An analysis of patch plausibility and correctness for generate-and-validate patch generation systems
Thesis: S.M., Massachusetts Institute of Technology, Department of Electrical Engineering and Computer Science, 2015.
Main Author: | |
---|---|
Other Authors: | |
Format: | Thesis |
Language: | eng |
Published: |
Massachusetts Institute of Technology
2016
|
Subjects: | |
Online Access: | http://hdl.handle.net/1721.1/101586 |
_version_ | 1811070487968612352 |
---|---|
author | Qi, Zichao |
author2 | Martin C. Rinard. |
author_facet | Martin C. Rinard. Qi, Zichao |
author_sort | Qi, Zichao |
collection | MIT |
description | Thesis: S.M., Massachusetts Institute of Technology, Department of Electrical Engineering and Computer Science, 2015. |
first_indexed | 2024-09-23T08:36:49Z |
format | Thesis |
id | mit-1721.1/101586 |
institution | Massachusetts Institute of Technology |
language | eng |
last_indexed | 2024-09-23T08:36:49Z |
publishDate | 2016 |
publisher | Massachusetts Institute of Technology |
record_format | dspace |
spelling | mit-1721.1/1015862019-04-09T18:47:26Z An analysis of patch plausibility and correctness for generate-and-validate patch generation systems Qi, Zichao Martin C. Rinard. Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science. Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science. Electrical Engineering and Computer Science. Thesis: S.M., Massachusetts Institute of Technology, Department of Electrical Engineering and Computer Science, 2015. Cataloged from PDF version of thesis. Includes bibliographical references (pages 79-84). We analyze reported patches for three existing generate-and-validate patch generation systems (GenProg, RSRepair, and AE). The basic principle behind generate-and-validate systems is to accept only plausible patches that produce correct outputs for all inputs in the test suite used to validate the patches. Because of errors in the patch evaluation infrastructure, the majority of the reported patches are not plausible - they do not produce correct outputs even for the inputs in the validation test suite. The overwhelming majority of the reported patches are not correct and are equivalent to a single modification that simply deletes functionality. Observed negative effects include the introduction of security vulnerabilities and the elimination of desirable standard functionality. We also present Kali, a generate-and-validate patch generation system that only deletes functionality. Working with a simpler and more effectively focused search space, Kali generates at least as many correct patches as prior GenProg, RSRepair, and AE systems. Kali also generates at least as many patches that produce correct outputs for the inputs in the validation test suite as the three prior systems. We also discuss the patches produced by ClearView, a generate-and-validate binary hot patching system that leverages learned invariants to produce patches that enable systems to survive otherwise fatal defects and security attacks. Our analysis indicates that ClearView successfully patches 9 of the 10 security vulnerabilities used to evaluate the system. At least 4 of these patches are correct. by Zichao Qi. S.M. 2016-03-03T21:10:36Z 2016-03-03T21:10:36Z 2015 2015 Thesis http://hdl.handle.net/1721.1/101586 940974634 eng M.I.T. theses are protected by copyright. They may be viewed from this source for any purpose, but reproduction or distribution in any format is prohibited without written permission. See provided URL for inquiries about permission. http://dspace.mit.edu/handle/1721.1/7582 84 pages application/pdf Massachusetts Institute of Technology |
spellingShingle | Electrical Engineering and Computer Science. Qi, Zichao An analysis of patch plausibility and correctness for generate-and-validate patch generation systems |
title | An analysis of patch plausibility and correctness for generate-and-validate patch generation systems |
title_full | An analysis of patch plausibility and correctness for generate-and-validate patch generation systems |
title_fullStr | An analysis of patch plausibility and correctness for generate-and-validate patch generation systems |
title_full_unstemmed | An analysis of patch plausibility and correctness for generate-and-validate patch generation systems |
title_short | An analysis of patch plausibility and correctness for generate-and-validate patch generation systems |
title_sort | analysis of patch plausibility and correctness for generate and validate patch generation systems |
topic | Electrical Engineering and Computer Science. |
url | http://hdl.handle.net/1721.1/101586 |
work_keys_str_mv | AT qizichao ananalysisofpatchplausibilityandcorrectnessforgenerateandvalidatepatchgenerationsystems AT qizichao analysisofpatchplausibilityandcorrectnessforgenerateandvalidatepatchgenerationsystems |