[软件自动修复领域] 前沿论文阅读（2019年8月12日）

文章目录

前言
论文列表
- Automated Program Repair: A Step towards Software Automation
- Getafix: Learning to fix bugs automatically
- Mining Android crash fixes in the absence of issue-and change-tracking systems
- Towards s/engineer/bot: principles for program repair bots
- On reliability of patch correctness assessment
- Improving Patch Quality by Enhancing Key Components of Automatic Program Repair
小结

标题：[软件自动修复领域] 前沿论文阅读（2019年8月12日）（含19年熊英飞老师文章）

前言

已经两天没有坚持阅读前沿论文了。今日续之。

论文列表

Automated Program Repair: A Step towards Software Automation

来源：mail

引用：
尚无。但是被SCIS收录。
作者都是大牛：Abhik ROYCHOUDHURY1* & Yingfei XIONG2,3*

基本内容：

Programming is seen as a problem solving activ- ity, which combines precision with creativity. The program needs to be precise at least to the extent of passing given tests. At the same time, the pro- grammer employs copious creativity in terms of problem solving strategies, algorithm design, data structure choice, or even choice of which libraries to invoke. The recent growth of machine learn- ing techniques and the possibility of applying such techniques to large software repositories raise the question to what extent the various software en- gineering processes can be automated, which is known as the software automation problem [1]

确实厉害。
感觉读大牛文章就是一种赏心悦目的事情。

In fixing program errors, a key issue is the enun-
ciation of the correctness requirement. Since for- mal specifications of intended program behavior are typically unavailable, the correctness criteria driving program repair are given by test-suites. This presents a challenge for repair approaches since the generated patches can break tests not appearing in the given test-suite, or even intro-

注意这里的写作逻辑。
很强。

真应该背诵一下（有时间）

主要观点：
对解决当前软件自动修复中正确补丁生成的问题，给出两个方案：
1）Repair with a Reference Implementation

先用自动测试用例生成方法（如符号执行）来生成测试输入，
可以用KLEE（动态符号执行引擎）
then mutating the test input for traversing these paths
Symbolic execution can be used to systematically generate a comprehensive test-suite, driving repair.

Finally, the restrictions/limitations (i.e., scalability challenges) of symbolic execution are pointed out. Several possible solutions are provided:

reach specific targets
grey-box fuzzing

2）Repair with Big Data

estimate the likelihood of generated patches while the full/complete specification of a given program cannot be obtained.
fix prioritization
however, traditional patch prioritization techniques are limited, that is, in nature cannot cover all situations.
get useful guidance to estimate the patch correctness via mining big-data.

Then, three challenges for utilizing big-date are presented. Some possible solutions and useful guidance are provided also.

In summary, this paper is a perspective paper that offers many insightful perspectives.

Getafix: Learning to fix bugs automatically

来源：Le Goues, Claire, Michael Pradel, and Abhik Roychoudhury. “Automated Program Repair.” Commun. ACM (2019). 被这篇文章引用了。所以看下。

Citation:

@article{scott_getafix:_2019,
title = {Getafix: {Learning} to fix bugs automatically},
shorttitle = {Getafix},
journal = {arXiv preprint arXiv:1902.06111},
author = {Scott, Andrew and Bader, Johannes and Chandra, Satish},
year = {2019},
file = {Full Text:D:\software\zotero\pdf-download-path\storage\27RHFFRD\Scott 等。 - 2019 - Getafix Learning to fix bugs automatically.pdf:application/pdf;Snapshot:D:\software\zotero\pdf-download-path\storage\DYL4V8AW\1902.html:text/html}
}

Basic content

the novel machine learning technique that mines patterns from past fixes. Compared to previous work, the technique leverages the context information to accurately create natural-looking autofix suggestions.

At Facebook. Getafix has helped us advance toward our goal of letting computers take care of routine bug-fixing work. As we continue to refine our testing and verification tools, we expect Getafix will be able to prevent a larger portion of postdeployment failures.

这篇文章很硬核，

Mining Android crash fixes in the absence of issue-and change-tracking systems

来源：scholar

引用：

@inproceedings{kong_mining_2019,
title = {Mining {Android} crash fixes in the absence of issue-and change-tracking systems},
booktitle = {Proceedings of the 28th {ACM} {SIGSOFT} {International} {Symposium} on {Software} {Testing} and {Analysis}},
publisher = {ACM},
author = {Kong, Pingfan and Li, Li and Gao, Jun and Bissyandé, Tegawendé F. and Klein, Jacques},
year = {2019},
pages = {78–89},
file = {Snapshot:D:\software\zotero\pdf-download-path\storage\6IRKT4PV\citation.html:text/html}
}

内容：
Android apps are prone to crash. This often arises from the misuse of Android framework APIs, making it harder to debug since official Android documentation does not discuss thoroughly potential exceptions.Recently, the program repair community has also started to investigate the possibility to fix crashes automatically.
当前背景。

Current results, however, apply to limited example cases. In both scenarios of repair, the main issue is the need for more example data to drive the fix processes due to the high cost in time and effort needed to collect and identify fix examples.

We propose in this work a scalable approach, CraftDroid, to mine crash fixes by leveraging a set of 28 thousand carefully reconstructed app lineages from app markets, without the need for the app source code or issue reports. We developed a replicative testing approach that locates fixes among app versions which output different runtime logs with the exact same test inputs. Overall, we have mined 104 relevant crash fixes, further abstracted 17 fine-grained fix templates that are demonstrated to be effective for patching crashed apks. Finally, we release ReCBench, a benchmark consisting of 200 crashed apks and the crash replication scripts, which the community can explore for evaluating generated crash-inducing bug patches.

这篇文章有技术，也有benchmark。工作量很足。另外，最近这个Android-crash的修复很火啊。。此外，各种数据挖掘用到修复中也很火。

Towards s/engineer/bot: principles for program repair bots

来源：scholar

引用：

@inproceedings{van_tonder_towards_2019,
title = {Towards s/engineer/bot: principles for program repair bots},
shorttitle = {Towards s/engineer/bot},
booktitle = {Proceedings of the 1st {International} {Workshop} on {Bots} in {Software} {Engineering}},
publisher = {IEEE Press},
author = {van Tonder, Rijnard and Goues, Claire Le},
year = {2019},
pages = {43–47},
file = {Full Text:D:\software\zotero\pdf-download-path\storage\JSS5TA5Y\van Tonder 和 Goues - 2019 - Towards sengineerbot principles for program rep.pdf:application/pdf;Snapshot:D:\software\zotero\pdf-download-path\storage\S5X4GBWV\citation.html:text/html}
}

内容：

作者CMU学生，今年发了PLDI，去年发了ICSE，ASE。Claire Le Goues 的学生。第五年博士。
有厚积薄发的感觉，厉害。。。

具体内容没时间看了：

Of the hundreds of billions of dollars spent on
developer wages, up to 25% accounts for fixing bugs. Companies like Google save significant human effort and engineering costs with automatic bug detection tools, yet automatically fixing them is still a nascent endeavour. Very recent work (including our own) demonstrates the feasibility of automatic program repair in practice. As automated repair technology matures, it presents great appeal for integration into developer workflows. We believe software bots are a promising vehicle for realizing this integration, as they bridge the gap between human software development and automated processes. We envision repair bots orchestrating automated refactoring and bug fixing. To this end, we explore what building a repair bot entails. We draw on our understanding of patch generation, validation, and real world software development interactions to identify six principles that bear on engineering repair bots and discuss related design challenges for integrating human workflows. Ultimately, this work aims to foster critical focus and interest for making repair bots a reality.

文章也写的很好。（以上为摘要）

主要是想做一个 automatically integrated into human developer workflows to contribute to patch fixing activities.

On reliability of patch correctness assessment

来源：一直惦记的一篇文章

今日得见。

内容：
Current state-of-the-art automatic software repair (ASR) techniques rely heavily on incomplete specifications, e.g., test suites, to gen- erate repairs. This, however, may render ASR tools to generate incorrect repairs that do not generalize. To assess patch correctness, researchers have been following two typical ways separately: (1) Automated annotation, wherein patches are automatically labeled by an independent test suite (ITS) – a patch passing the ITS is regarded as correct or generalizable, and incorrect otherwise, (2) Author annotation, wherein authors of ASR techniques annotate correctness labels of patches generated by their and competing tools by themselves. While automated annotation fails to prove that a patch is actually correct, author annotation is prone to subjectivity. This concern has caused an on-going debate on appropriate ways to assess the effectiveness of numerous ASR techniques proposed recently.

这种写法我还是很喜欢的。值得学习。

我感觉这种user study，原理性分析还是很吃香了。这是一个特别的实证。
user study是一个亮点，亮点之二是作者的数据分析（相应结论）

这。。。看来以后工作量又大了。！

佩服作者，因为它的各种study，方法，统计分析，都做的很6

Improving Patch Quality by Enhancing Key Components of Automatic Program Repair

来源：On reliability of patch correctness assessment 被这篇文章引用。

引用：
@phdthesis{soto_improving_2019,
type = {{PhD} {Thesis}},
title = {Improving {Patch} {Quality} by {Enhancing} {Key} {Components} of {Automatic} {Program} {Repair}},
school = {Software Engineering Institute},
author = {Soto, Mauricio},
year = {2019},
file = {Full Text:D:\software\zotero\pdf-download-path\storage\4FI52B9A\Soto - 2019 - Improving Patch Quality by Enhancing Key Component.pdf:application/pdf}
}

没想到是一篇PHD论文。。。40页呢

Submitted in partial fulfillment of the requirements for the degree of Doctor of Philosophy
Thesis

CMU的学生，Claire Le Goues (Chair)作为chair审这篇文章。

天色已晚，今日到此为止吧。

小结

如切如磋，如琢如磨。

不看，就永远不会知道。
是故“读万卷书，行万里路”。