Fix pattern-based patch generation is a promising direction in Automated Program Repair (APR). Notably, it has been demonstrated to produce more acceptable and correct patches than the patches obtained with mutation operators through genetic programming. The performance of pattern-based APR systems, however, depends on the fix ingredients mined from fix changes in development histories. Unfortunately, collecting a reliable set of bug fixes in repositories can be challenging. In this paper, we propose to investigate the possibility in an APR scenario of leveraging code changes that address violations by static bug detection tools. To that end, we build the AVATAR APR system, which exploits fix patterns of static analysis violations as ingredients for patch generation. Evaluated on the Defects4J benchmark, we show that, assuming a perfect localization of faults, AVATAR can generate correct patches to fix 34/39 bugs. We further find that AVATAR yields performance metrics that are comparable to that of the closely-related approaches in the literature. While AVATAR outperforms many of the state-of-the- art pattern-based APR systems, it is mostly complementary to current approaches. Overall, our study highlights the relevance of static bug finding tools as indirect contributors of fix ingredients for addressing code defects identified with functional test cases.
The 7 Things I Know About Cyber Security After 25 Years | April 2024
AVATAR : Fixing Semantic Bugs with Fix Patterns of Static Analysis Violations
1. AVATAR: Fixing Semantic Bugs with
Fix Patterns of Static Analysis Violations
Kui Liu, Anil Koyuncu, Dongsun Kim, and Tegawendé F. Bissyandé
SnT, University of Luxembourg, Luxembourg
@ Hangzhou, China, 26th SANER 2019February 27, 2019
2. 1
> Static Code Analysis
Static Analysis Tools can detect:
1. Security Vulnerabilities,
2. Performance Issues,
3. Bad Programming Practices (so-called
Code Smells).InferErrorProne
These are called Violations , Alarms, or Alerts.
3. 2
> Example of Fixing a Static Analysis Violation
@Override
public boolean equals(Object obj) {
return getModule().equals(((ModuleWrapper) obj).getModule());
}
// Violation Type:
// BC_EQUALS_METHOD_SHOULD_WORK_FOR_ALL_OBJECTS
@Override
public boolean equals(Object obj) {
- return getModule().equals(((ModuleWrapper) obj).getModule());
+ return obj instanceof ModuleWrapper &&
+ getModule().equals(((ModuleWrapper) obj).getModule());
}
Developer’s Patch
4. 3
> Fix Patterns of Static Analysis Violations
[29] Kui Liu, Dongsun Kim, Tegawendé F. Bissyandé, Shin Yoo, and Yves Le Traon, “Mining fix
patterns for findbugs violations,” IEEE Transactions on Software Engineering, 2018.
[30] R. Rolim, G. Soares, R. Gheyi, and L. D’Antoni, “Learning quick fixes from code
repositories,” arXiv preprint arXiv:1803.03806, 2018
PATCH###
Violation Type :BC_EQUALS_METHOD_SHOULD_WORK_FOR_ALL_OBJECTS
- return exp1().equals(((T)obj).exp2());
+ return obj instanceof T && exp1().equals(((T)obj).exp2());
Pattern with AST Diff###:
UPD ReturnStatement
---INS InfixExpression
------MOV MethodInvocation
------INS InstanceofExpression
---------INS Variable
---------INS Instanceof
---------INS SimpleType
------INS Operator
Live
Study
5. 4
> Are static analysis tools good bug detectors?
[32] Andrew Habib and Michael Pradel, “How many of all bugs do we find? a
study of static bug detectors,” in Proceedings of the 33rd ACM/IEEE
International Conference on Automated Software Engineering. 2018, pp. 317–328.
Tool Bugs
Error Prone 8
Infer 5
SpotBugs 18
Total 31
Total of 27 unique bugs.
# bugs found by static analysis
tools in Defects4J dataset.
6. 5
> Idea for a new direction
Tool Bugs
Error Prone 8
Infer 5
SpotBugs 18
Total 31
Total of 27 unique bugs.
# Defects4J bugs found by
static analysis tools.
Pattern with AST Diff###:
UPD ReturnStatement
---INS InfixExpression
------MOV MethodInvocation
------INS InstanceofExpression
---------INS Variable
---------INS Instanceof
---------INS SimpleType
------INS Operator
Live
Study
Fix Patterns of
Static Analysis Violations
7. 6
> Fix Pattern based APR Systems
PAR
ELIXIR
Genesis
SOFix
HDRepair
NPEfix
SketchFix
CapGen
SimFix
1. Manual Summarization of Human-written
Patches.
2. Mining fix patterns.
3. Pre-definition of fix patterns.
4. Statistics on code change actions of patches.
How about the fix patterns of static analysis violations?
8. 7
Static analysis violation fix patterns:
• They are recurrent and consistent in projects.
• Fixes are very reliable (They are assessed by detection
tools), and consistent (simple and recurrent).
• Eventually, mined fix patterns are reliable.
> Static Violation Fix Patterns vs. Semantic Bugs
Semantic Bugs:
Making the program behavior deviate from developer’s intention [1] [17].
Generally detected through dynamic testing.
9. 8
> Motivating Example
--- a/src/com/google/javascript/jscomp/Compiler.java
+++ b/src/com/google/javascript/jscomp/Compiler.java
@@ -1283,4 +1283,3 @@
// Check if the sources need to be re-ordered.
if (options.dependencyOptions.needsManagement() &&
- !options.skipAllPasses &&
options.closurePass) {
// Patch diff at AST level.
UPD IfStatement@@‘‘if statement code’’
---UPD InfixExpression@@‘‘infix-expression code’’
------DEL PrefixExpression@@‘‘!options.skipAllPasses’’
------DEL Operator@@‘‘&’’
// Fix Pattern: Remove a useless sub-predicate expression.
UPD IfStatement
---UPD InfixExpression@expA Operator expB
------DEL Expression@expB
------DEL Operator
A fix pattern for UC_USELESS_CONDITION violation [29].
Developer’s patch
of fixing the bug Closure-13in Defects4J.
10. 9
> AVATAR: Static analysis violation fix pattern-based automated
program repair
Fix patterns of
static violations
18. 17
RQ1: How effective are fix patterns of static analysis violations
for repairing programs with semantic bugs?
RQ2: Which bugs and which patterns are relevant targets for
AVATAR in an automated program repair scenario?
RQ3: How does AVATAR compare to the state-of-the-art APR
tools with respect to repair performance?
> RQs: Research Questions
19. 18
> Fix Patterns and Benchmark
#
Projects
# violation
fix patches
# violation
types
# fix
patterns
Liu et al. [29] 730 88,927 111 174
Rolim et al. [30] 9 288,899 9 9
Statistics on Fix Patterns of Static Analysis Violations.
Project # Bugs # kLoc # Tests
Chart 26 96 2,205
Closure 133 90 7,927
Lang 65 22 2,245
Math 106 85 3,602
Mockito 38 11 1,457
Time 27 28 4,130
Total 395 332 21,566
Defects4J Dataset Information.
20. 19
> RQ1: Fix bugs which can be localized by static analysis tools
Bug ID SpotBugs Infer ErrorProne Static Analysis Violation Type
Chart-1 ✔ ✔ NP_ALWAYS_NULL
Chart-4 ✔ ✔ NP_NULL_ON_SOME_PATH
Chart-24 ✔ DLS_DEAD_LOCAL_STORE
Math-77 ✔ UPM_UNCALLED_PRIVATE_METHOD
Statically-Detected Bugs Fixed by AVATAR.
AVATAR demonstrates the usefulness of violation fix patterns in a
scenario of automating some maintenance tasks involving
systematic checking of developer code with static checkers.
21. 20
> RQ1: Fix Bugs with perfect fault localization
Fixed Bugs Chart
(C)
Closure
(Cl)
Lang
(L)
Math
(M)
Mockito
(Moc)
Time
(T)
Total
# of fully fixed
bugs
7/8 10/13 5/10 8/13 2/2 2/3 34/49
# of partially fixed
bugs
2/3 1/4 1/3 1/4 0/0 0/0 5/14
Number of Defects4J Bugs Fixed by AVATAR with an
Assumption of Perfect Localization Information.
AVATAR can effectively fix several semantic
bugs from the Defects4J dataset.
22. 21
> RQ2: Why AVATAR can fix semantic bugs?
Violation Types associated with
fix patterns
Fix ingredients from the violation fix patterns Fixed Bugs Bug Patterns Repair Actions
NP_ALWAYS_NULL Mutate the operator of null-check expression:
“var != == null”, or “var == != null”.
C-1 Conditional expression
modification.
Logic expression modification.
NP_NULL_ON_SOME_PATH 1. Wrap buggy code with if-non-null-check block:
“if (var != null) {buggy code}”;
2. Insert if-null-check block before buggy code:
“if (var == null) {return false;} buggy code;” or
“if (var == null) {return null;} buggy code;” or
“if (var == null) {throw IllegalArgumentException.} buggy code;”
C-4, 26. Missing non-null check
addition
Conditional (if) branch
addition
C-14, 19, 25, Cl-2,
M-4, Moc-29, 38.
Missing null check addition Conditional (if) branch
addition.
DLS_DEAD_LOCAL_STORE Replace a variable with other one:
e.g., “var1 = var2 var3;”.
C-11, 24, L-6, 57,
59, M-33, 59, T-7.
Wrong variable reference Variable replacement by
another variable.
UC_USELESS_CONDITION 1. Mutate the operator of an expression in an if statement:
e.g., “if (expA > >= expB) {...}”;
2. Remove a sub-predicate expression in an if statement:
“if (expA || expB) {...}” or “if (expA || expB) {...}”;
3. Remove the conditional expression:
“expA ? expB : expC” or “expA ? expB : expC”.
Cl-38. Logic expression expansion Conditional expression
expansion.
Cl-18, 31, L-15. Logic expression reduction Conditional expression
reduction
Cl-62, 63, 73, M-82,
85, T-19
Logic expression
modification
Conditional expression
modification.
UCF_USELESS_CONTROL_FLOW 1. Remove an if statement but keep the code inside its block:
“if (exp) { code }”;
2. Remove an if statement with its block code:
“if (exp) { code }”.
C-18, Cl-106, M-46. Unwraps-from if-else
statement
Conditional (if or else) branch
removal.
Cl-115, 126, L-7,
10, M-50.
Conditional block removal Conditional (if or else) branch
removal
UPM_UNCALLED_PRIVATE_MET
HOD
Remove a method declaration:
“Modifier ReutrnType methodName(Parameters) { code }”.
Cl-46, M-77. Unclassified Method definition removal.
BC_UNCONFIRMED_CAST Wrap buggy code with if-instanceof-check block:
“if (var instanceof Type) {buggy code} else {throw IllegalArgumentException;}”
M-89. Wraps-with if-else
statement
Conditional (if-else) branches
addition
AVATAR exploits a variety of fix
ingredients from static violations fix
patterns to address a diverse set of bug
patterns in the Defects4J dataset.
24. 23
> Conclusion
1. AVATAR demonstrates the usefulness of violation fix patterns
for effectively fixing several semantic bugs from the Defects4J
dataset.
2. AVATAR exploits a variety of fix ingredients. It can address
a diverse set of bug types in the Defects4J dataset.
3. AVATAR is comparable and complementary to the state-of-
the-art APR systems.
AVATAR can fix 8 new bugs which had not been fix by the state-of-the-art.
25. 24
> Summary
14
Patch CandidatesSelected
fix pattern
Patch Generation
Pass
Fail
Patch Validation
Patch
Testing
Fault
Localization
with GZoltar
Buggy Program
Passing
tests
tests
Failing
Fix pattern
data base
Mutate
suspicious code
Next
fix
pattern
Next suspicious code location
Next
patch
candidate
> AVATAR Overview
Fix Pattern Matching
< Code Fragment >
Select relevant
fix patterns
Fault Localization
A Ranked List of
Suspicious
Code Locations
https://github.com/SerVal-DTF/AVATAR
Hinweis der Redaktion
Good afternoon, every one, my name is Kui Liu.
I am a PhD student from University of Luxembourg.
Today, I am going to present our recent work: …..
In order to assess software quality and identify potential defects, various static code analysis tools have been proposed, such as ….
Static analysis tools can detect the defects about security vulnerabilities, performance issues, and bad
programming practices (so-called code smells) .
Recent studies also denote those defects as static analysis violations or alerts.
Let’s take a look at a static analysis violation example and its related patch.
Here is an overwritten method: equals.
A violation will be detected in the method code by FindBugs: BC_EQUALS_METHOD_SHOULD_WORK_FOR_ALL_OBJECTS
It means that,
The equals(Object obj) method shouldn‘t make any assumptions about the data type of obj. It should simply return false if the data type of obj is not the same type as this.
Thus, this violation is fixed by inserting an instanceof check.
By looking at this kinds of patches, some fix pattern mining work of static analysis violations is proposed in the literature.
Our previous work present a method of “Mining Fix Patterns for FindBugs Violations”, which was accepted by TSE 2018.
Rolim and his colleagues also proposed to mine fix patterns for PMD static analysis violations.
With this kinds of patches, these work mines fix patterns at AST level like this.
In the two studies, the mined fix patterns are further evaluated with live study and shown that
Developers are willing to accept the patches generated by their mined patterns to fix static analysis bugs.
A recent work presented in ASE 2018 reported an interesting finding that three static analysis tools can detect 27 bugs in Defects4J dataset.
Developers are willing to accept those patches generated by the mined fix patterns of static analysis violations.
And three static analysis tools can detect some semantic bugs in Defects4J.
So, Can we use the fix patterns of static analysis violations to fix the semantic bugs in Defects4J which are failed to pass some test cases.
Various fix pattern based APR systems have been proposed and achieved promising results.
However, none of them use the fix patterns of violations.
Here is a patch of fixing the bug Closure-13 in Defects4J dataset.
By looking at the patch diff at AST level, we find that it is the similar to a fix pattern of a findbugs violation in our previous work.
So, it might be possible to use the static analysis fix patterns to fix semantic bugs.
Thus, we propose an APR tool, AVATAR, static analysis violation fix pattern-based automated program repair.
It applies fix patterns of violations to semantic bugs by mutating the buggy code to generate patches.
AVATAR consists of four basic process: fault localization, fix pattern selection, patch generation and patch validation,
which is similar to the process of normal generate-and-validate APR systems.
For a buggy program with its passing and failing tests, firstly, we use Gzoltar and Ochiai to identify suspicious code positions.
With identified suspicious code, AVATAR parses the suspicious code fragment into AST and selects fix patterns with AST context information.
The suspicious source code is further mutated to generate patch candidates by following the edit scripts of selected fix patterns.
For example,
This bug is matched with this fix pattern. Following its edit script, AVATAR mutates the buggy code and can generate three patch candidates by removing an expression in the if statement.
Finally, the generated patch candidates are validated by test cases.
Only the patch candidate that can pass all test cases is selected as the plausible patch of the buggy program.
In this study, we focus on the three research questions.
We directly use the fix patterns released in our previous study and Rolim’s work as the fix patterns of AVATAR.
We further evaluate AVATAR with Defects4J dataset.
RQ1▶AVATAR
demonstrates the usefulness of violation fix patterns in a scenario of automating some maintenance tasks involving systematic checking of developer code with static checkers.
RQ1▶AVATAR can effectively fix several semantic bugs from the Defects4J dataset. We even observe that the fine-grained fix ingredients can be helpful to target bugs with multiple faulty code locations.
AVATAR exploits a variety of fix ingredients from static violations fix patterns to address a diverse set of bug patterns in the Defects4J dataset.
RQ3 ▶ In terms of quantity and quality of generated plausible patches, AVATAR addresses more bugs than its immediate competitors. Nevertheless, we note that AVATAR is actually complementary to the other state-of-the-art APR systems, fixing bugs that others do not fix.
RQ3 ▶ AVATAR underperforms against some of the most recent APR systems. Nevertheless, AVATAR is still complementary to them as it is capable of addressing some Defects4J bugs that the state-of-the-art cannot fix