Published: Oct. 10, 2022
Test-based generate-and-validate automated program repair (APR) systems generate many patches that pass the test suite without fixing bug. The generated must be manually inspected by developers, a task tends to time-consuming, thereby diminishing role of APR in reducing debugging costs.
Language: Английский
ACM Transactions on Software Engineering and Methodology, Journal Year: 2023, Volume and Issue: 33(2), P. 1 - 69
Published: Nov. 6, 2023
Automated program repair (APR) aims to fix software bugs automatically and plays a crucial role in development maintenance. With the recent advances deep learning (DL), an increasing number of APR techniques have been proposed leverage neural networks learn bug-fixing patterns from massive open-source code repositories. Such learning-based usually treat as machine translation (NMT) task, where buggy snippets (i.e., source language) are translated into fixed target automatically. Benefiting powerful capability DL hidden relationships previous datasets, achieved remarkable performance. In this article, we provide systematic survey summarize current state-of-the-art research community. We illustrate general workflow detail components, including fault localization, patch generation, ranking, validation, correctness phases. then discuss widely adopted datasets evaluation metrics outline existing empirical studies. several critical aspects techniques, such domains, industrial deployment, open science issue. highlight practical guidelines on applying for future studies, exploring explainable generation utilizing features. Overall, our article can help researchers gain comprehensive understanding about achievements promote application these techniques. Our artifacts publicly available at repository: https://github.com/iSEngLab/AwesomeLearningAPR .
Language: Английский
Citations
38
IEEE Transactions on Software Engineering, Journal Year: 2024, Volume and Issue: 50(3), P. 618 - 635
Published: Jan. 30, 2024
Long patch validation time is a limiting factor for automated program repair (APR). Though the duality between and mutation testing recognized, so far there exists no study of systematically adapting techniques to general-purpose validation. To address this gap, we investigate existing identify five classes acceleration that are suitable Among them, mutant schemata deduplication have not been adapted due arbitrary changes third-party APR approaches may introduce. This presents two problems adaption: 1) difficulty implementing static equivalence analysis required by state-of-the-art approach; 2) capturing patches system state at runtime. overcome these problems, propose novel approaches: execution scheduling, which detects online, avoiding its imprecision; interception-based instrumentation, intercepts state, full interpreter overhead. Based on contributions above, implement ExpressAPR, validator Java integrates all recognized Our large-scale evaluation with four shows ExpressAPR accelerates 137.1x over plain or 8.8x approach, making longer bottleneck APR. Patch single bug can be reduced within few minutes mainstream CPUs.
Language: Английский
Citations
4
Proceedings of the ACM on Programming Languages, Journal Year: 2025, Volume and Issue: 9(OOPSLA1), P. 1831 - 1857
Published: April 9, 2025
Automated Program Repair (APR) holds the promise of alleviating burden debugging and fixing software bugs. Despite this, developers still need to manually inspect each patch confirm its correctness, which is tedious time-consuming. This challenge exacerbated in presence plausible patches, accidentally pass test cases but may not correctly fix bug. To address this challenge, we propose an interactive approach called iFix facilitate understanding comparison based on their runtime difference. performs static analysis identify variables related buggy statement captures values during execution for patch. These are then aligned across different candidates, allowing users compare contrast behavior. evaluate iFix, conducted a within-subjects user study with 28 participants. Compared manual inspection state-of-the-art filtering technique, reduced participants’ task completion time by 36% 33% while also improving confidence 50% 20%, respectively. Besides, quantitative experiments demonstrate that improves ranking correct patches at least 39% compared other methods generalizable APR tools.
Language: Английский
Citations
0
PLoS ONE, Journal Year: 2025, Volume and Issue: 20(5), P. e0319916 - e0319916
Published: May 6, 2025
The lag of antivirus (AV) software development relative to malware makes it necessary constantly release AV patches. In practice, an patch can be deployed on organization’s intranet only when passes compatibility test. this context, a subset hosts may assigned perform the function fraction with respect time is referred as testing (AVPT) policy, and problem finding satisfactory AVPT policy in terms cost benefit problem. This paper addresses through optimal control modeling. A new mathematical model characterizing evolution intranet’s expected state introduced by incorporating effect testing. On basis, modeled (the model). By applying Pontryagin Maximum Principle model, iterative algorithm solving presented. usability algorithm, including its convergence effectiveness, validated. Finally, pair controllable factors inspected. work initiates study testing-related issues
Language: Английский
Citations
0
Published: July 15, 2022
Test-based generate-and-validate automated program repair (APR) systems often generate many patches that pass the test suite without fixing bug. The generated must be manually inspected by developers, so previous research proposed various techniques for automatic correctness assessment of APR-generated patches. Among them, dynamic patch rely on assumption that, when running originally passing cases, correct will not alter behavior in a significant way, e.g., removing code implementing functionality program. In this paper, we propose and evaluate novel technique, named Shibboleth, test-based APR systems. Unlike existing works, impact is captured along three complementary facets, allowing more effective assessment. Specifically, measure both production (via syntactic semantic similarity) coverage tests) to separate result similar programs do delete desired elements. Shibboleth assesses via ranking classification. We evaluated 1,871 patches, 29 Java-based Defects4J programs. technique outperforms state-of-the-art classification techniques. our data set, 43% (66%) ranks top-1 (top-2) positions, mode applied it achieves an accuracy F1-score 0.887 0.852, respectively.
Language: Английский
Citations
14
Published: Jan. 1, 2024
Continuous fuzzing has become an integral part of the Linux kernel ecosystem, discovering thousands bugs over past few years.Interestingly, only a tiny fraction them were turned into real-world exploits that target downstream distributions, e.g., Ubuntu and Fedora.This contradicts conclusions existing exploitability assessment tools, which classify hundreds those as high-risk, implying high likelihood exploitability.Our study aims to understand gap bridge it.Through our investigation, we realize current tools exclusively test bug on upstream Linux, is for development only; in fact, find many fail reproduce directly downstreams.Through large-scale measurement 230 43 distros (8,032 bug/distro pairs), each distro reproduces 19.1% average by running PoCs root user, 0.9% without root.Remarkably, both numbers can be significantly improved 61% 1300% times respectively through appropriate PoC adaptations, necessitated environment differences.To this end, developed SyzBridge, fully automated system adapts kernels.We further integrate SyzBridge with SyzScope, state-of-the-art tool identify high-risk exploit primitives, control flow hijack.Our integrated pipeline successfully identified 53 originated from syzbot are likely exploitable surpassing mere 5 among 5,000 syzbot.Notably, validate results, exploited additional previously not known publicly.
Language: Английский
Citations
2
Published: July 12, 2023
In this work, we present a novel approach that connects two closely-related topics: fuzzing and automated program repair (APR). The paper is divided into parts. the first part, describe similarities between APR both of which can be viewed as search problem. second introduce new patch-scheduling algorithm called Casino, designed from perspective to enhance efficiency. Our experiments demonstrate Casino outperforms existing algorithms. We also promote open science by sharing SimAPR, simulation tool used evaluate
Language: Английский
Citations
5
Published: May 27, 2024
Language: Английский
Citations
1
Published: Sept. 11, 2024
Language: Английский
Citations
0
arXiv (Cornell University), Journal Year: 2023, Volume and Issue: unknown
Published: Jan. 1, 2023
Long patch validation time is a limiting factor for automated program repair (APR). Though the duality between and mutation testing recognized, so far there exists no study of systematically adapting techniques to general-purpose validation. To address this gap, we investigate existing identify five classes acceleration that are suitable Among them, mutant schemata deduplication have not been adapted due arbitrary changes third-party APR approaches may introduce. This presents two problems adaption: 1) difficulty implementing static equivalence analysis required by state-of-the-art approach; 2) capturing patches system state at runtime. overcome these problems, propose novel approaches: execution scheduling, which detects online, avoiding its imprecision; interception-based instrumentation, intercepts state, full interpreter overhead. Based on contributions above, implement ExpressAPR, validator Java integrates all recognized Our large-scale evaluation with four shows ExpressAPR accelerates 137.1x over plainvalidation or 8.8x approach, making longer bottleneck APR. Patch single bug can be reduced within few minutes mainstream CPUs.
Language: Английский
Citations
1