7,539 research outputs found
Automated Fixing of Programs with Contracts
This paper describes AutoFix, an automatic debugging technique that can fix
faults in general-purpose software. To provide high-quality fix suggestions and
to enable automation of the whole debugging process, AutoFix relies on the
presence of simple specification elements in the form of contracts (such as
pre- and postconditions). Using contracts enhances the precision of dynamic
analysis techniques for fault detection and localization, and for validating
fixes. The only required user input to the AutoFix supporting tool is then a
faulty program annotated with contracts; the tool produces a collection of
validated fixes for the fault ranked according to an estimate of their
suitability.
In an extensive experimental evaluation, we applied AutoFix to over 200
faults in four code bases of different maturity and quality (of implementation
and of contracts). AutoFix successfully fixed 42% of the faults, producing, in
the majority of cases, corrections of quality comparable to those competent
programmers would write; the used computational resources were modest, with an
average time per fix below 20 minutes on commodity hardware. These figures
compare favorably to the state of the art in automated program fixing, and
demonstrate that the AutoFix approach is successfully applicable to reduce the
debugging burden in real-world scenarios.Comment: Minor changes after proofreadin
Cause Clue Clauses: Error Localization using Maximum Satisfiability
Much effort is spent everyday by programmers in trying to reduce long,
failing execution traces to the cause of the error. We present a new algorithm
for error cause localization based on a reduction to the maximal satisfiability
problem (MAX-SAT), which asks what is the maximum number of clauses of a
Boolean formula that can be simultaneously satisfied by an assignment. At an
intuitive level, our algorithm takes as input a program and a failing test, and
comprises the following three steps. First, using symbolic execution, we encode
a trace of a program as a Boolean trace formula which is satisfiable iff the
trace is feasible. Second, for a failing program execution (e.g., one that
violates an assertion or a post-condition), we construct an unsatisfiable
formula by taking the trace formula and additionally asserting that the input
is the failing test and that the assertion condition does hold at the end.
Third, using MAX-SAT, we find a maximal set of clauses in this formula that can
be satisfied together, and output the complement set as a potential cause of
the error. We have implemented our algorithm in a tool called bug-assist for C
programs. We demonstrate the surprising effectiveness of the tool on a set of
benchmark examples with injected faults, and show that in most cases,
bug-assist can quickly and precisely isolate the exact few lines of code whose
change eliminates the error. We also demonstrate how our algorithm can be
modified to automatically suggest fixes for common classes of errors such as
off-by-one.Comment: The pre-alpha version of the tool can be downloaded from
http://bugassist.mpi-sws.or
Exploration of the scalability of LocFaults approach for error localization with While-loops programs
A model checker can produce a trace of counterexample, for an erroneous
program, which is often long and difficult to understand. In general, the part
about the loops is the largest among the instructions in this trace. This makes
the location of errors in loops critical, to analyze errors in the overall
program. In this paper, we explore the scala-bility capabilities of LocFaults,
our error localization approach exploiting paths of CFG(Control Flow Graph)
from a counterexample to calculate the MCDs (Minimal Correction Deviations),
and MCSs (Minimal Correction Subsets) from each found MCD. We present the times
of our approach on programs with While-loops unfolded b times, and a number of
deviated conditions ranging from 0 to n. Our preliminary results show that the
times of our approach, constraint-based and flow-driven, are better compared to
BugAssist which is based on SAT and transforms the entire program to a Boolean
formula, and further the information provided by LocFaults is more expressive
for the user
Automatic Repair of Buggy If Conditions and Missing Preconditions with SMT
We present Nopol, an approach for automatically repairing buggy if conditions
and missing preconditions. As input, it takes a program and a test suite which
contains passing test cases modeling the expected behavior of the program and
at least one failing test case embodying the bug to be repaired. It consists of
collecting data from multiple instrumented test suite executions, transforming
this data into a Satisfiability Modulo Theory (SMT) problem, and translating
the SMT result -- if there exists one -- into a source code patch. Nopol
repairs object oriented code and allows the patches to contain nullness checks
as well as specific method calls.Comment: CSTVA'2014, India (2014
MintHint: Automated Synthesis of Repair Hints
Being able to automatically repair programs is an extremely challenging task.
In this paper, we present MintHint, a novel technique for program repair that
is a departure from most of today's approaches. Instead of trying to fully
automate program repair, which is often an unachievable goal, MintHint performs
statistical correlation analysis to identify expressions that are likely to
occur in the repaired code and generates, using pattern-matching based
synthesis, repair hints from these expressions. Intuitively, these hints
suggest how to rectify a faulty statement and help developers find a complete,
actual repair. MintHint can address a variety of common faults, including
incorrect, spurious, and missing expressions.
We present a user study that shows that developers' productivity can improve
manyfold with the use of repair hints generated by MintHint -- compared to
having only traditional fault localization information. We also apply MintHint
to several faults of a widely used Unix utility program to further assess the
effectiveness of the approach. Our results show that MintHint performs well
even in situations where (1) the repair space searched does not contain the
exact repair, and (2) the operational specification obtained from the test
cases for repair is incomplete or even imprecise
IntRepair: Informed Repairing of Integer Overflows
Integer overflows have threatened software applications for decades. Thus, in
this paper, we propose a novel technique to provide automatic repairs of
integer overflows in C source code. Our technique, based on static symbolic
execution, fuses detection, repair generation and validation. This technique is
implemented in a prototype named IntRepair. We applied IntRepair to 2,052C
programs (approx. 1 million lines of code) contained in SAMATE's Juliet test
suite and 50 synthesized programs that range up to 20KLOC. Our experimental
results show that IntRepair is able to effectively detect integer overflows and
successfully repair them, while only increasing the source code (LOC) and
binary (Kb) size by around 1%, respectively. Further, we present the results of
a user study with 30 participants which shows that IntRepair repairs are more
than 10x efficient as compared to manually generated code repairsComment: Accepted for publication at the IEEE TSE journal. arXiv admin note:
text overlap with arXiv:1710.0372
- …