LeakPair: Proactive Repairing of Memory Leaks in Single Page Web Applications

Modern web applications often resort to application development frameworks such as React, Vue.js, and Angular. While the frameworks facilitate the development of web applications with several useful components, they are inevitably vulnerable to unmanaged memory consumption since the frameworks often produce Single Page Applications (SPAs). Web applications can be alive for hours and days with behavior loops, in such cases, even a single memory leak in a SPA app can cause performance degradation on the client side. However, recent debugging techniques for web applications still focus on memory leak detection, which requires manual tasks and produces imprecise results. We propose LeakPair, a technique to repair memory leaks in single page applications. Given the insight that memory leaks are mostly non-functional bugs and fixing them might not change the behavior of an application, the technique is designed to proactively generate patches to fix memory leaks, without leak detection, which is often heavy and tedious. To generate effective patches, LeakPair follows the idea of pattern-based program repair since the automated repair strategy shows successful results in many recent studies. We evaluate the technique on more than 20 open-source projects without using explicit leak detection. The patches generated by our technique are also submitted to the projects as pull requests. The results show that LeakPair can generate effective patches to reduce memory consumption that are acceptable to developers. In addition, we execute the test suites given by the projects after applying the patches, and it turns out that the patches do not cause any functionality breakage; this might imply that LeakPair can generate non-intrusive patches for memory leaks.Comment: 13 pages, 3 figures, Accepted for ASE 202

Verifix: Verified Repair of Programming Assignments

Automated feedback generation for introductory programming assignments is useful for programming education. Most works try to generate feedback to correct a student program by comparing its behavior with an instructor's reference program on selected tests. In this work, our aim is to generate verifiably correct program repairs as student feedback. The student assignment is aligned and composed with a reference solution in terms of control flow, and differences in data variables are automatically summarized via predicates to relate the variable names. Failed verification attempts for the equivalence of the two programs are exploited to obtain a collection of maxSMT queries, whose solutions point to repairs of the student assignment. We have conducted experiments on student assignments curated from a widely deployed intelligent tutoring system. Our results indicate that we can generate verified feedback in up to 58% of the assignments. More importantly, our system indicates when it is able to generate a verified feedback, which is then usable by novice students with high confidence

Speeding up constraint-based program repair using a search-based technique

Context: Constraint-based program repair has been developed as one of the main techniques for automated program repair. Given a buggy program and a test suite, constraint-based program repair first extracts a repair constraint ??, and then synthesizes a patch satisfying ??. Since a patch is synthesized in a correct-by-construction manner (rather than compiling and testing each repair candidate source code), the constraint-based approach, in theory, requires less runtime overhead than the G&V approach. Nevertheless, the performance of existing constraint-based approaches is still suboptimal. Objective: In this work, we propose a novel technique to expedite constraint-based program repair. We aim to boost runtime performance without sacrificing repairability and patch quality. Method: The existing constraint-based program repair searches for a patch specification in an unguided manner. We introduce a novel guided search algorithm based on MCMC sampling. Results: Our experimental results for the 50 buggy versions of 5 real-world subjects (i.e., LIBTIFF, PHP, GMP, GZIP, and WIRESHARK) show that our method named FANGELIX is on average an order of magnitude faster than ANGELIX (a state-of-the-art constraint-based program repair tool), showing up to 23 times speed-up. This speed-up is achieved without sacrificing repairability and patch quality. Conclusion: This paper proposes a novel technique that expedites constraint-based program repair, using a search-based technique based on MCMC sampling. Our experimental results show the promise of our approach

Mining plausible hypotheses from the literature via meta-analysis

Meta-analysis is highly advocated in many fields of empirical research such as medicine and psychology, mainly due to its capability to synthesize quantitative evidence of effects from the literature, based on statistical analysis. However, the adoption of meta-analysis to software engineering is still suffering from inertia, despite the fact that many software engineering researchers have long been arguing the need for it. As an attempt to move beyond the lockstep, we in this paper explore a different use of meta-analysis. That is, our proposition is that meta-analysis is useful for mining hypotheses because their plausibility is backed by evidence accumulated in the literature, and thus researchers could focus their effort on the areas that are of particular need. We assess our proposition by conducting a lightweight case study on the literature of defect prediction. We found that three out of five hypotheses we extract from our meta-analysis were indeed investigated in separate papers, indicating the usefulness of our approach. We also recognize two uninvestigated hypotheses whose validity we plan to investigate in the future

DirectFix: Looking for simple program repairs

Recent advances in program repair techniques have raised the possibility of patching bugs automatically. For an automatically generated patch to be accepted by developers, it should not only resolve the bug but also satisfy certain human-related factors including readability and comprehensibility. In this paper, we focus on the simplicity of patches (the size of changes). We present a novel semantics-based repair method that generates the simplest patch such that the program structure of the buggy program is maximally preserved. To take into account the simplicity of repairs in an efficient way (i.e., without explicitly enumerating each repair candidate for each fault location), our method fuses fault localization and repair generation into one step. We do so by leveraging partial MaxSAT constraint solving and component-based program synthesis. We compare our prototype implementation, DirectFix, with the state-of-the-art semantics-based repair tool SemFix, that performs fault localization before repair generation. In our experiments with SIR programs and GNU Coreutils, DirectFix generates repairs that are simpler than those generated by SemFix. Since both DirectFix and SemFix are test-driven repair tools, they can introduce regressions for other tests which do not drive the repair. We found that DirectFix causes substantially less regression errors than SemFix

Angelix: scalable multiline program patch synthesis via symbolic analysis

Since debugging is a time-consuming activity, automated program repair tools such as GenProg have garnered interest. A recent study revealed that the majority of GenProg repairs avoid bugs simply by deleting functionality. We found that SPR, a state-of-the-art repair tool proposed in 2015, still deletes functionality in their many "plausible" repairs. Unlike generate-and-validate systems such as GenProg and SPR, semantic analysis based repair techniques synthesize a repair based on semantic information of the program. While such semantics-based repair methods show promise in terms of quality of generated repairs, their scalability has been a concern so far. In this paper, we present Angelix, a novel semantics-based repair method that scales up to programs of similar size as are handled by search-based repair tools such as GenProg and SPR. This shows that Angelix is more scalable than previously proposed semantics based repair methods such as SemFix and DirectFix. Furthermore, our repair method can repair multiple buggy locations that are dependent on each other. Such repairs are hard to achieve using SPR and GenProg. In our experiments, Angelix generated repairs from large-scale real-world software such as wireshark and php, and these generated repairs include multi-location repairs. We also report our experience in automatically repairing the well-known Heartbleed vulnerability

Expressing and checking intended changes via software change contracts

Software errors often originate from incorrect changes, including incorrect program fixes, incorrect feature updates and so on. Capturing the intended program behavior explicitly via contracts is thus an attractive proposition. In our recent work, we had espoused the notion of change contracts to express the intended program behavior changes across program versions. Change contracts differ from program contracts in that they do not require the programmer to describe the intended behavior of program features which are unchanged across program versions. In this work, we present the formal semantics of our change contract language built on top of the Java Modeling Language (JML). Our change contract language can describe behavioral as well as structural changes. We evaluate the expressivity of the change contract language via a survey given to final year undergraduate students. The survey results enable us to understand the usability of our change contract language for purposes of writing contracts, comprehending written contracts, and modifying programs according to given change contracts. Finally, we discuss the tool support developed for our change contract language. The tool support enables (i) test generation to witness contract violation, as well as (ii) automated repair of certain tests which are broken due to program changes. ?? 2013 ACM