乐胖代购免代理版

{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,8,19]],"date-time":"2024-08-19T18:10:16Z","timestamp":1724091016458},"reference-count":46,"publisher":"Association for Computing Machinery (ACM)","issue":"FSE","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Proc. ACM Softw. Eng."],"published-print":{"date-parts":[[2024,7,12]]},"abstract":"Model checking has been used traditionally for finding violations of temporal properties. Recently, testing or fuzzing approaches have also been applied to software systems to find temporal property violations. However, model checking suffers from state explosion, while fuzzing can only partially cover program paths. Moreover, once a violation is found, the fix for the temporal error is usually manual. In this work, we develop the first compositional static analyzer for temporal properties, and the analyzer supports a proof-based repair strategy to fix temporal bugs automatically. To enable a more flexible specification style for temporal properties, on top of the classic pre\/post-conditions, we allow users to write a future-condition to modularly express the expected behaviors after the function call. Instead of requiring users to write specifications for each procedure, our approach automatically infers the procedure\u2019s specification according to user-supplied specifications for a small number of primitive APIs. We further devise a term rewriting system to check the actual behaviors against its inferred specification. Our method supports the analysis of 1) memory usage bugs, 2) unchecked return values, 3) resource leaks, etc., with annotated specifications for 17 primitive APIs, and detects 515 vulnerabilities from over 1 million lines of code ranging from ten real-world C projects. Intuitively, the benefit of our approach is that a small set of properties can be specified once and used to analyze\/repair a large number of programs. Experimental results show that our tool, ProveNFix, detects 72.2% more true alarms than the latest release of the Infer static analyzer. Moreover, we show the effectiveness of our repair strategy when compared to other state-of-the-art systems \u2014 fixing 5% more memory leaks than SAVER, 40% more resource leaks than FootPatch, and with a 90% fix rate for null pointer dereferences.<\/jats:p>","DOI":"10.1145\/3643737","type":"journal-article","created":{"date-parts":[[2024,7,12]],"date-time":"2024-07-12T14:22:09Z","timestamp":1720794129000},"page":"226-248","source":"Crossref","is-referenced-by-count":0,"title":["ProveNFix: Temporal Property-Guided Program Repair"],"prefix":"10.1145","volume":"1","author":[{"ORCID":"http:\/\/orcid.org\/0000-0002-9760-5895","authenticated-orcid":false,"given":"Yahui","family":"Song","sequence":"first","affiliation":[{"name":"National University of Singapore, Singapore, Singapore"}]},{"ORCID":"http:\/\/orcid.org\/0000-0001-9895-4600","authenticated-orcid":false,"given":"Xiang","family":"Gao","sequence":"additional","affiliation":[{"name":"Beihang University, Beijing, China"}]},{"ORCID":"http:\/\/orcid.org\/0009-0005-9479-8061","authenticated-orcid":false,"given":"Wenhua","family":"Li","sequence":"additional","affiliation":[{"name":"National University of Singapore, Singapore, Singapore"}]},{"ORCID":"http:\/\/orcid.org\/0000-0002-9660-5682","authenticated-orcid":false,"given":"Wei-Ngan","family":"Chin","sequence":"additional","affiliation":[{"name":"National University of Singapore, Singapore, Singapore"}]},{"ORCID":"http:\/\/orcid.org\/0000-0002-7127-1137","authenticated-orcid":false,"given":"Abhik","family":"Roychoudhury","sequence":"additional","affiliation":[{"name":"National University of Singapore, Singapore, Singapore"}]}],"member":"320","published-online":{"date-parts":[[2024,7,12]]},"reference":[{"key":"e_1_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1142\/S0129054109006802"},{"volume-title":"Annual Symposium on Theoretical Aspects of Computer Science. 455\u2013466","year":"1995","author":"Antimirov Valentin","key":"e_1_2_1_2_1","unstructured":"Valentin Antimirov. 1995. Partial derivatives of regular expressions and finite automata constructions. In Annual Symposium on Theoretical Aspects of Computer Science. 455\u2013466."},{"key":"e_1_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1016\/0304-3975(95)80024-4"},{"key":"e_1_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-22110-1_16"},{"key":"e_1_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-17524-9_1"},{"key":"e_1_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-45657-0_29"},{"volume-title":"Foundations of Software Technology and Theoretical Computer Science: 17th Conference Kharagpur, India, December 18\u201320, 1997 Proceedings 17","year":"1997","author":"Clarke Edmund M","key":"e_1_2_1_7_1","unstructured":"Edmund M Clarke. 1997. Model checking. In Foundations of Software Technology and Theoretical Computer Science: 17th Conference Kharagpur, India, December 18\u201320, 1997 Proceedings 17. 54\u201356."},{"key":"e_1_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-35746-6_1"},{"key":"e_1_2_1_9_1","unstructured":"CVE-2016-2113. 2016. CVE-2016-2113. https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2016-2113"},{"key":"e_1_2_1_10_1","doi-asserted-by":"crossref","unstructured":"Cve-2016-2182. 2016. Cve-2016-2182. https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2016-2182","DOI":"10.1149\/MA2016-02\/34\/2182"},{"key":"e_1_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-78800-3_24"},{"key":"e_1_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-17524-9_13"},{"key":"e_1_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382204"},{"key":"e_1_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.18293\/SEKE2019-006"},{"volume-title":"Bounded Exhaustive Search of Alloy Specification Repairs. In 2021 IEEE\/ACM 43rd International Conference on Software Engineering (ICSE).","year":"2021","author":"Brida Sim\u00f3n Guti\u00e9rrez","key":"e_1_2_1_15_1","unstructured":"Sim\u00f3n Guti\u00e9rrez Brida, Germ\u00e1n Regis, Guolong Zheng, Hamid Bagheri, ThanhVu Nguyen, Nazareno Aguirre, and Marcelo Frias. 2021. Bounded Exhaustive Search of Alloy Specification Repairs. In 2021 IEEE\/ACM 43rd International Conference on Software Engineering (ICSE)."},{"key":"e_1_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1109\/32.588521"},{"key":"e_1_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/3377811.3380323"},{"key":"e_1_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jcss.2011.12.003"},{"key":"e_1_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00071"},{"volume-title":"Stefan Blom, and Tom Van Dijk.","year":"2015","author":"Kant Gijs","key":"e_1_2_1_20_1","unstructured":"Gijs Kant, Alfons Laarman, Jeroen Meijer, Jaco Van de Pol, Stefan Blom, and Tom Van Dijk. 2015. LTSmin: high-performance language-independent model checking. In Tools and Algorithms for the Construction and Analysis of Systems: 21st International Conference, TACAS 2015, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2015, London, UK, April 11-18, 2015, Proceedings 21. 692\u2013707."},{"key":"e_1_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.4230\/LIPIcs.FSTTCS.2014.175"},{"key":"e_1_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-21668-3_13"},{"key":"e_1_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/3527325"},{"key":"e_1_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/3236024.3236079"},{"key":"e_1_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/2970276.2970356"},{"key":"e_1_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/3510003.3510082"},{"volume-title":"Andy Chou, Dawson R Engler, and David L Dill.","year":"2002","author":"Musuvathi Madanlal","key":"e_1_2_1_27_1","unstructured":"Madanlal Musuvathi, David YW Park, Andy Chou, Dawson R Engler, and David L Dill. 2002. CMC: A pragmatic approach to model checking real code. ACM SIGOPS Operating Systems Review, 36, SI (2002), 75\u201388."},{"key":"e_1_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-67067-2_17"},{"key":"e_1_2_1_29_1","unstructured":"openssl. 2019. Openssl: cryptography and ssl\/tls toolkit.. https:\/\/github.com\/openssl\/"},{"volume-title":"Martin Nordio, Yi Wei, Bertrand Meyer, and Andreas Zeller.","year":"2014","author":"Pei Yu","key":"e_1_2_1_30_1","unstructured":"Yu Pei, Carlo A Furia, Martin Nordio, Yi Wei, Bertrand Meyer, and Andreas Zeller. 2014. Automated fixing of programs with contracts. IEEE transactions on software engineering, 40, 5 (2014), 427\u2013449."},{"key":"e_1_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/3290385"},{"key":"e_1_2_1_32_1","unstructured":"Swoole Project. [n.d.]. Swoole Project. https:\/\/github.com\/swoole\/swoole-src"},{"volume-title":"Helena Cuenca Cruz, and David Rydeheard","year":"2015","author":"Reger Giles","key":"e_1_2_1_33_1","unstructured":"Giles Reger, Helena Cuenca Cruz, and David Rydeheard. 2015. MarQ: monitoring at runtime with QEA. In Tools and Algorithms for the Construction and Analysis of Systems: 21st International Conference, TACAS 2015, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2015, London, UK, April 11-18, 2015, Proceedings 21. 596\u2013610."},{"volume-title":"FM 2016: Formal Methods: 21st International Symposium, Limassol, Cyprus, November 9-11, 2016, Proceedings 21","year":"2016","author":"Rothenberg Bat-Chen","key":"e_1_2_1_34_1","unstructured":"Bat-Chen Rothenberg and Orna Grumberg. 2016. Sound and complete mutation-based program repair. In FM 2016: Formal Methods: 21st International Symposium, Limassol, Cyprus, November 9-11, 2016, Proceedings 21. 593\u2013611."},{"volume-title":"Two approaches to interprocedural data flow analysis","author":"Sharir Micha","key":"e_1_2_1_35_1","unstructured":"Micha Sharir and Amir Pnueli. 1978. Two approaches to interprocedural data flow analysis. New York University. Courant Institute of Mathematical Sciences \u2026."},{"key":"e_1_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-63406-3_5"},{"key":"e_1_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-67067-2_19"},{"volume-title":"Tools and Algorithms for the Construction and Analysis of Systems","author":"Song Yahui","key":"e_1_2_1_38_1","unstructured":"Yahui Song and Wei-Ngan Chin. 2023. Automated Verification for Real-Time Systems. In Tools and Algorithms for the Construction and Analysis of Systems, Sriram Sankaranarayanan and Natasha Sharygina (Eds.). Springer Nature Switzerland, Cham. 569\u2013587. isbn:978-3-031-30823-9"},{"key":"e_1_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-031-21037-2_5"},{"key":"e_1_2_1_40_1","unstructured":"Daniel Thoma. [n.d.]. Runtime Monitoring with Union-Find Structures. Tools and Algorithms for the Construction and Analysis of Systems LNCS 9636 868."},{"key":"e_1_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1145\/3180155.3180250"},{"volume-title":"Model Checking Software: 12th International SPIN Workshop. 27\u201327","year":"2005","author":"Visser Willem","key":"e_1_2_1_42_1","unstructured":"Willem Visser and Peter Mehlitz. 2005. Model checking programs with Java PathFinder. In Model Checking Software: 12th International SPIN Workshop. 27\u201327."},{"key":"e_1_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1016\/S0019-9958(83)80051-5"},{"key":"e_1_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1109\/ISSRE.2004.11"},{"key":"e_1_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1145\/996821.996832"},{"key":"e_1_2_1_46_1","doi-asserted-by":"publisher","unstructured":"Zenodo. 2023. Benchmark and Source Code. https:\/\/doi.org\/10.5281\/zenodo.8388488 10.5281\/zenodo.8388488","DOI":"10.5281\/zenodo.8388488"}],"container-title":["Proceedings of the ACM on Software Engineering"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3643737","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,8,19]],"date-time":"2024-08-19T17:50:37Z","timestamp":1724089837000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3643737"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,7,12]]},"references-count":46,"journal-issue":{"issue":"FSE","published-print":{"date-parts":[[2024,7,12]]}},"alternative-id":["10.1145\/3643737"],"URL":"https:\/\/doi.org\/10.1145\/3643737","relation":{},"ISSN":["2994-970X"],"issn-type":[{"type":"electronic","value":"2994-970X"}],"subject":[],"published":{"date-parts":[[2024,7,12]]}}}