advances in automated program repair and a call to arms
play

Advances in Automated Program Repair and a Call to Arms Westley - PowerPoint PPT Presentation

Oct 31, 2022 •283 likes •1.16k views

Advances in Automated Program Repair and a Call to Arms Westley Weimer University of Virginia Andreas Zeller, SSBSE Keynote 2011 Westley Weimer 2 For The Next Hour Automated Program Repair Historical Context Mistakes

  1. Advances in Automated Program Repair and a Call to Arms Westley Weimer University of Virginia

  2. Andreas Zeller, SSBSE Keynote 2011 Westley Weimer 2

  3. For The Next Hour ● Automated Program Repair ● Historical Context ● Mistakes ● Opportunities Westley Weimer 3

  4. Speculative Fiction What if large, trusted companies paid strangers to find and fix their normal and critical bugs? Westley Weimer 4

  5. Westley Weimer 5

  6. Westley Weimer 6

  7. Westley Weimer 7

  8. Westley Weimer 8

  9. Westley Weimer 9

  10. Westley Weimer 10

  11. (Raise hand if true) I have used software produced by Microsoft, PayPal, AT&T , Facebook, Mozilla, Google or YouTube. Westley Weimer 11

  12. Westley Weimer 12

  13. Westley Weimer 13

  14. Westley Weimer 14

  15. Westley Weimer 15

  16. Even though only 38% of the submissions were true positives (harmless, minor or major): “Worth the money? Every penny.” Westley Weimer 16

  17. "We get hundreds of reports every day. Many of our best reports come from people whose English isn't great – though this can be challenging, it's something we work with just fine and we have paid out over $1 million to hundreds of reporters." – Matt Jones, Facebook Software Engineer Westley Weimer 17

  18. Westley Weimer 18

  19. A vision of the future present Finding, fixing and ignoring bugs are all so expensive that it is now economical to pay untrusted strangers to submit candidate defect reports and patches. Westley Weimer 19

  20. A Modest Proposal Automatically find and fix defects (rather than, or in addition to, paying strangers). Westley Weimer 20

  21. Outline ● Automated Program Repair ● The State of the Art ● Scalability and Recent Growth ● GenProg Lessons Learned (the fun part) ● Challenges & Opportunities ● Test Suite Quality and Oracles ● Reproducible Research & Benchmarks ● Large Human Studies Westley Weimer 21

  22. Historical Context Westley Weimer 22

  23. “We are moving to a new era where software systems are open, evolving and not owned by a single organization. Self-* systems are not just a nice new way to deal with software, but a necessity for the coming systems. The big new challenge of self- healing systems is to guarantee stability and convergence: we need to be able to master our systems even without knowing in advance what will happen to them.” – Mauro Pezzè, Milano Bicocca / Lugano Westley Weimer 23

  24. Historical Context ● <= 1975 “Software fault tolerance” ● Respond with minimal disruption to an unexpected software failure. Often uses isolation, mirrored fail-over, transaction logging, etc. ● ~1998: “Repairing one type of security bug” [ Cowan, Pu, Maier, Walpole, Bakke, Beattie, Grier, Wagle, Zhang, Hinton. ● StackGuard: Automatic adaptive detection and prevention of buffer-overflow attacks. USENIX Security 1998. ] ● ~2002: “Self-healing (adaptive) systems” ● Diversity, redundancy, system monitoring, models [ Garlan, Kramer, Wolf (eds). First Workshop on Self-Healing Systems, 2002. ] ● Westley Weimer 24

  25. Why not just restart? ● Imagine two types of problems: ● Non-deterministic (e.g., environmental): A network link goes down, send() raises an exception ● Deterministic (e.g., algorithmic): The first line of main() dereferences a null pointer ● Failure-transparent or transactional approaches usually restart the same code ● What if there is a deterministic bug in that code? Westley Weimer 25

  26. Checkpoint and Restart [ Lowell, Chandra, Chen: Exploring Failure Transparency and the Limits of Generic Recovery. OSDI 2000. ] Westley Weimer 26

  27. Groundhog Day [ Lowell, Chandra, Chen: Exploring Failure Transparency and the Limits of Generic Recovery. OSDI 2000. ] Westley Weimer 27

  28. Early “Proto” Program Repair Work ● 1999: Delta debugging [ Zeller: Yesterday, My Program Worked. Today, It Does Not. Why? ESEC / FSE 1999. ] ● 2001: Search-based software engineering [ Harman, Jones. Search based software engineering. Information and Software Technology, 43(14) 2001 ] ● 2003: Data structure repair ● Run-time approach based on constraints [ Demsky, Rinard: Automatic detection and repair of errors in data structures. OOPSLA 2003. ] ● 2006: Repairing safety policy violations ● Static approach using formal FSM specifications [ Weimer: Patches as better bug reports. GPCE 2006. ] ● 2008: Genetic programming proposal [ Arcuri: On the automation of fixing software bugs. ICSE Companion 2008. ] Westley Weimer 28

  29. General Automated Program Repair ● Given a program … ● Source code, assembly code, binary code ● … and evidence of a bug … ● Passing and failing test cases, implicit specifications and crashes, preconditions and invariants, normal and anomalous runs ● … fix that bug. ● A textual patch, a dynamic jump to new code, run- time modifications to variables Westley Weimer 29

  30. How could that work? ● Many faults can be localized to a small area [ Jones, Harrold. Empirical evaluation of the Tarantula automatic fault- ● localization technique. ASE 2005. ] [ Qi, Mao, Lei, Wang. Using Automated Program Repair for Evaluating the ● Effectiveness of Fault Localization Techniques. ISSTA 2013. ] ● Many defects can be fixed with small changes [ Park, Kim, Ray, Bae: An empirical study of supplementary bug fixes. MSR ● 2012. ] ● Programs can be robust to such changes ● “Only attackers and bugs care about unspecified, untested behavior.” [ Schulte, Fry, Fast, Weimer, Forrest: Software Mutational Robustness. J. GPEM ● 2013. ] Westley Weimer 30

  31. Scalability and Recent Growth Westley Weimer 31

  32. 2009: A Banner Year GenProg Genetic programming evolves source code until it passes the rest of a test suite. [ Weimer, Nguyen, Le Goues, Forrest: Automatically finding patches using genetic programming. ICSE May 2009. ] ClearView Detects normal workload invariants and anomalies, deploying binary repairs to restore invariants. [ Perkins, Kim, Larsen, Amarasinghe, Bachrach, Carbin, Pacheco, Sherwood, Sidiroglou, Sullivan, Wong, Zibin, Ernst, Rinard: Automatically patching errors in deployed software. SOSP Oct 2009. ] PACHIKA Summarizes test executions to behavior models, generating fixes based on the differences. [ Dallmeier, Zeller, Meyer: Generating Fixes from Object Behavior Anomalies. ASE Nov 2009. ] Westley Weimer 32

  33. INPUT EVALUATE FITNESS DISCARD ACCEPT X GenProg OUTPUT MUTATE Westley Weimer 33

  34. 2009 In A Nutshell ● Given a program and tests (or a workload) ● Normal observations: A B C or A B C D ● A problem is detected ● Failing observations: A B X C ● The difference yields candidate repairs ● { “Don't do X”, “Always do D” } ● One repair passes all tests ● Report “Don't do X” as the patch Westley Weimer 34

  35. Two Broad Repair Approaches ● Single Repair or “Correct by Construction” ● Careful consideration (constraint solving, invariant reasoning, lockset analysis, type systems, etc.) of the problem produces a single good repair. ● Generate-and-Validate ● Various techniques (mutation, genetic programming, invariant reasoning, etc.) produce multiple candidate repairs. ● Each candidate is evaluated and a valid repair is returned. Westley Weimer 35

  36. Name Subjects Tests Bugs Notes AFix 2 Mloc – 8 Concurrency, guarantees ARC – – – Concurrency, SBSE ARMOR 6 progs. – 3 + – Identifies workarounds Axis 13 progs. – – Concurrency, guarantees, Petri nets AutoFix-E 21 Kloc 650 42 Contracts, guarantees CASC 1 Kloc – 5 Co-evolves tests and programs ClearView Firefox 57 9 Red Team quality evaluation Coker Hafiz 15 Mloc – 7 / – Integer bugs only, guarantees Debroy Wong 76 Kloc 22,500 135 Mutation, fault localization focus Demsky et al. 3 progs. – – Data struct consistency, Red Team FINCH 13 tasks – – Evolves unrestricted bytecode GenProg 5 Mloc 10,000 105 Human-competitive, SBSE Gopinath et al. 2 methods. – 20 Heap specs, SAT Jolt 5 progs. – 8 Escape infinite loops at run-time Juzi 7 progs. – 20 + – Data struct consistency, models PACHIKA 110 Kloc 2,700 26 Differences in behavior models PAR 480 Kloc 25,000 119 Human-based patches, quality study SemFix 12 Kloc 250 90 Symex, constraints, synthesis Sidiroglou et al. 17 progs. – 17 Buffer overflows Westley Weimer 36

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Automated Program Repair Opportunities, Challenges, Advances Chris Timperley 1 About me...

Automated Program Repair Opportunities, Challenges, Advances Chris Timperley 1 About me...

Automated Program Repair Opportunities, Challenges, Advances Chris Timperley 1 About me... Research Interests: Postdoc Carnegie Mellon University, USA Automated Program Repair w/ Claire Le Goues Fault Localisation GI for

676 views • 39 slides
Design of Repair Operators for Automated Program Repair Shin Hwei Tan National University of

Design of Repair Operators for Automated Program Repair Shin Hwei Tan National University of

Design of Repair Operators for Automated Program Repair Shin Hwei Tan National University of Singapore What is automated program repair? BUG! Given a failing Test T , buggy program P 1.Fault localization Where to fix? 2. Patch Generation

517 views • 22 slides
Do Automated Program Repair Techniques Repair Hard and Important Bugs? Manish Motwani Sandhya

Do Automated Program Repair Techniques Repair Hard and Important Bugs? Manish Motwani Sandhya

Do Automated Program Repair Techniques Repair Hard and Important Bugs? Manish Motwani Sandhya Sankarnarayanan Ren e Just Yuriy Brun University of Massachusetts Amherst Automatic Program Repair: An Active Research Area patched program

525 views • 37 slides
Measuring and improving quality of automated program repair

Measuring and improving quality of automated program repair

Measuring and improving quality of automated program repair Yuriy Brun, UMass Amherst Ted Smith

651 views • 22 slides
Leveraging Program Equivalence for Adaptive Program Repair: Models and First Results Westley

Leveraging Program Equivalence for Adaptive Program Repair: Models and First Results Westley

Leveraging Program Equivalence for Adaptive Program Repair: Models and First Results Westley Weimer, UVA Zachary P . Fry, UVA Stephanie Forrest, UNM Automated Program Repair Given a program, a notion of correct behavior, and evidence

679 views • 30 slides
A SYSTEMATIC STUDY OF AUTOMATED PROGRAM REPAIR: FIXING 55 OUT OF 105 BUGS FOR $8 EACH Claire

A SYSTEMATIC STUDY OF AUTOMATED PROGRAM REPAIR: FIXING 55 OUT OF 105 BUGS FOR $8 EACH Claire

A SYSTEMATIC STUDY OF AUTOMATED PROGRAM REPAIR: FIXING 55 OUT OF 105 BUGS FOR $8 EACH Claire Michael Stephanie Westley Le Goues Dewey-Vogt Forrest Weimer 1 http://genprog.cs.virginia.edu Everyday, almost 300 Annual cost of bugs

647 views • 63 slides
Enhancing Automated Program Repair With Deductive Verification Xuan Bach D. Le 1 , Quang-Loc Le 2

Enhancing Automated Program Repair With Deductive Verification Xuan Bach D. Le 1 , Quang-Loc Le 2

Enhancing Automated Program Repair With Deductive Verification Xuan Bach D. Le 1 , Quang-Loc Le 2 , David Lo 1 , Claire Le Goues 3 1 Singapore Management University 2 Singapore University of Technology and Design 3 Carnegie Mellon University 1

368 views • 20 slides
SFH Program 504 Home Repair Program: This program provides loans to very low income homeowners

SFH Program 504 Home Repair Program: This program provides loans to very low income homeowners

Presented by: Jeanie Barbrow USDA Rural Development 504 Repair Loans and Grants SFH Program 504 Home Repair Program: This program provides loans to very low income homeowners to repair, improve, or modernize their homes or provide grants to

357 views • 32 slides
Graph-based, Self-Supervised Program Repair from Diagnostic Feedback ICML 2020 Michihiro

Graph-based, Self-Supervised Program Repair from Diagnostic Feedback ICML 2020 Michihiro

Graph-based, Self-Supervised Program Repair from Diagnostic Feedback ICML 2020 Michihiro Yasunaga, Percy Liang Stanford University Why program repair? Programmers spend 75% of time fixing source code errors Automatic program repair can

1.69k views • 130 slides
Neighborhood Sidewalk Repair Program Botanic Gardens August 11, 2018 Neighborhood Sidewalk

Neighborhood Sidewalk Repair Program Botanic Gardens August 11, 2018 Neighborhood Sidewalk

Neighborhood Sidewalk Repair Program Botanic Gardens August 11, 2018 Neighborhood Sidewalk Repair Program Overview Program is addressing sidewalks, citywide, that are damaged, uneven, or sloping excessively, Authorizing lower-cost repair

429 views • 14 slides
A Revisit of the Integration of Metamorphic Testing and Test Suite Based Automated Program

A Revisit of the Integration of Metamorphic Testing and Test Suite Based Automated Program

A Revisit of the Integration of Metamorphic Testing and Test Suite Based Automated Program Repair Mingyue Jiang 1,2, Tsong Yueh Chen 2, Fei-Ching Kuo 2, Zuohua Ding 1, Eun-Hye Choi 3, Osamu Mizuno 4 1 Zhejiang Sci-Tech University,

465 views • 19 slides
Home Repair Program North Philadelphia &amp; West Philadelphia Repair Program Who is Habitat

Home Repair Program North Philadelphia &amp; West Philadelphia Repair Program Who is Habitat

Home Repair Program North Philadelphia &amp; West Philadelphia Repair Program Who is Habitat for Humanity Philadelphia? Housing nonprofit organization that works in partnership with eligible Working in Philadelphia Philadelphia

368 views • 15 slides
Overview of Automated Bus Consortium Program Accelerating automated technology for transit

Overview of Automated Bus Consortium Program Accelerating automated technology for transit

Automated Bus Technology Deployment Program Overview of Automated Bus Consortium Program Accelerating automated technology for transit services Automated Bus Technology Deployment Program Summary of Concept Automated small vehicle shuttle

407 views • 24 slides
Federal Home Loan Bank (FHLB) Repair Program North Philadelphia &amp; West Philadelphia Repair

Federal Home Loan Bank (FHLB) Repair Program North Philadelphia &amp; West Philadelphia Repair

Federal Home Loan Bank (FHLB) Repair Program North Philadelphia &amp; West Philadelphia Repair Program Who is Habitat for Humanity Philadelphia? Housing nonprofit organization that works in partnership with eligible Working in

183 views • 15 slides
Automated Bug Localization and Repair David Lo School of Information Systems Singapore

Automated Bug Localization and Repair David Lo School of Information Systems Singapore

Automated Bug Localization and Repair David Lo School of Information Systems Singapore Management University davidlo@smu.edu.sg Invited Talk, ISHCS 2016, China A Brief Self-Introduction Singapore 3 rd uni. Singapore Management Number

898 views • 60 slides
Advances in Heart Disease: Endovascular Repair of Aortic Diseases Shant Vartanian, MD Assistant

Advances in Heart Disease: Endovascular Repair of Aortic Diseases Shant Vartanian, MD Assistant

Disclosures Scientific Advisor Radial Medical Advances in Heart Disease: Endovascular Repair of Aortic Diseases Shant Vartanian, MD Assistant Professor of Surgery Division of Vascular and Endovascular Surgery Interim Chief of Surgery

986 views • 19 slides
fedpkg Maintaining packages in Fedora PRESENTED BY: Karel Kl Creative Commons Attribution

fedpkg Maintaining packages in Fedora PRESENTED BY: Karel Kl Creative Commons Attribution

fedpkg Maintaining packages in Fedora PRESENTED BY: Karel Kl Creative Commons Attribution 3.0 T oday's T opics The fedpkg tool Exploring packages Updating a package Backporting changes to older Fedora releases Teamwork

561 views • 22 slides
Development of a Remote External Repair Tool for Damaged or Defective PE Pipe National Energy

Development of a Remote External Repair Tool for Damaged or Defective PE Pipe National Energy

Development of a Remote External Repair Tool for Damaged or Defective PE Pipe National Energy Technology Laboratory U. S. Department of Energy Project Kickoff Presentation December 16, 2003 Ken H. Green Principal Investigator Executive

270 views • 22 slides
SR28 A55 Pavement Design Let 11/2/2017 Thomas S. Adams, PE District 11 Pavement Engineer

SR28 A55 Pavement Design Let 11/2/2017 Thomas S. Adams, PE District 11 Pavement Engineer

SR28 A55 Pavement Design Let 11/2/2017 Thomas S. Adams, PE District 11 Pavement Engineer SR28 A55 Pavement Design Solution 13.7 Miles of 1984 Reinforced Concrete Pavement 2009 CPR 2004 CPR SR28 A55 Pavement Design Solution

1.09k views • 35 slides
Testing for the Unexpected: An Automated T ti f th U t d A A t t d Method of Injecting

Testing for the Unexpected: An Automated T ti f th U t d A A t t d Method of Injecting

Testing for the Unexpected: An Automated T ti f th U t d A A t t d Method of Injecting Faults for Engine Management Development M t D l t Scott James Applied Dynamics International Sh Shaun Fuller Pickering Interfaces F ll

353 views • 18 slides
Backscatter Patch Test inter-comparison of systems using shared reference areas for testing,

Backscatter Patch Test inter-comparison of systems using shared reference areas for testing,

Backscatter Patch Test inter-comparison of systems using shared reference areas for testing, calibration, and quality assessment M. Roche, T. P. Le Bas, X. Lurton, K. Degrendele, L. De Mol, V. Van Lancker, M. Baeye, J. De Bisschop, C.

443 views • 22 slides
Learning Covariant Feature Detectors Karel Lenc and Andrea Vedaldi University of Oxford GMDL

Learning Covariant Feature Detectors Karel Lenc and Andrea Vedaldi University of Oxford GMDL

Learning Covariant Feature Detectors Karel Lenc and Andrea Vedaldi University of Oxford GMDL Workshop, ECCV 2016 Local Feature Detection for Image Matching 2 (x) (x) x x ... ... The challenges of learning feature detectors

528 views • 39 slides
Headquarters U.S. Air Force I n t e g r i t y - S e r v i c e - E x c e l l e n c e Air Force

Headquarters U.S. Air Force I n t e g r i t y - S e r v i c e - E x c e l l e n c e Air Force

Headquarters U.S. Air Force I n t e g r i t y - S e r v i c e - E x c e l l e n c e Air Force Progress in Implementing Standard Desktop Configurations Information Security and Advisory Board June 7th , 2007 Ken Heitkamp Associate

384 views • 16 slides
TUT1131 - Best Practices in Deploying SUSE CaaS Platform Martin Weiss Juan Utande Herrera

TUT1131 - Best Practices in Deploying SUSE CaaS Platform Martin Weiss Juan Utande Herrera

TUT1131 - Best Practices in Deploying SUSE CaaS Platform Martin Weiss Juan Utande Herrera Senior Architect Infrastructure Solutions Senior Architect Infrastructure Solutions Martin.Weiss@SUSE.com Juan.Herrera@suse.com AGENDA AGEN What

762 views • 47 slides

More recommend