Automated program repair reduces the manual effort in fixing program errors. However, existing repair techniques modify a buggy program such that it passes given tests. Such repair techniques do not discriminate between correct patches and patches that overfit the available tests and break untested but desired functionality. We attempt to solve this problem with a novel solution that make use of the duality of space exploration in Input Space and Program Space. We implemented our technique in the form of a tool called CPR and evaluated its efficacy in reducing the patch space by discarding overfitting patches from a pool of plausible patches. Similar to Cardio-Pulmonary Resuscitation (CPR) does to a patient, our tool CPR resuscitate or recover programs via appropriate fixes. In this work, we therefore propose and implement an integrated approach for detecting and discarding overfitting patches by exploiting the relationship between the patch space and input space. We leverage concolic path exploration to systematically traverse the input space (and generate inputs), while systematically ruling out significant parts of the patch space. Given a long enough time budget, this approach allows a significant reduction in the pool of patch candidates, as shown by our experiments.
Benchmark | Program | Repository/Link |
---|---|---|
ExtractFix | LibTIFF | Repo |
ExtractFix | Binutils | Repo |
ExtractFix | LibXML2 | Repo |
ExtractFix | LibJPEG | Repo |
ExtractFix | FFMpeg | Repo |
ExtractFix | Jasper | Repo |
ExtractFix | Coreutils | Repo |
ManyBugs | LibTIFF | Repo |
ManyBugs | GZip | Repo |
SVCOMP | Insertion Sort | Link |
SVCOMP | Linear Search | Link |
SVCOMP | String | Link |
SVCOMP | Eureka | Link |
SVCOMP | Nested Loop | Link |
SVCOMP | Sum | Link |
SVCOMP | Bubble Sort | Link |
SVCOMP | Unique List | Link |
SVCOMP | Standard Array | Link |
SVCOMP | Recursive Addition | Link |
# | Program | Bug ID | Paths | Patches | Explored | Discarded | Prune Ratio | Synthesised | Removed | Refine Ratio |
---|---|---|---|---|---|---|---|---|
1 | LibTIFF | CVE-2016-5321 | 67 | 77 | 15% | 174 | 70 | 40% |
2 | LibTIFF | CVE-2016-9273 | 10 | 2 | 2% | 260 | 119 | 46% |
3 | LibTIFF | CVE-2016-3623 | 102 | 21 | 12% | 130 | 30 | 23% |
4 | Binutils | CVE-2018-10372 | 25 | 1 | 0.1% | 74 | 35 | 47% |
5 | LibXML2 | CVE-2012-5134 | 80 | 271 | 10% | 260 | 129 | 48% |
6 | LibJPEG | CVE-2018-19664 | 84 | 26 | 4% | 130 | 130 | 0% |
7 | Jasper | CVE-2016-8691 | 69 | 7 | 9% | 260 | 164 | 63% |
docker pull rshariffdeen/cpr:experiments-cpr
You can also download the source to build the image on your own using this link, and the following command: docker build -t experiments-cpr .
For readability, we further provide the list of patches and their details for each benchmark in the following pages