Abstract:
Program bugs are notorious for their cost when discovered late in the Software Development Life Cycle (SDLC). When a bug is discovered in the production
environment, the cycle is restarted, which often takes at least one or two weeks before the fix is pushed to production. To mitigate the increasing cost of delayed bug resolution, several families of techniques were developed such as Automated Program Repair (APR), and Failure Detection. In this thesis, we propose two variants of these techniques. To perform a program repair, most approaches apply methods based on Satisfiability Modulo Theorem (SMT) or on Generate-and-Validate (G&V) techniques. However, these approaches are computationally complex. SMT-based methods can suffer from path explosion for large programs and may require the programmer to write assertions and specifications, while G&V methods tend to have a huge search-space and may over-fit the test suite. Our first proposed method, CFAAR, is a test-based repair technique that operates by selectively altering the outcome of suspicious control statements in order to yield the expected program behavior. CFAAR targets defects that are repairable by altering the execution of control statements under specific conditions. Unlike other test-based repair techniques that mine for patches in other parts of the program or in various artifacts, CFAAR relies on the program’s state to determine when a candidate control statement should be negated to yield a correct behavior. Then, the captured state is further analyzed to synthesize a patch in the form of a conditional that guards the candidate control statement. Our second proposed method, D-FUSE, is a failure detection method that uses both structural and substate profiles. While structural profiles estimate the various path components visited in each run, substate profiles characterize the various values taken by a variable for a given run. Furthermore, a substate descriptor embeds statistical information about these values, and how they cluster among all test cases. In this thesis, we leverage both types of profiles to enhance failure detection. After showing that the two profile types are complementary for detecting failure, we propose an optimization technique that selects a set of profile elements that predicts failure, while minimizing the profiling cost. Finally, an augmented set of instrumentation probes are selected to reproduce the selected profile elements, while maintaining a low resource overhead.
Description:
Bazzi, Louay; Zaraket, Fadi; Jaber, Mohamad; Podgurski, Andy; Abou Assi, Rawad