art of Computer Science Research PlanningArt of Computer Science Research Planning
Art of Computer Science Research Planning
 
Automated Program Repair, Distinguished lecture at MPI-SWS
Automated Program Repair, Distinguished lecture at MPI-SWSAutomated Program Repair, Distinguished lecture at MPI-SWS
Automated Program Repair, Distinguished lecture at MPI-SWS
 
Binary Analysis - Luxembourg
Binary Analysis - LuxembourgBinary Analysis - Luxembourg
Binary Analysis - Luxembourg
 
Issta13 workshop on debugging
Issta13 workshop on debuggingIssta13 workshop on debugging
Issta13 workshop on debugging
 
PAS 2012
PAS 2012PAS 2012
PAS 2012
 
Pas oct12
Pas oct12Pas oct12
Pas oct12
 

Recently uploaded

Gas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptxGas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptxDr.Ibrahim Hassaan
 
Karra SKD Conference Presentation Revised.pptx
Karra SKD Conference Presentation Revised.pptxKarra SKD Conference Presentation Revised.pptx
Karra SKD Conference Presentation Revised.pptxAshokKarra1
 
Q4 English4 Week3 PPT Melcnmg-based.pptx
Q4 English4 Week3 PPT Melcnmg-based.pptxQ4 English4 Week3 PPT Melcnmg-based.pptx
Q4 English4 Week3 PPT Melcnmg-based.pptxnelietumpap1
 
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfInclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfTechSoup
 
Barangay Council for the Protection of Children (BCPC) Orientation.pptx
Barangay Council for the Protection of Children (BCPC) Orientation.pptxBarangay Council for the Protection of Children (BCPC) Orientation.pptx
Barangay Council for the Protection of Children (BCPC) Orientation.pptxCarlos105
 
ENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choomENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choomnelietumpap1
 
DATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersDATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersSabitha Banu
 
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)lakshayb543
 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxthorishapillay1
 
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Celine George
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatYousafMalik24
 
How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17Celine George
 
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...JhezDiaz1
 
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...Nguyen Thanh Tu Collection
 
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITYISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITYKayeClaireEstoconing
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxiammrhaywood
 

Recently uploaded (20)

Gas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptxGas measurement O2,Co2,& ph) 04/2024.pptx
Gas measurement O2,Co2,& ph) 04/2024.pptx
 
Karra SKD Conference Presentation Revised.pptx
Karra SKD Conference Presentation Revised.pptxKarra SKD Conference Presentation Revised.pptx
Karra SKD Conference Presentation Revised.pptx
 
Q4 English4 Week3 PPT Melcnmg-based.pptx
Q4 English4 Week3 PPT Melcnmg-based.pptxQ4 English4 Week3 PPT Melcnmg-based.pptx
Q4 English4 Week3 PPT Melcnmg-based.pptx
 
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptxYOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
 
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfInclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
 
Barangay Council for the Protection of Children (BCPC) Orientation.pptx
Barangay Council for the Protection of Children (BCPC) Orientation.pptxBarangay Council for the Protection of Children (BCPC) Orientation.pptx
Barangay Council for the Protection of Children (BCPC) Orientation.pptx
 
LEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptx
LEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptxLEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptx
LEFT_ON_C'N_ PRELIMS_EL_DORADO_2024.pptx
 
ENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choomENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choom
 
DATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersDATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginners
 
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptxFINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
FINALS_OF_LEFT_ON_C'N_EL_DORADO_2024.pptx
 
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
Visit to a blind student's school🧑‍🦯🧑‍🦯(community medicine)
 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptx
 
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
 
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
Incoming and Outgoing Shipments in 3 STEPS Using Odoo 17
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice great
 
How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17
 
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
 
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
 
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITYISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
 

Repair dagstuhl jan2017

  • 1. General Summary of Program Repair, and Semantic Repair Abhik Roychoudhury National University of Singapore Dagstuhl seminar, 2017
  • 2. Bug Fixing o Most software has many bugs. o Security-related bugs should be fixed before they are exploited by malicious users. o Oftentimes, bugs are not fixed even a few months after they were reported. o E.g. Bug 18665 of glibc • Reported and responded on July 2015 • Patched on Feb 2016 • CVSS score: 8.1 / 10 (buffer overflow) o “Thanks for the bug report. Do you have a test case that triggers this scenario? Do you have a patch or suggested fix?” Dagstuhl seminar, 2017
  • 3. (Why) Program Repair 1. “Patches as better bug reports” [Weimer 2006]. 2. Automating the simple one-line fixes as patch suggestions • Work with companies with commercial testing tools. • automating targeted repair techniques with template fixes e.g. overflows. 3. Grading and understanding of programming assignments • … if only the education business takes off 4. … Note: 2 & 3 are very different businesses. Dagstuhl seminar, 2017
  • 4. DARPA CGC 4 A team of hackers won $2 million by building a machine that could hack better than they could Read more at http://www.businessinsider.sg/forallsecure-mayhem- darpa-cyber-grand-challenge-2016- 8/#ZuIF7Dmq3aaCAdaq.99 DARPA Cyber Grand Challenge -> Automation of Security [detecting and fixing vulnerabilities automatically]
  • 5. (Troubles with) Repair • Weak description of intended behavior / correctness criterion e.g. tests • Possibility to use “Bugs as deviant behavior” philosophy • Weak applicability of repair techniques e.g. only overflow errors • Large search space of candidate patches for general-purpose repair tools. • Patch suggestions and Interactive Repair Dagstuhl seminar, 2017
  • 6. Correctness Criterion • Assertions or Specifications o May be suitable for targeted repair e.g. access control policy • Bugs as deviant behavior o A property which is rarely violated – dynamic invariants! o Make sure that it is never violated [Clearview paper, SOSP 2009] • Test-driven repair o Repair based on test cases, to pass them. o Most works we talk about use this criterion. o Brings us to issues like strength of test oracle, quality of test-suite … Dagstuhl seminar, 2017
  • 7. Large search space – syntax directed view 1. Where to fix – in which line? 2. Generate the candidate patches in this line. 3. Validate the candidate patches. Dagstuhl seminar, 2017
  • 8. Large search space – semantic view 1. Where to fix – in which line? 2. What values should be returned by these lines? <inp=1, ret=0> 3. What are the expressions which will return these values? Dagstuhl seminar, 2017
  • 9. High level view Dagstuhl seminar, 2017 Test input Concrete values Expected output of program Output: Value-set or Constraint Symbolic execution Program Concrete Execution
  • 10. General purpose repair • … given a test-suite [Conceptual characterization] o Generate –and-test patches (GenProg) o Specification inference and patch synthesis • Infer specification or properties about the patch to be synthesized. • Meet the specification by enumeration, or by solving constraints. • Various works – SemFix, Nopol, SPR, … o Ordering of search space of patches • Use minimality to prioritize the search space. • Use learning approaches to prioritize the search space. o Patch templates can be learnt from human fixes. Dagstuhl seminar, 2017
  • 11. General purpose repair • … given a test-suite [Technical characterization] o Generate –and-test patches (heuristic search) • Use a well-known search framework GP for program repair o Specification inference and patch synthesis • Infer specification or properties about the patch to be synthesized. • Meet the specification by searching in a space, or by solving constraints. • Develop a customized search algorithm for each of the repair sub-problems, or use symbolic execution to infer specifications about the patch. o Embed a patch quality criterion in repair. • Use minimality to prioritize the search space. • Patch templates can be learnt from human fixes, or favor small fixes. • Machine learning is used to re-order the search space. Dagstuhl seminar, 2017
  • 12. Specification Inference • Infer specification or properties about the patch to be synthesized. o Meet the specification by searching in a space, or by solving constraints. o Develop a customized search algorithm for each of the repair sub-problems, or use symbolic execution to infer specifications about the patch. Dagstuhl seminar, 2017 1. Where to fix – in which line? 2. What values should be returned by these lines? <inp=1, ret=0> 3. What are the expressions which will return these values? a. Enumerate values within a restricted domain e.g. T/F values for conditions [SPR] b. Use symbolic exec. to get sample values. [Angelix] c. Use symbolic exec. to infer all possible values as constraint. [SemFix]
  • 13. Interactive Repair RQ1: Can users help the tool to improve the accuracy of the fix localization process? RQ2: Can users help the tool to quickly and effectively find a correct patch? ● Interactive Fault Localization Using Test Information ○ Recommend checking points or breakpoints ○ Patch suggestions at or around break-points ● Iterative Bug Isolation
  • 14. Interactive Repair if( a || b) Branch is never executed line 2 Branch is never executed line 3 void getLargest(int a, int b, int c){ if( a > b && b > a) printf(“%d”, b) else if( b >= a && b >= c ) printf(“%d”, b) else if( c >= a && c >= b ) printf(“%d”, c) } Branch is never executed • Change condition to a > b && a > c • Remove b > a • Remove branch Automatic breakpoint Insertion Anti-patterns as fault explanation in natural language • a > b && b > a is a trivial condition Dagstuhl seminar, 2017 Multiple buggy locations
  • 15. if( a || b) Expected c but got b line 3 void getLargest(int a, int b, int c){ if( a > b && a > c) printf(“%d”, b) else if( b >= a && b >= c ) printf(“%d”, b) else if( c >= a && c >= b ) printf(“%d”, c) } Expected c but got b • Change b to a Interactive Repair • Iterative Bug Isolation Dagstuhl seminar, 2017 Interactive & Iterative fault localization
  • 16. Syntax and semantics based Syntax-based Schematic for 𝑒 𝜖 𝑆𝑒𝑎𝑟𝑐ℎ𝑆𝑝𝑎𝑐𝑒 do validate 𝑒 done Semantics-based Schematic for 𝑝𝑎𝑟𝑡𝑖𝑡𝑖𝑜𝑛 𝜋: ∃𝛼. 𝜋 𝛼 do synthesize 𝑒 done Dagstuhl seminar, 2017
  • 17. Comparison Dagstuhl seminar, 2017 Syntax-based Schematic for 𝑒 𝜖 𝑆𝑒𝑎𝑟𝑐ℎ𝑆𝑝𝑎𝑐𝑒 do validate 𝑒 // break if possible done Semantics-based Schematic for 𝑝𝑎𝑟𝑡𝑖𝑡𝑖𝑜𝑛 𝜋: ∃𝛼. 𝜋 𝛼 do synthesize 𝑒 // cannot break done Syntax-based Schematic for 𝑒 𝜖 𝑆𝑒𝑎𝑟𝑐ℎ𝑆𝑝𝑎𝑐𝑒 do // long loop validate 𝑒 done Semantics-based Schematic for 𝑝𝑎𝑟𝑡𝑖𝑡𝑖𝑜𝑛 𝜋: ∃𝛼. 𝜋 𝛼 do // efficient grouping synthesize 𝑒 done
  • 18. Expand the schematic Dagstuhl seminar, 2017 Semantics-based Schematic for 𝑝𝑎𝑟𝑡𝑖𝑡𝑖𝑜𝑛 𝜋: ∃𝛼. 𝜋 𝛼 do synthesize 𝑒 done Semantics-based Schematic for 𝑝𝑎𝑡ℎ 𝜋: ∃𝛼. 𝜋 𝛼 do synthesize 𝑒 done Semantics-based Schematic for each path do Get repair constraint  and Solve  to construct e done Semantics based schematic Get repair constraint from tests; Conjoin repair constraint from each test.
  • 19. Conjure up a function Dagstuhl seminar, 2017 Buggy Program … var = a + b – c;x Failing test input Concrete Execution Symbolic Execution with x as the only unknown Path conditions, Output Expressions x = f(Live Vars) Get properties of function f via symbolic execution. Construct a function f which satisfies these properties !
  • 20. Example 1 int is_upward( int inhibit, int up_sep, int down_sep){ 2 int bias; 3 if (inhibit) 4 bias = down_sep; // bias= up_sep + 100 5 else bias = up_sep ; 6 if (bias > down_sep) 7 return 1; 8 else return 0; 9 } inhibit up_sep down_se p Observed output Expected Output Result 1 0 100 0 0 pass 1 11 110 0 1 fail 0 100 50 1 1 pass 1 -20 60 0 1 fail 0 0 10 0 0 pass 20
  • 21. Repair Constraint 1 int is_upward( int inhibit, int up_sep, int down_sep){ 2 int bias; 3 if (inhibit) 4 bias = down_sep; // bias= up_sep + 100 5 else bias = up_sep ; 6 if (bias > down_sep) 7 return 1; 8 else return 0; 9 } inhibit up_sep down_se p Observed output Expected Output Result 1 11 110 0 1 fail inhibit = 1, up_sep = 11, down_sep = 110 bias = X, path condition = true inhibit = 1, up_sep = 11, down_sep = 110 bias = X, path condition = X> 110 inhibit = 1, up_sep = 11, down_sep = 110 bias = X, path condition = X ≤ 110 Line 4 Line 7 Line 8 21
  • 22. Repair Constraint 1 int is_upward( int inhibit, int up_sep, int down_sep){ 2 int bias; 3 if (inhibit) 4 bias = f(inhibit, up_sep, down_sep) 5 else bias = up_sep ; 6 if (bias > down_sep) 7 return 1; 8 else return 0; 9 } Inhibit == 1 up_sep == 11 down_se p == 110 Symbolic Execution f(1,11,110) > 110 22
  • 23. Function synthesis • Instead of solving • Select primitive components to be used by the synthesized program based on complexity • Look for a program that uses only these primitive components and satisfy the repair constraint o Done via another constraint solving problem – pgm. synthesis • Solving the repair constraint is the key, not how it is solved • Enumerate expressions over a given set of components / operators o Enforce axioms of the operators o If candidate repair contains a constant, solve using SMT Repair Constraint: f(1,11,110) > 110  f(1,0,100) ≤ 100  f(1,-20,60) > 60 23
  • 24. Patch as minimal change 24 Failing tests Debugging DSE Synthesis Failing tests MaxSMT solver Conjure a function which represents minimal change to buggy program.
  • 25. Example 25 if (x > y) if (x > z) out =10; else out = 20; else out = 30; return out; if (x >= y) if (x >= z) out =10; else out = 20; else out = 30; return out; if (x > y) if (x > z) out =10; else out = 20; else out = 30; return ((x==y)? ((x==z)?10: 20)): out); SemFix DirectFix Test cases: all possible orderings of x,y,z
  • 26. No fault localization 26 int foo(int x, int y){ if (x > y) y = y + 1; else y = y – 1; return y + 2; } Test: foo(0,0) == 3? x = 0  y = 0  result = 3 ( if (x1 > y1) then (y2 = y1 + 1) else (y2 = y1 – 1)  (result = y2 + 2) )  = UNSAT
  • 27. Constraint = Whole Pgm. 27 27 x = 0  y = 0  result = 3 ( if (x1 > y1) then (y2 = y1 + 1) else (y2 = y1 – 1)  (result = y2 + 2) )  = UNSAT ( if (x1 >= y1) then (y2 = y1 + 1) else (y2 = y1 – 1)  (result = y2 + 2) )  x = 0  y = 0  result = 3 = SAT
  • 28. Comparison with SemFix 0 2 4 6 8 10 12 SemFix DirectFix 28 #Pgm Equiv Same Loc Diff Regression SemFix 44 17% 46% 6.36 54% DirectFix 44 53% 95% 2.31 31%
  • 29. Need Concise Constraints 29 Failing tests MaxSMT solver Minimized Mutations for Repair Failing tests DSE Concise Semantics Signature MaxSMT solver
  • 30. Remember the schematic? Dagstuhl seminar, 2017 Semantics-based Schematic for 𝑝𝑎𝑟𝑡𝑖𝑡𝑖𝑜𝑛 𝜋: ∃𝛼. 𝜋 𝛼 do synthesize 𝑒 done Semantics-based Schematic for 𝑝𝑎𝑡ℎ 𝜋: ∃𝛼. 𝜋 𝛼 do synthesize 𝑒 done Semantics-based Schematic for 𝑝𝑎𝑡ℎ 𝜋: ∃𝛼. 𝜋 𝛼 do for all test t get constraint t Solve t t to construct 𝑒 done Semantics-based Schematic for 𝑝𝑎𝑡ℎ 𝜋: ∃𝛼. 𝜋 𝛼 do Get repair constraint  Solve  to construct 𝑒 done
  • 31. Value based “Constraint” Dagstuhl seminar, 2017 Semantics-based Schematic for 𝑝𝑎𝑡ℎ 𝜋: ∃𝛼. 𝜋 𝛼 do for all test t get constraint t Solve t t to construct 𝑒 done Instead of representing t as a SMT constraint represent it using values. Value that is arbitrarily set during execution to a selected expression and that makes the program pass. Can be found by solving path condition of failing test case 𝐼, 𝑂 : 𝑝𝑎𝑡ℎ𝑐𝑜𝑛𝑑𝑖𝑡𝑖𝑜𝑛 𝛼 ∧ 𝑖𝑛𝑝𝑢𝑡 = 𝐼 ∧ 𝑜𝑢𝑡𝑝𝑢𝑡 = 𝑂
  • 32. Angelic Forest 32 E1 E2 E3 Failing Test Angelic Paths SAT angelic1 angelic2 angelic3
  • 33. Angelic Forest 33 E1 E2 E3 Failing Test Angelic Paths UNSAT angelic1 angelic2 angelic3 angelic1 angelic3
  • 34. Repair Constraint • SemFix work (ICSE 2013) o Example: for an identified expression e to be fixed • [ e > 0 ] ∧ f(t) == e for each test t • DirectFix work (ICSE 2015) o Whole Program as repair constraint o Use the principle of minimality to synthesize a minimal patch. • Angelix work (ICSE 2016) o Example: for identified expressions e1, e2, … to be fixed o [ (e == 1) ∨ (e == 2) ∨ (e== 3)] ∧ f(t) ==e for each test t. o [ (e1 == 0 ∧ e2 == 1) ∨ (e1==1 ∧e2 ==0)] ∧ f(t) ==e1∧g(t)==e2 for each test t. Dagstuhl seminar, 2017
  • 36. Results 36 0 10 20 30 40 wireshark php gzip gmp libtiff Overall Angelix SPR GenProg #Fixes Del Del, Per Angelix 28 5 18% SPR 31 13 42% Subject LoC wireshark 2814K php 1046K gzip 491K gmp 145K libtiff 77K
  • 37. Multiline Results Defect Fixed Expressions Libtiff-4a24508-cc79c2b 2 Libtiff-829d8c4-036d7bb 2 CoreUtils-00743a1f-ec48bead 3 CoreUtils-1dd8a331-d461bfd2 2 CoreUtils-c5ccf29b-a04ddb8d 3 37
  • 38. “Latest” Results 38 1 i f ( hbtype == TLS1 HB REQUEST) { 2 . . . 3 memcpy (bp , pl , payload ) ; 4 . . . 5 } (a) The buggy part of the Heartbleed- vulnerable OpenSSL 1 i f ( hbtype == TLS1 HB REQUEST 2 && payload + 18 < s->s3->rrec.length) { 3 . . . 4 } (b) A fix generated automatically 1 if (1 + 2 + payload + 16 > s->s3->rrec.length) 2 return 0; 3 . . . 4 i f ( hbtype == TLS1_HB_REQUEST) { 5 . . . 6 } 7 e l s e i f ( hbtype == TLS1_HB_RESPONSE) { 8 . . . 9 } 10 r e t u r n 0 ; (c) The developer-provided repair The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs). --- Source: heartbleed.com