Automatically Finding Patches Using Genetic Programming. Westley Weimer, Claire Le Goues, ThanVu Nguyen, Stephanie Forrest
|
|
- Clement Gilmore
- 6 years ago
- Views:
Transcription
1 Automatically Finding Patches Using Genetic Programming Westley Weimer, Claire Le Goues, ThanVu Nguyen, Stephanie Forrest
2 Motivation Software Quality remains a key problem Over one half of 1 percent of US GDP each year Programs ship with known bugs Vista shipped with thousands of them! Software Repair via Genetic Programming Transform a program with a bug Into a program without the bug By modifying relevant parts of the program 2
3 The Cunning Plan We can automatically and efficiently repair off-the-shelf, unannotated legacy programs. Basic idea: Randomly search through the space of all programs until you find a variant that repairs the problem. Key insights: Use existing regression tests to evaluate variants. Search by randomly perturbing parts of the program likely to contain the error. (SBST'09 Best Paper, ICSE'09 Best Paper, GECCO'09,...) 3
4 Input: The Process The program source code Some regression test cases passed by the program A test case failed by the program (= the bug) Work: (State Space Exploration) Create random variants of the program Run them on the test cases Repeat if necessary Output: New program source code that passes all tests or no solution found in time 4
5 This Talk Genetic Programming Weighted Paths Example Repair Experiments Repair Quality Experiments Big Finish 5
6 Genetic Programming Genetic programming is the application of evolutionary or genetic algorithms to program source code. Genetic Algorithms: Population of variants Crossover and mutation Fitness Function 6
7 What's In A Name? If you're wary of genetic programming, you can view this as search-based software engineering. We use the regression tests to guide the search. 7
8 The Secret Sauce In a large program, not every line is equally likely to contribute to the bug. Insight: since we have the test cases, run them and collect coverage information. The bug is more likely to be found on lines visited when running the failed test case. The bug is less likely to be found on lines visited when running the passed test cases. Also: Do not try to invent new code! 8
9 The Weighted Path We define a weighted path to be a list of <statement, weight> pairs. We use this weighted path: The statements are those visited during the failed test case. The weight for a statement S is 1.0 if S is not visited on a passed test case 0.1 if S is also visited on a passed test case 9
10 Genetic Programming for Program Repair: Mutation Population of Variants: Each variant is an <AST, weighted path> pair Mutation: To mutate a variant V = <AST V, wp V >, randomly choose a statement S from wp V biased by the weights Delete S, replace S with S1, or insert S2 after S Choose S1 and S2 from the entire AST Assumes program contains the seeds of its own repair (e.g., has another null check elsewhere). 10
11 Genetic Programming for Program Repair: Fitness Compile a variant If it fails to compile, Fitness = 0 Otherwise, run it on the test cases Fitness = number of test cases passed Weighted: passing the bug test case is worth more Selection Higher fitness variants are retained into the next generation Repeat until a solution is found 11
12 Example Source Code For Zune Bug Repair Millions of Microsoft Zune media players froze up on December 31st,
13 year=1980 while (days>365) printf(... year) if (isleapyear) Abstract Syntax Tree For Zune Bug Repair if (days>366) days -= 365 year += 1 days -= 366 year += 1 (no children) 13
14 year=1980 while (days>365) printf(... year) if (isleapyear) Weighted Path For Zune Bug Repair (1/3) if (days>366) days -= 365 year += 1 days -= 366 year += 1 Visited on Negative Test (days=10593) year += 1 14
15 year=1980 while (days>365) printf(... year) if (isleapyear) Weighted Path For Zune Bug Repair (2/3) if (days>366) days -= 365 year += 1 days -= 366 year += 1 Also Visited on Positive Test (days=1000) year += 1 Visited on Negative Test but not Positive Test year += 1 15
16 year=1980 while (days>365) printf(... year) if (isleapyear) Weighted Path For Zune Bug Repair (3/3) if (days>366) days -= 365 year += 1 days -= 366 year += 1 Weighted Path = Visited on Negative Test but not Positive Test year += 1 16
17 year=1980 while (days>365) printf(... year) if (isleapyear) Mutation For Zune Bug Repair (1/2) if (days>366) days -= 365 year += 1 days -= 366 year += 1 17
18 year=1980 while (days>365) printf(... year) if (isleapyear) Mutation For Zune Bug Repair (2/2) if (days>366) days -= 365 year += 1 days -= 366 year += 1 days -=
19 year=1980 while (days>365) printf(... year) if (isleapyear) Final Repair For Zune Bug if (days>366) days -= 365 year += 1 days -= 366 year += 1 days -=
20 Evolution of Zune Repair (5 normal test cases weighing 1 each, 2 buggy test cases weighing 10 each) 20
21 Minimize The Repair Repair Patch is a diff between orig and variant Random mutations may add unneeded stmts (e.g., dead code, redundant computation) In essence: try removing each line in the diff and check if the result still passes all tests Delta Debugging finds a 1-minimal subset of the diff in O(n 2 ) time Removing any single line causes a test to fail We use a tree-structured diff algorithm (diffx) Avoids problems with balanced curly braces, etc. 21
22 Experimental Results Program LOC Path # Fitness Bug wu-ftpd Format string vulnerability php string.c Integer overflow atris local stack buffer overflow flex Segfault lighttpd fastcgi.c Remote heap buffer overflow indent Infinite loop openldap io.c Non-overflow denial of service nullhttpd Remote heap buffer overflow deroff Segfault Average repair time: 313 seconds. Average minimization time: 12 seconds. Total: 15 repaired programs, over 140,000 lines of code. 22
23 Scalability 23
24 Repair Quality Repairs are typically not what a human would have done Example: our technique adds bounds checks to one particular network read, rather than refactoring to use a safe abstract string class in multiple places Recall: any proposed repair must pass all regression test cases When POST test is omitted from nullhttpd, the generated repair eliminates POST functionality Tests ensure we do not sacrifice functionality Minimization prevents gratuitous deletions Adding more tests helps rather than hurting 24
25 Repair Quality, Self-Healing In an ecommerce/security setting, a high quality repair is one that blocks a security vulnerability without reducing transactional throughput Integrate with an anomaly detection system When ADS flags a request, treat it as the buggy test case and initiate repair Danger Will Robinson: this can be done without humans in the loop! 25
26 Experimental Setup Obtain indicative workloads Apply the workload to a vanilla server Speed up workload until server drops additional requests Send known attack packet: ADS flags it Take server down during repair, apply repair, restart server Measure throughput after applying repair 26
27 Experimental Results HTTP workload: 138k requests from 12k IPs over 14 hours; PHP workload similar Success = correct output delivered to client before client starts next request in workload 27
28 Experimental Results HTTP workload: 138k requests from 12k IPs over 14 hours; PHP workload similar Success = correct output delivered to client before client starts next request in workload 28
29 Technique Limitations Can only handle deterministic faults No multithreaded code or race conditions, etc. Long term: put scheduler constraints into the variant representation. Assumes bug test case visits different lines than normal test cases Assumes existing statements can form repair Current work: repair templates Hand-crafted and mined from CVS repositories 29
30 Conclusions We can automatically and efficiently repair off-the-shelf legacy programs. Around 15 programs totaling 140kloc in about 6 minutes each, on average We use regression tests to encode desired behavior. Normal tests encode required behavior The genetic programming search focuses attention on parts of the program visited during the bug but not visited during passed test cases. 30
31 Questions I encourage difficult questions. 31
32 Bonus Slide: Test Cases 32
Automatically Finding Patches Using Genetic Programming
Automatically Finding Patches Using Genetic Programming Westley Weimer, Stephanie Forrest, Claire Le Goues, ThanVu Nguyen, Ethan Fast, Briana Satchell, Eric Schulte Motivation Software Quality remains
More informationUsing Execution Paths to Evolve Software Patches
Using Execution Paths to Evolve Software Patches ThanhVu Nguyen*, Westley Weimer**, Claires Le Gouges**, Stephanie Forrest* * University of New Mexico ** University of Virginia Tuesday, March 31, 2009
More informationFixing software bugs in 10 minutes or less using evolutionary computation
Fixing software bugs in 10 minutes or less using evolutionary computation University of New Mexico Stephanie Forrest ThanhVu Nguyen University of Virginia Claire Le Goues Westley Weimer Summary of method
More informationAUTOMATIC PROGRAM REPAIR USING GENETIC PROGRAMMING
AUTOMATIC PROGRAM REPAIR USING GENETIC PROGRAMMING CLAIRE LE GOUES APRIL 22, 2013 http://www.clairelegoues.com 1 GENPROG STOCHASTIC SEARCH + TEST CASE GUIDANCE = AUTOMATIC, EXPRESSIVE, SCALABLE PATCH GENERATION
More informationAutomated Program Repair
#1 Automated Program Repair Motivation Software maintenance is expensive Up to 90% of the cost of software [Seacord] Up to $70 Billion per year in US [Jorgensen, Sutherland] Bug repair is the majority
More informationA Systematic Study of Automated Program Repair: Fixing 55 out of 105 Bugs for $8 Each
A Systematic Study of Automated Program Repair: Fixing 55 out of 105 Bugs for $8 Each Claire Le Goues (Virginia), Michael Dewey-Vogt (Virginia), Stephanie Forrest (New Mexico), Westley Weimer (Virginia)
More informationAutomatically Finding Patches Using Genetic Programming
Automatically Finding Patches Using Genetic Programming Authors: Westley Weimer, ThanhVu Nguyen, Claire Le Goues, Stephanie Forrest Presented by: David DeBonis, Qi Lu, Shuang Yang Department of Computer
More informationCAREER: Scalable and Trustworthy Automatic Program Repair A fundamental challenge for computer scientists over the next decade is to produce and
CAREER: Scalable and Trustworthy Automatic Program Repair A fundamental challenge for computer scientists over the next decade is to produce and maintain systems that have fewer defects and are more resilience
More informationAutomatically Finding Patches Using Genetic Programming
Automatically Finding Patches Using Genetic Programming Westley Weimer University of Virginia weimer@virginia.edu ThanhVu Nguyen University of New Mexico tnguyen@cs.unm.edu Claire Le Goues University of
More informationAutoma'c, Efficient, and General Repair of So8ware Defects using Lightweight Program Analyses
Automa'c, Efficient, and General Repair of So8ware Defects using Lightweight Program Analyses Disserta'on Proposal Claire Le Goues September 22, 2010 So8ware Errors Are Expensive Everyday, almost 300 bugs
More informationIntroduction to Scientific Modeling CS 365, Fall Semester, 2011 Genetic Algorithms
Introduction to Scientific Modeling CS 365, Fall Semester, 2011 Genetic Algorithms Stephanie Forrest http://cs.unm.edu/~forrest/classes/cs365 forrest@cs.unm.edu 505-277-7104 Genetic Algorithms" Principles
More informationTrusted Software Repair for System Resiliency. Westley Weimer, Stephanie Forrest, Miryung Kim, Claire Le Goues, Patrick Hurley
Trusted Software Repair for System Resiliency, Stephanie Forrest, Miryung Kim, Claire Le Goues, Patrick Hurley For The Next 17 Minutes Program Repair: Resilient but Untrusted Can we assess post-repair
More informationSemFix: Program Repair via Semantic Analysis. Ye Wang, PhD student Department of Computer Science Virginia Tech
SemFix: Program Repair via Semantic Analysis Ye Wang, PhD student Department of Computer Science Virginia Tech Problem Statement Debugging takes much time and effort Even after root cause of a bug is identified,
More informationRepresentations and Operators for Improving Evolutionary Software Repair
Representations and Operators for Improving Evolutionary Software Repair Claire Le Goues University of Virginia Charlottesville, VA 22903 legoues@cs.virginia.edu Westley Weimer University of Virginia Charlottesville,
More informationA Systematic Study of Automated Program Repair: Fixing 55 out of 105 bugs for $8 Each
A Systematic Study of Automated Program Repair: Fixing 55 out of 105 bugs for $8 Each Claire Le Goues Michael Dewey-Vogt Computer Science Department University of Virginia Charlottesville, VA Email: legoues,mkd5m@cs.virginia.edu
More informationLEVERAGING LIGHTWEIGHT ANALYSES TO AID SOFTWARE MAINTENANCE ZACHARY P. FRY PHD PROPOSAL
LEVERAGING LIGHTWEIGHT ANALYSES TO AID SOFTWARE MAINTENANCE ZACHARY P. FRY PHD PROPOSAL MAINTENANCE COSTS For persistent systems, software maintenance can account for up to 90% of the software lifecycle
More informationRepair & Refactoring
S C I E N C E P A S S I O N T E C H N O L O G Y Repair & Refactoring Birgit Hofer Institute for Software Technology 1 u www.tugraz.at Outline Model-based Software Debugging o Traffic Light Example Repair
More informationAutomatically Repairing Concurrency Bugs with ARC MUSEPAT 2013 Saint Petersburg, Russia
Automatically Repairing Concurrency Bugs with ARC MUSEPAT 2013 Saint Petersburg, Russia David Kelk, Kevin Jalbert, Jeremy S. Bradbury Faculty of Science (Computer Science) University of Ontario Institute
More informationAutomated Program Repair through the Evolution of Assembly Code
Automated Program Repair through the Evolution of Assembly Code Eric Schulte University of New Mexico 08 August 2010 1 / 26 Introduction We present a method of automated program repair through the evolution
More informationDynaMoth: Dynamic Code Synthesis for Automatic Program Repair
DynaMoth: Dynamic Code Synthesis for Automatic Program Repair AST 2016 Thomas Durieux & Martin Monperrus March 6, 2017 Inria & University of Lille Automatic test-suite based repair DynaMoth is an automatic
More informationProgram Synthesis. SWE 795, Spring 2017 Software Engineering Environments
Program Synthesis SWE 795, Spring 2017 Software Engineering Environments Today HW3 is due next week in class! Part 1 (Lecture)(~50 mins) Break! Part 2 (Discussion)(~60 mins) Discussion of readings Part
More informationVerification & Validation of Open Source
Verification & Validation of Open Source 2011 WORKSHOP ON SPACECRAFT FLIGHT SOFTWARE Gordon Uchenick Coverity, Inc Open Source is Ubiquitous Most commercial and proprietary software systems have some open
More informationSoftware Security IV: Fuzzing
1 Software Security IV: Fuzzing Chengyu Song Slides modified from Dawn Song 2 Administrivia Homework1 Due: Friday Oct 27 11:59pm Questions regarding reading materials Talk Security R&D in a Security Company:
More informationGenetic Programming for Julia: fast performance and parallel island model implementation
Genetic Programming for Julia: fast performance and parallel island model implementation Morgan R. Frank November 30, 2015 Abstract I introduce a Julia implementation for genetic programming (GP), which
More informationarxiv: v1 [cs.se] 25 Mar 2014
Do the Fix Ingredients Already Exist? An Empirical Inquiry into the Redundancy Assumptions of Program Repair Approaches Matias Martinez Westley Weimer Martin Monperrus University of Lille & INRIA, France
More informationLeveraging Program Equivalence for Adaptive Program Repair: Models and First Results. Westley Weimer, UVA Zachary P. Fry, UVA Stephanie Forrest, UNM
Leveraging Program Equivalence for Adaptive Program Repair: Models and First Results Westley Weimer, UVA Zachary P. Fry, UVA Stephanie Forrest, UNM Automated Program Repair Given a program, a notion of
More informationCSCE150A. Introduction. While Loop. Compound Assignment. For Loop. Loop Design. Nested Loops. Do-While Loop. Programming Tips CSCE150A.
Chapter 5 While For 1 / 54 Computer Science & Engineering 150A Problem Solving Using Computers Lecture 05 - s Stephen Scott (Adapted from Christopher M. Bourke) Fall 2009 While For 2 / 54 5.1 Repetition
More informationCombining Bug Detection and Test Case Generation
Combining Bug Detection and Test Case Generation Martin Kellogg University of Washington, USA kelloggm@cs.washington.edu ABSTRACT Detecting bugs in software is an important software engineering activity.
More informationComputer Science & Engineering 150A Problem Solving Using Computers. Chapter 5. Repetition in Programs. Notes. Notes. Notes. Lecture 05 - Loops
Computer Science & Engineering 150A Problem Solving Using Computers Lecture 05 - Loops Stephen Scott (Adapted from Christopher M. Bourke) 1 / 1 Fall 2009 cbourke@cse.unl.edu Chapter 5 5.1 Repetition in
More informationDifferential program verification
Differential program verification Shuvendu K. Lahiri Research in Software Engineering (RiSE), Microsoft Research Redmond, WA Involved in building static assertion checkers HAVOC [POPL 06, 08, 09, CAV 09,
More informationWHY TEST SOFTWARE?...
2 At a glance 1 PREFACE... 3 2 AT A GLANCE... 5 3 TABLE OF CONTENTS... 9 4 INTRODUCTION... 17 5 WHY TEST SOFTWARE?... 19 5.1 WHY TEST SOFTWARE?... 19 5.2 LIMITATIONS OF TESTING... 20 5.3 ALTERNATIVE TO
More informationThe Evolution of System-call Monitoring
The Evolution of System-call Monitoring Stephanie Forrest Steven Hofmeyr Anil Somayaji December, 2008 Outline of Talk A sense of self for Unix processes (Review) Emphasize method rather than results Evolutionary
More informationAn Unsystematic Review of Genetic Improvement. David R. White University of Glasgow UCL Crest Open Workshop, Jan 2016
An Unsystematic Review of Genetic Improvement David R. White University of Glasgow UCL Crest Open Workshop, Jan 2016 A Systematic Study of GI is currently under preparation. Justyna Petke Mark Harman Bill
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 16: Building Secure Software Department of Computer Science and Engineering University at Buffalo 1 Review A large number of software vulnerabilities various
More informationFuzzing. compass-security.com 1
Fuzzing compass-security.com 1 Fuzzing Finding bugs by bombarding target with nonconform data Think: Flip a few bits in a PDF, then start Acrobat with that PDF Just more automated Steps: Create input corpus
More informationGenetic-Algorithm-Based Construction of Load-Balanced CDSs in Wireless Sensor Networks
Genetic-Algorithm-Based Construction of Load-Balanced CDSs in Wireless Sensor Networks Jing He, Shouling Ji, Mingyuan Yan, Yi Pan, and Yingshu Li Department of Computer Science Georgia State University,
More informationMotivation. Overview. Scalable Dynamic Analysis for Automated Fault Location and Avoidance. Rajiv Gupta. Program Execution
Motivation Scalable Dynamic Analysis for Automated Fault Location and Avoidance Rajiv Gupta Funded by NSF grants from CPA, CSR, & CRI programs and grants from Microsoft Research Software bugs cost the
More informationRoot Cause Analysis for HTML Presentation Failures using Search-Based Techniques
Root Cause Analysis for HTML Presentation Failures using Search-Based Techniques Sonal Mahajan, Bailan Li, William G.J. Halfond Department of Computer Science University of Southern California What is
More informationSoftware Vulnerability
Software Vulnerability Refers to a weakness in a system allowing an attacker to violate the integrity, confidentiality, access control, availability, consistency or audit mechanism of the system or the
More informationREPAIRING PROGRAMS WITH SEMANTIC CODE SEARCH. Yalin Ke Kathryn T. Stolee Claire Le Goues Yuriy Brun
REPAIRING PROGRAMS WITH SEMANTIC CODE SEARCH Yalin Ke Kathryn T. Stolee Claire Le Goues Yuriy Brun Iowa State Iowa State Carnegie Mellon UMass Amherst 1 Input: buggy program, tests Output: fixed program
More informationSurvey of Cyber Moving Targets. Presented By Sharani Sankaran
Survey of Cyber Moving Targets Presented By Sharani Sankaran Moving Target Defense A cyber moving target technique refers to any technique that attempts to defend a system and increase the complexity of
More informationOverview AEG Conclusion CS 6V Automatic Exploit Generation (AEG) Matthew Stephen. Department of Computer Science University of Texas at Dallas
CS 6V81.005 Automatic Exploit Generation (AEG) Matthew Stephen Department of Computer Science University of Texas at Dallas February 20 th, 2012 Outline 1 Overview Introduction Considerations 2 AEG Challenges
More informationFault Isolation for Device Drivers
Fault Isolation for Device Drivers 39 th International Conference on Dependable Systems and Networks, 30 June 2009, Estoril Lisbon, Portugal Jorrit N. Herder Vrije Universiteit Amsterdam ~26% of Windows
More informationCSC 405 Introduction to Computer Security Fuzzing
CSC 405 Introduction to Computer Security Fuzzing Alexandros Kapravelos akaprav@ncsu.edu Let s find some bugs (again) We have a potentially vulnerable program The program has some inputs which can be controlled
More informationASTOR: A Program Repair Library for Java
ASTOR: A Program Repair Library for Java Matias Martinez University of Lugano, Switzerland Martin Monperrus University of Lille & Inria, France ABSTRACT During the last years, the software engineering
More informationCS2141 Software Development using C/C++ Debugging
CS2141 Software Development using C/C++ Debugging Debugging Tips Examine the most recent change Error likely in, or exposed by, code most recently added Developing code incrementally and testing along
More informationCyber Moving Targets. Yashar Dehkan Asl
Cyber Moving Targets Yashar Dehkan Asl Introduction An overview of different cyber moving target techniques, their threat models, and their technical details. Cyber moving target technique: Defend a system
More informationOverview. Concepts this lecture String constants Null-terminated array representation String library <strlib.h> String initializers Arrays of strings
CPE 101 slides based on UW course Lecture 19: Strings Overview Concepts this lecture String constants ull-terminated array representation String library String initializers Arrays of strings
More informationSecure Software Development: Theory and Practice
Secure Software Development: Theory and Practice Suman Jana MW 2:40-3:55pm 415 Schapiro [SCEP] *Some slides are borrowed from Dan Boneh and John Mitchell Software Security is a major problem! Why writing
More information"Secure" Coding Practices Nicholas Weaver
"Secure" Coding Practices based on David Wagner s slides from Sp 2016 1 Administrivia Computer Science 161 Fall 2016 2 3 This is a Remarkably Typical C Problem Computer Science 161 Fall 2016 if ((options
More informationEasyChair Preprint. A Study on the Use of IDE Features for Debugging
EasyChair Preprint 111 A Study on the Use of IDE Features for Debugging Afsoon Afzal and Claire Le Goues EasyChair preprints are intended for rapid dissemination of research results and are integrated
More informationHugbúnaðarverkefni 2 - Static Analysis
vulnerability/veila buffer overflow/yfirflæði biðminnis Server down? Again! Hugbúnaðarverkefni 2 - Static Analysis Fyrirlestrar 15 & 16 Buffer overflow vulnerabilities safe? safe? C code 11/02/2008 Dr
More informationStatic Analysis of C++ Projects with CodeSonar
Static Analysis of C++ Projects with CodeSonar John Plaice, Senior Scientist, GrammaTech jplaice@grammatech.com 25 July 2017, Meetup C++ de Montréal Abstract Static program analysis consists of the analysis
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 15: Software Security II Department of Computer Science and Engineering University at Buffalo 1 Software Vulnerabilities Buffer overflow vulnerabilities account
More informationSoK: Eternal War in Memory
SoK: Eternal War in Memory László Szekeres, Mathias Payer, Tao Wei, Dawn Song Presenter: Wajih 11/7/2017 Some slides are taken from original S&P presentation 1 What is SoK paper? Systematization of Knowledge
More informationGenetic Programming Prof. Thomas Bäck Nat Evur ol al ut ic o om nar put y Aling go rg it roup hms Genetic Programming 1
Genetic Programming Prof. Thomas Bäck Natural Evolutionary Computing Algorithms Group Genetic Programming 1 Genetic programming The idea originated in the 1950s (e.g., Alan Turing) Popularized by J.R.
More informationADVANCED DIGITAL IC DESIGN. Digital Verification Basic Concepts
1 ADVANCED DIGITAL IC DESIGN (SESSION 6) Digital Verification Basic Concepts Need for Verification 2 Exponential increase in the complexity of ASIC implies need for sophisticated verification methods to
More informationOutline. Classic races: files in /tmp. Race conditions. TOCTTOU example. TOCTTOU gaps. Vulnerabilities in OS interaction
Outline CSci 5271 Introduction to Computer Security Day 3: Low-level vulnerabilities Stephen McCamant University of Minnesota, Computer Science & Engineering Race conditions Classic races: files in /tmp
More informationEfficient Search for Inputs Causing High Floating-point Errors
Efficient Search for Inputs Causing High Floating-point Errors Wei-Fan Chiang, Ganesh Gopalakrishnan, Zvonimir Rakamarić, and Alexey Solovyev University of Utah Presented by Yuting Chen February 22, 2015
More informationNeutral Networks of Real-World Programs and their Application to Automated Software Evolution
University of New Mexico UNM Digital Repository Computer Science ETDs Engineering ETDs 7-1-2014 Neutral Networks of Real-World Programs and their Application to Automated Software Evolution Eric Schulte
More informationAutomatically Repairing Broken Workflows for Evolving GUI Applications
Automatically Repairing Broken Workflows for Evolving GUI Applications Sai Zhang University of Washington Joint work with: Hao Lü, Michael D. Ernst End-user s workflow A workflow = A sequence of UI actions
More informationMy other computer is YOURS!
Octet-based encoding example Here is a DER encoding of the following definition: Person ::= SEQUENCE { first UTF8String, last UTF8String } myself ::= Person { first "Nathanael", last "COTTIN" } Octet-based
More informationAutomatic Repair of Real Bugs in Java: A Large-Scale Experiment on the Defects4J Dataset
Automatic Repair of Real Bugs in Java: A Large-Scale Experiment on the Defects4J Dataset Matias Martinez, Thomas Durieux, Romain Sommerard, Jifeng Xuan, Martin Monperrus 1 Automatic Software Repair Automatic
More informationAutomating Test Driven Development with Grammatical Evolution
http://excel.fit.vutbr.cz Automating Test Driven Development with Grammatical Evolution Jan Svoboda* Abstract Test driven development is a widely used process of creating software products with automated
More informationTHE ROAD NOT TAKEN. Estimating Path Execution Frequency Statically. ICSE 2009 Vancouver, BC. Ray Buse Wes Weimer
ICSE 2009 Vancouver, BC Ray Buse Wes Weimer THE ROAD NOT TAKEN Estimating Path Execution Frequency Statically The Big Idea 2 Developers often have a expectations about common and uncommon cases in programs
More informationIntFlow: Integer Error Handling With Information Flow Tracking
mpomonis@cs.columbia.edu IntFlow Columbia University 1 / 29 IntFlow: Integer Error Handling With Information Flow Tracking Marios Pomonis Theofilos Petsios Kangkook Jee Michalis Polychronakis Angelos D.
More informationUniversity of Oxford / Automatic Heap Layout Manipulation - Sean Heelan 1
Automatic Heap Layout Manipulation Sean Heelan University of Oxford https://sean.heelan.io /@seanhn / sean@vertex.re Automatic Heap Layout Manipulation - Sean Heelan 1 About Me Automatic Heap Layout Manipulation
More informationStatic Analysis in Practice
in Practice 15-313: Foundations of Software Engineering Jonathan Aldrich 1 Outline: in Practice Case study: Analysis at ebay Case study: Analysis at Microsoft Analysis Results and Process Example: Standard
More informationarxiv: v1 [cs.se] 22 Feb 2018
Investigating the Evolvability of Web Page Load Time arxiv:1803.01683v1 [cs.se] 22 Feb 2018 Brendan Cody-Kenny 1, Umberto Manganiello 2, John Farrelly 2, Adrian Ronayne 2, Eoghan Considine 2, Thomas McGuire
More informationMutations for Permutations
Mutations for Permutations Insert mutation: Pick two allele values at random Move the second to follow the first, shifting the rest along to accommodate Note: this preserves most of the order and adjacency
More informationBetriebssysteme und Sicherheit Sicherheit. Buffer Overflows
Betriebssysteme und Sicherheit Sicherheit Buffer Overflows Software Vulnerabilities Implementation error Input validation Attacker-supplied input can lead to Corruption Code execution... Even remote exploitation
More informationOther array problems. Integer overflow. Outline. Integer overflow example. Signed and unsigned
Other array problems CSci 5271 Introduction to Computer Security Day 4: Low-level attacks Stephen McCamant University of Minnesota, Computer Science & Engineering Missing/wrong bounds check One unsigned
More informationGenetic Improvement Programming
Genetic Improvement Programming W. B. Langdon Centre for Research on Evolution, Search and Testing Computer Science, UCL, London GISMOE: Genetic Improvement of Software for Multiple Objectives 16.10.2013
More informationUndefined Behaviour in C
Undefined Behaviour in C Report Field of work: Scientific Computing Field: Computer Science Faculty for Mathematics, Computer Science and Natural Sciences University of Hamburg Presented by: Dennis Sobczak
More informationCooperative Bug Isolation
Cooperative Bug Isolation Alex Aiken Mayur Naik Stanford University Alice Zheng Michael Jordan UC Berkeley Ben Liblit University of Wisconsin Build and Monitor Alex Aiken, Cooperative Bug Isolation 2 The
More informationSoftware Security II: Memory Errors - Attacks & Defenses
1 Software Security II: Memory Errors - Attacks & Defenses Chengyu Song Slides modified from Dawn Song 2 Administrivia Lab1 Writeup 3 Buffer overflow Out-of-bound memory writes (mostly sequential) Allow
More informationConstructing an Optimisation Phase Using Grammatical Evolution. Brad Alexander and Michael Gratton
Constructing an Optimisation Phase Using Grammatical Evolution Brad Alexander and Michael Gratton Outline Problem Experimental Aim Ingredients Experimental Setup Experimental Results Conclusions/Future
More informationMemory Safety (cont d) Software Security
Memory Safety (cont d) Software Security CS 161: Computer Security Prof. Raluca Ada Popa January 17, 2016 Some slides credit to David Wagner and Nick Weaver Announcements Discussion sections and office
More informationCollaborative Intrusion Detection System : A Framework for Accurate and Efficient IDS. Outline
Collaborative Intrusion Detection System : A Framework for Accurate and Efficient IDS Yu-Sung Wu, Bingrui Foo, Yongguo Mei, Saurabh Bagchi Dependable Computing Systems Lab School of Electrical and Computer
More informationLecture 4 September Required reading materials for this class
EECS 261: Computer Security Fall 2007 Lecture 4 September 6 Lecturer: David Wagner Scribe: DK Moon 4.1 Required reading materials for this class Beyond Stack Smashing: Recent Advances in Exploiting Buffer
More informationN-Variant SystemsA Secretless Framework for Security through. Diversity Cox et al.
N-Variant Systems A Secretless Framework for Security through Diversity Cox et al. The problem Software homogeneity makes the process of leveraging a known exploit easy. Some solutions Address space randomization
More informationEECS 481 Software Engineering Exam #1. You have 1 hour and 20 minutes to work on the exam.
EECS 481 Software Engineering Exam #1 Write your name and UM uniqname on the exam. There are ten (10) pages in this exam (including this one) and seven (7) questions, each with multiple parts. Some questions
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 14: Software Security Department of Computer Science and Engineering University at Buffalo 1 Software Security Exploiting software vulnerabilities is paramount
More informationKLEE Workshop Feeding the Fuzzers. with KLEE. Marek Zmysłowski MOBILE SECURITY TEAM R&D INSTITUTE POLAND
Feeding the Fuzzers with KLEE Marek Zmysłowski MOBILE SECURITY TEAM R&D INSTITUTE POLAND This presentation was created with help and commitment of the Samsung R&D Poland Mobile Security team. KLEE and
More informationBi-Objective Optimization for Scheduling in Heterogeneous Computing Systems
Bi-Objective Optimization for Scheduling in Heterogeneous Computing Systems Tony Maciejewski, Kyle Tarplee, Ryan Friese, and Howard Jay Siegel Department of Electrical and Computer Engineering Colorado
More informationLecture 1: Buffer Overflows
CS5431 Computer Security Practicum Spring 2017 January 27, 2017 1 Conficker Lecture 1: Buffer Overflows Instructor: Eleanor Birrell In November 2008, a new piece of malware was observed in the wild. This
More informationCSE 374 Programming Concepts & Tools. Hal Perkins Fall 2015 Lecture 15 Testing
CSE 374 Programming Concepts & Tools Hal Perkins Fall 2015 Lecture 15 Testing Where we are Some very basic software engineering topics in the midst of tools Today: testing (how, why, some terms) Later:
More informationHomework # 7 Distributed Computing due Saturday, December 13th, 2:00 PM
Homework # 7 Distributed Computing due Saturday, December 13th, 2:00 PM In this homework you will add code to permit a calendar to be served to clients, and to open a calendar on a remote server. You will
More informationAn Analysis of Patch Plausibility and Correctness for Generate-And-Validate Patch Generation Systems
An Analysis of Patch Plausibility and Correctness for Generate-And-Validate Patch Generation Systems Zichao Qi, Fan Long, Sara Achour, and Martin Rinard MIT EECS & CSAIL {zichaoqi, fanl, sarachour, rinard}@csail.mit.edu
More informationScaling up: How we made millions of domains happier. Tom Arnfeld, DNS Engineer Pavel Odintsov, DNS Engineer
Scaling up: How we made millions of domains happier Tom Arnfeld, DNS Engineer Pavel Odintsov, DNS Engineer Cloudflare DNS Services Authoritative DNS IPv4 and IPv6 support Low latency propagation DNSSEC
More informationSourcererCC -- Scaling Code Clone Detection to Big-Code
SourcererCC -- Scaling Code Clone Detection to Big-Code What did this paper do? SourcererCC a token-based clone detector, that can detect both exact and near-miss clones from large inter project repositories
More informationA program execution is memory safe so long as memory access errors never occur:
A program execution is memory safe so long as memory access errors never occur: Buffer overflows, null pointer dereference, use after free, use of uninitialized memory, illegal free Memory safety categories
More informationEvaluating Bug Finders
Evaluating Bug Finders Test and Measurement of Static Code Analyzers Aurelien DELAITRE Bertrand STIVALET http://samate.nist.gov ICSE - COUFLESS 2015 May 23, 2015 Authors Aurelien DELAITRE West Virginia
More informationOn-Demand Proactive Defense against Memory Vulnerabilities
On-Demand Proactive Defense against Memory Vulnerabilities Gang Chen, Hai Jin, Deqing Zou, and Weiqi Dai Services Computing Technology and System Lab Cluster and Grid Computing Lab School of Computer Science
More informationBuffer overflow prevention, and other attacks
Buffer prevention, and other attacks Comp Sci 3600 Security Outline 1 2 Two approaches to buffer defense Aim to harden programs to resist attacks in new programs Run time Aim to detect and abort attacks
More informationStatically Detecting Likely Buffer Overflow Vulnerabilities
Statically Detecting Likely Buffer Overflow Vulnerabilities David Larochelle and David Evans USENIX'01 David Larochelle and David Evans IEEE Software Jan/Feb 2002 Presented by Adam Polyak 30.03.2014 Outline
More informationSimple Overflow. #include <stdio.h> int main(void){ unsigned int num = 0xffffffff;
Simple Overflow 1 #include int main(void){ unsigned int num = 0xffffffff; printf("num is %d bits long\n", sizeof(num) * 8); printf("num = 0x%x\n", num); printf("num + 1 = 0x%x\n", num + 1); }
More informationWe will focus on Buffer overflow attacks SQL injections. See book for other examples
We will focus on Buffer overflow attacks SQL injections See book for other examples Buffer overrun is another common term Buffer Overflow A condition at an interface under which more input can be placed
More informationOutline. Computer programming. Debugging. What is it. Debugging. Hints. Debugging
Outline Computer programming Debugging Hints Gathering evidence Common C errors "Education is a progressive discovery of our own ignorance." Will Durant T.U. Cluj-Napoca - Computer Programming - lecture
More informationLast week. Data on the stack is allocated automatically when we do a function call, and removed when we return
Last week Data can be allocated on the stack or on the heap (aka dynamic memory) Data on the stack is allocated automatically when we do a function call, and removed when we return f() {... int table[len];...
More information