CN110674031B - Restricted set-based automatic program semantic defect repairing method - Google Patents
Restricted set-based automatic program semantic defect repairing method Download PDFInfo
- Publication number
- CN110674031B CN110674031B CN201910832302.8A CN201910832302A CN110674031B CN 110674031 B CN110674031 B CN 110674031B CN 201910832302 A CN201910832302 A CN 201910832302A CN 110674031 B CN110674031 B CN 110674031B
- Authority
- CN
- China
- Prior art keywords
- defect
- repair
- program
- expression
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3668—Software testing
- G06F11/3672—Test management
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/60—Software deployment
- G06F8/65—Updates
- G06F8/658—Incremental updates; Differential updates
Abstract
The invention discloses a limited set-based automatic program semantic defect repairing method which comprises the steps of firstly, summarizing common program semantic defects into a defect mode according to grammatical and semantic features, and defining a relevant variable value set capable of triggering defects as a limited set aiming at the defect mode relevant to variables. And then, predefining a repair template for each type of defect mode based on the limited set, automatically synthesizing a repair condition for each defect according to the repair template and the detected defect information, determining a repair position by using a use-definition chain and inserting the repair condition through a control flow diagram according to the minimum principle of program change, and realizing automatic repair of the program. The technical scheme provided by the invention can carry out automatic program repair on the semantic defects of the program in a targeted manner, and has the advantages of high repair rate and high repair speed.
Description
Technical Field
The invention belongs to the technical field of program semantic defect repairing methods, and particularly relates to a program semantic defect automatic repairing method based on a restricted set.
Background
The automatic program semantic defect repairing process includes defect characteristic definition, defect detection and automatic semantic defect repairing. Semantic defect repair refers to automatically repairing semantic defects detected by defects to prevent program exception and ensure normal operation of a system.
More and more industries pay attention to the detection of software defects, and large enterprises generally set up a software testing working group independently to detect the defects, so that the normal operation of a system is ensured, and various losses caused by system breakdown are reduced. Statistically, (defect detection and prevalence of program semantic defects) developed engineering projects, each thousand lines of code produces on average about 5.1 defects. The code of a general project has ten thousand lines, and the defect rate of the ten thousand lines can cause the system to lack the safety.
The defect is repaired manually. The traditional repair mode is manual repair, developers are busy in realizing algorithms and functions, professional security personnel are lacked, bugs cannot be found in time, the security personnel are tired to deal with bugs with huge number, hidden partial semantic defects are not considered in time, program defects in the system operation maintenance stage are repaired, a large amount of manpower and material resources need to be consumed, and the repair cost is high. Each time the repair is finished, the repair cost is high, and the automatic repair of the program can provide good supplement for manual audit and is more economical. The existing automatic program repairing method mainly comprises the following steps: manual repair, search-based repair methods, test set-based repair methods, semantic-based repair methods.
The defects of the traditional repairing method are as follows: manual repair is not timely and sufficient, and the cost is high; the search-based repair method has the defects that the candidate patches are more and difficult to find out the correct patch, and the resource overhead is high; the repair method based on the test set only ensures functional repair depending on the test set, and the repair is blindness.
Therefore, how to provide a method for automatically repairing semantic defects of programs based on a restricted set becomes a problem to be solved urgently by those skilled in the art.
Disclosure of Invention
In view of the above, the invention provides an automatic program semantic defect repairing method based on a restricted set, which is based on the characteristic that the restricted set describes an illegal variable interval, calculates the restricted set of related variables after detecting a defect, and synthesizes a repairing condition. And then, following the minimum principle of program change, determining a repair position by using a use-definition chain and inserting repair conditions through a control flow diagram, and detecting the pass of the test case again, and indicating that the similar defects do not exist or other defects are introduced to show that the repair is successful.
In order to achieve the purpose, the invention adopts the following technical scheme:
a restricted set-based automatic program semantic defect repairing method comprises the following steps:
A. predefining a repair template, giving a uniform repair method aiming at defect characteristics, and determining the corresponding predefined repair template according to the defect types in the defect report;
B. reconstructing an Abstract Syntax Tree (AST) of the defect file, traversing the AST with breadth first, finding a Tree node corresponding to the defect statement, updating defect related information on the Abstract Syntax Tree node, and acquiring defect operation;
C. obtaining a limited set of defect related variables to further obtain a patch repair condition;
D. the repair location is determined using the usage-definition chain, following the least-squares of procedural changes.
Preferably, in the part a, the predefined repair template is a universal defect repair template (repair-pattern); the semantic defects of the program have syntactic semantic characteristics, the semantic defects are summarized into defect modes, defects existing in software are detected based on a defect static detection method, and defect information is output in a defect report form and comprises defect file names, defect types, defect position lines and the like; a unified repairing method is provided for the defect characteristics through a universal defect repairing template.
Preferably, in the part B, the updating of the information related to the defect on the node of the abstract syntax tree is performed on the information on the node of the abstract syntax tree corresponding to the defect file according to the read defect information, and is used for determining a position of repairing a subsequent patch; after the syntax tree is reconstructed, reading information in a defect report, marking information on an updated node on AST according to whether the information is a defect, a defect type and a defect related variable, and defaulting the node initialization to be non-defect, defect type and defect related variable to be null; and traversing the AST with breadth first, and updating the AST according to the defect information in the defect report.
Preferably, in the part C, the restricted set is an interval set in which the variable may violate a legal value range in the program.
Preferably, a variable interval domain is marked as D and comprises an empty set phi, a connector set is marked as C { (A,) V, and if two operands of the limited operation possibly deviate from a value range, a connector is marked as A; otherwise, a connecting symbol is used; defining a restricted rule as a quadruplet R ═ by a restricted set<e,domain1,c,domain2>Wherein domain1 tableA restricted interval field showing a first operation expression, e a defect expression, domain2 a restricted interval field showing a second operation expression,
c belongs to C; the operation expression is divided into an expression before the operation expression and an expression after the operation expression, if the operation expression n is a/b, the operation expression is arithmetic division, the expression before the operation expression is a, and the expression after the operation expression is b, the limited set of the divisor b is [0, 0]。
Preferably, in the part D, the principle of minimum program modification means that the program is modified as little as possible to repair the program defect.
Preferably, setting priority, and preferentially selecting a scheme with minimum program modification, namely analyzing the same type of defects of the same statement block; if the same type of defect occurs in one statement block and related variables of the defect are the same, and no new assignment is carried out or no statement influencing the defect is produced, determining the position of the beginning of the statement block as the position of inserting a patch statement; in addition, the previous position of the defective dot is taken as the insertion position.
The invention has the beneficial effects that:
the invention uses the defect detection information for program synthesis patches, fully utilizes the defect information in the program static detection defect report, the repair condition does not depend on a test case, combines the information related to the defect, can directly synthesize the accurate repair condition through the calculation of a limited set, and determines the patch repair position to generate the patch program according to the minimum principle of program modification. The blindness of the traditional program automatic repairing method is avoided, the pertinence is better achieved, the repairing rate is higher, the patch repairing is targeted, the method is simple and efficient, and the repairing rate and the expansibility are improved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
FIG. 1 is a diagram of a defect repair framework of the present invention.
FIG. 2 is a diagram of a general defect repair template summarized from manual repair experience in accordance with the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Referring to fig. 1-2, the present invention provides a method for automatically repairing semantic defects of a program based on a restricted set, which includes the following steps:
A. predefining a repair template, giving a uniform repair method aiming at defect characteristics, and determining the corresponding predefined repair template according to the defect types in the defect report;
B. reconstructing an Abstract Syntax Tree (AST) of the defect file, traversing the AST with breadth first, finding a tree node corresponding to the defect statement, updating defect related information on the Abstract syntax tree node, and acquiring defect operation;
C. obtaining a limited set of defect related variables, and further obtaining a patch repair condition;
D. following the least-squares of procedural changes, repair locations are determined using the use-definition chain.
In part a, the predefined repair template is a universal defect repair template (repair-pattern) obtained by summarizing manual repair experience; the semantic defects of the program have syntactic semantic characteristics, the semantic defects are summarized into defect modes, defects existing in software are detected based on a defect static detection method, and defect information is output in a defect report form and comprises defect file names, defect types, defect position lines and the like; and summarizing manual repair experience to obtain a universal defect repair template, and providing a uniform repair method for the defect characteristics.
In part B, the updating of the information related to the defect on the abstract syntax tree node refers to the information on the abstract syntax tree node corresponding to the defect file according to the read defect information, and is used for determining the position of the patch repair later; after the syntax tree is reconstructed, reading information in a defect report, marking information on an update node (ASTNode) on AST (automatic maintenance code) for judging whether the information is a defect, a defect type and a defect related variable, and initializing the node to default that the information is non-defect, the defect type and the defect related variable are empty; and traversing the AST with breadth first, and updating the AST according to the defect information in the defect report.
In part C, the restricted set is a set of intervals in which the variable may violate a legal value range in the program in which the variable is located. Marking the variable interval domain as D, including an empty set phi, and marking a connector set as C { (Λ }), and if two operands of the limited operation possibly violate the value range, using a connector { (Λ); otherwise, the connector is used for marking a V-shaped graph; defining a restricted rule as a quadruplet R ═ by a restricted set<e,domain1,c,domain2>Wherein domain1 represents the restricted interval domain of the first operational expression, e represents the defect expression, domain2 represents the restricted interval domain of the second operational expression,
c belongs to C; the operation expression is divided into a pre-operator expression and a post-operator expression, for example, the operation expression n is a/b, the operator is arithmetic division, the pre-operator expression is a, the post-operator expression is b, and the divisor b is [0, 0 ] if the divisor is known to be not zero by the limited rule of division, the limited set of the divisor b is [0, 0 ]]。
In part D, the principle of minimum program modification means that the program is modified as little as possible to repair the program defect. In order to increase the readability of the program, setting priority, and preferentially selecting a scheme with the minimum program modification, namely analyzing the same type of defects of the same statement block; if the same type of defect occurs in one statement block and related variables of the defect are the same, and no new assignment is carried out or no statement influencing the defect is produced, determining the position of the beginning of the statement block as the position of inserting a patch statement; in addition, the previous position of the defective dot is taken as the insertion position. Namely, a plurality of similar defects are repaired according to the minimum principle of program change.
The invention uses the defect detection information for program synthesis patch, fully utilizes the defect information in the program static detection defect report, the repair condition does not depend on the test case, combines the information related to the defect, can directly synthesize the accurate repair condition through the calculation of the limited set, and determines the patch repair position to generate the patch program according to the minimum principle of program modification. The method avoids the blindness of the traditional program automatic repairing method, has pertinence, has higher repairing rate, ensures that the patch repairing has pertinence, is simple and efficient, and improves the repairing rate and the expansibility.
Application example 1:
the program shown below is a polar plot.java file of Java open source engineering jfreechar, which has a variable state initialization of null at line 1399, while line 1398 is likely to return 0 as a size () resulting in the following for loop not executing, executing directly 1409 lines of code, that state still having a null value when it is used at 1417, and therefore a null pointer exception defect can occur there. Although semantic defects may still exist through test cases, the method can be used for repairing program defects. Using the method herein to insert an empty check statement according to defect pattern selection, determine a restricted set of variable states to synthesize a repair condition state! Null, then the patch insertion location is determined using the define-use chain and use-define chain analysis, and null checks are added on line 1416 to fix null pointer exception defects.
If there are multiple defects in the for loop beginning at the line of program code 1400 below that are null pointer reference exceptions caused by a state being null, which has not had a new assignment made and has no statements affecting it, then an empty check statement is placed before the for loop.
Defect program code
The embodiments in the present description are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other. The device disclosed by the embodiment corresponds to the method disclosed by the embodiment, so that the description is simple, and the relevant points can be referred to the method part for description.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims (2)
1. A restricted set-based automatic program semantic defect repairing method is characterized by comprising the following steps:
A. predefining a repair template, giving a uniform repair method aiming at defect characteristics, and determining the corresponding predefined repair template according to the defect types in the defect report;
B. reconstructing an abstract syntax tree for the defect file, traversing AST with breadth first, finding a tree node corresponding to the defect statement, updating defect related information on the abstract syntax tree node, and acquiring defect operation;
C. obtaining a limited set of defect related variables to further obtain a patch repair condition;
D. determining the repair position by using a use-definition chain according to the minimum principle of program modification;
in the part D, the minimum principle of program modification means that the program is modified as little as possible to repair the program defect; setting priority, and preferentially selecting a scheme with minimum program modification, namely analyzing the same type of defects of the same statement block; if the same type of defect occurs in one statement block and related variables of the defect are the same, no new assignment is carried out and no statement influencing the defect exists, and the position where the statement block starts is determined as the position where a patch statement is inserted; besides, the previous position of the defect point is used as the insertion position;
in the part B, the updating of the information related to the defect on the abstract syntax tree node refers to finding information on the abstract syntax tree node corresponding to the defect file according to the read defect information, and is used for determining the position of the patch repair later; after the syntax tree is reconstructed, reading information in a defect report, marking information on an updated node on AST (automatic document retrieval) according to whether the information is a defect, a defect type and a defect related variable, and defaulting initialization of the node to be non-defect, defect type and defect related variable to be null; traversing the AST with breadth first, and updating the AST according to the defect information in the defect report;
in the part C, the restricted set is an interval set in which the variable may violate a legal value range in the program;
marking a variable interval domain as D, including an empty set phi, and marking a connector set as C { (inverted V, V }, and if two operands of the limited operation possibly deviate from a value range, using a connector { (inverted V); otherwise, the connector is used for marking a V-shaped graph; defining a restricted rule as a quadruplet R ═ by a restricted set<e,domain1,c,domain2>Wherein domain1 represents the restricted interval domain of the first operational expression, e represents the defect expression, domain2 represents the restricted interval domain of the second operational expression,
c belongs to C; the operation expression is divided into an expression before the operation expression and an expression after the operation expression, if the operation expression n is a/b, the operation expression is arithmetic division, the expression before the operation expression is a, and the expression after the operation expression is b, the limited set of the divisor b is [0, 0]。
2. The method according to claim 1, wherein in the part a, the predefined repair template is a general defect repair template; the semantic defects of the program have syntactic semantic characteristics, the semantic defects are summarized into defect modes, defects existing in software are detected based on a defect static detection method, and defect information is output in a defect report form and comprises defect file names, defect types and defect lines; a unified repairing method is provided for the defect characteristics through a universal defect repairing template.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910832302.8A CN110674031B (en) | 2019-09-04 | 2019-09-04 | Restricted set-based automatic program semantic defect repairing method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910832302.8A CN110674031B (en) | 2019-09-04 | 2019-09-04 | Restricted set-based automatic program semantic defect repairing method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110674031A CN110674031A (en) | 2020-01-10 |
| CN110674031B true CN110674031B (en) | 2022-09-30 |
Family
ID=69075968
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910832302.8A Active CN110674031B (en) | 2019-09-04 | 2019-09-04 | Restricted set-based automatic program semantic defect repairing method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110674031B (en) |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103218296A (en) * | 2013-04-22 | 2013-07-24 | 北京邮电大学 | Method of fully detecting null pointer reference defects |
| CN108170466A (en) * | 2017-12-21 | 2018-06-15 | 南京大学 | A kind of C/C++ bugs self-repairing methods based on program synthesis |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20130339929A1 (en) * | 2012-06-14 | 2013-12-19 | Microsoft Corporation | Program repair |
-
2019
- 2019-09-04 CN CN201910832302.8A patent/CN110674031B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103218296A (en) * | 2013-04-22 | 2013-07-24 | 北京邮电大学 | Method of fully detecting null pointer reference defects |
| CN108170466A (en) * | 2017-12-21 | 2018-06-15 | 南京大学 | A kind of C/C++ bugs self-repairing methods based on program synthesis |
Non-Patent Citations (1)
| Title |
|---|
| C程序非法计算缺陷的静态检测;董玉坤;《计算机工程与应用》;20161015;第52卷(第19期);第31-36页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110674031A (en) | 2020-01-10 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106909510B (en) | Method for obtaining test case and server | |
| US8312440B2 (en) | Method, computer program product, and hardware product for providing program individuality analysis for source code programs | |
| CN101853200B (en) | High-efficiency dynamic software vulnerability exploiting method | |
| US20090241096A1 (en) | Dynamic Software Tracing | |
| CN103530223A (en) | Method and device for automatically generating unit test cases | |
| CN111400724A (en) | Operating system vulnerability detection method, system and medium based on code similarity analysis | |
| CN102214125A (en) | Method for testing error checking and correcting (ECC) function of memory | |
| CN114510722A (en) | Static detection method and detection system for incremental code | |
| JPH03188535A (en) | Assembly language programming error detecting process | |
| CN110674031B (en) | Restricted set-based automatic program semantic defect repairing method | |
| CN113901463A (en) | Concept drift-oriented interpretable Android malicious software detection method | |
| CN112162908B (en) | Method and device for realizing program call link monitoring based on byte code injection technology | |
| CN101551773B (en) | Binary vulnerability detection location device for symbol error and assignment truncation | |
| CN112906004A (en) | Vulnerability detection method and device based on assembly code and electronic equipment | |
| EP2535813B1 (en) | Method and device for generating an alert during an analysis of performance of a computer application | |
| CN113641573B (en) | Program analysis software automatic test method and system based on revision log | |
| CN112819621B (en) | Intelligent contract resource loss testing method and system | |
| CN110781078B (en) | Code vulnerability processing method and device | |
| CN114462043A (en) | Java anti-serialization vulnerability detection system and method based on reinforcement learning | |
| CN112631944A (en) | Source code detection method and device based on abstract syntax tree and computer storage medium | |
| CN113434385A (en) | Method and system for automatically generating test case for software model inspection tool | |
| CN113282495A (en) | Java software fault positioning method based on track monitoring | |
| CN112380541A (en) | Method and device for detecting vulnerability of intelligent contract and computer equipment | |
| CN106020913A (en) | Updating method and device for defect detection tools | |
| CN111290943A (en) | Code coverage rate processing method, device, server and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |