s em f ix p rogram r epair via s emantic a nalysis
play

S EM F IX : P ROGRAM R EPAIR VIA S EMANTIC A NALYSIS CREST Workshop, - PowerPoint PPT Presentation

Apr 03, 2023 •191 likes •490 views

S EM F IX : P ROGRAM R EPAIR VIA S EMANTIC A NALYSIS CREST Workshop, Jan 2014 H.D.T. Nguyen, Dawei Qi, Abhik Roychoudhury National University of Singapore , & Satish Chandra Samsung 1 Talk given at 30 th CREST Workshop, London, Jan 2014. W

  1. S EM F IX : P ROGRAM R EPAIR VIA S EMANTIC A NALYSIS CREST Workshop, Jan 2014 H.D.T. Nguyen, Dawei Qi, Abhik Roychoudhury National University of Singapore , & Satish Chandra Samsung 1 Talk given at 30 th CREST Workshop, London, Jan 2014.

  2. W HAT WE HAVE BEEN DISCUSSING Precise debugging is laborious. CREST Workshop, Jan 2014 Specification based repair, Genetic Programming, … Symbolic execution of test cases to extract specifications 2

  3. Test–suite Failing tests T HIS WORK … Suspicions !! – statistical fault localization. CREST Workshop, Jan 2014 Infer intended meaning of suspicious statements - Symbolic execution (SE) Solve constraint from SE to create fixed statement - Program synthesis 3

  4. 0. T HE PROBLEM 1 int is_upward( int inhibit, int up_sep, int down_sep){ 2 int bias; 3 if (inhibit) CREST Workshop, Jan 2014 4 bias = down_sep; // bias= up_sep + 100 5 else bias = up_sep ; 6 if (bias > down_sep) 7 return 1; 8 else return 0; 9 } inhibit up_sep down_sep Observed Expected Result output Output 1 0 100 0 0 pass 1 11 110 0 1 fail 0 100 50 1 1 pass 4 1 -20 60 0 1 fail 0 0 10 0 0 pass

  5. 1. F IND A S USPECT 1 int is_upward( int inhibit, int up_sep, int down_sep){ 2 int bias; 3 if (inhibit) 4 bias = down_sep; // bias= up_sep + 100 CREST Workshop, Jan 2014 5 else bias = up_sep ; 6 if (bias > down_sep) 7 return 1; 8 else return 0; 9 } Line Score Rank 4 0.75 1 8 0.6 2 3 0.5 3 6 0.5 3 5 0 5 5 7 0 5

  6. 2 W HAT IT SHOULD HAVE BEEN 1 int is_upward( int inhibit, int up_sep, int down_sep){ 2 int bias; 3 if (inhibit) 4 bias = down_sep; // bias= up_sep + 100 5 else bias = up_sep ; 6 if (bias > down_sep) CREST Workshop, Jan 2014 7 return 1; 8 else return 0; 9 } inhibit up_sep down_sep Observed Expected Result output Output 1 11 110 0 1 fail Line 4 inhibit = 1, up_sep = 11, down_sep = 110 bias = X, path condition = true Line 7 Line 8 6 inhibit = 1, up_sep = 11, down_sep = 110 inhibit = 1, up_sep = 11, down_sep = 110 bias = X, path condition = X ≤ 110 bias = X, path condition = X> 110

  7. 2. W HAT IT SHOULD HAVE BEEN Inhibit up_sep down_sep == 1 == 11 == 110 1 int is_upward( int inhibit, int up_sep, int CREST Workshop, Jan 2014 down_sep){ 2 int bias; 3 if (inhibit) 4 bias = f(inhibit, up_sep, down_sep) 5 else bias = up_sep ; 6 if (bias > down_sep) 7 return 1; 8 else return 0; 9 } Symbolic Execution 7 f(1,11,110) > 110

  8. 3. F IX THE SUSPECT  Accumulated constraints  f(1,11, 110) > 110 ∧ CREST Workshop, Jan 2014  f(1,0,100) ≤ 100 ∧  …  Find a f satisfying this constraint  By fixing the set of operators appearing in f  Candidate methods  Search over the space of expressions  Program synthesis with fixed set of operators  More efficient!!  Generated fix 8  f(inhibit,up_sep,down_sep) = up_sep + 100

  9. T O R ECAPITULATE  Ranked Bug report  Hypothesize the error causes – suspect CREST Workshop, Jan 2014  Symbolic execution  Specification of the suspicious statement  Input-output requirements from each test  Repair constraint  Program synthesis  Decide operators which can appear in the fix  Generate a fix by solving repair constraint. 9

  10. P RODUCING R ANKED B UG REPORT  We use the Tarantula toolkit.  Given a test-suite T CREST Workshop, Jan 2014 fail(s) allfail Score(s) = fail(s) pass(s) + allfail allpass  fail(s) ≡ # of failing executions in which s occurs  pass(s) ≡ # of passing executions in which s occurs  allfail ≡ Total # of failing executions  allpass ≡ Total # of passing executions  allfail + allpass = |T|  Can also use other metric like Ochiai. 10

  11. U SAGE OF R ANKED B UG REPORT Buggy Program CREST Workshop, Jan 2014 Test Suite NO -Investigate what this statement should be. - Generate a fixed statement YES 11 Fixed Program

  12. T O R ECAPITULATE  Ranked Bug report  Hypothesize the error causes – suspect CREST Workshop, Jan 2014  Symbolic execution  Specification of the suspicious statement  Input-output requirements from each test  Repair constraint  Program synthesis  Decide operators which can appear in the fix  Generate a fixed statement by solving repair constraint. 12

  13. W HAT IT SHOULD HAVE BEEN Concrete test input CREST Workshop, Jan 2014 Concrete Execution … var = a + b – c; x Buggy Program Symbolic Execution with x as the only unknown Path conditions, 13 Output Expressions

  14. E XAMPLE Inhibit == 1 up_sep == 11 down_sep == 110 1 int is_upward( int inhibit, int up_sep, int down_sep){ CREST Workshop, Jan 2014 2 int bias; 3 if (inhibit) 4 bias = f(inhibit, up_sep, down_sep) // X 5 else bias = up_sep ; 6 if (bias > down_sep) 7 return 1; 8 else return 0; Symbolic Execution 9 } ∨ ( pc j ∧ out j == expected_out(t) ) ( (X >110 ∧ 1 ==1) j ∈ Paths ∨ (X ≤ 110 ∧ 0 == 1) ∧ ) ∧ f(1,11,110) == X f(t) == X 14 14 Repair constraint

  15. O VERALL R EPAIR C ONSTRAINT t1 t2 Repair constraint = ∧ Cons i CREST Workshop, Jan 2014 TS … var = … ; 1. TS = failing tests; 2. Repair based on TS // guaranteed to pass TS 3. New = newly failed tests due to repair 4. If (New == φ ) exit // Got your repair 5. else { TS = TS ∪ New; 6. Go to 2 } Cons1 Cons2 15 Repair Constraint = Cons1 ∧ Cons2

  16. T O R ECAPITULATE  Ranked Bug report  Hypothesize the error causes – suspect CREST Workshop, Jan 2014  Symbolic execution  Specification of the suspicious statement  Input-output requirements from each test  Repair constraint  Program synthesis  Decide operators which can appear in the fix  Generate a fix by solving repair constraint. 16

  17. W HY P ROGRAM SYNTHESIS Repair Constraint:  Instead of solving f(1,11,110) > 110 ∧ f(1,0,100) ≤ 100 ∧ f(1,-20,60) > 60 CREST Workshop, Jan 2014  Select primitive components to be used by the synthesized program based on complexity  Look for a program that uses only these primitive components and satisfy the repair constraint  Where to place each component? int tmp=down_sep + 1; + int tmp = down_sep -1; return tmp- inhibit; return up_sep + tmp; +  What are the parameters? int tmp = down_sep -1; int tmp = down_sep - 1; 17 return tmp + inhibit ; inhibit return tmp + inhibit ; up_sep

  18. L OCATION V ARIABLES  Define location variables for each component  Constraint on location variables solved by SMT.  Well-formed e.g. defined before being used CREST Workshop, Jan 2014  Output constraint from each test (repair constraint)  Meaning of the components  Lines determine the value L x == L y ⇒ x == y  Once locations are found, program is constructed. Components = {+} L in == 0, L out == 1, L out+ == 1, L in1+ == 0, L in2+ == 0 0 r0 = input; 1 r = r0 + r0; 2 return r; 18

  19. E VALUATION  Results from  SIR and GNU CoreUtils CREST Workshop, Jan 2014  Tools  Ranked Bug report (Tarantula)  Symbolic execution (KLEE)  Program synthesis (Own tool + Z3) 19

  20. S UBJECTS U SED SIR programs Subject LoC # Versions Description TCAS 135 41 Air Traffic Control Schedule 304 9 Process scheduler CREST Workshop, Jan 2014 Schedule2 262 9 Process scheduler Replace 518 29 Text processing Grep 9366 2 Text search engine GNU CoreUtils Subject LoC mknod 183 mkdir 159 mkfifo 107 20 cp 2272

  21. S UCCESS OF REPAIR (SIR) 45 Time bound = 4 mins. 40 35 CREST Workshop, Jan 2014 # of programs repaired 30 Total 25 Semfix 20 TCAS GenProg 15 10 5 0 Number of tests 10 20 30 40 50 Overall 90 programs from SIR 21 SemFix repaired 48/90, GenProg repaired 16/90 for 50 tests. GenProg running time is >3 times of SemFix

  22. T YPE OF B UGS (SIR) Total SemFix GenProg CREST Workshop, Jan 2014 Constant 14 10 3 Arithmetic 14 6 0 Comparison 16 12 5 Logic 10 10 3 Code 27 5 3 Missing Redundant 9 5 2 Code ALL 90 48 16 22

  23. GNU C ORE U TILS  9 buggy programs where bug could be reproduced.  Taken from paper on KLEE, OSDI 2008. CREST Workshop, Jan 2014  SemFix succeeded in 4/9 [mkdir, cp, …]  Average time = 3.8 mins.  Average time = 6 mins. [GenProg]  All GenProg experiments using configuration from ICSE 2012 paper by Le Goues et al.  Pop size, # generations, …  Other configurations may lead to success for GP, but then we need a systematic method to determine the configurations. 23

  24. E XPRESSION ENUMERATION  Enumerate all expressions over a given set of components (i.e. operators)  Enforce axioms of the operators CREST Workshop, Jan 2014  If candidate repair contains a constant, solve using SMT  Program synthesis turns out to be faster. Subject TCAS Schedul Schedule replace grep e 2 Ratio 6.9 2.8 2.5 1.36 2.2 24 Enumeration also timed out > 20 minutes. These are not even included .

Recommend

H OW TO R EPAIR V ULNERABILITIES ? Correcting vulnerable logic, e.g. race condition

H OW TO R EPAIR V ULNERABILITIES ? Correcting vulnerable logic, e.g. race condition

A UTOMATIC P ROGRAM R EPAIR Zhen Huang 1 Penn State University Spring 2019 CMPSC 447, Software Security P RE PATCH W INDOW Attackers can leverage the window of time before a vulnerability is addressed. Attackers can exploit the

931 views • 60 slides
C LASSIFICATION T REE A NALYSIS : A U SEFUL S TATISTICAL T OOL FOR P ROGRAM E VALUATORS Meredith

C LASSIFICATION T REE A NALYSIS : A U SEFUL S TATISTICAL T OOL FOR P ROGRAM E VALUATORS Meredith

C LASSIFICATION T REE A NALYSIS : A U SEFUL S TATISTICAL T OOL FOR P ROGRAM E VALUATORS Meredith L. Philyaw, MS Jennifer Lyons, MSW(c) Why This Session? Stand up if you... Consider yourself to be a data analyst, frequently work with

673 views • 41 slides
S emantic Web Architecture Vitaly Vlasov inxaoc@ gmail.com Agenda 1. About S emantic Web,

S emantic Web Architecture Vitaly Vlasov inxaoc@ gmail.com Agenda 1. About S emantic Web,

S emantic Web Architecture Vitaly Vlasov inxaoc@ gmail.com Agenda 1. About S emantic Web, OWL, RDF review 2. Metadata on HTML-document 3. Pains 4. Architecture 5. Our Initiatives The S emantic Web (Tim Berners-Lee, May 17, 2001) The

555 views • 23 slides
A PPLICATION : S EARCH IN T OURISM (S KY S CANNER ) Goal: search for hotels/flights/trips using

A PPLICATION : S EARCH IN T OURISM (S KY S CANNER ) Goal: search for hotels/flights/trips using

Q UERYING S EMANTIC B IG D ATA AND I TS A PPLICATIONS Boris Motik University of Oxford November 16, 2015 T ABLE OF C ONTENTS B IG D ATA A PPLICATIONS OF S EMANTIC F ORMALISMS 1 RDF OX : P ARALLEL M ATERIALISATION -B ASED D ATALOG R EASONER 2 A

650 views • 50 slides
R ECAP | P RELIMINARY D ESIGN P ROGRAM (PDP) P RELIMINARY E VALUATION E DUCATIONAL P ROGRAM E

R ECAP | P RELIMINARY D ESIGN P ROGRAM (PDP) P RELIMINARY E VALUATION E DUCATIONAL P ROGRAM E

G. H. M ITCHELL E LEMENTARY S CHOOL B RIDGEWATER , MA C OMMUNITY P RESENTATION J ANUARY 10, 2019 Raymond Design Associates R ECAP | P RELIMINARY D ESIGN P ROGRAM (PDP) P RELIMINARY E VALUATION E DUCATIONAL P ROGRAM E VALUATION OF O PTIONS

465 views • 23 slides
care ? & why do I what are they RDF S emantic eb W OWL S eparate eb W machines

care ? & why do I what are they RDF S emantic eb W OWL S eparate eb W machines

microformats what are they care ? & why do I what are they RDF S emantic eb W OWL S eparate eb W machines W tandards eb S (X)HTML wemantic s eb microformats wame s eb humans low hanging fruit where relationships

450 views • 29 slides
MORE stands for M aintenance O ptimization R epair E ngineering W e offer high-quality kiln

MORE stands for M aintenance O ptimization R epair E ngineering W e offer high-quality kiln

Wh What c at can we an we do fo do for y r you? ou? Standard kiln services 2015 MORE stands for M aintenance O ptimization R epair E ngineering W e offer high-quality kiln specialist service to cement, paper, and mineral companies worldwide

230 views • 7 slides
CAMP CAMP ( C C ollege ollege A A ssistance ssistance M M igrant igrant P P rogram) rogram) (

CAMP CAMP ( C C ollege ollege A A ssistance ssistance M M igrant igrant P P rogram) rogram) (

CAMP CAMP ( C C ollege ollege A A ssistance ssistance M M igrant igrant P P rogram) rogram) ( Paul Dorres & Naoko Kawamura What is CAMP ? What is CAMP ? CAMP (College Assistance Migrant Program) Federally-funded (U.S. Department of

292 views • 12 slides
Robert Piro Ian Horrocks University of Oxford Oslo, May 2016 Horrocks & Piro Semantic

Robert Piro Ian Horrocks University of Oxford Oslo, May 2016 Horrocks & Piro Semantic

S EMANTIC T ECHNOLOGIES FOR D ATA A NALYSIS IN H EALTH C ARE Robert Piro Ian Horrocks University of Oxford Oslo, May 2016 Horrocks & Piro Semantic Technologies for Data Analysis 1/21 O VERVIEW T HE P ROJECT 1 M OTIVATION 2 S OLUTION 3

526 views • 21 slides
S EMANTIC S OLUTIONS FOR O IL & G AS : R OLES AND R ESPONSIBILITIES

S EMANTIC S OLUTIONS FOR O IL & G AS : R OLES AND R ESPONSIBILITIES

InformationIntegrationIntelligence: Solutions S EMANTIC S OLUTIONS FOR O IL & G AS : R OLES AND R ESPONSIBILITIES

348 views • 24 slides
T ACOMA M IXED U SE C ENTERS F EASIBILITY A NALYSIS P REPARED BY P ROPERTY C OUNSELORS M AY 2015 I

T ACOMA M IXED U SE C ENTERS F EASIBILITY A NALYSIS P REPARED BY P ROPERTY C OUNSELORS M AY 2015 I

D RAFT : F OR R EVIEW AND C OMMENT O NLY T ACOMA M IXED U SE C ENTERS F EASIBILITY A NALYSIS P REPARED BY P ROPERTY C OUNSELORS M AY 2015 I NTRODUCTION AND S UMMARY P URPOSE OF A NALYSIS AND O RGANIZATION OF R EPORT Meeting the objectives for the

329 views • 15 slides
ISO-T IME ML: A N I NTERNATIONAL S TANDARD FOR S EMANTIC ANNOTATION James Pustejovsky*, Kiyong

ISO-T IME ML: A N I NTERNATIONAL S TANDARD FOR S EMANTIC ANNOTATION James Pustejovsky*, Kiyong

ISO-T IME ML: A N I NTERNATIONAL S TANDARD FOR S EMANTIC ANNOTATION James Pustejovsky*, Kiyong Lee, Harry Bunt, Laurent Romary ISO *Computer Science Department Brandeis University ISO LREC 2010 ISO Malta May19, 2010 ISO O UTLINE

722 views • 44 slides
E XPLOITING S EMANTIC C OMMUTATIVITY IN H ARDWARE S PECULATION G UOWEI Z HANG , V IRGINIA C HIU , D

E XPLOITING S EMANTIC C OMMUTATIVITY IN H ARDWARE S PECULATION G UOWEI Z HANG , V IRGINIA C HIU , D

E XPLOITING S EMANTIC C OMMUTATIVITY IN H ARDWARE S PECULATION G UOWEI Z HANG , V IRGINIA C HIU , D ANIEL S ANCHEZ MICRO 2016 Executive summary 2 Exploiting commutativity benefits update-heavy apps Software techniques that exploit

1k views • 44 slides
E XTENDING S EMANTIC AND E PISODIC M EMORY TO S UPPORT R OBUST D ECISION M AKING

E XTENDING S EMANTIC AND E PISODIC M EMORY TO S UPPORT R OBUST D ECISION M AKING

E XTENDING S EMANTIC AND E PISODIC M EMORY TO S UPPORT R OBUST D ECISION M AKING (FA2386-10-1-4127) PI: John E. Laird (University of Michigan) Graduate Students: Nate Derbinsky, Mitchell Bloch, Mazin Assanie AFOSR Program Review: Mathematical

760 views • 46 slides
A NALYSIS OF A LGORITHMS Feb. 16, 2017 Acknowledgement: The course slides are adapted from the

A NALYSIS OF A LGORITHMS Feb. 16, 2017 Acknowledgement: The course slides are adapted from the

BBM 202 - ALGORITHMS T ODAY Analysis of Algorithms Observations D EPT . OF C OMPUTER E NGINEERING Mathematical models Order-of-growth classifications Dependencies on inputs Memory A NALYSIS OF A LGORITHMS Feb.

501 views • 19 slides
SMART S tony-brook M illstone: A dvocate, R epair, T ransform Carolyn Wagner, Anna Pimenta, Kate

SMART S tony-brook M illstone: A dvocate, R epair, T ransform Carolyn Wagner, Anna Pimenta, Kate

SMART S tony-brook M illstone: A dvocate, R epair, T ransform Carolyn Wagner, Anna Pimenta, Kate Norris Mission Statement The Stony Brook Millstone Watershed is an important watershed in central New Jersey. The goal of SMART is to improve the

579 views • 12 slides
Natural S emantics Based Tools for S emantic Web with Application to Product Models CUGS

Natural S emantics Based Tools for S emantic Web with Application to Product Models CUGS

Natural S emantics Based Tools for S emantic Web with Application to Product Models CUGS thesis proposal Adrian Pop Programming Environments Laboratory (PELAB) Department of Computer and Information S cience (IDA) Linkping University

461 views • 22 slides
S emantic A utomated D iscovery and I ntegration http://sadiframework.org Summary SADI is a

S emantic A utomated D iscovery and I ntegration http://sadiframework.org Summary SADI is a

S emantic A utomated D iscovery and I ntegration http://sadiframework.org Summary SADI is a set of conventions for creating Semantic Web Services that can be automatically discovered and orchestrated . SADI does not create new technologies

774 views • 58 slides
A NALYSIS W HAT IS IT ? Created & Exclusively Owned by: Impact Branding Consulting, Inc

A NALYSIS W HAT IS IT ? Created & Exclusively Owned by: Impact Branding Consulting, Inc

T HE P ROFIT E NHANCER A NALYSIS W HAT IS IT ? Created & Exclusively Owned by: Impact Branding Consulting, Inc 2013 www.ImpactBrandingConsulting.org W HAT IS A P ROFIT E NHANCER A NALYSIS ? The Profit Enhancer Analysis [PEA] is a

271 views • 12 slides
State and Transition Models: STM (StSim: http://www.apexrms.com/projects/stsm) Growth &

State and Transition Models: STM (StSim: http://www.apexrms.com/projects/stsm) Growth &

I ntegrated L andscape A nalysis P rogram Collaborative Restoration Workshop David Seesholtz Denver, CO April 27, 2016 Pacific Northwest Research Station State and Transition Models: STM (StSim: http://www.apexrms.com/projects/stsm) Growth

454 views • 16 slides
P ERFORMANCE A NALYSIS Q1 2018-19 O UR H

P ERFORMANCE A NALYSIS Q1 2018-19 O UR H

India ian n Over ersea seas s Bank P ERFORMANCE A NALYSIS Q1 2018-19 O UR H ERITAGE Indian Overseas Bank (IOB) was founded on 10th February 1937 by Shri.M.Ct.M.

736 views • 52 slides
S EMANTIC -B ASED M ULTILINGUAL D OCUMENT C LUSTERING VIA T ENSOR M ODELING Salvatore Romeo 1 ,

S EMANTIC -B ASED M ULTILINGUAL D OCUMENT C LUSTERING VIA T ENSOR M ODELING Salvatore Romeo 1 ,

EMNLP 2014 C ONFERENCE ON E MPIRICAL M ETHODS IN N ATURAL L ANGUAGE P ROCESSING D OHA , Q ATAR . O CTOBER 2529, 2014 S EMANTIC -B ASED M ULTILINGUAL D OCUMENT C LUSTERING VIA T ENSOR M ODELING Salvatore Romeo 1 , Andrea Tagarelli 1 , and Dino

594 views • 34 slides
F ARM P ROGRAM R EVIEW : ARC-CO Corn-Christian County, IL Benchmark = 5-year $7.00 250

F ARM P ROGRAM R EVIEW : ARC-CO Corn-Christian County, IL Benchmark = 5-year $7.00 250

F ARM P OLICY R EVIEW & O UTLOOK FOR 2018 F ARM B ILL Jonathan Coppess Gardner Agricultural Policy Program December 2017 w w w .farm docdaily.illinois.edu w w w .farm doc.illinois.edu 2014 F ARM P ROGRAM E LECTION Figure 1. Percent of

136 views • 10 slides
www.focus-africa.co.za

www.focus-africa.co.za

S EMANTICA A N ET C ENTRIC A PPROACH TO A NALYSIS A N O VERVIEW AND C OMPARISON OF THE S EMANTICA A NALYSIS S OFTWARE P LATFORM B ACKGROUND Focus Africa is a private risk management company, providing risk management services to multinational

347 views • 31 slides

More recommend