本文旨在讲述现有的自动修复工具AutoFix(来源于ISSTA 2014).
Automated Fixing of Programs with Contracts
作者:Yu Pei ∗ · Carlo A. Furia ∗ · Martin Nordio ∗ · Yi Wei † Bertrand Meyer ∗ · Andreas Zeller ‡
感觉有空可以看看Yu Pei老师的文章。这个名字很熟悉。
AutoFix, an automated debugging technique that can fix faults in general-purpose software.
摘要开门见山直接讲AutoFix的原理:
To provide high-quality fix suggestions and to enable automation of the whole debugging process, AutoFix relies on the presence of **simple specification elements in the form of contracts (such as pre- and postconditions)”.
The only required user input to the AutoFix supporting tool is then a faulty program annotated with contracts.
The tool produces a collection of validated fixes for the fault ranked according to an estimate of their suitability.
见 1.9
Techniques to detect errors automatically are becoming increasingly available and slowly making their way into industrial practice.
[34] Patrice Godefroid, Michael Y. Levin, and David A. Molnar. SAGE: white-box fuzzing for security testing. Communications of the ACM, 55(3):40–44, 2012.
[14] Al Bessey, Ken Block, Benjamin Chelf, Andy Chou, Bryan Fulton, Seth Hallem, Charles-Henri Gros, Asya Kamsky, Scott McPeak, and Dawson R. Engler. A few billion lines of code later: using static analysis to find bugs in the real world. Communications of the ACM, 53(2):66–75, 2010.
[77] John Penix. Large-scale test automation in the cloud. In Martin Glinz, Gail C. Murphy, and Mauro Pezzè, editors, Proceedings of the 34th International Conference on Software Engineering, page 1122. IEEE, 2012.
实际上没有和哪个作比较
因为这个是用Eiffel写的。
作者的related work是真的详细,好几页,我也看蒙了,但是我觉得对我们理解之前的修复工作、工具、技术都是很有帮助的。
我感觉真的很有必要一看。
这里先记录一下:
- source code repairs
BugFix [41]
co-evolutionary algorithm to evolve the buggy program into one that satisfies its formal specification [10, 7]
GenProg [95, 94], which is evaluated with various open-source program [47, 46]
Par [45]
constraint-based techniques [35] using a SAT solver.
SemFix [65] [17]
Pachika [23]
还有超多,我不一一列举了,感觉内容很充实,也解释的算比较清楚了吧。
AutoFix combines various program analysis techniques——such as dynamic invariant inference, simple static analysis, and fault localization——and produces a collection of suggested fixes, ranked according to a heuristic measurement of relevance.
也用了缺陷定位。
AutoFix works on Eiffel classes equipped with contracts [60]. Contracts define the specification of a class and consist of assertions: preconditions (require), postconditions (ensure), intermediate assertions (check), and class invariants (translated for simplicity of presentation into additional pre- and postconditions in the examples of this paper).
Contracts provide a criterion to determine the correctness of a routine: every execution of a routine starting in a state satisfying the precondition (and the class invariant) must terminate in a state satisfying the postcondition (and the class invariant); every intermediate assertion must hold in any execution that reaches it; every call to another routine must occur in a state satisfying the callee’s precondition. Whenever one of these conditions is violated, we have a fault uniquely identified by a location in the routine where the violation occurred and by the specific contract clause that is violated.
The correctness of a program is defined relative to its specification; in the case of automated program fixing, this implies that the validated fixes are only as good as the available tests or, if these are generated automatically, as the available contracts. In other words, evidently incomplete or incorrect contracts may let inappropriate candidate fixes pass the validation phase.
这个解答了1.4 的问题。
The experiments discussed in Section 5 all use the random testing framework AutoTest [61] developed in our pervious work.
厉害了。
Relying on AutoTest makes the whole process, from fault detection to fixing, completely automatic; our experiments show that even short AutoTest sessions are sufficient to produce suitable test cases that AutoFix can use for generating good-quality fixes.
可以看到从缺陷定位到修复,都用了AutoTest。
缺陷定位有点复杂:
Since each snapshot refers to a specific program location, fault localization (described in Section 4.2) boils down to ranking snapshots according to a combination of static and dynamic analyses that search for the origins of faults.
我很快的浏览了一遍文章大概有如下发现:
1)fault localization在文章中分成了两部分,静态的分析(control dependence),和动态的分析(执行测试用例,用到了SBFL [96])
[96] W. Eric Wong, Vidroha Debroy, and Byoungju Choi. A family of code coverage-based heuristics for effective fault localization. Journal of Systems and Software, 83(2):188–208, 2010.
2)然而,这个缺陷定位和修复都不是在语句层面上,而是在他自己搞得snapshot上。
3)每次修复也是对snapshot修复,好像是根据rank list,来自上到下修复,
而且,只产生15个fixes。因为作者要控制时间
大概就是:
1)之前的工作:In previous work, we presented the basic algorithms behind AutoFix and demonstrated them on some preliminary examples [91, 76].
The present paper discusses the latest AutoFix implementation, which combines and integrates the previous approaches to improve the flexibility and generality of the overall fixing technique.
[91] Yi Wei, Yu Pei, Carlo A. Furia, Lucas S. Silva, Stefan Buchholz, Bertrand Meyer, and Andreas Zeller. Automated fixing of programs with contracts. In Proceedings of the 19th International Symposium on Software Testing and Analysis, pages 61–72. ACM, 2010.
[76] Yu Pei, Yi Wei, Carlo A. Furia, Martin Nordio, and Bertrand Meyer. Code-based automated program fixing. In Proceedings of the 26th IEEE/ACM International Conference on Automated Software Engineering, pages 392–395. ACM, 2011.
2)主要是这个contracts的修复还没有人做过。感觉之前大家都是做test-based program repair,这个也算是一个很好的idea吧,
但是我觉得contracts和test suite的区别,我没有看太清楚。
静态和动态结合。SBFL是其中一部分
从上到下选择语句。