Many program verification tools provide automation via SMT solvers, allowing them to automatically discharge many proofs. However, when a proof fails, it can be hard to understand why it failed or how to fix it. The m...
详细信息
ISBN:
(纸本)9783031656262;9783031656279
Many program verification tools provide automation via SMT solvers, allowing them to automatically discharge many proofs. However, when a proof fails, it can be hard to understand why it failed or how to fix it. The main feedback the developer receives is simply the verification result (i.e., success or failure), with no visibility into the solver's internal state. To assist developers using such tools, we introduce ProofPlumber, a novel and extensible proof-action framework for understanding and debugging proof failures. Proof actions act on the developer's source-level proofs (e.g., assertions and lemmas) to determine why they failed and potentially suggest remedies. We evaluate ProofPlumber by writing a collection of proof actions that capture common proof debugging practices. We produce 17 proof actions, each only 29-177 lines of code.
Failures with different root causes can greatly disrupt multi-fault localization, therefore, categorizing failures into distinct groups according to the culprit fault is highly important. In such a failure indexing ta...
详细信息
Automated program Repair (APR) holds the promise of alleviating the burden of debugging and fixing software bugs. Despite this, developers still need to manually inspect each patch to confirm its correctness, which is...
详细信息
This paper proposes a strategy for automatically fixing faults in a program by combining the ideas of mutation and fault localization. Statements ranked in order of their likelihood of containing faults are mutated in...
详细信息
This paper proposes a strategy for automatically fixing faults in a program by combining the ideas of mutation and fault localization. Statements ranked in order of their likelihood of containing faults are mutated in the same order to produce potential fixes for the faulty program. The proposed strategy is evaluated using 8 mutant operators against 19 programs each with multiple faulty versions. Our results indicate that 20.70% of the faults are fixed using selected mutant operators, suggesting that the strategy holds merit for automatically fixing faults. The impact of fault localization on efficiency of the overall fault-fixing process is investigated by experimenting with two different techniques, Tarantula and Ochiai, the latter of which has been reported to be better at fault localization than Tarantula, and also proves to be better in the context of fault-fixing using our proposed strategy. Further experiments are also presented to evaluate stopping criteria with respect to the mutant examination process and reveal that a significant fraction of the (fixable) faults can be fixed by examining a small percentage of the program code. We also report on the relative fault-fixing capabilities of mutant operators used and present discussions on future work. (C) 2013 Elsevier Inc. All rights reserved.
Hardware-assisted Record and Deterministic Replay (RnR) of programs has been proposed as a primitive for debugging hard-to-repeat software bugs. However, simply providing support for repeatedly stumbling on the same b...
详细信息
ISBN:
(纸本)9781479943944
Hardware-assisted Record and Deterministic Replay (RnR) of programs has been proposed as a primitive for debugging hard-to-repeat software bugs. However, simply providing support for repeatedly stumbling on the same bug does not help diagnose it. For bug diagnosis, developers typically want to modify the code, e.g., by creating and operating on new variables, or printing state. Unfortunately, this renders the RnR log inconsistent and makes Replay debugging (i.e., debugging while using an RnR log for replay) dicey at best. This paper presents rdb, the first scheme for replay debugging that guarantees exact replay. rdb relies on two mechanisms. The first one is compiler support to split the instrumented application into two executables: one that is identical to the original program binary, and another that encapsulates all the added debug code. The second mechanism is a runtime infrastructure that replays the application and, without affecting it in any way, invokes the appropriate debug code at the appropriate locations. We describe an implementation of rdb based on LLVM and Pin, and show an example of how rdb's replay debugging helps diagnose a real bug.
Space optical clock is an important device for future space science experiments. Inevitably, the micro-vibration level in the order of micro-g (mu g) is required for ultra-stable optical reference cavity of space opti...
详细信息
Space optical clock is an important device for future space science experiments. Inevitably, the micro-vibration level in the order of micro-g (mu g) is required for ultra-stable optical reference cavity of space optical clock. However, the existing research on active vibration isolators of space optical clock is still in the laboratory development stage, and their vibration isolation control algorithms still rely on high-performance commercial real-time controllers, making it difficult to meet the application requirements for isolators of space optical clock. On the basis of the previous work, this paper describes the development an active vibration isolator that meets the experimental requirements of the space optical clock. Based on the DSP embedded vibration isolation controller, an anti-saturation control algorithm is designed, which solves the problems of high order of robust controllers, large computing resources and difficult parameter debugging. The active vibration isolation experimental system is further developed, and the experimental results validate the effectiveness of the developed active vibration isolator and anti-saturation control algorithm.
program synthesis with Large Language Models (LLMs) suffers from a "near-miss syndrome": The generated code closely resembles a correct solution but fails unit tests due to minor errors. We address this with...
详细信息
The format string vulnerability is a common software vulnerability. A well-constructed format string can read and modify arbitrary memory addresses, causing serious system problems. Existing automated exploit generati...
详细信息
The format string vulnerability is a common software vulnerability. A well-constructed format string can read and modify arbitrary memory addresses, causing serious system problems. Existing automated exploit generation solutions for format string vulnerability are unable to cope with the limitations imposed by the vulnerability defense mechanism Address Space Layout Randomization (ASLR) and the program itself on vulnerability exploitation. In this paper, to address the above challenges, we propose FormatAEG, the first automatic exploitation framework for format string vulnerabilities that can bypass ASLR defense and the program's own constraints. Specifically, we first proposed an arbitrary address reading and writing method based on a format string vulnerability, which can modify the target address data by directly arranging the target address or automatically searching and utilizing the pointer chain in the stack. Then, we propose a vulnerability reentry method based on global offset table (GOT) hijacking, which hijacks the program control flow by modifying function addresses in the GOT, making the vulnerability reentrant. In the experimental section, we evaluated FormatAEG using 20 Capture The Flag programs from top international tournaments and two real-world programs with format string vulnerabilities. The evaluation results show that with ASLR defense turned on, FormatAEG successfully detects format string vulnerability in 19 of these programs and generates exploit code for 15 of them. Compared with existing tools, FormatAEG detected 11 more format string vulnerabilities and generated 13 more exploit codes.
Fault localization, aiming at localizing the root cause of the bug under repair, has been a longstanding research topic. Although many approaches have been proposed in past decades, most of the existing studies work a...
详细信息
Fault localization, aiming at localizing the root cause of the bug under repair, has been a longstanding research topic. Although many approaches have been proposed in past decades, most of the existing studies work at coarse-grained statement or method levels with very limited insights about how to repair the bug (granularity problem), but few studies target the finer-grained fault localization. In this article, we target the granularity problem and propose a novel finer-grained variable-level fault localization technique. Specifically, the basic idea of our approach is that fault-relevant variables may exhibit different values in failed and passed test runs, and variables that have higher discrimination ability have a larger possibility to be the root causes of the failure. Based on this, we propose a program-dependency-enhanced decision tree model to boost the identification of fault-relevant variables via discriminating failed and passed test cases based on the variable values. To evaluate the effectiveness of our approach, we have implemented it in a tool called VarDT and conducted an extensive study over the Defects4J benchmark. The results show that VarDT outperforms the state-of-the-art fault localization approaches with at least 268.4% improvement in terms of bugs located at Top-1, and the average improvement is 351.3%. Besides, to investigate whether our finer-grained fault localization result can further improve the effectiveness of downstream APR techniques, we have adapted VarDT to the application of patch filtering, where we use the variables located by VarDT to filter incorrect patches. The results denote that VarDT outperforms the state-of-the-art PATCH-SIM and BATS by filtering 14.8% and 181.8% more incorrect patches, respectively, demonstrating the effectiveness of our approach. It also provides a new way of thinking for improving automatic program repair techniques.
Enbugging quiz is a format of programming exercises that let learners edit a given program so that it yields a designated error message. In order to formulate a quiz problem with less ambiguity and reasonable difficul...
详细信息
暂无评论