Presentation is loading. Please wait.

Presentation is loading. Please wait.

Using Execution Paths to Evolve Software Patches ThanhVu Nguyen*, Westley Weimer**, Claires Le Gouges**, Stephanie Forrest* * University of New Mexico.

Published byWhitney Reynolds Modified over 8 years ago

Similar presentations

Presentation on theme: "Using Execution Paths to Evolve Software Patches ThanhVu Nguyen*, Westley Weimer**, Claires Le Gouges**, Stephanie Forrest* * University of New Mexico."— Presentation transcript:

1 Using Execution Paths to Evolve Software Patches ThanhVu Nguyen*, Westley Weimer**, Claires Le Gouges**, Stephanie Forrest* * University of New Mexico ** University of Virginia Tuesday, March 31, 2009

2 Introduction Software is THE problem Software Repair using Genetic Programming (SRGP) –Start with the original (buggy) program –Focus on execution path through AST –Restrict mutation and crossover to execution path –Don’t invent any new code –Results: successfully repair 13 real programs in over 140,000 lines of code in feasible time

3 Repeat Until termination criteria are met Preprocessing Fitness Evaluation If found an individual C with accepted fitness, Return C Exploitation Select mating pool M consisting of high fit individuals Exploration Perform recombination operator on M to get a new generation N Apply mutation operator on N SRGP Algorithm Outline

4 Example: Zunebug Millions of Microsoft Zune media players mysteriously froze up on December 31 st, 2008 The bug: a date related function in Zune enters an infinite loop when the input is the last day of a leap year

5 Zunebug 1.void zunebug(int days) { 2. int year = 1980; 3. while (days > 365) { 4. if (isLeapYear(year)){ 5. if (days > 366) { 6. days -= 366; 7. year += 1; 8. } 9. else{ 10. } 11. } 12. else { 13. days -= 365; 14. year += 1; 15. } 16. } 17. printf(“year is %d\n”, year); 18.}

6 1.void zunebug(int days) { 2. int year = 1980; 3. while (days > 365) { 4. if (isLeapYear(year)){ 5. if (days > 366) { 6. days -= 366; 7. year += 1; 8. } 9. else{ 10. } 11. } 12. else { 13. days -= 365; 14. year += 1; 15. } 16. } 17. printf(“year is %d\n”, year); 18.} Zunebug Input: 1000 Positive Exec Path 1 – 8, 11-18

7 1.void zunebug(int days) { 2. int year = 1980; 3. while (days > 365) { 4. if (isLeapYear(year)){ 5. if (days > 366) { 6. days -= 366; 7. year += 1; 8. } 9. else{ 10. } 11. } 12. else { 13. days -= 365; 14. year += 1; 15. } 16. } 17. printf(“year is %d\n”, year); 18.} Zunebug Input: 10593 Negative Exec Path 1 - 16 (3,4,8,11 infinitely repeating)

8 Weighted Execution Path Neg Exec Path Stmt weight = 1.0 jmtydaezvo

9 Weighted Execution Path Pos Exec Path jmtydaezvo fwzbacikurptv

10 Weighted Execution Path jmtydaezvo fwzbacikurptv Stmts in both Neg Exec Path and Pos Exec Path

11 Weighted Execution Path jmtydaezvo Weight = {1.0, 0.1}

12 Fitness Evaluation Take in a program source P to be evaluated Compile P to an executable program P’ –If cannot compile, assign fitness 0. Fitness score of P’ : weighted sum of test cases that the P’ passes Fitness(P’) = # pos pass * W_pos + # neg pass * W_neg –5 positive test cases (weight = 1), 1 or 2 negative test cases (weight = 10) –If P’ passes all test cases, then P is a solution candidate –Note: the original (buggy) program passes all positive test cases

13 Genetic Operators Recombination (crossback) –Cross the input individuals back with the original program (instead of crossing over each other) Mutation –delete(s). s = {}; –insert(s,y). s = {s; y;}; –swap(s,y). t = s; s = {y}; y = {t};

14 Final Repair Original Program

15 Evolution of Zunebug

16 Results ProgramVersionLoCStmtsPath LenProgram DescriptionFault gcd_22101.3Handcrafted exampleInfinite loop look-ssvr 4.0 1.1136310032.4Dictionary lookupInfinite loop atris1.0.621553647034.0Graphical Tetris gameLocal stack buffer exploit uniqultrix 4.311468181.5Duplicate text processingSegfault look-uultrix 4.3116990213.0Dictionary lookupSegfault deroffultrix 4.322361604251.4Document processingSegfault nullhttpd0.5.055751040768.5Web serverRemote heap buffer exploits indent1.9.1990620221435.9Source code processingInfinite loop unitssvr4.0 1.115042402159.7Metric conversionSegfault flex2.5.4a1877536353836.6Lexical analyzer generatorSegfault

17 Results ProgramLoCPath Len Repair FitnessTimeSuccessSize gcd221.341.0149 s54 %21 look-s136332.48.551 s100 %21 atris2155334.013.269 s82 %19 uniq114681.59.532 s100 %24 look-u1169213.011.142 s99 %24 deroff2236251.421.6129 s97 %61 nullhttpd5575768.579.1502 s36 %71 indent99061435.995.6533 s7 %221 units15042159.755.7107 s7 %23 flex187753836.633.4233 s5 %52

18 Most Recent Results ProgramVersionLoCStmtsPath LenProgram DescriptionFault OpenLDAP io.c 2.3.416519251.3Directory ProtocolNon-overflow denial of service Php string.c 5.2.1260445234.0Scripting LanguageInteger overflow Lighttpd fastcgi.c 1.4.171398413632.4Web serverRemote heap buffer overflow Wu-ftpd2.6.03510914981.5Ftp serverFormat string Traditional 1-point crossover –Works better than crossback in some programs and worse in others

19 Scalability

20 Conclusion SRGP –Focus on execution path to reduce search space complexity –Use GP to evolve code –Combine Positive and Negative test cases for fitness evaluation Positive test cases: preserve the core functionality of the program Negative test cases: identify the bug –Work on real world applications and different types of bugs Future Work –Explore different GP techniques –Integrate anomaly detection methods

Download ppt "Using Execution Paths to Evolve Software Patches ThanhVu Nguyen*, Westley Weimer**, Claires Le Gouges**, Stephanie Forrest* * University of New Mexico."

Similar presentations

CS6800 Advanced Theory of Computation

CS6800 Advanced Theory of Computation
Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.

Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.
Technology of Test Case Generation Levi Lúcio University of Geneva Marko Samer Vienna University of Technology.

Technology of Test Case Generation Levi Lúcio University of Geneva Marko Samer Vienna University of Technology.
Time-Aware Test Suite Prioritization Kristen R. Walcott, Mary Lou Soffa University of Virginia International Symposium on Software Testing and Analysis.

Time-Aware Test Suite Prioritization Kristen R. Walcott, Mary Lou Soffa University of Virginia International Symposium on Software Testing and Analysis.
Using Parallel Genetic Algorithm in a Predictive Job Scheduling

Using Parallel Genetic Algorithm in a Predictive Job Scheduling
Exact and heuristics algorithms

Exact and heuristics algorithms
Tetris – Genetic Algorithm Presented by, Jeethan & Jun.

Tetris – Genetic Algorithm Presented by, Jeethan & Jun.
Tetris and Genetic Algorithms Math Club 5/30/2011.

Tetris and Genetic Algorithms Math Club 5/30/2011.
A SYSTEMATIC STUDY OF AUTOMATED PROGRAM REPAIR: FIXING 55 OUT OF 105 BUGS FOR $8 EACH Claire Le Goues Michael Dewey-Vogt Stephanie Forrest Westley Weimer.

A SYSTEMATIC STUDY OF AUTOMATED PROGRAM REPAIR: FIXING 55 OUT OF 105 BUGS FOR $8 EACH Claire Le Goues Michael Dewey-Vogt Stephanie Forrest Westley Weimer.
Genetic Algorithms Contents 1. Basic Concepts 2. Algorithm

Genetic Algorithms Contents 1. Basic Concepts 2. Algorithm
Automatic Software Repair Using GenProg 张汉生 ZHANG Hansheng 2013/12/3.

Automatic Software Repair Using GenProg 张汉生 ZHANG Hansheng 2013/12/3.
Genetic Algorithms Sushil J. Louis Evolutionary Computing Systems LAB Dept. of Computer Science University of Nevada, Reno

Genetic Algorithms Sushil J. Louis Evolutionary Computing Systems LAB Dept. of Computer Science University of Nevada, Reno
Spie98-1 Evolutionary Algorithms, Simulated Annealing, and Tabu Search: A Comparative Study H. Youssef, S. M. Sait, H. Adiche

Spie98-1 Evolutionary Algorithms, Simulated Annealing, and Tabu Search: A Comparative Study H. Youssef, S. M. Sait, H. Adiche
1 Lecture 8: Genetic Algorithms Contents : Miming nature The steps of the algorithm –Coosing parents –Reproduction –Mutation Deeper in GA –Stochastic Universal.

1 Lecture 8: Genetic Algorithms Contents : Miming nature The steps of the algorithm –Coosing parents –Reproduction –Mutation Deeper in GA –Stochastic Universal.
Scott Grissom, copyright 2004 Chapter 5 Slide 1 Analysis of Algorithms (Ch 5) Chapter 5 focuses on: algorithm analysis searching algorithms sorting algorithms.

Scott Grissom, copyright 2004 Chapter 5 Slide 1 Analysis of Algorithms (Ch 5) Chapter 5 focuses on: algorithm analysis searching algorithms sorting algorithms.
Data Mining CS 341, Spring 2007 Genetic Algorithm.

Data Mining CS 341, Spring 2007 Genetic Algorithm.
Genetic Algorithms Nehaya Tayseer 1.Introduction What is a Genetic algorithm? A search technique used in computer science to find approximate solutions.

Genetic Algorithms Nehaya Tayseer 1.Introduction What is a Genetic algorithm? A search technique used in computer science to find approximate solutions.
Chapter 6: Transform and Conquer Genetic Algorithms The Design and Analysis of Algorithms.

Chapter 6: Transform and Conquer Genetic Algorithms The Design and Analysis of Algorithms.
Zichao Qi, Fan Long, Sara Achour, and Martin Rinard MIT CSAIL

Zichao Qi, Fan Long, Sara Achour, and Martin Rinard MIT CSAIL
Genetic Programming.

Genetic Programming.

Similar presentations

Ads by Google