Upload
iosif-itkin
View
2.568
Download
1
Embed Size (px)
Citation preview
application of hierarchical parameterizedtemplates for automated software errorcorrection
Применение технологии иерархических параметризируемых шаблоновдля автоматизированного исправления ошибок в программном коде
Artyom Aleksyuk, Vladimir Itsykson
Nov 12, 2015
Peter the Great St.Petersburg Polytechnic University
introduction
• Wide use of software systems• Important areas• Validation and verification of software• Static analysis• Why not try to fix found bugs?
2
existing approaches and tools
• IntelliJ IDEA - Structural Search and Replace• Uses templates to describe replacements• Tightly coupled with IDEA UI and code model
• AutoFix-E: Automated Debugging of Programs with Contracts• Juzi: A Tool for Repairing Complex Data Structures• Corrects data structures using symbolic execution
• GenProg - Genetic programming for code repair• A very promising tool and approach• Requires a lot of unit tests
• Grail, Axis, AFix• Dedicated to repair multithreaded programs
3
task
The main task is to develop an automated system which fixes codewith the help of a static analyzer.Designed system consists of:
• Static analyzer interface module• Code modification module• Set of corrections
4
requirements
The developed system must meet the following requirements:
• It should work with minimal users’ involvement• Modifications should be correct, i.e. the system shouldn’t altercode logic in any way and should do only those modificationswhich are described in the template;
• It should be universal;• Code formatting and comments should be kept• The system should support the latest versions of programminglanguage
• It should be extensible
5
static analyzer
FindBugs was chosen as the static analyzer.
• Easy to interchange information about warnings• Mostly signature-based
The system must use templates to describe code replacements.
6
code modification approaches
• Manual AST modification (for example, using a JavaParser library)• The most universal approach• Low extensibility - requires writing new code for each new correction• DSL for code modification?
• Template-based code modification technology (D.A. Timofeevmaster’s degree, 2010)• Uses templates to describe code modificationsTemplates are written in language based on Java
• Allows using variables (”selectors”) in templates• Supports Java 1.5 (JRE/JDK 1.5 were introduced in 2004!)• Doesn’t keep code formatting and comments• Sometimes behaves incorrectly (just buggy :( )
7
difficulties
A badly behaving automatic software repair system can skiprequired code region, modify inappropriate code or even make awrong correction.General reasons for that:
• Static analyzer mistake• Static analyzer interface bottleneck• Incorrect template match• Improper modification
Ways to overcome the last problem
• Code review• Unit testing• Other suitable verification and validation methods
8
architecture
FindBugsreport parsing
Warnings list
"Before" template
"After" template
Source code
"Before"parse tree
"After"parse tree
Source codeparse tree
Difference
"Before" templatematches in code
Changes applied
Source code
9
bugs examples
1. Absence of explicit default encoding designation when readingtext files
2. Strings comparison via == operator3. Absence of null check in equal() method4. Absence of argument type check in equal() method5. Usage of constructors for wrapper classes6. toString() method call for array7. Usage of approximate values of mathematical constants8. JVM termination via System.exit() call when handling errors9. Null return in toString() method10. Arrays comparison using equals() method11. Comparison of compareTo() method returning value on equality
with constant10
replacement templates
Templates language = Java + selectors.Selectors are described using #idetifier expression.Example: string comparison using ==. Before:#a == #b
After:#b.equals(#a)
Absence of a null pointer check. Before:boolean equals(Object obj) {#expr; }
After:boolean equals(Object obj) {i f (obj == null) { return false; }#expr; }
11
queries
Ability to specify requirements for selectors
1. Type of tree node2. Range of values3. Quantity of caught nodes4. Complex queries via XPath
Example:[before]#array.toString()[after]Arrays.toString(#array)[query]array is Identifierarray quantity 1
12
development
• FindBugs report is just an XML document, read using standardJava DOM parser
• Each template consists of three or four .INI-like sections:[before], [after], [type] and optionally [query]. Each template canfix multiple bug types and vice versa.
• Improved template matching code• Selector queries
13
improved template matching code
Pattern Matching in TreesAdditional complexity because of selectorsEach selector can include any number of nodes
14
development
• Ported to ANTLRv4• Grammar written from scratch, now based on Java 7• Selectors can be used nearly everywhere• Transition from AST to CST (Parse tree)• New way to transform internal representation back to the sourcecode (allows to transfer formatting and comments)
16
ci integration
Shell script designed to be run as a Jenkins build step
• Launch FindBugs and fetch a report from it• Run FixMyCode• Commit changes
A new branch is created each time. Developers should reviewmodifications and do a merge.
17
testing
Trying to fix bugs in a popular, widely used project.JGraphT library:
• Maintained code base• Uses Java 7 features• Has a plenty of unit tests (439)• Middle-size project (27K SLOC)
Results:
• 46 bugs found• 14 errors was fixes• 8 errors can’t be fixed because of FindBugs error• Other bugs need an appropriate replacement template
19
testing
Examples. Inefficient usage of wrapper classes:buckets.get(degree[nb]).remove(new Integer(nb));
Replacement:buckets.get(degree[nb]).remove( Integer.valueOf(nb));
20
testing
Absence of a null pointer and argument type check:
@Override public booleanequals(Object obj)
{LabelsEdge otherEdge = (
LabelsEdge) obj;i f ((this.source ==
otherEdge.source)&& (this.target ==
otherEdge.target))
{return true;
} else {return false;
}}
@Override public boolean equals(Object obj){
i f (obj == null) {return false;
}i f (!obj.getClass().isInstance(this)) {
return false;}LabelsEdge otherEdge = (LabelsEdge) obj;i f ((this.source == otherEdge.source)
&& (this.target == otherEdge.target))
{return true;
} else {return false;
}}
21
recap
• The extensible system that works nearly automatically wasdevelopedSource code can be fetched fromhttps://bitbucket.org/h31/fixmycode
• Template grammar was updated and extended• A set of replacement templates was written• The developed system could be used to maintain the codequality within Continuous Integration
• Also can be used to modernize legacy code
22
future direction of development
• First of all, make it a production-grade project (documentation,code quality, stability)
• More powerful query types• Support for other static analyzers (Java Path Finder, etc)• Extending tool for related tasks: performance improvement,security enhancement
23