1,903 research outputs found
Coming: a Tool for Mining Change Pattern Instances from Git Commits
Software repositories such as Git have become a relevant source of
information for software engineer researcher. For instance, the detection of
Commits that fulfill a given criterion (e.g., bugfixing commits) is one of the
most frequent tasks done to understand the software evolution. However, to our
knowledge, there is not open-source tools that, given a Git repository, returns
all the instances of a given change pattern. In this paper we present Coming, a
tool that takes an input a Git repository and mines instances of change
patterns on each commit. For that, Coming computes fine-grained changes between
two consecutive revisions, analyzes those changes to detect if they correspond
to an instance of a change pattern (specified by the user using XML), and
finally, after analyzing all the commits, it presents a) the frequency of code
changes and b) the instances found on each commit. We evaluate Coming on a set
of 28 pairs of revisions from Defects4J, finding instances of change patterns
that involve If conditions on 26 of them
FixMiner: Mining Relevant Fix Patterns for Automated Program Repair
Patching is a common activity in software development. It is generally
performed on a source code base to address bugs or add new functionalities. In
this context, given the recurrence of bugs across projects, the associated
similar patches can be leveraged to extract generic fix actions. While the
literature includes various approaches leveraging similarity among patches to
guide program repair, these approaches often do not yield fix patterns that are
tractable and reusable as actionable input to APR systems. In this paper, we
propose a systematic and automated approach to mining relevant and actionable
fix patterns based on an iterative clustering strategy applied to atomic
changes within patches. The goal of FixMiner is thus to infer separate and
reusable fix patterns that can be leveraged in other patch generation systems.
Our technique, FixMiner, leverages Rich Edit Script which is a specialized tree
structure of the edit scripts that captures the AST-level context of the code
changes. FixMiner uses different tree representations of Rich Edit Scripts for
each round of clustering to identify similar changes. These are abstract syntax
trees, edit actions trees, and code context trees. We have evaluated FixMiner
on thousands of software patches collected from open source projects.
Preliminary results show that we are able to mine accurate patterns,
efficiently exploiting change information in Rich Edit Scripts. We further
integrated the mined patterns to an automated program repair prototype,
PARFixMiner, with which we are able to correctly fix 26 bugs of the Defects4J
benchmark. Beyond this quantitative performance, we show that the mined fix
patterns are sufficiently relevant to produce patches with a high probability
of correctness: 81% of PARFixMiner's generated plausible patches are correct.Comment: 31 pages, 11 figure
Semantic Fuzzing with Zest
Programs expecting structured inputs often consist of both a syntactic
analysis stage, which parses raw input, and a semantic analysis stage, which
conducts checks on the parsed input and executes the core logic of the program.
Generator-based testing tools in the lineage of QuickCheck are a promising way
to generate random syntactically valid test inputs for these programs. We
present Zest, a technique which automatically guides QuickCheck-like
randominput generators to better explore the semantic analysis stage of test
programs. Zest converts random-input generators into deterministic parametric
generators. We present the key insight that mutations in the untyped parameter
domain map to structural mutations in the input domain. Zest leverages program
feedback in the form of code coverage and input validity to perform
feedback-directed parameter search. We evaluate Zest against AFL and QuickCheck
on five Java programs: Maven, Ant, BCEL, Closure, and Rhino. Zest covers
1.03x-2.81x as many branches within the benchmarks semantic analysis stages as
baseline techniques. Further, we find 10 new bugs in the semantic analysis
stages of these benchmarks. Zest is the most effective technique in finding
these bugs reliably and quickly, requiring at most 10 minutes on average to
find each bug.Comment: To appear in Proceedings of 28th ACM SIGSOFT International Symposium
on Software Testing and Analysis (ISSTA'19
Token-Level Fuzzing
Fuzzing has become a commonly used approach to identifying bugs in complex,
real-world programs. However, interpreters are notoriously difficult to fuzz
effectively, as they expect highly structured inputs, which are rarely produced
by most fuzzing mutations. For this class of programs, grammar-based fuzzing
has been shown to be effective. Tools based on this approach can find bugs in
the code that is executed after parsing the interpreter inputs, by following
language-specific rules when generating and mutating test cases. Unfortunately,
grammar-based fuzzing is often unable to discover subtle bugs associated with
the parsing and handling of the language syntax. Additionally, if the grammar
provided to the fuzzer is incomplete, or does not match the implementation
completely, the fuzzer will fail to exercise important parts of the available
functionality. In this paper, we propose a new fuzzing technique, called
Token-Level Fuzzing. Instead of applying mutations either at the byte level or
at the grammar level, Token-Level Fuzzing applies mutations at the token level.
Evolutionary fuzzers can leverage this technique to both generate inputs that
are parsed successfully and generate inputs that do not conform strictly to the
grammar. As a result, the proposed approach can find bugs that neither
byte-level fuzzing nor grammar-based fuzzing can find. We evaluated Token-Level
Fuzzing by modifying AFL and fuzzing four popular JavaScript engines, finding
29 previously unknown bugs, several of which could not be found with
state-of-the-art byte-level and grammar-based fuzzers
- …