33 research outputs found
LeakPair: Proactive Repairing of Memory Leaks in Single Page Web Applications
Modern web applications often resort to application development frameworks
such as React, Vue.js, and Angular. While the frameworks facilitate the
development of web applications with several useful components, they are
inevitably vulnerable to unmanaged memory consumption since the frameworks
often produce Single Page Applications (SPAs). Web applications can be alive
for hours and days with behavior loops, in such cases, even a single memory
leak in a SPA app can cause performance degradation on the client side.
However, recent debugging techniques for web applications still focus on memory
leak detection, which requires manual tasks and produces imprecise results.
We propose LeakPair, a technique to repair memory leaks in single page
applications. Given the insight that memory leaks are mostly non-functional
bugs and fixing them might not change the behavior of an application, the
technique is designed to proactively generate patches to fix memory leaks,
without leak detection, which is often heavy and tedious. To generate effective
patches, LeakPair follows the idea of pattern-based program repair since the
automated repair strategy shows successful results in many recent studies. We
evaluate the technique on more than 20 open-source projects without using
explicit leak detection. The patches generated by our technique are also
submitted to the projects as pull requests. The results show that LeakPair can
generate effective patches to reduce memory consumption that are acceptable to
developers. In addition, we execute the test suites given by the projects after
applying the patches, and it turns out that the patches do not cause any
functionality breakage; this might imply that LeakPair can generate
non-intrusive patches for memory leaks.Comment: 13 pages, 3 figures, Accepted for ASE 202
Verifix: Verified Repair of Programming Assignments
Automated feedback generation for introductory programming assignments is
useful for programming education. Most works try to generate feedback to
correct a student program by comparing its behavior with an instructor's
reference program on selected tests. In this work, our aim is to generate
verifiably correct program repairs as student feedback. The student assignment
is aligned and composed with a reference solution in terms of control flow, and
differences in data variables are automatically summarized via predicates to
relate the variable names. Failed verification attempts for the equivalence of
the two programs are exploited to obtain a collection of maxSMT queries, whose
solutions point to repairs of the student assignment. We have conducted
experiments on student assignments curated from a widely deployed intelligent
tutoring system. Our results indicate that we can generate verified feedback in
up to 58% of the assignments. More importantly, our system indicates when it is
able to generate a verified feedback, which is then usable by novice students
with high confidence
Speeding up constraint-based program repair using a search-based technique
Context: Constraint-based program repair has been developed as one of the main techniques for automated program repair. Given a buggy program and a test suite, constraint-based program repair first extracts a repair constraint ??, and then synthesizes a patch satisfying ??. Since a patch is synthesized in a correct-by-construction manner (rather than compiling and testing each repair candidate source code), the constraint-based approach, in theory, requires less runtime overhead than the G&V approach. Nevertheless, the performance of existing constraint-based approaches is still suboptimal. Objective: In this work, we propose a novel technique to expedite constraint-based program repair. We aim to boost runtime performance without sacrificing repairability and patch quality. Method: The existing constraint-based program repair searches for a patch specification in an unguided manner. We introduce a novel guided search algorithm based on MCMC sampling. Results: Our experimental results for the 50 buggy versions of 5 real-world subjects (i.e., LIBTIFF, PHP, GMP, GZIP, and WIRESHARK) show that our method named FANGELIX is on average an order of magnitude faster than ANGELIX (a state-of-the-art constraint-based program repair tool), showing up to 23 times speed-up. This speed-up is achieved without sacrificing repairability and patch quality. Conclusion: This paper proposes a novel technique that expedites constraint-based program repair, using a search-based technique based on MCMC sampling. Our experimental results show the promise of our approach
Mining plausible hypotheses from the literature via meta-analysis
Meta-analysis is highly advocated in many fields of empirical research such as medicine and psychology, mainly due to its capability to synthesize quantitative evidence of effects from the literature, based on statistical analysis. However, the adoption of meta-analysis to software engineering is still suffering from inertia, despite the fact that many software engineering researchers have long been arguing the need for it. As an attempt to move beyond the lockstep, we in this paper explore a different use of meta-analysis. That is, our proposition is that meta-analysis is useful for mining hypotheses because their plausibility is backed by evidence accumulated in the literature, and thus researchers could focus their effort on the areas that are of particular need. We assess our proposition by conducting a lightweight case study on the literature of defect prediction. We found that three out of five hypotheses we extract from our meta-analysis were indeed investigated in separate papers, indicating the usefulness of our approach. We also recognize two uninvestigated hypotheses whose validity we plan to investigate in the future
DirectFix: Looking for simple program repairs
Recent advances in program repair techniques have raised the possibility of patching bugs automatically. For an automatically generated patch to be accepted by developers, it should not only resolve the bug but also satisfy certain human-related factors including readability and comprehensibility. In this paper, we focus on the simplicity of patches (the size of changes). We present a novel semantics-based repair method that generates the simplest patch such that the program structure of the buggy program is maximally preserved. To take into account the simplicity of repairs in an efficient way (i.e., without explicitly enumerating each repair candidate for each fault location), our method fuses fault localization and repair generation into one step. We do so by leveraging partial MaxSAT constraint solving and component-based program synthesis. We compare our prototype implementation, DirectFix, with the state-of-the-art semantics-based repair tool SemFix, that performs fault localization before repair generation. In our experiments with SIR programs and GNU Coreutils, DirectFix generates repairs that are simpler than those generated by SemFix. Since both DirectFix and SemFix are test-driven repair tools, they can introduce regressions for other tests which do not drive the repair. We found that DirectFix causes substantially less regression errors than SemFix
Angelix: scalable multiline program patch synthesis via symbolic analysis
Since debugging is a time-consuming activity, automated program repair tools such as GenProg have garnered interest. A recent study revealed that the majority of GenProg repairs avoid bugs simply by deleting functionality. We found that SPR, a state-of-the-art repair tool proposed in 2015, still deletes functionality in their many "plausible" repairs. Unlike generate-and-validate systems such as GenProg and SPR, semantic analysis based repair techniques synthesize a repair based on semantic information of the program. While such semantics-based repair methods show promise in terms of quality of generated repairs, their scalability has been a concern so far. In this paper, we present Angelix, a novel semantics-based repair method that scales up to programs of similar size as are handled by search-based repair tools such as GenProg and SPR. This shows that Angelix is more scalable than previously proposed semantics based repair methods such as SemFix and DirectFix. Furthermore, our repair method can repair multiple buggy locations that are dependent on each other. Such repairs are hard to achieve using SPR and GenProg. In our experiments, Angelix generated repairs from large-scale real-world software such as wireshark and php, and these generated repairs include multi-location repairs. We also report our experience in automatically repairing the well-known Heartbleed vulnerability
Expressing and checking intended changes via software change contracts
Software errors often originate from incorrect changes, including incorrect program fixes, incorrect feature updates and so on. Capturing the intended program behavior explicitly via contracts is thus an attractive proposition. In our recent work, we had espoused the notion of change contracts to express the intended program behavior changes across program versions. Change contracts differ from program contracts in that they do not require the programmer to describe the intended behavior of program features which are unchanged across program versions. In this work, we present the formal semantics of our change contract language built on top of the Java Modeling Language (JML). Our change contract language can describe behavioral as well as structural changes. We evaluate the expressivity of the change contract language via a survey given to final year undergraduate students. The survey results enable us to understand the usability of our change contract language for purposes of writing contracts, comprehending written contracts, and modifying programs according to given change contracts. Finally, we discuss the tool support developed for our change contract language. The tool support enables (i) test generation to witness contract violation, as well as (ii) automated repair of certain tests which are broken due to program changes. ?? 2013 ACM