SAVER: Scalable, Precise, and Safe Memory-Error Repair

We present SAVER, a new memory-error repair technique for C programs. Memory errors such as memory leak, double-free, and use-after-free are highly prevalent and fixing them requires significant effort. Automated program repair techniques hold the promise of reducing this burden but the state-of-the-art is still unsatisfactory. In particular, no existing techniques are able to fix those errors in a scalable, precise, and safe way, all of which are required for a truly practical tool. SAVER aims to address these shortcomings. To this end, we propose a method based on a novel representation of the program called object flow graph, which summarizes the program's heap-related behavior using static analysis. We show that fixing memory errors can be formulated as a graph labeling problem over object flow graph and present an efficient algorithm. We evaluated SAVER in combination with Infer, an industrial-strength static bug-finder, and show that 74% of the reported errors can be fixed automatically for a range of open-source C programs.

[1]  Eran Yahav,et al.  Establishing local temporal heap safety properties with applications to compile-time memory management , 2003, Sci. Comput. Program..

[2]  Derek Rayside,et al.  Object ownership profiling: a technique for finding and fixing memory leaks , 2007, ASE.

[3]  Hakjoo Oh,et al.  MemFix: static analysis-based repair of memory deallocation errors for C , 2018, ESEC/SIGSOFT FSE.

[4]  Abhik Roychoudhury,et al.  Angelix: Scalable Multiline Program Patch Synthesis via Symbolic Analysis , 2016, 2016 IEEE/ACM 38th International Conference on Software Engineering (ICSE).

[5]  David Lo,et al.  S3: syntax- and semantic-guided repair synthesis via programming by examples , 2017, ESEC/SIGSOFT FSE.

[6]  Atsushi Igarashi,et al.  Automatic Memory Management Based on Program Transformation Using Ownership , 2014, APLAS.

[7]  Daniela Micucci,et al.  Automatic Software Repair: A Survey , 2018, 2018 IEEE/ACM 40th International Conference on Software Engineering (ICSE).

[8]  Ciera Jaspan,et al.  Lessons from building static analysis tools at Google , 2018, Commun. ACM.

[9]  Zhendong Su,et al.  An Empirical Study on Real Bug Fixes , 2015, 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering.

[10]  David Lo,et al.  Enhancing Automated Program Repair with Deductive Verification , 2016, 2016 IEEE International Conference on Software Maintenance and Evolution (ICSME).

[11]  Erik van der Kouwe,et al.  DangSan: Scalable Use-after-free Detection , 2017, EuroSys.

[12]  Jiachen Zhang,et al.  Precise Condition Synthesis for Program Repair , 2016, 2017 IEEE/ACM 39th International Conference on Software Engineering (ICSE).

[13]  Lu Zhang,et al.  Safe Memory-Leak Fixing for C Programs , 2015, 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering.

[14]  Eric Lahtinen,et al.  Automatic error elimination by horizontal code transfer across multiple applications , 2015, PLDI.

[15]  David Lo,et al.  Memory and resource leak defects and their repairs in Java projects , 2018, Empirical Software Engineering.

[16]  Michael D. Bond,et al.  LeakChaser: helping programmers narrow down causes of memory leaks , 2011, PLDI '11.

[17]  Kwangkeun Yi,et al.  Practical memory leak detector based on parameterized procedural summaries , 2008, ISMM '08.

[18]  Frank Tip,et al.  Repairing Event Race Errors by Controlling Nondeterminism , 2017, 2017 IEEE/ACM 39th International Conference on Software Engineering (ICSE).

[19]  Alexey Zhikhartsev,et al.  Better test cases for better automated program repair , 2017, ESEC/SIGSOFT FSE.

[20]  Naoki Kobayashi,et al.  Fractional Ownerships for Safe Memory Deallocation , 2009, APLAS.

[21]  Hongseok Yang,et al.  Selective context-sensitivity guided by impact pre-analysis , 2014, PLDI.

[22]  Fan Long,et al.  Staged program repair with condition synthesis , 2015, ESEC/SIGSOFT FSE.

[23]  Sigmund Cherem,et al.  Compile-time deallocation of individual objects , 2006, ISMM '06.

[24]  Fan Long,et al.  An Analysis of the Search Spaces for Generate and Validate Patch Generation Systems , 2016, 2016 IEEE/ACM 38th International Conference on Software Engineering (ICSE).

[25]  Isil Dillig,et al.  The CLOSER: automating resource management in java , 2008, ISMM '08.

[26]  Fan Long,et al.  Automatic patch generation by learning correct code , 2016, POPL.

[27]  Alexander Aiken,et al.  Context- and path-sensitive memory leak detection , 2005, ESEC/FSE-13.

[28]  Claire Le Goues,et al.  JFIX: semantics-based repair of Java programs via symbolic PathFinder , 2017, ISSTA.

[29]  Hongseok Yang,et al.  Learning a strategy for adapting a program analysis via bayesian optimisation , 2015, OOPSLA.

[30]  Li Yue Precision-Guided Context Sensitivity for Pointer Analysis , 2018 .

[31]  Monica S. Lam,et al.  A practical flow-sensitive and context-sensitive C and C++ memory leak detector , 2003, PLDI '03.

[32]  Atsushi Igarashi,et al.  Type-based safe resource deallocation for shared-memory concurrency , 2012, OOPSLA '12.

[33]  Hiroaki Yoshida,et al.  Phoenix: automated data-driven synthesis of repairs for static analysis violations , 2019, ESEC/SIGSOFT FSE.

[34]  Martin Monperrus,et al.  Dynamic patch generation for null pointer exceptions using metaprogramming , 2017, 2017 IEEE 24th International Conference on Software Analysis, Evolution and Reengineering (SANER).

[35]  Hakjoo Oh,et al.  A Machine-Learning Algorithm with Disjunctive Model for Data-Driven Program Analysis , 2019, TOPL.

[36]  Claire Le Goues,et al.  Automatically finding patches using genetic programming , 2009, 2009 IEEE 31st International Conference on Software Engineering.

[37]  Zuohua Ding,et al.  A metamorphic testing approach for supporting program repair without the need for a test oracle , 2017, J. Syst. Softw..

[38]  Jun Sun,et al.  PFix: Fixing Concurrency Bugs Based on Memory Access Patterns , 2018, 2018 33rd IEEE/ACM International Conference on Automated Software Engineering (ASE).

[39]  Kathryn S. McKinley,et al.  Free-Me: a static analysis for automatic individual object reclamation , 2006, PLDI '06.

[40]  Dawei Qi,et al.  SemFix: Program repair via semantic analysis , 2013, 2013 35th International Conference on Software Engineering (ICSE).

[41]  Clément Ballabriga,et al.  EnergyPatch: Repairing Resource Leaks to Improve Energy-Efficiency of Android Apps , 2018, IEEE Transactions on Software Engineering.

[42]  Alexander Aiken,et al.  Better static memory management: improving region-based analysis of higher-order languages , 1995, PLDI '95.

[43]  Min Zhou,et al.  IntPTI: Automatic integer error repair with proper-type inference , 2017, 2017 32nd IEEE/ACM International Conference on Automated Software Engineering (ASE).

[44]  Westley Weimer,et al.  Patches as better bug reports , 2006, GPCE '06.

[45]  Jaechang Nam,et al.  Automatic patch generation learned from human-written patches , 2013, 2013 35th International Conference on Software Engineering (ICSE).

[46]  Monperrus Martin Automatic Software Repair: a Bibliography , 2020 .

[47]  Claire Le Goues,et al.  Static Automated Program Repair for Heap Properties , 2018, 2018 IEEE/ACM 40th International Conference on Software Engineering (ICSE).

[48]  Shiping Chen,et al.  Spatio-Temporal Context Reduction: A Pointer-Analysis-Based Static Approach for Detecting Use-After-Free Vulnerabilities , 2018, 2018 IEEE/ACM 40th International Conference on Software Engineering (ICSE).

[49]  Fan Long,et al.  An analysis of patch plausibility and correctness for generate-and-validate patch generation systems , 2015, ISSTA.

[50]  Yuriy Brun,et al.  Is the cure worse than the disease? overfitting in automated program repair , 2015, ESEC/SIGSOFT FSE.

[51]  Hua Yan,et al.  VFix: Value-Flow-Guided Precise Program Repair for Null Pointer Dereferences , 2019, 2019 IEEE/ACM 41st International Conference on Software Engineering (ICSE).

[52]  Hakjoo Oh,et al.  Data-driven context-sensitivity for points-to analysis , 2017, Proc. ACM Program. Lang..

[53]  Cristiano Calcagno,et al.  Infer: An Automatic Program Verifier for Memory Safety of C Programs , 2011, NASA Formal Methods.

[54]  Rongxin Wu,et al.  SMOKE: Scalable Path-Sensitive Memory Leak Detection for Millions of Lines of Code , 2019, 2019 IEEE/ACM 41st International Conference on Software Engineering (ICSE).

[55]  Alex Shaw,et al.  Automatically Fixing C Buffer Overflows Using Program Transformations , 2014, 2014 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks.

[56]  Peter W. O'Hearn,et al.  Scaling static analyses at Facebook , 2019, Commun. ACM.

[57]  Bin Yu,et al.  A dynamic approach to detecting, eliminating and fixing memory leaks , 2019, J. Comb. Optim..

[58]  Abhik Roychoudhury,et al.  DirectFix: Looking for Simple Program Repairs , 2015, 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering.

[59]  Michael D. Bond,et al.  Tolerating memory leaks , 2008, OOPSLA.

[60]  Mark Harman,et al.  SapFix: Automated End-to-End Repair at Scale , 2019, 2019 IEEE/ACM 41st International Conference on Software Engineering: Software Engineering in Practice (ICSE-SEIP).

[61]  Shan Lu,et al.  Automated atomicity-violation fixing , 2011, PLDI '11.

[62]  Mads Tofte,et al.  Implementation of the typed call-by-value λ-calculus using a stack of regions , 1994, POPL '94.

[63]  Alessandro Orso,et al.  LEAKPOINT: pinpointing the causes of memory leaks , 2010, 2010 ACM/IEEE 32nd International Conference on Software Engineering.

[64]  Manu Sridharan,et al.  NullAway: practical type-based null safety for Java , 2019, ESEC/SIGSOFT FSE.