软工大牛Rijnard van Tonder 和 Claire Le Goues及其顶会论文解读
前言
本文旨在介绍软工大牛Rijnard van Tonder, Claire Le Goues及其今年ICSE 2018顶会论文“Static Automated Program Repair for Heap Properties”。
一、论文及作者信息
论文名称:Static Automated Program Repair for Heap Properties
作者:Rijnard van Tonder(一作), Claire Le Goues(第二作者,也是一作的导师)
单位:Carnegie Mellon University的计算机学院(School of computer science)
美国卡耐基梅隆大学(Carnegie Mellon University),简称CMU,坐落在美国宾夕法尼亚州的匹兹堡(Pittsburgh),是一所拥有13,600名在校学生和1,423名教职及科研人员的世界著名学府。该校拥有享誉全球的计算机学院和戏剧学院,其艺术学院,商学院,工程院以及公共管理学院等也都在全美名列前茅。CMU由工业家兼慈善家安德鲁·卡耐基于1900年创建,当时名为卡内基技术学校,1912年改名为卡耐基梅隆大学,开始向以研究为主的美国重点大学转变。 其在2016-17泰晤士高等教育全球大学排名中位列世界第23,包括工程与技术排名世界第15,商业与经济排名世界第16,计算机排名世界第6,全美大学排名第16。[1]
I also check the homepage of this university [5]. To be honest, I am suprised by this university, especially by the movie shown in the homepage [4]. The short video displays a theme “Today, we work.”, which tries to say that the students in the university are engaged in their own work, they have their own dreams, such as being a driver of the driveless, a climate leader, and an artist.
Also, in the page, it quotes a sentence said by Andrew Carnegie that helped to establish this university, “My heart is in the work.” Besides, it adds that, “At CMU, we think about work a little differently.”
About the authors
Rijnard van Tonder:
He is a PHD student currently studying software engineering according to the information from [1], and his advisor is Claire Le Goues.
His papers include [6]:
- Rijnard van Tonder, Claire Le Goues:
Static automated program repair for heap properties. ICSE 2018: 151-162 - Rijnard van Tonder, Claire Le Goues:
Cross-Architecture Lifter Synthesis. SEFM 2018: 155-170 - Rijnard van Tonder, Claire Le Goues:
Defending against the attack of the micro-clones. ICPC 2016: 1-4 - Rijnard van Tonder, Herman A. Engelbrecht:
Lowering the USB Fuzzing Barrier by Transparent Two-Way Emulation. WOOT 2014
It seems that Rijnard van Tonder is not very famous in this field. But I really admire him as his paper is accepted by ICSE 2018, which making the paper to be accepted by ICSE is a very desirable goal and dream for any software engineers.
As for his supervisor Claire Le Goues, there are many things to introduce.
Her homepage is https://clairelegoues.com/ [7]
Basic info:
About me: Assistant Professor in the School of Computer Science at Carnegie Mellon University, primarily affiliated with the Institute for Software Research. My research interests span software engineering and programming languages, and especially in how to construct, maintain, evolve, improve/debug, and assure high-quality software systems. My group of brilliant students and collaborators is called squaresLab. I teach software engineering and program analysis at the undergraduate, masters, and PhD levels; direct the CMU undergraduate minor in Software Engineering; and co-direct the [email protected] summer program.
Education:
Quick professional bio: Ph.D. and M.S. degrees, Computer Science, from the University of Virginia; B.A., Computer Science, from Harvard College. Before grad school, I spent a year and a half employed as a Software Engineer at IBM in Cambridge, MA, where I specialized in rapid XML processing. My brief time in the Real World substantively impacted the types of research problems I find interesting.
A notably incomplete list of my recent international service includes: DARPA ISAT Working Group (2017-present); PB member, ICSE 2019. PC member, ASE (2015, 2016, 2018), ICSE (2016-2018), ESEC/FSE (2017), ISSTA (2016). Review board member, IEEE TSE; reviewer for TOSEM, SPE, JSS. Local Chair for SPLASH 2015; co-PC Chair ESEC/FSE NIER 2018, SSBSE 2014; SSBSE Student/Short paper track chair, 2017; SSBSE steering committee member (2014-2017).
Relevant trivia: My last name is pronounced “Le-Gwess.”
Besides, she also lists some talks/lectures she once gave, if you are intested in these talks, you can visit [7].
Research
My research is broadly in the field of Software Engineering and applied program analysis. I focus on automatic program improvement and repair (using stochastic or search based as well as more formal approaches such as SMT-informed semantic code search); assurance and testing, especially in light of the scale and complexity of modern evolving systems; and quality metrics. I study software from the worlds of open source and desktop all the way to embedded and robotics systems. Note that virtually all of my work is done in collaboration with many great colleagues and students!
从这里可以看出来,我们SMT这些东西都是形式化方法,是和stochastic 或 search based 方法相对立的。
Publications,实在太多,不一一列举了,可参考 [8].
她的CV letter我已经上传到CSDN资源页 [9],其成就确实很激励人,感兴趣的可以一看。
二、论文内容
问题:
However, there is a disconnect between these effective bug-fnding tools and APR. Recent advances in APR rely on test cases, making them inapplicable to newly discovered bugs or bugs difcult to test for deterministically (like memory leaks). Additionally, the quality of patches generated to satisfy a test suite is a key challenge.
论文工作:
We address these challenges by adapting advances in practical static analysis and verifcation techniques to enable a new technique that fnds and then accurately fxes real bugs without test cases.
We present a new automated program repair technique using Separation Logic. At a high-level, our technique reasons over semantic effects of existing program fragments to fx faults related to general pointer safety properties: resource leaks, memory leaks, and null dereferences. The procedure automatically translates identifed fragments into source-level patches, and verifes patch correctness with respect to reported faults.
这个也是做得针对性的修复。不是那种general repair。是那种specific repair。
实验结果:
In this work we conduct the largest study of automatically fxing undiscovered bugs in realworld code to date. We demonstrate our approach by correctly fxing 55 bugs, including 11 previously undiscovered bugs, in 11 real-world projects.
有个问题,这个是针对性修复,当然会发现从来没有发现过的bug啦。
此外,这句话还说的挺满的,感觉对自己的工作是非常有信心的。
细节在后面,确实也很强。
背景:
However, tests are limiting in several ways, especially (though not exclusively) for APR. Writing good tests is nontrivial [43], rendering some real-world suites a weak proxy for patch correctness [51].
[43] National Institute of Standards and Technology. 2002. The Economic Impacts of Inadequate Infrastructure for Software Testing. Technical Report NIST Planning Report 02-3. NIST. http://www.nist.gov/director/prog-ofc/report02-3.pdf
没想到,这个参考文献[43]竟然是这个。
More fundamentally, tests are only suitable for fnding and guiding the repair of certain kinds of bugs. Some bug types are simply difcult to test for in a fnite, deterministic way [40]. Finding and fxing these types of bugs motivate the use of QA techniques beyond testing. Considerable recent progress has been made in expressive, high quality static analyses that can cost effectively fnd real bugs like these examples in real programs [5, 14].
讲出了tests的局限性。
工作:
We instantiate our approach in a tool called FootPatch, an extension to the Infer [17]3 static analysis tool. We situate our approach by extending analyses that fnd bugs related to the violation of pointer safety properties, the focus of Infer. In this paper, we restrict our focus to constructing additive patches for resource leaks, memory leaks, and null dereferences.
感觉更多的是对以往现有的工具的一个扩展。具体扩展了多少,贡献有多大,我看到这里是拿不准的。
贡献:
Program Repair with Separation Logic
Repair Extraction and Application Formalism
Evaluation
Open Source Repair Tool
结论:
Our technique overcomes signifcant challenges compared to test-based repair techniques, including the ability to repair previously undiscovered bugs, bugs that are difcult to expose via testing, and repeated semantic errors. Unlike other formal approaches for program repair, FootPatch works end-to-end on existing code bases and does not require formal annotation or special coding practices. Its reliance on principled semantic reasoning provides additional evidence of generated patch correctness. FootPatch thus represents an important step in bridging the gap between grounded verifcation techniques and trustworthy automatic program repair for real-world software, opening potentially promising avenues in automatic program improvement.
三、论文特色(我的感悟)
1)最近读的这两篇论文让我觉得现在自动修复 都尝试尽量舍弃test cases带来的负面影响(过拟合)。
那么有个问题:以后还会不会有test-based repair呢?整个APR怎么发展?
2)他的introduction写的真的好,我是佩服的。
Tests are appealing because they are intuitive and widely-used in practice (more so than, e.g., formal specifcations) and can straightforwardly indicate whether a given change improves the program in question (i.e., by turning a previously failing test case into a passing one).
这个我现在确实写不出来,很有水平的一句话,可能也是因为我还没有接触formal specification吧。
3)我感觉这篇文章讲APR中overfitting problem在我看到的文章中是讲的最好的。感觉很全面,也比较透彻,容易理解。
APR techniques and humans alike can overft to even high quality tests, producing patches that do not generalize to the true desired functionality change [53]. Developers must write a deterministic, reproducible test case corresponding to a bug under repair to use test-driven APR. This use case is particularly applicable to, e.g., regressions, but is limiting for previously-unknown defects.
4)再一次看到了our insight lies in
Our key insight lies in the novel way we adapt local reasoning [44, 46, 62]
5)本文推出的工具叫做FOOTPATCH,是基于Infer工具开发的,两者的区别在于 研究的侧重点不一样:
We situate our approach by extending analyses that fnd bugs related to the violation of pointer safety properties, the focus of Infer. In this paper, we restrict our focus to constructing additive patches for
resource leaks, memory leaks, and null dereferences.
6)文章组织结构
introduction->PRELIMINARIES->REPAIR WITH SEPARATION LOGIC->EVALUATION->RELATED WORK->CONCLUSION
四、生词收集
disruptors
* a person or thing that prevents something, especially a system, process, or event, from continuing as usual or as expected:
endocrine/hormone disruptors
* a company that changes the traditional way an industry operates, especially in a new and effective way:
If customers talk to everybody else they get the status quo. We’re the innovator; we’re the disruptor.
解释来源于[2],这个生词的意思还是真难找。
fragment
英 [ˈfrægmənt] 美 [ˈfræɡmənt]
n. 碎片;片段,未完成的部分;(将文件内容)分段
vt. (使)碎裂,破裂,分裂
vi. 破碎,碎裂
N-COUNT 碎片;片断;小部分
A fragment of something is a small piece or part of it.
render
英 [ˈrendə(r)] 美 [ˈrɛndɚ]
v. 给予;使成为;递交;表达
VERB 给予(帮助);提供(服务)
If you render someone help or service, you help them.
VERB 致使;造成
You can use render with an adjective that describes a particular state to say that someone or something is changed into that state. For example, if someone or something makes a thing harmless, you can say that they render it harmless.
alike
英 [əˈlaɪk] 美 [əˈlaɪk]
adj. 同样的,相似的
adv. 同样地;两者都,同样地;类似于
ADV-GRADED 相同地;相似地
Alike means in a similar way.
五、好句摘录
Static analysis tools have demonstrated effectiveness at fnding bugs in real world code. Such tools are increasingly widely adopted to improve software quality in practice.
注意such tools,还有in practice现在在论文中我见得不少诶。
Automated Program Repair (APR) has the potential to further cut down on the cost of improving software quality.
这个好厉害,cut down ,我第一次看到别人用在论文中。
此外,注意(APR)可以直接放在括号中,注意software quality。
Software bugs are expensive and time-consuming [15, 43], motivating research to fnd and fix them automatically.
每次说法都不一样,但是都很酷。
注意motivating,software bugs
Research in automated program repair (APR) holds promise for reducing software maintenance costs due to buggy code.
hold promise我从来没看到过,很厉害,写得。
Considered broadly, a program repair is simply a transformation that improves a program with respect to some abstract domain that describes correct versus incorrect program behavior.
这句话我没全看懂,但是,
注意:considered broadly,simply,with respect to
The vast majority of modern repair techniques (e.g., [29, 33, 37, 39, 41, 49]) use test cases to construct this domain.
注意vast majority,注意e.g.,的使用,注意construct
We implement our technique in a tool called FootPatch, built on top of the open source Infer static analyzer.
注意on the top of感觉很酷,注意implement
参考文献
[1] Institute for Software Research. http://www.isri.cmu.edu/education/se-phd/students/index.html
[2] disruptor. https://dictionary.cambridge.org/zhs/词典/英语/disruptor
[3] 卡内基·梅隆大学。 https://baike.baidu.com/item/卡内基·梅隆大学/514335?fromtitle=Carnegie%20Mellon%20University&fromid=11275324&fr=aladdin
[4] Today, We Work. https://www.cmu.edu/about/today-we-work/index.html#wide-we-work
[5] Carnegie Mellon University. https://www.cmu.edu/
[6] Rijnard van Tonder. https://dblp.org/pers/hd/t/Tonder:Rijnard_van
[7] Claire Le Goues. https://clairelegoues.com/
[8] Research. https://clairelegoues.com/research/
[9] 软件工程领域大牛Claire Le Goues的CV letter. https://download.csdn.net/download/weixin_39278265/10588754
文末诗词
便归来,平生万事,那堪回首!
——顾贞观《金缕曲(其一)》