The application of metamorphic testing(MT)on automatic program repair(APR-MT)is used to generate a patch without test oracles by examining whether the input metamorphic relation(MR)is satisfied or not.However,the deli...The application of metamorphic testing(MT)on automatic program repair(APR-MT)is used to generate a patch without test oracles by examining whether the input metamorphic relation(MR)is satisfied or not.However,the delivered patch is plausible since it may satisfy the input MR but violate other MRs.This inspires us to propose an improved approach to enhance the effectiveness of APR-MT with metamorphic relation group.Ourapproach involves three major steps.First,we formally define the repair process of APR-MT by building the model of automatic program repair and metamorphic testing separately.Then,we propose the advanced model of automatic program repair based on metamorphic relation group,named METARO^(3),which takes several MRs as input while only one MR is used in APR-MT.We additionally present two kinds of selection strategies to rank MRs in descending order of the fault detection capability,which helps shorten the repair time of finding a patch.To demonstrate the feasibility and procedure of our approach,an illustration example was conducted.The results show that METARO^(3) can improve the effectiveness of APR-MT significantly.展开更多
One way to improve practicability of automatic program repair(APR) techniques is to build prediction models which can predict whether an application of a APR technique on a bug is effective or not. Existing predicti...One way to improve practicability of automatic program repair(APR) techniques is to build prediction models which can predict whether an application of a APR technique on a bug is effective or not. Existing prediction models have some limitations. First, the prediction models are built with hand crafted features which usually fail to capture the semantic characteristics of program repair task. Second, the performance of the prediction models is only evaluated on Genprog, a genetic-programming based APR technique. This paper develops prediction models, i.e., random forest prediction models for SPR, another kind of generate-and-validate APR technique, which can distinguish ineffective repair instances from effective repair instances. Rather than handcrafted features, we use features automatically learned by deep belief network(DBN) to train the prediction models. The empirical results show that compared to the baseline models, that is, all effective models, our proposed models can at least improve the F1 by 9% and AUC(area under the receiver operating characteristics curve) by 19%. At the same time, the prediction model using learned features at least outperforms the one using hand-crafted features in terms of F1 by 11%.展开更多
Static buffer overflow detection techniques tend to report too many false positives fundamentally due to the lack of software execution information. It is very time consuming to manually inspect all the static warning...Static buffer overflow detection techniques tend to report too many false positives fundamentally due to the lack of software execution information. It is very time consuming to manually inspect all the static warnings. In this paper, we propose BovInspector, a framework for automatically validating static buffer overflow warnings and providing suggestions for automatic repair of true buffer overflow warnings for C programs. Given the program source code and the static buffer overflow warnings, BovInspector first performs warning reachability analysis. Then, BovInspector executes the source code symbolically under the guidance of reachable warnings. Each reachable warning is validated and classified by checking whether all the path conditions and the buffer overflow constraints can be satisfied simultaneously. For each validated true warning, BovInspector provides suggestions to automatically repair it with 11 repair strategies. BovInspector is complementary to prior static buffer overflow discovery schemes. Experimental results on real open source programs show that BovInspector can automatically validate on average 60% of total warnings reported by static tools.展开更多
Many search-based Automatic Program Repair(APR)techniques employ a set of repair patterns to generate candidate patches.Regarding repair pattern selection,existing search-based APR techniques either randomly select a ...Many search-based Automatic Program Repair(APR)techniques employ a set of repair patterns to generate candidate patches.Regarding repair pattern selection,existing search-based APR techniques either randomly select a repair pattern from the repair pattern set to apply or prioritize all repair patterns based on the bug's context information.In this paper,we introduce PatternNet,a multi-view feature f usion model capable of predicting the repair pattern for a reported software bug.To accomplish this task,PatternNet first extracts multiview features from the pair of buggy code and bug report using different models.Specifically,a transformer-based model(i.e.,UniXcoder)is utilized to obtain the bimodal feature representation of the buggy code and bug report.Additionally,an Abstract Syntax Tree(AST)-based neural model(i.e.,ASTNN)is employed to learn the feature representation of the buggy code.Second,a co-attention mechanism is adopted to capture the dependencies between the statement trees in the AST of the buggy code and the textual tokens of the reported bug,resulting in co-attentive features between statement trees and reported bug's textual tokens.Finally,these multi-view features are combined i nto a unified representation using a feature fusion network.We quantitatively demonstrate the effectiveness of PatternNet and the feature fusion network for predicting software bug repair patterns.展开更多
Software is a crucial component in the communication systems,and its security is of paramount importance.However,it is susceptible to different types of attacks due to potential vulnerabilities.Meanwhile,significant t...Software is a crucial component in the communication systems,and its security is of paramount importance.However,it is susceptible to different types of attacks due to potential vulnerabilities.Meanwhile,significant time and effort is required to fix such vulnerabilities.We propose an automated program repair method based on controlled text generation techniques.Specifically,we utilize a fine-tuned language model for patch generation and introduce a discriminator to evaluate the generation process,selecting results that contribute most to vulnerability fixes.Additionally,we perform static syntax analysis to expedite the patch verification process.The effectiveness of the proposed approach is validated using QuixBugs and Defects4J datasets,demonstrating significant improvements in generating correct patches compared to other existing methods.展开更多
基金The work was supported by a grant from National Natural Science Foundation of China(No.61772423).
文摘The application of metamorphic testing(MT)on automatic program repair(APR-MT)is used to generate a patch without test oracles by examining whether the input metamorphic relation(MR)is satisfied or not.However,the delivered patch is plausible since it may satisfy the input MR but violate other MRs.This inspires us to propose an improved approach to enhance the effectiveness of APR-MT with metamorphic relation group.Ourapproach involves three major steps.First,we formally define the repair process of APR-MT by building the model of automatic program repair and metamorphic testing separately.Then,we propose the advanced model of automatic program repair based on metamorphic relation group,named METARO^(3),which takes several MRs as input while only one MR is used in APR-MT.We additionally present two kinds of selection strategies to rank MRs in descending order of the fault detection capability,which helps shorten the repair time of finding a patch.To demonstrate the feasibility and procedure of our approach,an illustration example was conducted.The results show that METARO^(3) can improve the effectiveness of APR-MT significantly.
基金Supported by the National Natural Science Foundation of China(61603242)Opening Project of Collaborative Innovation Center for Economics Crime Investigation and Prevention Technology(JXJZXTCX-030)+1 种基金the Scientific Research Fund of Zhaoqing Univeristy(201734)Innovative Guidance Fund of Zhaoqing City(201704030409)
文摘One way to improve practicability of automatic program repair(APR) techniques is to build prediction models which can predict whether an application of a APR technique on a bug is effective or not. Existing prediction models have some limitations. First, the prediction models are built with hand crafted features which usually fail to capture the semantic characteristics of program repair task. Second, the performance of the prediction models is only evaluated on Genprog, a genetic-programming based APR technique. This paper develops prediction models, i.e., random forest prediction models for SPR, another kind of generate-and-validate APR technique, which can distinguish ineffective repair instances from effective repair instances. Rather than handcrafted features, we use features automatically learned by deep belief network(DBN) to train the prediction models. The empirical results show that compared to the baseline models, that is, all effective models, our proposed models can at least improve the F1 by 9% and AUC(area under the receiver operating characteristics curve) by 19%. At the same time, the prediction model using learned features at least outperforms the one using hand-crafted features in terms of F1 by 11%.
基金This work was supported by the National Natural Science Foundation of China under Grant No.62032010partially by the Postgraduate Research and Practice Innovation Program of Jiangsu Province of China.
文摘Static buffer overflow detection techniques tend to report too many false positives fundamentally due to the lack of software execution information. It is very time consuming to manually inspect all the static warnings. In this paper, we propose BovInspector, a framework for automatically validating static buffer overflow warnings and providing suggestions for automatic repair of true buffer overflow warnings for C programs. Given the program source code and the static buffer overflow warnings, BovInspector first performs warning reachability analysis. Then, BovInspector executes the source code symbolically under the guidance of reachable warnings. Each reachable warning is validated and classified by checking whether all the path conditions and the buffer overflow constraints can be satisfied simultaneously. For each validated true warning, BovInspector provides suggestions to automatically repair it with 11 repair strategies. BovInspector is complementary to prior static buffer overflow discovery schemes. Experimental results on real open source programs show that BovInspector can automatically validate on average 60% of total warnings reported by static tools.
基金Partially supported by the National Natural Science Foundation of China(61802350)。
文摘Many search-based Automatic Program Repair(APR)techniques employ a set of repair patterns to generate candidate patches.Regarding repair pattern selection,existing search-based APR techniques either randomly select a repair pattern from the repair pattern set to apply or prioritize all repair patterns based on the bug's context information.In this paper,we introduce PatternNet,a multi-view feature f usion model capable of predicting the repair pattern for a reported software bug.To accomplish this task,PatternNet first extracts multiview features from the pair of buggy code and bug report using different models.Specifically,a transformer-based model(i.e.,UniXcoder)is utilized to obtain the bimodal feature representation of the buggy code and bug report.Additionally,an Abstract Syntax Tree(AST)-based neural model(i.e.,ASTNN)is employed to learn the feature representation of the buggy code.Second,a co-attention mechanism is adopted to capture the dependencies between the statement trees in the AST of the buggy code and the textual tokens of the reported bug,resulting in co-attentive features between statement trees and reported bug's textual tokens.Finally,these multi-view features are combined i nto a unified representation using a feature fusion network.We quantitatively demonstrate the effectiveness of PatternNet and the feature fusion network for predicting software bug repair patterns.
基金This work was supported by the National Natural Science Foundation of China(No.62372173).
文摘Software is a crucial component in the communication systems,and its security is of paramount importance.However,it is susceptible to different types of attacks due to potential vulnerabilities.Meanwhile,significant time and effort is required to fix such vulnerabilities.We propose an automated program repair method based on controlled text generation techniques.Specifically,we utilize a fine-tuned language model for patch generation and introduce a discriminator to evaluate the generation process,selecting results that contribute most to vulnerability fixes.Additionally,we perform static syntax analysis to expedite the patch verification process.The effectiveness of the proposed approach is validated using QuixBugs and Defects4J datasets,demonstrating significant improvements in generating correct patches compared to other existing methods.
