Documente Academic
Documente Profesional
Documente Cultură
591
R
:0
0
:1
1 XX
XX
z2
X
:
2X
X
XX
z
X
X
:3
3
X
XX
z
X
:4
4 XX
XX
z5
X
5
6
6
Fig. 1.
P
0 XXX
0
z1
X
1 XXXX
z2
X
2 XXXX
z3
X
3 XXXX
X
z4
4 XXX X
z5
X
5 XXXX
X
z6
X
6
P0
:0
0
:1
1
:2
2
:3
3
:4
4
:5
5
6
6
#
#
"
T
0
!
CD
"
!
CD
' $
T
CD
0
&CD
%
Fig. 3.
592
A sufficient condition of correctness, which holds whenever the given invariant relation subsumes the target
specification.
A necessary condition of correctness, whose negation
we use as a sufficient condition of incorrectness: the
necessary condition derived from an invariant relation Q
is false whenever the invariant relation is incompatible
with the specification, i.e. no while loop that admits Q
as an invariant relation could possibly be correct with
respect to R. When an invariant relation C does satisfy
(with R) the necessary condition of correctness, we say
that it is compatible with R.
593
not mean our fault removal was wrong: when we run this loop
on randomly generated test data using the oracle of relative
correctness (section IV-A), it runs for over eight hundred
thousand test data without failure. Indeed, w0 is provably
more-correct than w, though it may still be incorrect. Running
the invariant relations generator on the new loop produces
fourteen invariant relations, one of which is incompatible with
R (hence w0 is indeed incorrect); it seems that by removing
the earlier fault we have remedied four invariant relations at
once. Applying the same process to w0 , we find the following
loop, which is correct with respect to R:
wc: while (abs(r-p)>upsilon)
{t=t+1; n=n+x; m=m+1; l=l*(1+b);
k=k+1000; y=n+k; w=w+z; z=(1+a)*z;
v=w+k; r=(v-y)/y; u=(m-n)/n; d=r-u;}
C. Illustration
We consider the following loop, taken from a C++ financial
application, where all the variables except t are of type
double, and where a and b are positive constants.
w:
while (abs(r-p)>upsilon)
{t=t+1; n=n+x; m=m-1; l=l*(1+b);
k=k+1000; y=n+k; w=w+z; z=(1+a)+z;
v=w+k; r=(v-y)/y; u=(m-n)/n; d=r-u;}
1 (1 + a)t t
R = {(s, s )|b < a < 1x = xw = wz
a
0
l (1 + b)t = l0 (1 + b)t }.
Analysis of this loop by an invariant relations generator derives
fourteen invariant relations, five of which are found to be
incompatible with the specification. We select the following
incompatible invariant relation for remediation:
z
z0
ACKNOWLEDGMENT
The authors are grateful to the anonymous reviewers for their
valuable feedback. This publication was made possible by a grant
from the Qatar national Research Fund NPRP04-1109-1-174. Its
contents are solely the responsibility of the authors and do not
necessarily represent the official views of QNRF.
R EFERENCES
[1] Algirdas Avizienis, J-C Laprie, Brian Randell, and Carl Landwehr. Basic
concepts and taxonomy of dependable and secure computing. IEEE
Transactions on Dependable and Secure Computing, 1(1):1133, 2004.
[2] Vidroha Debroy and W Eric Wong. Using mutation to automatically
suggest fixes for faulty programs. In ICST, pages 6574. IEEE, 2010.
[3] Nafi Diallo, Wided Ghardallou, Ali Jaoua, Marcelo Frias, , and Ali
Mili. What is a software fault, and why does it matter? [online], 2014.
Available at http://web.njit.edu/mili/fir.pdf.
[4] Divya Gopinath, Muhammad Zubair Malik, and Sarfraz Khurshid.
Specification-based program repair using sat. In TACAS, pages 173
188. 2011.
[5] Dongsun Kim, Jaechang Nam, Jaewoo Song, and Sunghun Kim. Automatic patch generation learned from human-written patches. In Proceedings of the 2013 International Conference on Software Engineering,
ICSE 13, pages 802811, 2013.
[6] Shuvendu K Lahiri, Kenneth L McMillan, Rahul Sharma, and
Chris Hawblitzel. Differential assertion checking. In Proceedings,
ESEC/SIGSOFT FSE, pages 345355. ACM, 2013.
[7] Claire Le Goues, Stephanie Forrest, and Westley Weimer. Current
challenges in automatic software repair. Software Quality Journal,
21(3):421443, 2013.
[8] Francesco Logozzo and Thomas Ball. Modular and verified automatic
program repair. In ACM SIGPLAN Notices, volume 47, pages 133146.
ACM, 2012.
[9] Francesco Logozzo, Shuvendu K Lahiri, Manuel Fahndrich, and Sam
Blackshear. Verification modulo versions: towards usable verification.
In Proceedings of the PLDI. ACM, 2014.
[10] Ali Mili, Marcelo F Frias, and Ali Jaoua. On faults and faulty programs.
In Relational and Algebraic Methods in Computer Science, pages 191
207. Springer, 2014.
[11] Martin Monperrus. A critical review of automatic patch generation
learned from human-written patches: essay on the problem statement
and the evaluation of automatic software repair. In Proceedings, ICSE,
pages 234242. ACM, 2014.
[12] Hoang Duong Thien Nguyen, Dawei Qi, Abhik Roychoudhury, and
Satish Chandra. Semfix: Program repair via semantic analysis. In
Proceedings, ICSE, pages 772781. IEEE Press, 2013.
[13] Yi Wei, Yu Pei, Carlo A Furia, Lucas S Silva, Stefan Buchholz,
Bertrand Meyer, and Andreas Zeller. Automated fixing of programs
with contracts. In Proceedings of the 19th international symposium on
Software testing and analysis, pages 6172. ACM, 2010.
594