-
On The Effectiveness of Dynamic Reduction Techniques in Automated Program Repair
Authors:
Omar I. Al-Bataineh
Abstract:
Repairing a large-scale buggy program using current automated program repair (APR) approaches can be a time-consuming operation that requires significant computational resources. We describe a program repair framework that effectively handles large-scale buggy programs of industrial complexity. The framework exploits program reduction in the form of program slicing to eliminate parts of the code i…
▽ More
Repairing a large-scale buggy program using current automated program repair (APR) approaches can be a time-consuming operation that requires significant computational resources. We describe a program repair framework that effectively handles large-scale buggy programs of industrial complexity. The framework exploits program reduction in the form of program slicing to eliminate parts of the code irrelevant to the bug being repaired without adversely affecting the capability of the repair system in producing correct patches.
Observation-based slicing is a recently introduced, language-independent slicing technique that shows a good effectiveness in a wide range of applications. In this work, we show how ORBS can be effectively integrated with APR to improve all aspects of the repair process including the fault localization step, patch generation step, and patch validation step. The presented repair framework indeed enhances the capability of APR by reducing the execution cost of a test suite and the search cost for the appropriate faulty statement corresponding to the bug being repair. Our empirical results on the widely used Defects4J dataset reveal that a substantial improvement in performance can be obtained without any degradation in repair quality.
△ Less
Submitted 23 June, 2024;
originally announced June 2024.
-
Invariant-based Program Repair
Authors:
Omar I. Al-Bataineh
Abstract:
This paper describes a formal general-purpose automated program repair (APR) framework based on the concept of program invariants. In the presented repair framework, the execution traces of a defected program are dynamically analyzed to infer specifications $\varphi_{correct}$ and $\varphi_{violated}$, where $\varphi_{correct}$ represents the set of likely invariants (good patterns) required for a…
▽ More
This paper describes a formal general-purpose automated program repair (APR) framework based on the concept of program invariants. In the presented repair framework, the execution traces of a defected program are dynamically analyzed to infer specifications $\varphi_{correct}$ and $\varphi_{violated}$, where $\varphi_{correct}$ represents the set of likely invariants (good patterns) required for a run to be successful and $\varphi_{violated}$ represents the set of likely suspicious invariants (bad patterns) that result in the bug in the defected program. These specifications are then refined using rigorous program analysis techniques, which are also used to drive the repair process towards feasible patches and assess the correctness of generated patches.We demonstrate the usefulness of leveraging invariants in APR by developing an invariant-based repair system for performance bugs. The initial analysis shows the effectiveness of invariant-based APR in handling performance bugs by producing patches that ensure program's efficiency increase without adversely impacting its functionality.
△ Less
Submitted 26 January, 2024; v1 submitted 27 December, 2023;
originally announced December 2023.
-
Towards Extending the Range of Bugs That Automated Program Repair Can Handle
Authors:
Omar I. Al-Bataineh,
Leon Moonen
Abstract:
Modern automated program repair (APR) is well-tuned to finding and repairing bugs that introduce observable erroneous behavior to a program. However, a significant class of bugs does not lead to such observable behavior (e.g., liveness/termination bugs, non-functional bugs, and information flow bugs). Such bugs can generally not be handled with current APR approaches, so, as a community, we need t…
▽ More
Modern automated program repair (APR) is well-tuned to finding and repairing bugs that introduce observable erroneous behavior to a program. However, a significant class of bugs does not lead to such observable behavior (e.g., liveness/termination bugs, non-functional bugs, and information flow bugs). Such bugs can generally not be handled with current APR approaches, so, as a community, we need to develop complementary techniques.
To stimulate the systematic study of alternative APR approaches and hybrid APR combinations, we devise a novel bug classification system that enables methodical analysis of their bug detection power and bug repair capabilities. To demonstrate the benefits, we analyze the repair of termination bugs in sequential and concurrent programs. The study shows that integrating dynamic APR with formal analysis techniques, such as termination provers and software model checkers, reduces complexity and improves the overall reliability of these repairs.
△ Less
Submitted 7 November, 2022;
originally announced November 2022.
-
Towards More Reliable Automated Program Repair by Integrating Static Analysis Techniques
Authors:
Omar I. Al-Bataineh,
Anastasiia Grishina,
Leon Moonen
Abstract:
A long-standing open challenge for automated program repair is the overfitting problem, which is caused by having insufficient or incomplete specifications to validate whether a generated patch is correct or not. Most available repair systems rely on weak specifications (i.e., specifications that are synthesized from test cases) which limits the quality of generated repairs. To strengthen specific…
▽ More
A long-standing open challenge for automated program repair is the overfitting problem, which is caused by having insufficient or incomplete specifications to validate whether a generated patch is correct or not. Most available repair systems rely on weak specifications (i.e., specifications that are synthesized from test cases) which limits the quality of generated repairs. To strengthen specifications and improve the quality of repairs, we propose to closer integrate static bug detection techniques with automated program repair. The integration combines automated program repair with static analysis techniques in such a way that bug detection patterns can be synthesized into specifications that the repair system can use. We explore the feasibility of such integration using two types of bugs: arithmetic bugs, such as integer overflow, and logical bugs, such as termination bugs. As part of our analysis, we make several observations that help to improve patch generation for these classes of bugs. Moreover, these observations assist with narrowing down the candidate patch search space, and inferring an effective search order.
△ Less
Submitted 10 November, 2021;
originally announced November 2021.
-
Verifix: Verified Repair of Programming Assignments
Authors:
Umair Z. Ahmed,
Zhiyu Fan,
Jooyong Yi,
Omar I. Al-Bataineh,
Abhik Roychoudhury
Abstract:
Automated feedback generation for introductory programming assignments is useful for programming education. Most works try to generate feedback to correct a student program by comparing its behavior with an instructor's reference program on selected tests. In this work, our aim is to generate verifiably correct program repairs as student feedback. The student assignment is aligned and composed wit…
▽ More
Automated feedback generation for introductory programming assignments is useful for programming education. Most works try to generate feedback to correct a student program by comparing its behavior with an instructor's reference program on selected tests. In this work, our aim is to generate verifiably correct program repairs as student feedback. The student assignment is aligned and composed with a reference solution in terms of control flow, and differences in data variables are automatically summarized via predicates to relate the variable names. Failed verification attempts for the equivalence of the two programs are exploited to obtain a collection of maxSMT queries, whose solutions point to repairs of the student assignment. We have conducted experiments on student assignments curated from a widely deployed intelligent tutoring system. Our results indicate that we can generate verified feedback in up to 58% of the assignments. More importantly, our system indicates when it is able to generate a verified feedback, which is then usable by novice students with high confidence.
△ Less
Submitted 30 June, 2021;
originally announced June 2021.
-
Monitoring Cumulative Cost Properties
Authors:
Omar Al-Bataineh,
Daniel Jun Xian Ng,
Arvind Easwaran
Abstract:
This paper considers the problem of decentralized monitoring of a class of non-functional properties (NFPs) with quantitative operators, namely cumulative cost properties. The decentralized monitoring of NFPs can be a non-trivial task for several reasons: (i) they are typically expressed at a high abstraction level where inter-event dependencies are hidden, (ii) NFPs are difficult to be monitored…
▽ More
This paper considers the problem of decentralized monitoring of a class of non-functional properties (NFPs) with quantitative operators, namely cumulative cost properties. The decentralized monitoring of NFPs can be a non-trivial task for several reasons: (i) they are typically expressed at a high abstraction level where inter-event dependencies are hidden, (ii) NFPs are difficult to be monitored in a decentralized way, and (iii) lack of effective decomposition techniques. We address these issues by providing a formal framework for decentralised monitoring of LTL formulas with quantitative operators. The presented framework employs the tableau construction and a formula unwinding technique (i.e., a transformation technique that preserves the semantics of the original formula) to split and distribute the input LTL formula and the corresponding quantitative constraint in a way such that monitoring can be performed in a decentralised manner. The employment of these techniques allows processes to detect early violations of monitored properties and perform some corrective or recovery actions. We demonstrate the effectiveness of the presented framework using a case study based on a Fischertechnik training model,a sorting line which sorts tokens based on their color into storage bins. The analysis of the case study shows the effectiveness of the presented framework not only in early detection of violations, but also in developing failure recovery plans that can help to avoid serious impact of failures on the performance of the system.
△ Less
Submitted 23 April, 2021;
originally announced April 2021.
-
Smart Contract Repair
Authors:
Xiao Liang Yu,
Omar Al-Bataineh,
David Lo,
Abhik Roychoudhury
Abstract:
Smart contracts are automated or self-enforcing contracts that can be used to exchange assets without having to place trust in third parties. Many commercial transactions use smart contracts due to their potential benefits in terms of secure peer-to-peer transactions independent of external parties. Experience shows that many commonly used smart contracts are vulnerable to serious malicious attack…
▽ More
Smart contracts are automated or self-enforcing contracts that can be used to exchange assets without having to place trust in third parties. Many commercial transactions use smart contracts due to their potential benefits in terms of secure peer-to-peer transactions independent of external parties. Experience shows that many commonly used smart contracts are vulnerable to serious malicious attacks which may enable attackers to steal valuable assets of involving parties. There is therefore a need to apply analysis and automated repair techniques to detect and repair bugs in smart contracts before being deployed. In this work, we present the first general-purpose automated smart contract repair approach that is also gas-aware. Our repair method is search-based and searches among mutations of the buggy contract. Our method also considers the gas usage of the candidate patches by leveraging our novel notion of gas dominance relationship. We have made our smart contract repair tool SCRepair available open-source, for investigation by the wider community.
△ Less
Submitted 20 May, 2020; v1 submitted 12 December, 2019;
originally announced December 2019.
-
Efficient LTL Decentralized Monitoring Framework Using Formula Simplification Table
Authors:
Omar Al-Bataineh,
David Rosenblum,
Mark Reynolds
Abstract:
This paper presents a new technique for optimizing formal analysis of propositional logic formulas and Linear Temporal Logic (LTL) formulas, namely the formula simplification table. A formula simplification table is a mathematical table that shows all possible simplifications of the formula under different truth assignments of its variables. The advantages of constructing a simplification table of…
▽ More
This paper presents a new technique for optimizing formal analysis of propositional logic formulas and Linear Temporal Logic (LTL) formulas, namely the formula simplification table. A formula simplification table is a mathematical table that shows all possible simplifications of the formula under different truth assignments of its variables. The advantages of constructing a simplification table of a formula are two-fold. First, it can be used to compute the logical influence weight of each variable in the formula, which is a metric that shows the importance of the variable in affecting the outcome of the formula. Second, it can be used to identify variables that have the highest logical influences on the outcome of the formula. %The simplification table can be used to optimize %existing solutions for several interesting %LTL verification problems. We demonstrate the effectiveness of formula simplification table in the context of software verification by developing efficient framework to the well-known decentralized LTL monitoring problem.
△ Less
Submitted 31 October, 2018;
originally announced October 2018.
-
Efficient Decentralized LTL Monitoring Framework Using Tableau Technique
Authors:
Omar Al-Bataineh,
David Rosenblum
Abstract:
This paper presents a novel framework for decentralized monitoring of Linear Temporal Logic (LTL), under the situation where processes are synchronous, uniform (i.e. all processes are peers), and the formula is represented as a tableau. The tableau technique allows one to construct a semantic tree for the input formula, which can be used to optimize the decentralized monitoring of LTL in various w…
▽ More
This paper presents a novel framework for decentralized monitoring of Linear Temporal Logic (LTL), under the situation where processes are synchronous, uniform (i.e. all processes are peers), and the formula is represented as a tableau. The tableau technique allows one to construct a semantic tree for the input formula, which can be used to optimize the decentralized monitoring of LTL in various ways. Given a system P and an LTL formula L, we construct a tableau for L. The tableauis used for two purposes: (a) to synthesize an efficient round-robin communication policy for processes, and (b) to allow processes to propagate their observations in an optimal way. In our framework, processes can propagate truth values of atomic formulas, compound formulas, and temporal formulas depending on the syntactic structure of the input LTL formula and the observation power of processes. We demonstrate that this approach of decentralized monitoring based on tableau construction is more straightforward, more flexible, and more likely to yield efficient solutions than alternative approaches.
△ Less
Submitted 25 August, 2018; v1 submitted 6 March, 2018;
originally announced March 2018.
-
Computing Maximal Expected Termination Time of Probabilistic Timed Automata
Authors:
Omar Al-Bataineh,
Michael Fisher,
David Rosenblum
Abstract:
The paper addresses the problem of computing maximal expected time to termination of probabilistic timed automata (PTA) models, under the condition that the system will, eventually, terminate. This problem can exhibit high computational complexity, in particular when the automaton under analysis contains cycles that may be repeated very often (due to very high probabilities, e.g. p =0.999). Such c…
▽ More
The paper addresses the problem of computing maximal expected time to termination of probabilistic timed automata (PTA) models, under the condition that the system will, eventually, terminate. This problem can exhibit high computational complexity, in particular when the automaton under analysis contains cycles that may be repeated very often (due to very high probabilities, e.g. p =0.999). Such cycles can degrade the performance of typical model checking algorithms, as the likelihood of repeating the cycle converges to zero arbitrarily slowly. We introduce an acceleration technique that can be applied to improve the execution of such cycles by collapsing their iterations. The acceleration process of a cyclic PTA consists of several formal steps necessary to handle the cumulative timing and probability information that result from successive executions of a cycle. The advantages of acceleration are twofold. First, it helps to reduce the computational complexity of the problem without adversely affecting the outcome of the analysis. Second, it can bring the "worst case execution time" problem of PTAs within the bounds of feasibility for model checking techniques. To our knowledge, this is the first work that addresses the problem of accelerating execution of cycles that exhibit both timing and probabilistic behavior.
△ Less
Submitted 22 March, 2018; v1 submitted 21 September, 2017;
originally announced September 2017.
-
Epistemic Model Checking of Atomic Commitment Protocols with Byzantine Failures
Authors:
Omar Al-Bataineh
Abstract:
The notion of knowledge-based program introduced by Halpern and Fagin provides a useful formalism for designing, analysing, and optimising distributed systems. This paper formulates the two phase commit protocol as a knowledge-based program and then an iterative process of model checking and counter-example guided refinement is followed to find concrete implementations of the program for the case…
▽ More
The notion of knowledge-based program introduced by Halpern and Fagin provides a useful formalism for designing, analysing, and optimising distributed systems. This paper formulates the two phase commit protocol as a knowledge-based program and then an iterative process of model checking and counter-example guided refinement is followed to find concrete implementations of the program for the case of perfect recall semantic in the Byzantine failures context with synchronous reliable communication. We model several different kinds of Byzantine failures and verify different strategies to fight and mitigate them. We address a number of questions that have not been considered in the prior literature, viz., under what circumstances a sender can know that its transmission has been successful, and under what circumstances an agent can know that the coordinator is cheating, and find concrete answers to these questions. The paper describes also a methodology based on temporal-epistemic model checking technology that can be followed to verify the shortest and longest execution time of a distributed protocol and the scenarios that lead to them.
△ Less
Submitted 10 May, 2017; v1 submitted 6 May, 2017;
originally announced May 2017.
-
Finding Minimum and Maximum Termination Time of Timed Automata Models with Cyclic Behaviour
Authors:
Omar Al-Bataineh,
Mark Reynolds,
Tim French
Abstract:
The paper presents a novel algorithm for computing best and worst case execution times (BCET/WCET) of timed automata models with cyclic behaviour. The algorithms can work on any arbitrary diagonal-free TA and can handle more cases than previously existing algorithms for BCET/WCET computations, as it can handle cycles in TA and decide whether they lead to an infinite WCET. We show soundness of the…
▽ More
The paper presents a novel algorithm for computing best and worst case execution times (BCET/WCET) of timed automata models with cyclic behaviour. The algorithms can work on any arbitrary diagonal-free TA and can handle more cases than previously existing algorithms for BCET/WCET computations, as it can handle cycles in TA and decide whether they lead to an infinite WCET. We show soundness of the proposed algorithm and study its complexity. To our knowledge, this is the first model checking algorithm that addresses comprehensively the BCET/WCET problem of systems with cyclic behaviour. Behrmann et al. provide an algorithm for computing the minimum cost/time of reaching a goal state in priced timed automata (PTA). The algorithm has been implemented in the well-known model checking tool UPPAAL to compute the minimum time for termination of an automaton. However, we show that in certain circumstances, when infinite cycles exist, the algorithm implemented in UPPAAL may not terminate, and we provide examples which UPPAAL fails to verify.
△ Less
Submitted 31 October, 2016;
originally announced October 2016.
-
Termination of Monotone Programs
Authors:
Omar Al-Bataineh,
Xie Xiaofei,
Mark Reynolds
Abstract:
We present an efficient approach to prove termination of monotone programs with integer variables, an expressive class of loops that is often encountered in computer programs. Our approach is based on a lightweight static analysis method and takes advantage of simple %nice properties of monotone functions. Our preliminary implementation %beats shows that our tool has an advantage over existing too…
▽ More
We present an efficient approach to prove termination of monotone programs with integer variables, an expressive class of loops that is often encountered in computer programs. Our approach is based on a lightweight static analysis method and takes advantage of simple %nice properties of monotone functions. Our preliminary implementation %beats shows that our tool has an advantage over existing tools and can prove termination for a high percentage of loops for a class of benchmarks.
△ Less
Submitted 4 February, 2017; v1 submitted 30 October, 2016;
originally announced October 2016.
-
Verifying Real-time Commit Protocols Using Dense-time Model Checking Technology
Authors:
Omar I. Al-Bataineh,
Mark Reynolds
Abstract:
The timed-based automata model, introduced by Alur and Dill, provides a useful formalism for describing real-time systems. Over the last two decades, several dense-time model checking tools have been developed based on that model. The paper considers the verification of real-time distributed commit protocols using dense-time model checking technology. More precisely, we model and verify the well-k…
▽ More
The timed-based automata model, introduced by Alur and Dill, provides a useful formalism for describing real-time systems. Over the last two decades, several dense-time model checking tools have been developed based on that model. The paper considers the verification of real-time distributed commit protocols using dense-time model checking technology. More precisely, we model and verify the well-known timed two phase commit protocol in three different state-of-the-art real-time model checkers: UPPAAL, Rabbit, and RED, and compare the results.
△ Less
Submitted 10 May, 2018; v1 submitted 16 January, 2012;
originally announced January 2012.
-
Abstraction for Epistemic Model Checking of Dining Cryptographers-based Protocols
Authors:
Omar I. Al-Bataineh,
Ron van der Meyden
Abstract:
The paper describes an abstraction for protocols that are based on multiple rounds of Chaum's Dining Cryptographers protocol. It is proved that the abstraction preserves a rich class of specifications in the logic of knowledge, including specifications describing what an agent knows about other agents' knowledge. This result can be used to optimize model checking of Dining Cryptographers-based pro…
▽ More
The paper describes an abstraction for protocols that are based on multiple rounds of Chaum's Dining Cryptographers protocol. It is proved that the abstraction preserves a rich class of specifications in the logic of knowledge, including specifications describing what an agent knows about other agents' knowledge. This result can be used to optimize model checking of Dining Cryptographers-based protocols, and applied within a methodology for knowledge-based program implementation and verification. Some case studies of such an application are given, for a protocol that uses the Dining Cryptographers protocol as a primitive in an anonymous broadcast system. Performance results are given for model checking knowledge-based specifications in the concrete and abstract models of this protocol, and some new conclusions about the protocol are derived.
△ Less
Submitted 11 October, 2010;
originally announced October 2010.
-
Epistemic Model Checking for Knowledge-Based Program Implementation: an Application to Anonymous Broadcast
Authors:
Omar I. Al-Bataineh,
Ron van der Meyden
Abstract:
Knowledge-based programs provide an abstract level of description of protocols in which agent actions are related to their states of knowledge. The paper describes how epistemic model checking technology may be applied to discover and verify concrete implementations based on this abstract level of description. The details of the implementations depend on the specific context of use of the protocol…
▽ More
Knowledge-based programs provide an abstract level of description of protocols in which agent actions are related to their states of knowledge. The paper describes how epistemic model checking technology may be applied to discover and verify concrete implementations based on this abstract level of description. The details of the implementations depend on the specific context of use of the protocol. The knowledge-based approach enables the implementations to be optimized relative to these conditions of use. The approach is illustrated using extensions of the Dining Cryptographers protocol, a security protocol for anonymous broadcast.
△ Less
Submitted 25 April, 2010;
originally announced April 2010.
