Presentation is loading. Please wait.

Presentation is loading. Please wait.

Automatic Software Repair Using GenProg 张汉生 ZHANG Hansheng 2013/12/3.

Published bySamantha Jones Modified over 9 years ago

Similar presentations

Presentation on theme: "Automatic Software Repair Using GenProg 张汉生 ZHANG Hansheng 2013/12/3."— Presentation transcript:

1 Automatic Software Repair Using GenProg 张汉生 ZHANG Hansheng 2013/12/3

2 GenProg: A Generic Method for Automatic Software Repair Claire Le Goues, ThanhVu Nguyen, Stephanie Forrest and Westley Weimer IEEE Transactions on Software Engineering, 2012 A Systematic Study of Automated Program Repair: Fixing 55 out of 105 Bugs for $8 Each Claire Le Goues, Michael Dewey-Vogt, Stephanie Forrest and Westley Weimer International Conference on Software Engineering, 2012

3 Problem: Buggy Software Research by University of Cambridge, January 2013 49.9% programming time spent debugging $312 billion per year http://www.roguewave.com/DesktopModules/Bring2mind/DMX/Download.aspx?entryid=1606&command=core_download&P ortalId=0&TabId=607 Global GDP Ranking 2012 from World Bank http://data.worldbank.org/data-catalog/GDP-ranking-table million

4 Solution: Pay Strangers Bug Bounties Expensive: “The bounty for valid critical client security bugs will be $3000 (US) cash reward and a Mozilla T-shirt”, http://www.mozilla.org/security/bug- bounty.htmlhttp://www.mozilla.org/security/bug- bounty.html May take much time Could be difficult to validate

5 Solution: Automate GenProg Input: buggy program(.c source code) A test suite contains: Positive tests descripting required function of the program One negative test addressing the bug Output: A patch passes all tests Insights: Repaired program is a variant of the buggy one that: fixing the bug -> pass the negative test maintaining the functional requirements -> pass all positive test Use genetic programming to find such a patch

6 Outline Motivating Example Technical Approach Repair Results Examples Monetary Cost of Automated Program Repair

7 Outline Motivating Example Technical Approach Repair Results An Example Monetary Cost of Automated Program Repair

8 Buggy webserver code Failed Test: request_method = “POST” length < 0 Failed to return expected html

9 Patched webserver Another function does the bounds check Eventually GenProg tries inserting the check from cgi_main into ProcessRequest A program with this check passes all tests

10 Outline Motivating Example Technical Approach Repair Results An Example Monetary Cost of Automated Program Repair

11 GenProg: Quick Look INPUT OUTPUT EVALUATE FITNESS DISCARD ACCEPT MUTATE

12 Selection and Genetic Operators

13 Outline Motivating Example Technical Approach Repair Results An Example Monetary Cost of Automated Program Repair

14 Results 100 trials for each repair Initial Repair is minimized to final repair

15 Outline Motivating Example Technical Approach Repair Results An Example Monetary Cost of Automated Program Repair

16 Nullhttpd: Remote Heap Buffer Overflow Expected Repaired (in the next release by human developers): inserts local bounds check in the left function GenProg: use right function to process post-data in high-level function

17 Outline Motivating Example Technical Approach Repair Results An Example Monetary Cost of Automated Program Repair

18 Bug Bounties: Tarsnap.com

19 Experiment Setup Amazon’s EC2 cloud computing infrastructure 10 trials for each repair 32-bit Fedora 13 Linux

20 Results

21 Thank You

Download ppt "Automatic Software Repair Using GenProg 张汉生 ZHANG Hansheng 2013/12/3."

Similar presentations

4 th DataGRID Project Conference, Paris, 5 March 2002 Testbed Software Test Plan I. Mandjavidze on behalf of L. Bobelin – CS SI; F.Etienne, E. Fede – CPPM;

4 th DataGRID Project Conference, Paris, 5 March 2002 Testbed Software Test Plan I. Mandjavidze on behalf of L. Bobelin – CS SI; F.Etienne, E. Fede – CPPM;
An Empirical Study of the Reliability in UNIX Utilities Barton Miller Lars Fredriksen Brysn So Presented by Liping Cai.

An Empirical Study of the Reliability in UNIX Utilities Barton Miller Lars Fredriksen Brysn So Presented by Liping Cai.
CIS-74 Computer Software Quality Assurance Systematic Software Testing Chapter 1: An Overview of the Testing Process.

CIS-74 Computer Software Quality Assurance Systematic Software Testing Chapter 1: An Overview of the Testing Process.
A SYSTEMATIC STUDY OF AUTOMATED PROGRAM REPAIR: FIXING 55 OUT OF 105 BUGS FOR $8 EACH Claire Le Goues Michael Dewey-Vogt Stephanie Forrest Westley Weimer.

A SYSTEMATIC STUDY OF AUTOMATED PROGRAM REPAIR: FIXING 55 OUT OF 105 BUGS FOR $8 EACH Claire Le Goues Michael Dewey-Vogt Stephanie Forrest Westley Weimer.
David Brumley, Pongsin Poosankam, Dawn Song and Jiang Zheng Presented by Nimrod Partush.

David Brumley, Pongsin Poosankam, Dawn Song and Jiang Zheng Presented by Nimrod Partush.
The Intelligent Fuzzing in TTCN-3 Xu Luo, Wu Ji, Liu Chao Software Engineering Institute Beihang University

The Intelligent Fuzzing in TTCN-3 Xu Luo, Wu Ji, Liu Chao Software Engineering Institute Beihang University
Automatic Program Correction Anton Akhi Friday, July 08, 2011.

Automatic Program Correction Anton Akhi Friday, July 08, 2011.
Using Programmer-Written Compiler Extensions to Catch Security Holes Authors: Ken Ashcraft and Dawson Engler Presented by : Hong Chen CS590F 2/7/2007.

Using Programmer-Written Compiler Extensions to Catch Security Holes Authors: Ken Ashcraft and Dawson Engler Presented by : Hong Chen CS590F 2/7/2007.
1 Approved for unlimited release as SAND 2010-3325 C Verification Practices for Code Development Teams Greg Weirs Computational Shock and Multiphysics.

1 Approved for unlimited release as SAND C Verification Practices for Code Development Teams Greg Weirs Computational Shock and Multiphysics.
Software Quality Metrics

Software Quality Metrics
Deep Packet Inspection with Regular Expression Matching Min Chen, Danny Guo {michen, CSE Dept, UC Riverside 03/14/2007.

Deep Packet Inspection with Regular Expression Matching Min Chen, Danny Guo {michen, CSE Dept, UC Riverside 03/14/2007.
Introduction to Software Testing

Introduction to Software Testing
Dec 13 th CS555 presentation1 Yiwen Wang --“Securing the DB may be the single biggest action an organization can take to protect its assets” David C. Knox.

Dec 13 th CS555 presentation1 Yiwen Wang --“Securing the DB may be the single biggest action an organization can take to protect its assets” David C. Knox.
Subgoal: conduct an in-depth study of critical representation, operator and other choices used for evolutionary program repair at the source code level.

Subgoal: conduct an in-depth study of critical representation, operator and other choices used for evolutionary program repair at the source code level.
Zichao Qi, Fan Long, Sara Achour, and Martin Rinard MIT CSAIL

Zichao Qi, Fan Long, Sara Achour, and Martin Rinard MIT CSAIL
CONTINUOUS DELIVERY / CONTINUOUS INTEGRATION. IDEAS -> SOLUTIONS Time.

CONTINUOUS DELIVERY / CONTINUOUS INTEGRATION. IDEAS -> SOLUTIONS Time.
EMPIRICAL EVALUATION OF INNOVATIONS IN AUTOMATIC REPAIR CLAIRE LE GOUES SITE VISIT FEBRUARY 7, 2013 1.

EMPIRICAL EVALUATION OF INNOVATIONS IN AUTOMATIC REPAIR CLAIRE LE GOUES SITE VISIT FEBRUARY 7,
IMPROVED FITNESS FUNCTIONS FOR AUTOMATED PROGRAM REPAIR ZACHARY P. FRY.

IMPROVED FITNESS FUNCTIONS FOR AUTOMATED PROGRAM REPAIR ZACHARY P. FRY.
USS Yorktown (1998) A crew member of the guided-missile cruiser USS Yorktown mistakenly entered a zero for a data value, which resulted in a division by.

USS Yorktown (1998) A crew member of the guided-missile cruiser USS Yorktown mistakenly entered a zero for a data value, which resulted in a division by.
Automatic Program Repair With Evolutionary Computation Westley Weimer Computer Science Dept. University of Virginia Charlottesville, VA 22904

Automatic Program Repair With Evolutionary Computation Westley Weimer Computer Science Dept. University of Virginia Charlottesville, VA 22904

Similar presentations

Ads by Google