Using Execution Paths to Evolve Software Patches ThanhVu Nguyen*, Westley Weimer**, Claires Le Gouges**, Stephanie Forrest* * University of New Mexico.

Slides:



Advertisements
Similar presentations
CS6800 Advanced Theory of Computation
Advertisements

Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.
Technology of Test Case Generation Levi Lúcio University of Geneva Marko Samer Vienna University of Technology.
Time-Aware Test Suite Prioritization Kristen R. Walcott, Mary Lou Soffa University of Virginia International Symposium on Software Testing and Analysis.
Using Parallel Genetic Algorithm in a Predictive Job Scheduling
Exact and heuristics algorithms
Tetris – Genetic Algorithm Presented by, Jeethan & Jun.
Tetris and Genetic Algorithms Math Club 5/30/2011.
A SYSTEMATIC STUDY OF AUTOMATED PROGRAM REPAIR: FIXING 55 OUT OF 105 BUGS FOR $8 EACH Claire Le Goues Michael Dewey-Vogt Stephanie Forrest Westley Weimer.
Genetic Algorithms Contents 1. Basic Concepts 2. Algorithm
Automatic Software Repair Using GenProg 张汉生 ZHANG Hansheng 2013/12/3.
Genetic Algorithms Sushil J. Louis Evolutionary Computing Systems LAB Dept. of Computer Science University of Nevada, Reno
Spie98-1 Evolutionary Algorithms, Simulated Annealing, and Tabu Search: A Comparative Study H. Youssef, S. M. Sait, H. Adiche
1 Lecture 8: Genetic Algorithms Contents : Miming nature The steps of the algorithm –Coosing parents –Reproduction –Mutation Deeper in GA –Stochastic Universal.
Scott Grissom, copyright 2004 Chapter 5 Slide 1 Analysis of Algorithms (Ch 5) Chapter 5 focuses on: algorithm analysis searching algorithms sorting algorithms.
Data Mining CS 341, Spring 2007 Genetic Algorithm.
Genetic Algorithms Nehaya Tayseer 1.Introduction What is a Genetic algorithm? A search technique used in computer science to find approximate solutions.
Chapter 6: Transform and Conquer Genetic Algorithms The Design and Analysis of Algorithms.
Zichao Qi, Fan Long, Sara Achour, and Martin Rinard MIT CSAIL
Genetic Programming.
Automatic Program Repair With Evolutionary Computation Westley Weimer Computer Science Dept. University of Virginia Charlottesville, VA 22904
Genetic Algorithm.
` Research 2: Information Diversity through Information Flow Subgoal: Systematically and precisely measure program diversity by measuring the information.
SOFT COMPUTING (Optimization Techniques using GA) Dr. N.Uma Maheswari Professor/CSE PSNA CET.
Computer Security and Penetration Testing
Helix Automatic Software Repair with Evolutionary Computation Stephanie Forrest Westley Weimer.
Intro. ANN & Fuzzy Systems Lecture 36 GENETIC ALGORITHM (1)
Hongfeng Wang Pusan, Korea.  Introduction  General framwork of GA  An example of GA programming 2.
AUTOMATIC PROGRAM REPAIR USING GENETIC PROGRAMMING CLAIRE LE GOUES APRIL 22,
More on Heuristics Genetic Algorithms (GA) Terminology Chromosome –candidate solution - {x 1, x 2,...., x n } Gene –variable - x j Allele –numerical.
The Generational Control Model This is the control model that is traditionally used by GP systems. There are a distinct number of generations performed.
272: Software Engineering Fall 2012 Instructor: Tevfik Bultan Lecture 15: Automated Patch Generation.
Introduction to Software Testing. Types of Software Testing Unit Testing Strategies – Equivalence Class Testing – Boundary Value Testing – Output Testing.
Applying Genetic Algorithm to the Knapsack Problem Qi Su ECE 539 Spring 2001 Course Project.
1/27 Discrete and Genetic Algorithms in Bioinformatics 許聞廉 中央研究院資訊所.
Fuzzy Genetic Algorithm
Genetic Algorithms Introduction Advanced. Simple Genetic Algorithms: Introduction What is it? In a Nutshell References The Pseudo Code Illustrations Applications.
1 Machine Learning: Lecture 12 Genetic Algorithms (Based on Chapter 9 of Mitchell, T., Machine Learning, 1997)
Genetic Algorithms Siddhartha K. Shakya School of Computing. The Robert Gordon University Aberdeen, UK
CSE 501N Fall ‘09 12: Recursion and Recursive Algorithms 8 October 2009 Nick Leidenfrost.
AUTOMATIC PROGRAM REPAIR USING GENETIC PROGRAMMING 1 CLAIRE LE GOUES APRIL 22, 2013
Exact and heuristics algorithms
1 Genetic Algorithms K.Ganesh Introduction GAs and Simulated Annealing The Biology of Genetics The Logic of Genetic Programmes Demo Summary.
Automated Patch Generation Adapted from Tevfik Bultan’s Lecture.
REPRESENTATIONS AND OPERATORS FOR IMPROVING EVOLUTIONARY SOFTWARE REPAIR Claire Le Goues Westley Weimer Stephanie Forrest
Xusheng Xiao North Carolina State University CSC 720 Project Presentation 1.
Buffer Overflow Attack Proofing of Code Binary Gopal Gupta, Parag Doshi, R. Reghuramalingam, Doug Harris The University of Texas at Dallas.
Introduction to Genetic Algorithms. Genetic Algorithms We’ve covered enough material that we can write programs that use genetic algorithms! –More advanced.
Genetic Algorithms What is a GA Terms and definitions Basic algorithm.
Genetic Algorithms. The Basic Genetic Algorithm 1.[Start] Generate random population of n chromosomes (suitable solutions for the problem) 2.[Fitness]
Coevolutionary Automated Software Correction Josh Wilkerson PhD Candidate in Computer Science Missouri S&T.
Waqas Haider Bangyal 1. Evolutionary computing algorithms are very common and used by many researchers in their research to solve the optimization problems.
 Software Development Life Cycle  Software Development Tools  High Level Programming:  Structures  Algorithms  Iteration  Pseudocode  Order of.
Introduction Genetic programming falls into the category of evolutionary algorithms. Genetic algorithms vs. genetic programming. Concept developed by John.
GAIA (Genetic Algorithm Interface Architecture) Requirements Analysis Document (RAD) Version 1.0 Created By: Charles Hall Héctor Aybar William Grim Simone.
Random Test Generation of Unit Tests: Randoop Experience
Class Scheduling Using Constraint Satisfaction Victoria Donelson Garrett Grimsley.
Genetic Algorithms And other approaches for similar applications Optimization Techniques.
Genetic Algorithm. Outline Motivation Genetic algorithms An illustrative example Hypothesis space search.
 Presented By: Abdul Aziz Ghazi  Roll No:  Presented to: Sir Harris.
Genetic Algorithm (Knapsack Problem)
Genetic Algorithms.
5.13 Recursion Recursive functions Functions that call themselves
Secure Software Development: Theory and Practice
An evolutionary approach to solving complex problems
Basics of Genetic Algorithms (MidTerm – only in RED material)
Automated Patch Generation
Basics of Genetic Algorithms
Methods and Materials (cont.)
Machine Learning: UNIT-4 CHAPTER-2
Presentation transcript:

Using Execution Paths to Evolve Software Patches ThanhVu Nguyen*, Westley Weimer**, Claires Le Gouges**, Stephanie Forrest* * University of New Mexico ** University of Virginia Tuesday, March 31, 2009

Introduction Software is THE problem Software Repair using Genetic Programming (SRGP) –Start with the original (buggy) program –Focus on execution path through AST –Restrict mutation and crossover to execution path –Don’t invent any new code –Results: successfully repair 13 real programs in over 140,000 lines of code in feasible time

Repeat Until termination criteria are met Preprocessing Fitness Evaluation If found an individual C with accepted fitness, Return C Exploitation Select mating pool M consisting of high fit individuals Exploration Perform recombination operator on M to get a new generation N Apply mutation operator on N SRGP Algorithm Outline

Example: Zunebug Millions of Microsoft Zune media players mysteriously froze up on December 31 st, 2008 The bug: a date related function in Zune enters an infinite loop when the input is the last day of a leap year

Zunebug 1.void zunebug(int days) { 2. int year = 1980; 3. while (days > 365) { 4. if (isLeapYear(year)){ 5. if (days > 366) { 6. days -= 366; 7. year += 1; 8. } 9. else{ 10. } 11. } 12. else { 13. days -= 365; 14. year += 1; 15. } 16. } 17. printf(“year is %d\n”, year); 18.}

1.void zunebug(int days) { 2. int year = 1980; 3. while (days > 365) { 4. if (isLeapYear(year)){ 5. if (days > 366) { 6. days -= 366; 7. year += 1; 8. } 9. else{ 10. } 11. } 12. else { 13. days -= 365; 14. year += 1; 15. } 16. } 17. printf(“year is %d\n”, year); 18.} Zunebug Input: 1000 Positive Exec Path 1 – 8, 11-18

1.void zunebug(int days) { 2. int year = 1980; 3. while (days > 365) { 4. if (isLeapYear(year)){ 5. if (days > 366) { 6. days -= 366; 7. year += 1; 8. } 9. else{ 10. } 11. } 12. else { 13. days -= 365; 14. year += 1; 15. } 16. } 17. printf(“year is %d\n”, year); 18.} Zunebug Input: Negative Exec Path (3,4,8,11 infinitely repeating)

Weighted Execution Path Neg Exec Path Stmt weight = 1.0 jmtydaezvo

Weighted Execution Path Pos Exec Path jmtydaezvo fwzbacikurptv

Weighted Execution Path jmtydaezvo fwzbacikurptv Stmts in both Neg Exec Path and Pos Exec Path

Weighted Execution Path jmtydaezvo Weight = {1.0, 0.1}

Fitness Evaluation Take in a program source P to be evaluated Compile P to an executable program P’ –If cannot compile, assign fitness 0. Fitness score of P’ : weighted sum of test cases that the P’ passes Fitness(P’) = # pos pass * W_pos + # neg pass * W_neg –5 positive test cases (weight = 1), 1 or 2 negative test cases (weight = 10) –If P’ passes all test cases, then P is a solution candidate –Note: the original (buggy) program passes all positive test cases

Genetic Operators Recombination (crossback) –Cross the input individuals back with the original program (instead of crossing over each other) Mutation –delete(s). s = {}; –insert(s,y). s = {s; y;}; –swap(s,y). t = s; s = {y}; y = {t};

Final Repair Original Program

Evolution of Zunebug

Results ProgramVersionLoCStmtsPath LenProgram DescriptionFault gcd_ Handcrafted exampleInfinite loop look-ssvr Dictionary lookupInfinite loop atris Graphical Tetris gameLocal stack buffer exploit uniqultrix Duplicate text processingSegfault look-uultrix Dictionary lookupSegfault deroffultrix Document processingSegfault nullhttpd Web serverRemote heap buffer exploits indent Source code processingInfinite loop unitssvr Metric conversionSegfault flex2.5.4a Lexical analyzer generatorSegfault

Results ProgramLoCPath Len Repair FitnessTimeSuccessSize gcd s54 %21 look-s s100 %21 atris s82 %19 uniq s100 %24 look-u s99 %24 deroff s97 %61 nullhttpd s36 %71 indent s7 %221 units s7 %23 flex s5 %52

Most Recent Results ProgramVersionLoCStmtsPath LenProgram DescriptionFault OpenLDAP io.c Directory ProtocolNon-overflow denial of service Php string.c Scripting LanguageInteger overflow Lighttpd fastcgi.c Web serverRemote heap buffer overflow Wu-ftpd Ftp serverFormat string Traditional 1-point crossover –Works better than crossback in some programs and worse in others

Scalability

Conclusion SRGP –Focus on execution path to reduce search space complexity –Use GP to evolve code –Combine Positive and Negative test cases for fitness evaluation Positive test cases: preserve the core functionality of the program Negative test cases: identify the bug –Work on real world applications and different types of bugs Future Work –Explore different GP techniques –Integrate anomaly detection methods

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.