130 likes | 303 Views
Evidence-Based Automated Program Fixing. Yu Pei , Yi Wei, Carlo Furia, Martin Nordio, Bertrand Meyer Chair of Software Engineering, ETH Zürich . Program Fixing. Automated . Evidence-based. Program fixing. Automated fixing. Evidence-based fixing. Find a fault Analyze the fault Where
E N D
Evidence-Based Automated Program Fixing Yu Pei, Yi Wei, Carlo Furia, Martin Nordio, Bertrand Meyer Chair of Software Engineering, ETH Zürich
Program Fixing Automated Evidence-based Program fixing Automated fixing Evidence-based fixing • Find a fault • Analyze the fault • Where • What • Fix the fault • How • Validate the fix • Test case generation • Fault localization • Design-by-contract • Dynamic/static analysis • Fix synthesis • By enumeration • Regression testing
Evidence-based Fixing: Example Faults 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 move_item (v: G) -- Move `v' to the left of cursor. require v /= Void ; has (v) localidx: INTEGER ; found: BOOLEAN do idx := index from start until found or after loop found := (v = item) ifnot found then forth end end check found andnot after end remove go_i_th (idx) put_left (v) end -- idx <= count + 1 -- not before 16 17 go_i_th (i: INTEGER) require 0 <= i and then i <= count + 1 put_left (v: G) requirenot before before: BOOLEANdoResult := (index = 0) end 18 19
Evidence-based Fixing: Fixes 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 move_item (v: G) -- Move `v' to the left of cursor. require v /= Void ; has (v) localidx: INTEGER ; found: BOOLEAN do idx := index from start until found or after loop found := (v = item) ifnot found then forth end end check found andnot after end remove go_i_th (idx) put_left (v) end if index < idx then idx := idx – 1 end if before then start end
Evidence in Program State Components • <p, l, v> • p : state predicate • l : program location • v : value of predicate p at location l • Design-by-contract • Faults that cause contract violations • A fault can by characterized by cf= <pf , lf , F> • Helps us narrow down faulty code to routine level • Allows us to inspect program states inmore detail
Dynamic Analysis • Exercise the original program using test cases • Each test case contributes to the score of a state component • The contribution • from failing test cases cannot be canceled out completely • from the first a few test cases is crucial • from one failing test case is stronger than the counter-part from one passing test case • αi for each i-th failing test case, and β∙αi for each i-th passing test case (0 < α, β < 1)
Static Analysis • Given a state component <p, l, v> • Expression dependence • the syntactic similarity between pf and p • Control dependence • the distance, in terms of number of instructions, between lf and l
Combining Static and Dynamic Analysis • Suspiciousness score fixme as the harmonic mean of dyn, edep, and cdep • cf= <idx<=count+1 , l-13 , F>, #f(cf)=15, #p(cf)=0 • cdep = 1-0/9 = 1 • edep = 3/3 = 1 • dyn ≈ 1.4999 • fixme ≈ 1.125 • Program state components with higher suspiciousness scores are more likely to reflect the fault cause • < index<idx , l-13 , T> • <not before, l-14, F> 12 13 14 15 remove go_i_th (idx) put_left (v) end -- idx <= count + 1
Fixing Actions • Given a state component <p, l, v>, how the state should be changed to avoid that? • Try with applicable operations • Fixing with state modification • Fixing with expression substitution -- <index<idx, l-13, T> go_i_th (idx) idx := idx – 1 -- <index<idx, l-13, T> go_i_th (idx) go_i_th (idx - 1)
Fix Candidate Generation and Validation • Fix schemas and fix candidates • failing_condition • Predicate of the state component • Potential state invariant only observed in failing runs • Fix validation iffail_conditionthen fixing_action end original_instruction iffail_conditionthen fixing_action else original_instruction end
Evidence-based Fixing: Experiments • 15 faults in 7 classes from EiffelBase • Classes supposed to have high quality • Routine size, in number of loc, varies from 1 to 30 • 11 precondition violations and 4postcondition violations • Generated proper fixes for 12 faults • 5 faults in 4 classes from a library manipulating text documents • Classes from student project • Routine size varies from 20 to 40 • All precondition violations • Generated proper fixes for 3 faults • 7.6 min on average per fault
Summary • Evidence-based automatic program fixing • Design-by-contract • Fault localization: dynamic and static analysis • Fix generation: operation enumeration • Future work • More empirical evaluation • User study • Multiple faults • Programs with weak/no/incorrect contracts