SlideShare ist ein Scribd-Unternehmen logo

AVATAR : Fixing Semantic Bugs with Fix Patterns of Static Analysis Violations

Als PPTX, PDF herunterladen
Dongsun Kim
Dongsun Kim

Fix pattern-based patch generation is a promising direction in Automated Program Repair (APR). Notably, it has been demonstrated to produce more acceptable and correct patches than the patches obtained with mutation operators through genetic programming. The performance of pattern-based APR systems, however, depends on the fix ingredients mined from fix changes in development histories. Unfortunately, collecting a reliable set of bug fixes in repositories can be challenging. In this paper, we propose to investigate the possibility in an APR scenario of leveraging code changes that address violations by static bug detection tools. To that end, we build the AVATAR APR system, which exploits fix patterns of static analysis violations as ingredients for patch generation. Evaluated on the Defects4J benchmark, we show that, assuming a perfect localization of faults, AVATAR can generate correct patches to fix 34/39 bugs. We further find that AVATAR yields performance metrics that are comparable to that of the closely-related approaches in the literature. While AVATAR outperforms many of the state-of-the- art pattern-based APR systems, it is mostly complementary to current approaches. Overall, our study highlights the relevance of static bug finding tools as indirect contributors of fix ingredients for addressing code defects identified with functional test cases.

Technologie
1 von 25
AVATAR: Fixing Semantic Bugs with Fix Patterns of Static Analysis Violations Kui Liu, Anil Koyuncu, Dongsun Kim, and Tegawendé F. Bissyandé SnT, University of Luxembourg, Luxembourg @ Hangzhou, China, 26th SANER 2019February 27, 2019
1 > Static Code Analysis Static Analysis Tools can detect: 1. Security Vulnerabilities, 2. Performance Issues, 3. Bad Programming Practices (so-called Code Smells).InferErrorProne These are called Violations , Alarms, or Alerts.
2 > Example of Fixing a Static Analysis Violation @Override public boolean equals(Object obj) { return getModule().equals(((ModuleWrapper) obj).getModule()); } // Violation Type: // BC_EQUALS_METHOD_SHOULD_WORK_FOR_ALL_OBJECTS @Override public boolean equals(Object obj) { - return getModule().equals(((ModuleWrapper) obj).getModule()); + return obj instanceof ModuleWrapper && + getModule().equals(((ModuleWrapper) obj).getModule()); } Developer’s Patch
3 > Fix Patterns of Static Analysis Violations [29] Kui Liu, Dongsun Kim, Tegawendé F. Bissyandé, Shin Yoo, and Yves Le Traon, “Mining fix patterns for findbugs violations,” IEEE Transactions on Software Engineering, 2018. [30] R. Rolim, G. Soares, R. Gheyi, and L. D’Antoni, “Learning quick fixes from code repositories,” arXiv preprint arXiv:1803.03806, 2018 PATCH### Violation Type :BC_EQUALS_METHOD_SHOULD_WORK_FOR_ALL_OBJECTS - return exp1().equals(((T)obj).exp2()); + return obj instanceof T && exp1().equals(((T)obj).exp2()); Pattern with AST Diff###: UPD ReturnStatement ---INS InfixExpression ------MOV MethodInvocation ------INS InstanceofExpression ---------INS Variable ---------INS Instanceof ---------INS SimpleType ------INS Operator Live Study
4 > Are static analysis tools good bug detectors? [32] Andrew Habib and Michael Pradel, “How many of all bugs do we find? a study of static bug detectors,” in Proceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering. 2018, pp. 317–328. Tool Bugs Error Prone 8 Infer 5 SpotBugs 18 Total 31 Total of 27 unique bugs. # bugs found by static analysis tools in Defects4J dataset.
5 > Idea for a new direction Tool Bugs Error Prone 8 Infer 5 SpotBugs 18 Total 31 Total of 27 unique bugs. # Defects4J bugs found by static analysis tools. Pattern with AST Diff###: UPD ReturnStatement ---INS InfixExpression ------MOV MethodInvocation ------INS InstanceofExpression ---------INS Variable ---------INS Instanceof ---------INS SimpleType ------INS Operator Live Study Fix Patterns of Static Analysis Violations
6 > Fix Pattern based APR Systems PAR ELIXIR Genesis SOFix HDRepair NPEfix SketchFix CapGen SimFix 1. Manual Summarization of Human-written Patches. 2. Mining fix patterns. 3. Pre-definition of fix patterns. 4. Statistics on code change actions of patches. How about the fix patterns of static analysis violations?
7 Static analysis violation fix patterns: • They are recurrent and consistent in projects. • Fixes are very reliable (They are assessed by detection tools), and consistent (simple and recurrent). • Eventually, mined fix patterns are reliable. > Static Violation Fix Patterns vs. Semantic Bugs Semantic Bugs: Making the program behavior deviate from developer’s intention [1] [17]. Generally detected through dynamic testing.
8 > Motivating Example --- a/src/com/google/javascript/jscomp/Compiler.java +++ b/src/com/google/javascript/jscomp/Compiler.java @@ -1283,4 +1283,3 @@ // Check if the sources need to be re-ordered. if (options.dependencyOptions.needsManagement() && - !options.skipAllPasses && options.closurePass) { // Patch diff at AST level. UPD IfStatement@@‘‘if statement code’’ ---UPD InfixExpression@@‘‘infix-expression code’’ ------DEL PrefixExpression@@‘‘!options.skipAllPasses’’ ------DEL Operator@@‘‘&’’ // Fix Pattern: Remove a useless sub-predicate expression. UPD IfStatement ---UPD InfixExpression@expA Operator expB ------DEL Expression@expB ------DEL Operator A fix pattern for UC_USELESS_CONDITION violation [29]. Developer’s patch of fixing the bug Closure-13in Defects4J.
9 > AVATAR: Static analysis violation fix pattern-based automated program repair Fix patterns of static violations
10 AVATAR DESIGN
11 > AVATAR basic workflow Patch Generation Patch Validation Fix Pattern Selection Fault Localization AVATAR
12 Fault Localization Technique A Ranked List of Suspicious Code Locations Buggy Program Passing tests tests Failing Fault Localization > AVATAR: Fault Localization Gzoltar with Ochiai.
13 Selected fix pattern Fix Pattern Selection Fault Localization Technique Buggy Program Passing tests tests Failing Fix pattern data base < Code Fragment > Select relevant fix patterns Fault Localization > AVATAR: Fix Pattern Selection A Ranked List of Suspicious Code Locations < Code Fragment >
14 Patch CandidatesSelected fix pattern Patch Generation Fault Localization Technique Buggy Program Passing tests tests Failing Fix pattern data base Mutate suspicious code Next fix pattern Next suspicious code location > AVATAR: Patch Generation Fix Pattern Selection < Code Fragment > Select relevant fix patterns Fault Localization A Ranked List of Suspicious Code Locations // Buggy code of Closure-13 in Defects4J dataset. if (options.dependencyOptions.needsManagement() && !options.skipAllPasses && options.closurePass) { // Fix Pattern: Remove a useless sub-predicate expression. UPD IfStatement ---UPD InfixExpression@expA Operator expB ------DEL Expression@expB ------DEL Operator // Patch Candidate I. - if (options.dependencyOptions.needsManagement() && - !options.skipAllPasses && + if (!options.skipAllPasses && options.closurePass) { // Patch Candidate II. if (options.dependencyOptions.needsManagement() && - !options.skipAllPasses && options.closurePass) { // Patch Candidate III. if (options.dependencyOptions.needsManagement() && - !options.skipAllPasses && - options.closurePass) { + !options.skipAllPasses) {
15 Patch CandidatesSelected fix pattern Patch Generation Pass Fail Patch Validation Patch Testing Fault Localization Technique Buggy Program Passing tests tests Failing Fix pattern data base Mutate suspicious code Next fix pattern Next suspicious code location Next patch candidate > AVATAR: Patch Validation Fix Pattern Selection < Code Fragment > Select relevant fix patterns Fault Localization A Ranked List of Suspicious Code Locations
16 ASSESSMENT
17 RQ1: How effective are fix patterns of static analysis violations for repairing programs with semantic bugs? RQ2: Which bugs and which patterns are relevant targets for AVATAR in an automated program repair scenario? RQ3: How does AVATAR compare to the state-of-the-art APR tools with respect to repair performance? > RQs: Research Questions
18 > Fix Patterns and Benchmark # Projects # violation fix patches # violation types # fix patterns Liu et al. [29] 730 88,927 111 174 Rolim et al. [30] 9 288,899 9 9 Statistics on Fix Patterns of Static Analysis Violations. Project # Bugs # kLoc # Tests Chart 26 96 2,205 Closure 133 90 7,927 Lang 65 22 2,245 Math 106 85 3,602 Mockito 38 11 1,457 Time 27 28 4,130 Total 395 332 21,566 Defects4J Dataset Information.
19 > RQ1: Fix bugs which can be localized by static analysis tools Bug ID SpotBugs Infer ErrorProne Static Analysis Violation Type Chart-1 ✔ ✔ NP_ALWAYS_NULL Chart-4 ✔ ✔ NP_NULL_ON_SOME_PATH Chart-24 ✔ DLS_DEAD_LOCAL_STORE Math-77 ✔ UPM_UNCALLED_PRIVATE_METHOD Statically-Detected Bugs Fixed by AVATAR. AVATAR demonstrates the usefulness of violation fix patterns in a scenario of automating some maintenance tasks involving systematic checking of developer code with static checkers.
20 > RQ1: Fix Bugs with perfect fault localization Fixed Bugs Chart (C) Closure (Cl) Lang (L) Math (M) Mockito (Moc) Time (T) Total # of fully fixed bugs 7/8 10/13 5/10 8/13 2/2 2/3 34/49 # of partially fixed bugs 2/3 1/4 1/3 1/4 0/0 0/0 5/14 Number of Defects4J Bugs Fixed by AVATAR with an Assumption of Perfect Localization Information. AVATAR can effectively fix several semantic bugs from the Defects4J dataset.
21 > RQ2: Why AVATAR can fix semantic bugs? Violation Types associated with fix patterns Fix ingredients from the violation fix patterns Fixed Bugs Bug Patterns Repair Actions NP_ALWAYS_NULL Mutate the operator of null-check expression: “var != == null”, or “var == != null”. C-1 Conditional expression modification. Logic expression modification. NP_NULL_ON_SOME_PATH 1. Wrap buggy code with if-non-null-check block: “if (var != null) {buggy code}”; 2. Insert if-null-check block before buggy code: “if (var == null) {return false;} buggy code;” or “if (var == null) {return null;} buggy code;” or “if (var == null) {throw IllegalArgumentException.} buggy code;” C-4, 26. Missing non-null check addition Conditional (if) branch addition C-14, 19, 25, Cl-2, M-4, Moc-29, 38. Missing null check addition Conditional (if) branch addition. DLS_DEAD_LOCAL_STORE Replace a variable with other one: e.g., “var1 = var2 var3;”. C-11, 24, L-6, 57, 59, M-33, 59, T-7. Wrong variable reference Variable replacement by another variable. UC_USELESS_CONDITION 1. Mutate the operator of an expression in an if statement: e.g., “if (expA > >= expB) {...}”; 2. Remove a sub-predicate expression in an if statement: “if (expA || expB) {...}” or “if (expA || expB) {...}”; 3. Remove the conditional expression: “expA ? expB : expC” or “expA ? expB : expC”. Cl-38. Logic expression expansion Conditional expression expansion. Cl-18, 31, L-15. Logic expression reduction Conditional expression reduction Cl-62, 63, 73, M-82, 85, T-19 Logic expression modification Conditional expression modification. UCF_USELESS_CONTROL_FLOW 1. Remove an if statement but keep the code inside its block: “if (exp) { code }”; 2. Remove an if statement with its block code: “if (exp) { code }”. C-18, Cl-106, M-46. Unwraps-from if-else statement Conditional (if or else) branch removal. Cl-115, 126, L-7, 10, M-50. Conditional block removal Conditional (if or else) branch removal UPM_UNCALLED_PRIVATE_MET HOD Remove a method declaration: “Modifier ReutrnType methodName(Parameters) { code }”. Cl-46, M-77. Unclassified Method definition removal. BC_UNCONFIRMED_CAST Wrap buggy code with if-instanceof-check block: “if (var instanceof Type) {buggy code} else {throw IllegalArgumentException;}” M-89. Wraps-with if-else statement Conditional (if-else) branches addition AVATAR exploits a variety of fix ingredients from static violations fix patterns to address a diverse set of bug patterns in the Defects4J dataset.
22 > RQ3: Comparing bug fix performance with state-of-the-art APR tools APR Tool Chart Closure Lang Math Mockito Time Total AVATAR Fully Fixed 5/12 8/12 5/11 6/13 2/2 1/3 27/53 Partially Fixed 1/2 1/1 0/2 1/3 0/0 0/0 3/8 jGenProg 0/7 0/0 0/0 5/18 0/0 0/2 5/27 jKali 0/6 0/0 0/0 1/14 0/0 0/2 1/22 jMutRepair 1/4 0/0 0/1 2/11 0/0 0/1 3/17 Nopol 1/6 0/0 3/7 1/21 0/0 0/1 5/35 HDRepair 0/2 0/7 2/6 4/7 0/0 0/1 6/23 FixMiner 5/8 5/5 2/3 12/14 0/0 1/1 25/31 LSRepair 3/8 0/0 8/14 7/14 1/1 0/0 19/37 ACS 2/2 0/0 3/4 12/16 0/0 1/1 18/23 ELIXIR 4/7 0/0 8/12 12/19 0/0 2/3 26/41 JAID 2/4 5/11 1/8 1/8 0/0 0/0 9/31 ssFix 3/7 2/11 5/12 10/26 0/0 0/4 20/60 CapGen 4/4 0/0 5/5 12/16 0/0 0/0 21/25 SketchFix 6/8 3/5 3/4 7/8 0/0 0/1 19/26 SimFix 4/8 6/8 9/13 14/26 0/0 1/1 34/56 Cl-2,31,46, L-7,10, M-46, Moc-29,38. AVATAR is comparable and complementary to the other state-of- the-art APR systems.
23 > Conclusion 1. AVATAR demonstrates the usefulness of violation fix patterns for effectively fixing several semantic bugs from the Defects4J dataset. 2. AVATAR exploits a variety of fix ingredients.  It can address a diverse set of bug types in the Defects4J dataset. 3. AVATAR is comparable and complementary to the state-of- the-art APR systems. AVATAR can fix 8 new bugs which had not been fix by the state-of-the-art.
24 > Summary 14 Patch CandidatesSelected fix pattern Patch Generation Pass Fail Patch Validation Patch Testing Fault Localization with GZoltar Buggy Program Passing tests tests Failing Fix pattern data base Mutate suspicious code Next fix pattern Next suspicious code location Next patch candidate > AVATAR Overview Fix Pattern Matching < Code Fragment > Select relevant fix patterns Fault Localization A Ranked List of Suspicious Code Locations https://github.com/SerVal-DTF/AVATAR

Empfohlen

iFixR: Bug Report Driven Program Repair
iFixR: Bug Report Driven Program RepairiFixR: Bug Report Driven Program Repair
iFixR: Bug Report Driven Program RepairDongsun Kim
 
Bench4BL: Reproducibility Study on the Performance of IR-Based Bug Localization
Bench4BL: Reproducibility Study on the Performance of IR-Based Bug LocalizationBench4BL: Reproducibility Study on the Performance of IR-Based Bug Localization
Bench4BL: Reproducibility Study on the Performance of IR-Based Bug LocalizationDongsun Kim
 
A Closer Look at Real-World Patches
A Closer Look at Real-World PatchesA Closer Look at Real-World Patches
A Closer Look at Real-World PatchesDongsun Kim
 
Mining Fix Patterns for FindBugs Violations
Mining Fix Patterns for FindBugs ViolationsMining Fix Patterns for FindBugs Violations
Mining Fix Patterns for FindBugs ViolationsDongsun Kim
 
You Cannot Fix What You Cannot Find! --- An Investigation of Fault Localizati...
You Cannot Fix What You Cannot Find! --- An Investigation of Fault Localizati...You Cannot Fix What You Cannot Find! --- An Investigation of Fault Localizati...
You Cannot Fix What You Cannot Find! --- An Investigation of Fault Localizati...Dongsun Kim
 
TBar: Revisiting Template-based Automated Program Repair
TBar: Revisiting Template-based Automated Program RepairTBar: Revisiting Template-based Automated Program Repair
TBar: Revisiting Template-based Automated Program RepairDongsun Kim
 
LSRepair: Live Search of Fix Ingredients for Automated Program Repair
LSRepair: Live Search of Fix Ingredients for Automated Program RepairLSRepair: Live Search of Fix Ingredients for Automated Program Repair
LSRepair: Live Search of Fix Ingredients for Automated Program RepairDongsun Kim
 
Learning to Spot and Refactor Inconsistent Method Names
Learning to Spot and Refactor Inconsistent Method NamesLearning to Spot and Refactor Inconsistent Method Names
Learning to Spot and Refactor Inconsistent Method NamesDongsun Kim
 

Empfohlen

iFixR: Bug Report Driven Program Repair
iFixR: Bug Report Driven Program RepairiFixR: Bug Report Driven Program Repair
iFixR: Bug Report Driven Program RepairDongsun Kim
 
Bench4BL: Reproducibility Study on the Performance of IR-Based Bug Localization
Bench4BL: Reproducibility Study on the Performance of IR-Based Bug LocalizationBench4BL: Reproducibility Study on the Performance of IR-Based Bug Localization
Bench4BL: Reproducibility Study on the Performance of IR-Based Bug LocalizationDongsun Kim
 
A Closer Look at Real-World Patches
A Closer Look at Real-World PatchesA Closer Look at Real-World Patches
A Closer Look at Real-World PatchesDongsun Kim
 
Mining Fix Patterns for FindBugs Violations
Mining Fix Patterns for FindBugs ViolationsMining Fix Patterns for FindBugs Violations
Mining Fix Patterns for FindBugs ViolationsDongsun Kim
 
You Cannot Fix What You Cannot Find! --- An Investigation of Fault Localizati...
You Cannot Fix What You Cannot Find! --- An Investigation of Fault Localizati...You Cannot Fix What You Cannot Find! --- An Investigation of Fault Localizati...
You Cannot Fix What You Cannot Find! --- An Investigation of Fault Localizati...Dongsun Kim
 
TBar: Revisiting Template-based Automated Program Repair
TBar: Revisiting Template-based Automated Program RepairTBar: Revisiting Template-based Automated Program Repair
TBar: Revisiting Template-based Automated Program RepairDongsun Kim
 
LSRepair: Live Search of Fix Ingredients for Automated Program Repair
LSRepair: Live Search of Fix Ingredients for Automated Program RepairLSRepair: Live Search of Fix Ingredients for Automated Program Repair
LSRepair: Live Search of Fix Ingredients for Automated Program RepairDongsun Kim
 
Learning to Spot and Refactor Inconsistent Method Names
Learning to Spot and Refactor Inconsistent Method NamesLearning to Spot and Refactor Inconsistent Method Names
Learning to Spot and Refactor Inconsistent Method NamesDongsun Kim
 
Impact of Tool Support in Patch Construction
Impact of Tool Support in Patch ConstructionImpact of Tool Support in Patch Construction
Impact of Tool Support in Patch ConstructionDongsun Kim
 
150412 38 beamer methods of binary analysis
150412 38 beamer methods of binary analysis150412 38 beamer methods of binary analysis
150412 38 beamer methods of binary analysisRaghu Palakodety
 
Software Testing for Data Scientists
Software Testing for Data ScientistsSoftware Testing for Data Scientists
Software Testing for Data ScientistsAjay Ohri
 
Software Testing and the R language
Software Testing and the R languageSoftware Testing and the R language
Software Testing and the R languageLou Bajuk
 
Finding latent code errors via machine learning over program ...
Finding latent code errors via machine learning over program ...Finding latent code errors via machine learning over program ...
Finding latent code errors via machine learning over program ...butest
 
Are current antivirus programs able to detect complex metamorphic malware an ...
Are current antivirus programs able to detect complex metamorphic malware an ...Are current antivirus programs able to detect complex metamorphic malware an ...
Are current antivirus programs able to detect complex metamorphic malware an ...UltraUploader
 
Detection of vulnerabilities in programs with the help of code analyzers
Detection of vulnerabilities in programs with the help of code analyzersDetection of vulnerabilities in programs with the help of code analyzers
Detection of vulnerabilities in programs with the help of code analyzersPVS-Studio
 
Known XML Vulnerabilities Are Still a Threat to Popular Parsers ! & Open Sour...
Known XML Vulnerabilities Are Still a Threat to Popular Parsers ! & Open Sour...Known XML Vulnerabilities Are Still a Threat to Popular Parsers ! & Open Sour...
Known XML Vulnerabilities Are Still a Threat to Popular Parsers ! & Open Sour...Lionel Briand
 
Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)IJERD Editor
 
Sta unit 3(abimanyu)
Sta unit 3(abimanyu)Sta unit 3(abimanyu)
Sta unit 3(abimanyu)Abhimanyu Mishra
 
Partitioning Composite Code Changes to Facilitate Code Review (MSR2015)
Partitioning Composite Code Changes to Facilitate Code Review (MSR2015)Partitioning Composite Code Changes to Facilitate Code Review (MSR2015)
Partitioning Composite Code Changes to Facilitate Code Review (MSR2015)Sung Kim
 
PVS-Studio advertisement - static analysis of C/C++ code
PVS-Studio advertisement - static analysis of C/C++ codePVS-Studio advertisement - static analysis of C/C++ code
PVS-Studio advertisement - static analysis of C/C++ codePVS-Studio
 
Multi step automated refactoring for code smell
Multi step automated refactoring for code smellMulti step automated refactoring for code smell
Multi step automated refactoring for code smelleSAT Journals
 
Multi step automated refactoring for code smell
Multi step automated refactoring for code smellMulti step automated refactoring for code smell
Multi step automated refactoring for code smelleSAT Publishing House
 
Code-Review-COW56-Meeting
Code-Review-COW56-MeetingCode-Review-COW56-Meeting
Code-Review-COW56-MeetingMasud Rahman
 
IRJET- Code Cloning using Abstract Syntax Tree
IRJET- Code Cloning using Abstract Syntax TreeIRJET- Code Cloning using Abstract Syntax Tree
IRJET- Code Cloning using Abstract Syntax TreeIRJET Journal
 
Xp Day 080506 Unit Tests And Mocks
Xp Day 080506 Unit Tests And MocksXp Day 080506 Unit Tests And Mocks
Xp Day 080506 Unit Tests And Mocksguillaumecarre
 
On the Diffusion of Test Smells in Automatically Generated Test Code: An Empi...
On the Diffusion of Test Smells in Automatically Generated Test Code: An Empi...On the Diffusion of Test Smells in Automatically Generated Test Code: An Empi...
On the Diffusion of Test Smells in Automatically Generated Test Code: An Empi...Fabio Palomba
 
A method for detecting obfuscated calls in malicious binaries
A method for detecting obfuscated calls in malicious binariesA method for detecting obfuscated calls in malicious binaries
A method for detecting obfuscated calls in malicious binariesUltraUploader
 
Are metamorphic viruses really invincible
Are metamorphic viruses really invincibleAre metamorphic viruses really invincible
Are metamorphic viruses really invincibleUltraUploader
 
PVS-Studio and static code analysis technique
PVS-Studio and static code analysis techniquePVS-Studio and static code analysis technique
PVS-Studio and static code analysis techniqueAndrey Karpov
 
Static Analysis
Static AnalysisStatic Analysis
Static Analysisalice yang
 

Weitere ähnliche Inhalte

Was ist angesagt?

Impact of Tool Support in Patch Construction
Impact of Tool Support in Patch ConstructionImpact of Tool Support in Patch Construction
Impact of Tool Support in Patch ConstructionDongsun Kim
 
150412 38 beamer methods of binary analysis
150412 38 beamer methods of binary analysis150412 38 beamer methods of binary analysis
150412 38 beamer methods of binary analysisRaghu Palakodety
 
Software Testing for Data Scientists
Software Testing for Data ScientistsSoftware Testing for Data Scientists
Software Testing for Data ScientistsAjay Ohri
 
Software Testing and the R language
Software Testing and the R languageSoftware Testing and the R language
Software Testing and the R languageLou Bajuk
 
Finding latent code errors via machine learning over program ...
Finding latent code errors via machine learning over program ...Finding latent code errors via machine learning over program ...
Finding latent code errors via machine learning over program ...butest
 
Are current antivirus programs able to detect complex metamorphic malware an ...
Are current antivirus programs able to detect complex metamorphic malware an ...Are current antivirus programs able to detect complex metamorphic malware an ...
Are current antivirus programs able to detect complex metamorphic malware an ...UltraUploader
 
Detection of vulnerabilities in programs with the help of code analyzers
Detection of vulnerabilities in programs with the help of code analyzersDetection of vulnerabilities in programs with the help of code analyzers
Detection of vulnerabilities in programs with the help of code analyzersPVS-Studio
 
Known XML Vulnerabilities Are Still a Threat to Popular Parsers ! & Open Sour...
Known XML Vulnerabilities Are Still a Threat to Popular Parsers ! & Open Sour...Known XML Vulnerabilities Are Still a Threat to Popular Parsers ! & Open Sour...
Known XML Vulnerabilities Are Still a Threat to Popular Parsers ! & Open Sour...Lionel Briand
 
Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)IJERD Editor
 
Partitioning Composite Code Changes to Facilitate Code Review (MSR2015)
Partitioning Composite Code Changes to Facilitate Code Review (MSR2015)Partitioning Composite Code Changes to Facilitate Code Review (MSR2015)
Partitioning Composite Code Changes to Facilitate Code Review (MSR2015)Sung Kim
 
PVS-Studio advertisement - static analysis of C/C++ code
PVS-Studio advertisement - static analysis of C/C++ codePVS-Studio advertisement - static analysis of C/C++ code
PVS-Studio advertisement - static analysis of C/C++ codePVS-Studio
 
Multi step automated refactoring for code smell
Multi step automated refactoring for code smellMulti step automated refactoring for code smell
Multi step automated refactoring for code smelleSAT Journals
 
Multi step automated refactoring for code smell
Multi step automated refactoring for code smellMulti step automated refactoring for code smell
Multi step automated refactoring for code smelleSAT Publishing House
 
Code-Review-COW56-Meeting
Code-Review-COW56-MeetingCode-Review-COW56-Meeting
Code-Review-COW56-MeetingMasud Rahman
 
IRJET- Code Cloning using Abstract Syntax Tree
IRJET- Code Cloning using Abstract Syntax TreeIRJET- Code Cloning using Abstract Syntax Tree
IRJET- Code Cloning using Abstract Syntax TreeIRJET Journal
 
Xp Day 080506 Unit Tests And Mocks
Xp Day 080506 Unit Tests And MocksXp Day 080506 Unit Tests And Mocks
Xp Day 080506 Unit Tests And Mocksguillaumecarre
 
On the Diffusion of Test Smells in Automatically Generated Test Code: An Empi...
On the Diffusion of Test Smells in Automatically Generated Test Code: An Empi...On the Diffusion of Test Smells in Automatically Generated Test Code: An Empi...
On the Diffusion of Test Smells in Automatically Generated Test Code: An Empi...Fabio Palomba
 
A method for detecting obfuscated calls in malicious binaries
A method for detecting obfuscated calls in malicious binariesA method for detecting obfuscated calls in malicious binaries
A method for detecting obfuscated calls in malicious binariesUltraUploader
 
Are metamorphic viruses really invincible
Are metamorphic viruses really invincibleAre metamorphic viruses really invincible
Are metamorphic viruses really invincibleUltraUploader
 

Was ist angesagt? (20)

Impact of Tool Support in Patch Construction
Impact of Tool Support in Patch ConstructionImpact of Tool Support in Patch Construction
Impact of Tool Support in Patch Construction
 
150412 38 beamer methods of binary analysis
150412 38 beamer methods of binary analysis150412 38 beamer methods of binary analysis
150412 38 beamer methods of binary analysis
 
Software Testing for Data Scientists
Software Testing for Data ScientistsSoftware Testing for Data Scientists
Software Testing for Data Scientists
 
Software Testing and the R language
Software Testing and the R languageSoftware Testing and the R language
Software Testing and the R language
 
Finding latent code errors via machine learning over program ...
Finding latent code errors via machine learning over program ...Finding latent code errors via machine learning over program ...
Finding latent code errors via machine learning over program ...
 
Are current antivirus programs able to detect complex metamorphic malware an ...
Are current antivirus programs able to detect complex metamorphic malware an ...Are current antivirus programs able to detect complex metamorphic malware an ...
Are current antivirus programs able to detect complex metamorphic malware an ...
 
Detection of vulnerabilities in programs with the help of code analyzers
Detection of vulnerabilities in programs with the help of code analyzersDetection of vulnerabilities in programs with the help of code analyzers
Detection of vulnerabilities in programs with the help of code analyzers
 
Known XML Vulnerabilities Are Still a Threat to Popular Parsers ! & Open Sour...
Known XML Vulnerabilities Are Still a Threat to Popular Parsers ! & Open Sour...Known XML Vulnerabilities Are Still a Threat to Popular Parsers ! & Open Sour...
Known XML Vulnerabilities Are Still a Threat to Popular Parsers ! & Open Sour...
 
Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)
 
Sta unit 3(abimanyu)
Sta unit 3(abimanyu)Sta unit 3(abimanyu)
Sta unit 3(abimanyu)
 
Partitioning Composite Code Changes to Facilitate Code Review (MSR2015)
Partitioning Composite Code Changes to Facilitate Code Review (MSR2015)Partitioning Composite Code Changes to Facilitate Code Review (MSR2015)
Partitioning Composite Code Changes to Facilitate Code Review (MSR2015)
 
PVS-Studio advertisement - static analysis of C/C++ code
PVS-Studio advertisement - static analysis of C/C++ codePVS-Studio advertisement - static analysis of C/C++ code
PVS-Studio advertisement - static analysis of C/C++ code
 
Multi step automated refactoring for code smell
Multi step automated refactoring for code smellMulti step automated refactoring for code smell
Multi step automated refactoring for code smell
 
Multi step automated refactoring for code smell
Multi step automated refactoring for code smellMulti step automated refactoring for code smell
Multi step automated refactoring for code smell
 
Code-Review-COW56-Meeting
Code-Review-COW56-MeetingCode-Review-COW56-Meeting
Code-Review-COW56-Meeting
 
IRJET- Code Cloning using Abstract Syntax Tree
IRJET- Code Cloning using Abstract Syntax TreeIRJET- Code Cloning using Abstract Syntax Tree
IRJET- Code Cloning using Abstract Syntax Tree
 
Xp Day 080506 Unit Tests And Mocks
Xp Day 080506 Unit Tests And MocksXp Day 080506 Unit Tests And Mocks
Xp Day 080506 Unit Tests And Mocks
 
On the Diffusion of Test Smells in Automatically Generated Test Code: An Empi...
On the Diffusion of Test Smells in Automatically Generated Test Code: An Empi...On the Diffusion of Test Smells in Automatically Generated Test Code: An Empi...
On the Diffusion of Test Smells in Automatically Generated Test Code: An Empi...
 
A method for detecting obfuscated calls in malicious binaries
A method for detecting obfuscated calls in malicious binariesA method for detecting obfuscated calls in malicious binaries
A method for detecting obfuscated calls in malicious binaries
 
Are metamorphic viruses really invincible
Are metamorphic viruses really invincibleAre metamorphic viruses really invincible
Are metamorphic viruses really invincible
 

Ähnlich wie AVATAR : Fixing Semantic Bugs with Fix Patterns of Static Analysis Violations

PVS-Studio and static code analysis technique
PVS-Studio and static code analysis techniquePVS-Studio and static code analysis technique
PVS-Studio and static code analysis techniqueAndrey Karpov
 
Static Analysis
Static AnalysisStatic Analysis
Static Analysisalice yang
 
Parasoft .TEST, Write better C# Code Using Data Flow Analysis
Parasoft .TEST, Write better C# Code Using Data Flow Analysis Parasoft .TEST, Write better C# Code Using Data Flow Analysis
Parasoft .TEST, Write better C# Code Using Data Flow Analysis Engineering Software Lab
 
Talos: Neutralizing Vulnerabilities with Security Workarounds for Rapid Respo...
Talos: Neutralizing Vulnerabilities with Security Workarounds for Rapid Respo...Talos: Neutralizing Vulnerabilities with Security Workarounds for Rapid Respo...
Talos: Neutralizing Vulnerabilities with Security Workarounds for Rapid Respo...Zhen Huang
 
ANOTHER BRICK OFF THE WALL: DECONSTRUCTING WEB APPLICATION FIREWALLS USING AU...
ANOTHER BRICK OFF THE WALL: DECONSTRUCTING WEB APPLICATION FIREWALLS USING AU...ANOTHER BRICK OFF THE WALL: DECONSTRUCTING WEB APPLICATION FIREWALLS USING AU...
ANOTHER BRICK OFF THE WALL: DECONSTRUCTING WEB APPLICATION FIREWALLS USING AU...Ioannis Stais
 
Applying Anti-Reversing Techniques to Java Bytecode
Applying Anti-Reversing Techniques to Java BytecodeApplying Anti-Reversing Techniques to Java Bytecode
Applying Anti-Reversing Techniques to Java BytecodeTeodoro Cipresso
 
Automated Testing for SQL Injection Vulnerabilities: An Input Mutation Approach
Automated Testing for SQL Injection Vulnerabilities: An Input Mutation ApproachAutomated Testing for SQL Injection Vulnerabilities: An Input Mutation Approach
Automated Testing for SQL Injection Vulnerabilities: An Input Mutation ApproachLionel Briand
 
Effective and Efficient API Misuse Detection via Exception Propagation and Se...
Effective and Efficient API Misuse Detection via Exception Propagation and Se...Effective and Efficient API Misuse Detection via Exception Propagation and Se...
Effective and Efficient API Misuse Detection via Exception Propagation and Se...XavierDevroey
 
JAVASCRIPT TDD(Test driven Development) & Qunit Tutorial
JAVASCRIPT TDD(Test driven Development) & Qunit TutorialJAVASCRIPT TDD(Test driven Development) & Qunit Tutorial
JAVASCRIPT TDD(Test driven Development) & Qunit TutorialAnup Singh
 
Looking for Bugs in MonoDevelop
Looking for Bugs in MonoDevelopLooking for Bugs in MonoDevelop
Looking for Bugs in MonoDevelopPVS-Studio
 
Evaluating Model Testing and Model Checking for Finding Requirements Violatio...
Evaluating Model Testing and Model Checking for Finding Requirements Violatio...Evaluating Model Testing and Model Checking for Finding Requirements Violatio...
Evaluating Model Testing and Model Checking for Finding Requirements Violatio...Lionel Briand
 
Java - Exception Handling Concepts
Java - Exception Handling ConceptsJava - Exception Handling Concepts
Java - Exception Handling ConceptsVicter Paul
 
SSBSE 2020 keynote
SSBSE 2020 keynoteSSBSE 2020 keynote
SSBSE 2020 keynoteShiva Nejati
 
ISTQB Advanced Study Guide - 7
ISTQB Advanced Study Guide - 7ISTQB Advanced Study Guide - 7
ISTQB Advanced Study Guide - 7Yogindernath Gupta
 
Presentation by Lionel Briand
Presentation by Lionel BriandPresentation by Lionel Briand
Presentation by Lionel BriandPtidej Team
 
Static and Dynamic Code Analysis
Static and Dynamic Code AnalysisStatic and Dynamic Code Analysis
Static and Dynamic Code AnalysisAndrey Karpov
 

Ähnlich wie AVATAR : Fixing Semantic Bugs with Fix Patterns of Static Analysis Violations (20)

PVS-Studio and static code analysis technique
PVS-Studio and static code analysis techniquePVS-Studio and static code analysis technique
PVS-Studio and static code analysis technique
 
Static Analysis
Static AnalysisStatic Analysis
Static Analysis
 
Parasoft .TEST, Write better C# Code Using Data Flow Analysis
Parasoft .TEST, Write better C# Code Using Data Flow Analysis Parasoft .TEST, Write better C# Code Using Data Flow Analysis
Parasoft .TEST, Write better C# Code Using Data Flow Analysis
 
Talos: Neutralizing Vulnerabilities with Security Workarounds for Rapid Respo...
Talos: Neutralizing Vulnerabilities with Security Workarounds for Rapid Respo...Talos: Neutralizing Vulnerabilities with Security Workarounds for Rapid Respo...
Talos: Neutralizing Vulnerabilities with Security Workarounds for Rapid Respo...
 
ANOTHER BRICK OFF THE WALL: DECONSTRUCTING WEB APPLICATION FIREWALLS USING AU...
ANOTHER BRICK OFF THE WALL: DECONSTRUCTING WEB APPLICATION FIREWALLS USING AU...ANOTHER BRICK OFF THE WALL: DECONSTRUCTING WEB APPLICATION FIREWALLS USING AU...
ANOTHER BRICK OFF THE WALL: DECONSTRUCTING WEB APPLICATION FIREWALLS USING AU...
 
Debug me
Debug meDebug me
Debug me
 
Applying Anti-Reversing Techniques to Java Bytecode
Applying Anti-Reversing Techniques to Java BytecodeApplying Anti-Reversing Techniques to Java Bytecode
Applying Anti-Reversing Techniques to Java Bytecode
 
Automated Testing for SQL Injection Vulnerabilities: An Input Mutation Approach
Automated Testing for SQL Injection Vulnerabilities: An Input Mutation ApproachAutomated Testing for SQL Injection Vulnerabilities: An Input Mutation Approach
Automated Testing for SQL Injection Vulnerabilities: An Input Mutation Approach
 
Price of an Error
Price of an ErrorPrice of an Error
Price of an Error
 
Effective and Efficient API Misuse Detection via Exception Propagation and Se...
Effective and Efficient API Misuse Detection via Exception Propagation and Se...Effective and Efficient API Misuse Detection via Exception Propagation and Se...
Effective and Efficient API Misuse Detection via Exception Propagation and Se...
 
JAVASCRIPT TDD(Test driven Development) & Qunit Tutorial
JAVASCRIPT TDD(Test driven Development) & Qunit TutorialJAVASCRIPT TDD(Test driven Development) & Qunit Tutorial
JAVASCRIPT TDD(Test driven Development) & Qunit Tutorial
 
Looking for Bugs in MonoDevelop
Looking for Bugs in MonoDevelopLooking for Bugs in MonoDevelop
Looking for Bugs in MonoDevelop
 
Evaluating Model Testing and Model Checking for Finding Requirements Violatio...
Evaluating Model Testing and Model Checking for Finding Requirements Violatio...Evaluating Model Testing and Model Checking for Finding Requirements Violatio...
Evaluating Model Testing and Model Checking for Finding Requirements Violatio...
 
Java - Exception Handling Concepts
Java - Exception Handling ConceptsJava - Exception Handling Concepts
Java - Exception Handling Concepts
 
Ppt chapter06
Ppt chapter06Ppt chapter06
Ppt chapter06
 
APSEC2020 Keynote
APSEC2020 KeynoteAPSEC2020 Keynote
APSEC2020 Keynote
 
SSBSE 2020 keynote
SSBSE 2020 keynoteSSBSE 2020 keynote
SSBSE 2020 keynote
 
ISTQB Advanced Study Guide - 7
ISTQB Advanced Study Guide - 7ISTQB Advanced Study Guide - 7
ISTQB Advanced Study Guide - 7
 
Presentation by Lionel Briand
Presentation by Lionel BriandPresentation by Lionel Briand
Presentation by Lionel Briand
 
Static and Dynamic Code Analysis
Static and Dynamic Code AnalysisStatic and Dynamic Code Analysis
Static and Dynamic Code Analysis
 

Kürzlich hochgeladen

Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 

Kürzlich hochgeladen (20)

Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 

AVATAR : Fixing Semantic Bugs with Fix Patterns of Static Analysis Violations

  • 1. AVATAR: Fixing Semantic Bugs with Fix Patterns of Static Analysis Violations Kui Liu, Anil Koyuncu, Dongsun Kim, and Tegawendé F. Bissyandé SnT, University of Luxembourg, Luxembourg @ Hangzhou, China, 26th SANER 2019February 27, 2019
  • 2. 1 > Static Code Analysis Static Analysis Tools can detect: 1. Security Vulnerabilities, 2. Performance Issues, 3. Bad Programming Practices (so-called Code Smells).InferErrorProne These are called Violations , Alarms, or Alerts.
  • 3. 2 > Example of Fixing a Static Analysis Violation @Override public boolean equals(Object obj) { return getModule().equals(((ModuleWrapper) obj).getModule()); } // Violation Type: // BC_EQUALS_METHOD_SHOULD_WORK_FOR_ALL_OBJECTS @Override public boolean equals(Object obj) { - return getModule().equals(((ModuleWrapper) obj).getModule()); + return obj instanceof ModuleWrapper && + getModule().equals(((ModuleWrapper) obj).getModule()); } Developer’s Patch
  • 4. 3 > Fix Patterns of Static Analysis Violations [29] Kui Liu, Dongsun Kim, Tegawendé F. Bissyandé, Shin Yoo, and Yves Le Traon, “Mining fix patterns for findbugs violations,” IEEE Transactions on Software Engineering, 2018. [30] R. Rolim, G. Soares, R. Gheyi, and L. D’Antoni, “Learning quick fixes from code repositories,” arXiv preprint arXiv:1803.03806, 2018 PATCH### Violation Type :BC_EQUALS_METHOD_SHOULD_WORK_FOR_ALL_OBJECTS - return exp1().equals(((T)obj).exp2()); + return obj instanceof T && exp1().equals(((T)obj).exp2()); Pattern with AST Diff###: UPD ReturnStatement ---INS InfixExpression ------MOV MethodInvocation ------INS InstanceofExpression ---------INS Variable ---------INS Instanceof ---------INS SimpleType ------INS Operator Live Study
  • 5. 4 > Are static analysis tools good bug detectors? [32] Andrew Habib and Michael Pradel, “How many of all bugs do we find? a study of static bug detectors,” in Proceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering. 2018, pp. 317–328. Tool Bugs Error Prone 8 Infer 5 SpotBugs 18 Total 31 Total of 27 unique bugs. # bugs found by static analysis tools in Defects4J dataset.
  • 6. 5 > Idea for a new direction Tool Bugs Error Prone 8 Infer 5 SpotBugs 18 Total 31 Total of 27 unique bugs. # Defects4J bugs found by static analysis tools. Pattern with AST Diff###: UPD ReturnStatement ---INS InfixExpression ------MOV MethodInvocation ------INS InstanceofExpression ---------INS Variable ---------INS Instanceof ---------INS SimpleType ------INS Operator Live Study Fix Patterns of Static Analysis Violations
  • 7. 6 > Fix Pattern based APR Systems PAR ELIXIR Genesis SOFix HDRepair NPEfix SketchFix CapGen SimFix 1. Manual Summarization of Human-written Patches. 2. Mining fix patterns. 3. Pre-definition of fix patterns. 4. Statistics on code change actions of patches. How about the fix patterns of static analysis violations?
  • 8. 7 Static analysis violation fix patterns: • They are recurrent and consistent in projects. • Fixes are very reliable (They are assessed by detection tools), and consistent (simple and recurrent). • Eventually, mined fix patterns are reliable. > Static Violation Fix Patterns vs. Semantic Bugs Semantic Bugs: Making the program behavior deviate from developer’s intention [1] [17]. Generally detected through dynamic testing.
  • 9. 8 > Motivating Example --- a/src/com/google/javascript/jscomp/Compiler.java +++ b/src/com/google/javascript/jscomp/Compiler.java @@ -1283,4 +1283,3 @@ // Check if the sources need to be re-ordered. if (options.dependencyOptions.needsManagement() && - !options.skipAllPasses && options.closurePass) { // Patch diff at AST level. UPD IfStatement@@‘‘if statement code’’ ---UPD InfixExpression@@‘‘infix-expression code’’ ------DEL PrefixExpression@@‘‘!options.skipAllPasses’’ ------DEL Operator@@‘‘&’’ // Fix Pattern: Remove a useless sub-predicate expression. UPD IfStatement ---UPD InfixExpression@expA Operator expB ------DEL Expression@expB ------DEL Operator A fix pattern for UC_USELESS_CONDITION violation [29]. Developer’s patch of fixing the bug Closure-13in Defects4J.
  • 10. 9 > AVATAR: Static analysis violation fix pattern-based automated program repair Fix patterns of static violations
  • 12. 11 > AVATAR basic workflow Patch Generation Patch Validation Fix Pattern Selection Fault Localization AVATAR
  • 13. 12 Fault Localization Technique A Ranked List of Suspicious Code Locations Buggy Program Passing tests tests Failing Fault Localization > AVATAR: Fault Localization Gzoltar with Ochiai.
  • 14. 13 Selected fix pattern Fix Pattern Selection Fault Localization Technique Buggy Program Passing tests tests Failing Fix pattern data base < Code Fragment > Select relevant fix patterns Fault Localization > AVATAR: Fix Pattern Selection A Ranked List of Suspicious Code Locations < Code Fragment >
  • 15. 14 Patch CandidatesSelected fix pattern Patch Generation Fault Localization Technique Buggy Program Passing tests tests Failing Fix pattern data base Mutate suspicious code Next fix pattern Next suspicious code location > AVATAR: Patch Generation Fix Pattern Selection < Code Fragment > Select relevant fix patterns Fault Localization A Ranked List of Suspicious Code Locations // Buggy code of Closure-13 in Defects4J dataset. if (options.dependencyOptions.needsManagement() && !options.skipAllPasses && options.closurePass) { // Fix Pattern: Remove a useless sub-predicate expression. UPD IfStatement ---UPD InfixExpression@expA Operator expB ------DEL Expression@expB ------DEL Operator // Patch Candidate I. - if (options.dependencyOptions.needsManagement() && - !options.skipAllPasses && + if (!options.skipAllPasses && options.closurePass) { // Patch Candidate II. if (options.dependencyOptions.needsManagement() && - !options.skipAllPasses && options.closurePass) { // Patch Candidate III. if (options.dependencyOptions.needsManagement() && - !options.skipAllPasses && - options.closurePass) { + !options.skipAllPasses) {
  • 16. 15 Patch CandidatesSelected fix pattern Patch Generation Pass Fail Patch Validation Patch Testing Fault Localization Technique Buggy Program Passing tests tests Failing Fix pattern data base Mutate suspicious code Next fix pattern Next suspicious code location Next patch candidate > AVATAR: Patch Validation Fix Pattern Selection < Code Fragment > Select relevant fix patterns Fault Localization A Ranked List of Suspicious Code Locations
  • 18. 17 RQ1: How effective are fix patterns of static analysis violations for repairing programs with semantic bugs? RQ2: Which bugs and which patterns are relevant targets for AVATAR in an automated program repair scenario? RQ3: How does AVATAR compare to the state-of-the-art APR tools with respect to repair performance? > RQs: Research Questions
  • 19. 18 > Fix Patterns and Benchmark # Projects # violation fix patches # violation types # fix patterns Liu et al. [29] 730 88,927 111 174 Rolim et al. [30] 9 288,899 9 9 Statistics on Fix Patterns of Static Analysis Violations. Project # Bugs # kLoc # Tests Chart 26 96 2,205 Closure 133 90 7,927 Lang 65 22 2,245 Math 106 85 3,602 Mockito 38 11 1,457 Time 27 28 4,130 Total 395 332 21,566 Defects4J Dataset Information.
  • 20. 19 > RQ1: Fix bugs which can be localized by static analysis tools Bug ID SpotBugs Infer ErrorProne Static Analysis Violation Type Chart-1 ✔ ✔ NP_ALWAYS_NULL Chart-4 ✔ ✔ NP_NULL_ON_SOME_PATH Chart-24 ✔ DLS_DEAD_LOCAL_STORE Math-77 ✔ UPM_UNCALLED_PRIVATE_METHOD Statically-Detected Bugs Fixed by AVATAR. AVATAR demonstrates the usefulness of violation fix patterns in a scenario of automating some maintenance tasks involving systematic checking of developer code with static checkers.
  • 21. 20 > RQ1: Fix Bugs with perfect fault localization Fixed Bugs Chart (C) Closure (Cl) Lang (L) Math (M) Mockito (Moc) Time (T) Total # of fully fixed bugs 7/8 10/13 5/10 8/13 2/2 2/3 34/49 # of partially fixed bugs 2/3 1/4 1/3 1/4 0/0 0/0 5/14 Number of Defects4J Bugs Fixed by AVATAR with an Assumption of Perfect Localization Information. AVATAR can effectively fix several semantic bugs from the Defects4J dataset.
  • 22. 21 > RQ2: Why AVATAR can fix semantic bugs? Violation Types associated with fix patterns Fix ingredients from the violation fix patterns Fixed Bugs Bug Patterns Repair Actions NP_ALWAYS_NULL Mutate the operator of null-check expression: “var != == null”, or “var == != null”. C-1 Conditional expression modification. Logic expression modification. NP_NULL_ON_SOME_PATH 1. Wrap buggy code with if-non-null-check block: “if (var != null) {buggy code}”; 2. Insert if-null-check block before buggy code: “if (var == null) {return false;} buggy code;” or “if (var == null) {return null;} buggy code;” or “if (var == null) {throw IllegalArgumentException.} buggy code;” C-4, 26. Missing non-null check addition Conditional (if) branch addition C-14, 19, 25, Cl-2, M-4, Moc-29, 38. Missing null check addition Conditional (if) branch addition. DLS_DEAD_LOCAL_STORE Replace a variable with other one: e.g., “var1 = var2 var3;”. C-11, 24, L-6, 57, 59, M-33, 59, T-7. Wrong variable reference Variable replacement by another variable. UC_USELESS_CONDITION 1. Mutate the operator of an expression in an if statement: e.g., “if (expA > >= expB) {...}”; 2. Remove a sub-predicate expression in an if statement: “if (expA || expB) {...}” or “if (expA || expB) {...}”; 3. Remove the conditional expression: “expA ? expB : expC” or “expA ? expB : expC”. Cl-38. Logic expression expansion Conditional expression expansion. Cl-18, 31, L-15. Logic expression reduction Conditional expression reduction Cl-62, 63, 73, M-82, 85, T-19 Logic expression modification Conditional expression modification. UCF_USELESS_CONTROL_FLOW 1. Remove an if statement but keep the code inside its block: “if (exp) { code }”; 2. Remove an if statement with its block code: “if (exp) { code }”. C-18, Cl-106, M-46. Unwraps-from if-else statement Conditional (if or else) branch removal. Cl-115, 126, L-7, 10, M-50. Conditional block removal Conditional (if or else) branch removal UPM_UNCALLED_PRIVATE_MET HOD Remove a method declaration: “Modifier ReutrnType methodName(Parameters) { code }”. Cl-46, M-77. Unclassified Method definition removal. BC_UNCONFIRMED_CAST Wrap buggy code with if-instanceof-check block: “if (var instanceof Type) {buggy code} else {throw IllegalArgumentException;}” M-89. Wraps-with if-else statement Conditional (if-else) branches addition AVATAR exploits a variety of fix ingredients from static violations fix patterns to address a diverse set of bug patterns in the Defects4J dataset.
  • 23. 22 > RQ3: Comparing bug fix performance with state-of-the-art APR tools APR Tool Chart Closure Lang Math Mockito Time Total AVATAR Fully Fixed 5/12 8/12 5/11 6/13 2/2 1/3 27/53 Partially Fixed 1/2 1/1 0/2 1/3 0/0 0/0 3/8 jGenProg 0/7 0/0 0/0 5/18 0/0 0/2 5/27 jKali 0/6 0/0 0/0 1/14 0/0 0/2 1/22 jMutRepair 1/4 0/0 0/1 2/11 0/0 0/1 3/17 Nopol 1/6 0/0 3/7 1/21 0/0 0/1 5/35 HDRepair 0/2 0/7 2/6 4/7 0/0 0/1 6/23 FixMiner 5/8 5/5 2/3 12/14 0/0 1/1 25/31 LSRepair 3/8 0/0 8/14 7/14 1/1 0/0 19/37 ACS 2/2 0/0 3/4 12/16 0/0 1/1 18/23 ELIXIR 4/7 0/0 8/12 12/19 0/0 2/3 26/41 JAID 2/4 5/11 1/8 1/8 0/0 0/0 9/31 ssFix 3/7 2/11 5/12 10/26 0/0 0/4 20/60 CapGen 4/4 0/0 5/5 12/16 0/0 0/0 21/25 SketchFix 6/8 3/5 3/4 7/8 0/0 0/1 19/26 SimFix 4/8 6/8 9/13 14/26 0/0 1/1 34/56 Cl-2,31,46, L-7,10, M-46, Moc-29,38. AVATAR is comparable and complementary to the other state-of- the-art APR systems.
  • 24. 23 > Conclusion 1. AVATAR demonstrates the usefulness of violation fix patterns for effectively fixing several semantic bugs from the Defects4J dataset. 2. AVATAR exploits a variety of fix ingredients.  It can address a diverse set of bug types in the Defects4J dataset. 3. AVATAR is comparable and complementary to the state-of- the-art APR systems. AVATAR can fix 8 new bugs which had not been fix by the state-of-the-art.
  • 25. 24 > Summary 14 Patch CandidatesSelected fix pattern Patch Generation Pass Fail Patch Validation Patch Testing Fault Localization with GZoltar Buggy Program Passing tests tests Failing Fix pattern data base Mutate suspicious code Next fix pattern Next suspicious code location Next patch candidate > AVATAR Overview Fix Pattern Matching < Code Fragment > Select relevant fix patterns Fault Localization A Ranked List of Suspicious Code Locations https://github.com/SerVal-DTF/AVATAR

Hinweis der Redaktion

  1. Good afternoon, every one, my name is Kui Liu. I am a PhD student from University of Luxembourg. Today, I am going to present our recent work: …..
  2. In order to assess software quality and identify potential defects, various static code analysis tools have been proposed, such as …. Static analysis tools can detect the defects about security vulnerabilities, performance issues, and bad programming practices (so-called code smells) . Recent studies also denote those defects as static analysis violations or alerts.
  3. Let’s take a look at a static analysis violation example and its related patch. Here is an overwritten method: equals. A violation will be detected in the method code by FindBugs: BC_EQUALS_METHOD_SHOULD_WORK_FOR_ALL_OBJECTS It means that, The equals(Object obj) method shouldn‘t make any assumptions about the data type of obj. It should simply return false if the data type of obj is not the same type as this. Thus, this violation is fixed by inserting an instanceof check. By looking at this kinds of patches, some fix pattern mining work of static analysis violations is proposed in the literature.
  4. Our previous work present a method of “Mining Fix Patterns for FindBugs Violations”, which was accepted by TSE 2018. Rolim and his colleagues also proposed to mine fix patterns for PMD static analysis violations. With this kinds of patches, these work mines fix patterns at AST level like this. In the two studies, the mined fix patterns are further evaluated with live study and shown that Developers are willing to accept the patches generated by their mined patterns to fix static analysis bugs.
  5. A recent work presented in ASE 2018 reported an interesting finding that three static analysis tools can detect 27 bugs in Defects4J dataset.
  6. Developers are willing to accept those patches generated by the mined fix patterns of static analysis violations. And three static analysis tools can detect some semantic bugs in Defects4J. So, Can we use the fix patterns of static analysis violations to fix the semantic bugs in Defects4J which are failed to pass some test cases.
  7. Various fix pattern based APR systems have been proposed and achieved promising results. However, none of them use the fix patterns of violations.
  8. Here is a patch of fixing the bug Closure-13 in Defects4J dataset. By looking at the patch diff at AST level, we find that it is the similar to a fix pattern of a findbugs violation in our previous work. So, it might be possible to use the static analysis fix patterns to fix semantic bugs.
  9. Thus, we propose an APR tool, AVATAR, static analysis violation fix pattern-based automated program repair. It applies fix patterns of violations to semantic bugs by mutating the buggy code to generate patches.
  10. AVATAR consists of four basic process: fault localization, fix pattern selection, patch generation and patch validation, which is similar to the process of normal generate-and-validate APR systems.
  11. For a buggy program with its passing and failing tests, firstly, we use Gzoltar and Ochiai to identify suspicious code positions.
  12. With identified suspicious code, AVATAR parses the suspicious code fragment into AST and selects fix patterns with AST context information.
  13. The suspicious source code is further mutated to generate patch candidates by following the edit scripts of selected fix patterns. For example, This bug is matched with this fix pattern. Following its edit script, AVATAR mutates the buggy code and can generate three patch candidates by removing an expression in the if statement.
  14. Finally, the generated patch candidates are validated by test cases. Only the patch candidate that can pass all test cases is selected as the plausible patch of the buggy program.
  15. In this study, we focus on the three research questions.
  16. We directly use the fix patterns released in our previous study and Rolim’s work as the fix patterns of AVATAR. We further evaluate AVATAR with Defects4J dataset.
  17. RQ1▶AVATAR demonstrates the usefulness of violation fix patterns in a scenario of automating some maintenance tasks involving systematic checking of developer code with static checkers.
  18. RQ1▶AVATAR can effectively fix several semantic bugs from the Defects4J dataset. We even observe that the fine-grained fix ingredients can be helpful to target bugs with multiple faulty code locations.
  19. AVATAR exploits a variety of fix ingredients from static violations fix patterns to address a diverse set of bug patterns in the Defects4J dataset.
  20. RQ3 ▶ In terms of quantity and quality of generated plausible patches, AVATAR addresses more bugs than its immediate competitors. Nevertheless, we note that AVATAR is actually complementary to the other state-of-the-art APR systems, fixing bugs that others do not fix. RQ3 ▶ AVATAR underperforms against some of the most recent APR systems. Nevertheless, AVATAR is still complementary to them as it is capable of addressing some Defects4J bugs that the state-of-the-art cannot fix
  21. Thanks for your attention, questions are welcome.
  22. Thanks for your attention, questions are welcome.