Skip to main content
SpringerLink
Log in

Automated Program Repair Using Formal Verification Techniques

  • Chapter
  • First Online:
Principles of Systems Design

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13660))

  • 746 Accesses

Abstract

We focus on two different approaches to automatic program repair, based on formal verification methods. Both repair techniques consider infinite-state C-like programs, and consist of a generate-validate loop, in which potentially repaired programs are repeatedly generated and verified. Both approaches are incremental – partial information gathered in previous verification attempts is used in the next steps. However, the settings of both approaches, including their techniques for finding repairs, are quite distinct. The first approach uses syntactic mutations to repair sequential programs with respect to assertions in the code. It is based on a reduction to the problem of finding unsatisfiable sets of constraints, which is addressed using an interplay between SAT and SMT solvers. A novel notion of must-fault-localization enables efficient pruning of the search space, without losing any potential repair. The second approach uses an Assume-Guarantee (AG) style reasoning in order to verify large programs, composed of two concurrent components. The AG reasoning is based on automata-learning techniques. When verification fails, the procedure repeatedly repairs one of the components, until a correct repair is found. Several different repair methods are considered, trading off precision and convergence to a correct repair.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 79.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 99.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Fl-AllRepair is an extension of the AllRepair tool, available here: https://github.com/batchenRothenberg/AllRepair. FL-AllRepair is currently enabled by adding the –blockrepair slicing option to the AllRepair tool.

  2. 2.

    If st is an assignment of the form x:=e then its expression is e. If st is a conditional statement, then its expression is the condition.

  3. 3.

    For brevity, the definitions brought here are an instantiation of the original definitions from [50] to the mutation scheme. Originally, the definitions of both a must-location-set and must-fault-localization depend on the repair scheme.

  4. 4.

    This is, in fact, a hitting set of the set of all minimal RLS for \(I\).

  5. 5.

    http://codeforces.com/.

  6. 6.

    According to item , one of the actions must be a read and the other must be a write action.

  7. 7.

    Usually, in abduction, we look for \(\psi \) such that \(\psi \wedge \varphi _t\) is not a contradiction. However, since \(\varphi _t\) is a violation of the specification, we want to infer a formula that makes \(\varphi _t\) unsatisfiable.

References

  1. https://github.com/hadarlh/AGR

  2. Albarghouthi, A., Dillig, I., Gurfinkel, A.: Maximal specification synthesis. In: POPL 51(1), 789-801(2016)

    Google Scholar 

  3. Alpern, B., Wegman, M.N., Zadeck, F.K.: Detecting equality of variables in programs. In: POPL (1988)

    Google Scholar 

  4. Angluin, D.: Learning regular sets from queries and counterexamples. Inf. Comput. 75(2), 87–106 (1987)

    Article  MathSciNet  MATH  Google Scholar 

  5. Assiri, F.Y., Bieman, J.M.: MUT-APR: mutation-based automated program repair research tool. In: Arai, K., Kapoor, S., Bhatia, R. (eds.) FICC 2018. AISC, vol. 887, pp. 256–270. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-03405-4_17

    Chapter  Google Scholar 

  6. Attie, P.C., Dak, K., Bab, A.L., Sakr, M.: Model and program repair via SAT solving. ACM Trans. Embed. Comput. Syst. 17(2), 1–25 (2017)

    Google Scholar 

  7. Bloem, R., Drechsler, R., Fey, G., Finder, A., Hofferek, G., Könighofer, R., Raik, J., Repinski, U., Sülflow, A.: FoREnSiC– an automatic debugging environment for C programs. In: Biere, A., Nahir, A., Vos, T. (eds.) HVC 2012. LNCS, vol. 7857, pp. 260–265. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-39611-3_24

    Chapter  Google Scholar 

  8. Chaki, S., Strichman, O.: Optimized L*-based assume-guarantee reasoning. In: Grumberg, O., Huth, M. (eds.) TACAS 2007. LNCS, vol. 4424, pp. 276–291. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-71209-1_22

    Chapter  Google Scholar 

  9. Chen, Y.-F., Clarke, E.M., Farzan, A., Tsai, M.-H., Tsay, Y.-K., Wang, B.-Y.: Automated assume-guarantee reasoning through implicit learning. In: Touili, T., Cook, B., Jackson, P. (eds.) CAV 2010. LNCS, vol. 6174, pp. 511–526. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-14295-6_44

    Chapter  Google Scholar 

  10. Chen, Y.-F., Farzan, A., Clarke, E.M., Tsay, Y.-K., Wang, B.-Y.: Learning minimal separating DFA’s for compositional verification. In: Kowalewski, S., Philippou, A. (eds.) TACAS 2009. LNCS, vol. 5505, pp. 31–45. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-00768-2_3

    Chapter  Google Scholar 

  11. Clarke, E., Kroening, D., Lerda, F.: A tool for checking ANSI-C programs. In: Jensen, K., Podelski, A. (eds.) TACAS 2004. LNCS, vol. 2988, pp. 168–176. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24730-2_15

    Chapter  MATH  Google Scholar 

  12. Clarke, E., Kroening, D., Yorav, K.: Behavioral consistency of C and verilog programs using bounded model checking. In: Design Automation Conference, 2003. Proceedings, pp. 368–371 IEEE (2003)

    Google Scholar 

  13. Cobleigh, J.M., Giannakopoulou, D., Păsăreanu, C.S.: Learning assumptions for compositional verification. In: Garavel, H., Hatcliff, J. (eds.) TACAS 2003. LNCS, vol. 2619, pp. 331–346. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-36577-X_24

    Chapter  MATH  Google Scholar 

  14. D’Antoni, L., Samanta, R., Singh, R.: Qlose: program repair with quantitative objectives. In: Chaudhuri, S., Farzan, A. (eds.) CAV 2016. LNCS, vol. 9780, pp. 383–401. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-41540-6_21

    Chapter  Google Scholar 

  15. de Moura, L., Bjørner, N.: Z3: an efficient SMT solver. In: Ramakrishnan, C.R., Rehof, J. (eds.) TACAS 2008. LNCS, vol. 4963, pp. 337–340. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-78800-3_24

    Chapter  Google Scholar 

  16. Debroy, V., Wong, W.E.: Using mutation to automatically suggest fixes for faulty programs. In: 2010 Third International Conference on Software Testing, Verification and Validation (ICST), pp. 65–74. IEEE (2010)

    Google Scholar 

  17. Dillig, I., Dillig, T.: Explain: a tool for performing abductive inference. In: Sharygina, N., Veith, H. (eds.) CAV 2013. LNCS, vol. 8044, pp. 684–689. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-39799-8_46

    Chapter  MATH  Google Scholar 

  18. Do, H., Elbaum, S., Rothermel, G.: Supporting controlled experimentation with testing techniques: an infrastructure and its potential impact. Empir. Softw. Eng. 10(4), 405–435 (2005)

    Article  Google Scholar 

  19. Elkader, K.A., Grumberg, O., Păsăreanu, C.S., Shoham, S.: Automated circular assume-guarantee reasoning. In: Bjørner, N., de Boer, F. (eds.) FM 2015. LNCS, vol. 9109, pp. 23–39. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-19249-9_3

    Chapter  Google Scholar 

  20. Abd Elkader, K., Grumberg, O., Păsăreanu, C.S., Shoham, S.: Automated circular assume-guarantee reasoning with N-way decomposition and alphabet refinement. In: Chaudhuri, S., Farzan, A. (eds.) CAV 2016. LNCS, vol. 9779, pp. 329–351. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-41528-4_18

    Chapter  Google Scholar 

  21. Frenkel, H.: Automata over infinite data domains: learnability and applications in program verification and repair, Ph. D thesis (2021)

    Google Scholar 

  22. Frenkel, H., Grumberg, O., Păsăreanu, C., Sheinvald, S.: Assume, guarantee or repair. In: TACAS 2020. LNCS, vol. 12078, pp. 211–227. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-45190-5_12

    Chapter  Google Scholar 

  23. Gheorghiu, M., Giannakopoulou, D., Păsăreanu, C.S.: Refining interface alphabets for compositional verification. In: Grumberg, O., Huth, M. (eds.) TACAS 2007. LNCS, vol. 4424, pp. 292–307. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-71209-1_23

    Chapter  MATH  Google Scholar 

  24. Giannakopoulou, D., Păsăreanu, C.S., Barringer, H.: Assumption Generation for Software Component Verification. In: IEEE Computer Society. ASE (2002)

    Google Scholar 

  25. Giannakopoulou, D., Păsăreanu, C.S., Barringer, H.: Component verification with automatically generated assumptions. Autom. Softw. Eng. 12(3), 297–320 (2005)

    Article  Google Scholar 

  26. Gupta, A., McMillan, K.L., Fu, Z.: Automated assumption generation for compositional verification. Formal Methods Syst. Des. 32(3), 285–301 (2008)

    Article  MATH  Google Scholar 

  27. Jobstmann, B., Griesmayer, A., Bloem, R.: Program repair as a game. In: Etessami, K., Rajamani, S.K. (eds.) CAV 2005. LNCS, vol. 3576, pp. 226–238. Springer, Heidelberg (2005). https://doi.org/10.1007/11513988_23

    Chapter  Google Scholar 

  28. Kneuss, E., Koukoutos, M., Kuncak, V.: Deductive program repair. In: Kroening, D., Păsăreanu, C.S. (eds.) CAV 2015. LNCS, vol. 9207, pp. 217–233. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-21668-3_13

    Chapter  Google Scholar 

  29. Könighofer, R., Bloem, R.: Automated error localization and correction for imperative programs. In: Formal Methods in Computer-Aided Design (FMCAD), pp. 91–100. IEEE (2011)

    Google Scholar 

  30. Könighofer, R., Bloem, R.: Repair with on-the-fly program analysis. In: Biere, A., Nahir, A., Vos, T. (eds.) HVC 2012. LNCS, vol. 7857, pp. 56–71. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-39611-3_11

    Chapter  Google Scholar 

  31. Le Goues, C., Nguyen, T., Forrest, S., Weimer, W.: GenProg: a generic method for automatic software repair. Softw. Eng. IEEE Trans. 38(1), 54–72 (2012)

    Article  Google Scholar 

  32. Li, B., Dillig, I., Dillig, T., McMillan, K., Sagiv, M.: Synthesis of circular compositional program proofs via abduction. In: Piterman, N., Smolka, S.A. (eds.) TACAS 2013. LNCS, vol. 7795, pp. 370–384. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-36742-7_26

    Chapter  MATH  Google Scholar 

  33. Lin, S.-W., Hsiung, P.-A.: Compositional synthesis of concurrent systems through causal model checking and learning. In: Jones, C., Pihlajasaari, P., Sun, J. (eds.) FM 2014. LNCS, vol. 8442, pp. 416–431. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-06410-9_29

    Chapter  Google Scholar 

  34. Liu, K., Koyuncu, A., Bissyande, T.F., Kim, D., Klein, J., Le Traon, Y.: You cannot fix what you cannot find! an investigation of fault localization bias in benchmarking automated program repair systems. In: ICST, pp. 102–113 (2019)

    Google Scholar 

  35. Magee, J., Kramer, J.: Concurrency - State Models and Java Programs. Wiley (1999)

    Google Scholar 

  36. McMillan, K.L.: Circular compositional reasoning about liveness. In: Pierre, L., Kropf, T. (eds.) CHARME 1999. LNCS, vol. 1703, pp. 342–346. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48153-2_30

    Chapter  Google Scholar 

  37. Mechtaev, S., Nguyen, M.-D., Noller, Y., Grunske, L., Roychoudhury, A.: Semantic program repair using a reference implementation. In: ICSE, pp. 129–139 (2018)

    Google Scholar 

  38. Mechtaev, S., Yi, J., Roychoudhury, A.: Angelix: scalable multiline program patch synthesis via symbolic analysis. In: ICSE, ICSE (2016)

    Google Scholar 

  39. Misra, J., Chandy, K.M.: Proofs of networks of processes. IEEE Trans. Software Eng. 7(4), 417–426 (1981)

    Article  MathSciNet  MATH  Google Scholar 

  40. Namjoshi, K.S., Trefler, R.J.: On the completeness of compositional reasoning. In: Emerson, E.A., Sistla, A.P. (eds.) CAV 2000. LNCS, vol. 1855, pp. 139–153. Springer, Heidelberg (2000). https://doi.org/10.1007/10722167_14

    Chapter  Google Scholar 

  41. Nguyen, H.D.T., Qi, D., Roychoudhury, A., Chandra, S.: SemFix: program repair via semantic analysis. In: Proceedings of the 2013 International Conference on Software Engineering, pp. 772–781. IEEE Press (2013)

    Google Scholar 

  42. Nguyen, T.V., Weimer, W., Kapur, D., Forrest, S.: Connecting Program Synthesis and Reachability: Automatic Program Repair Using Test-Input Generation. In: Legay, A., Margaria, T. (eds.) TACAS 2017. LNCS, vol. 10205, pp. 301–318. Springer, Heidelberg (2017). https://doi.org/10.1007/978-3-662-54577-5_17

    Chapter  MATH  Google Scholar 

  43. Nguyen, T.-T., Ta, Q.-T., Chin, W.-N.: Automatic program repair using formal verification and expression templates. In: Enea, C., Piskac, R. (eds.) VMCAI 2019. LNCS, vol. 11388, pp. 70–91. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-11245-5_4

    Chapter  Google Scholar 

  44. Păsăreanu, C.S., Giannakopoulou, D., Bobaru, M.G., Cobleigh, J.M., Barringer, H.: Learning to divide and conquer: applying the L* algorithm to automate assume-guarantee reasoning. Form. Methods Syst. Des. 32, 175–205 (2008). https://doi.org/10.1007/s10703-008-0049-6

  45. Peirce, C., Hartshorne, C.: Collected papers of charles sanders peirce. Belknap Press (1932)

    Google Scholar 

  46. Pnueli, A.: In transition from global to modular temporal reasoning about programs. In: Logics and Models of Concurrent Systems, NATO ASI Series (1985)

    Google Scholar 

  47. Repinski, U., Hantson, H., Jenihhin, M., Raik, J., Ubar, R., Guglielmo, G.D., Pravadelli, G., Fummi, F.: Combining dynamic slicing and mutation operators for ESL correction. In: Test Symposium (ETS), 2012 17th IEEE European, pp. 1–6. IEEE (2012)

    Google Scholar 

  48. Rothenberg, B.-C.: Formal automated program repair, Ph. D. thesis (2020)

    Google Scholar 

  49. Rothenberg, B.-C., Grumberg, O.: Sound and complete mutation-based program repair. In: Fitzgerald, J., Heitmeyer, C., Gnesi, S., Philippou, A. (eds.) FM 2016. LNCS, vol. 9995, pp. 593–611. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-48989-6_36

    Chapter  Google Scholar 

  50. Rothenberg, B.-C., Grumberg, O.: Must fault localization for program repair. In: Lahiri, S.K., Wang, C. (eds.) CAV 2020. LNCS, vol. 12225, pp. 658–680. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-53291-8_33

    Chapter  Google Scholar 

  51. Singh, R., Giannakopoulou, D., Păsăreanu, C.: Learning component interfaces with may and must abstractions. In: Touili, T., Cook, B., Jackson, P. (eds.) CAV 2010. LNCS, vol. 6174, pp. 527–542. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-14295-6_45

    Chapter  Google Scholar 

  52. Tan, S. H., Yi, J., Yulis, Mechtaev, S., Roychoudhury, A.: Codeflaws: a programming competition benchmark for evaluating automated program repair tools. In: Proceedings - 2017 IEEE/ACM 39th International Conference on Software Engineering Companion, ICSE-C 2017, pp. 180–182 (2017)

    Google Scholar 

  53. von Essen, C., Jobstmann, B.: Program repair without regret. Formal Methods Syst. Des. 47(1), 26–50 (2015). https://doi.org/10.1007/s10703-015-0223-6

    Article  MATH  Google Scholar 

  54. Weispfenning, V.: Quantifier elimination and decision procedures for valued fields. In: Müller, G.H., Richter, M.M. (eds.) Models and Sets. LNM, vol. 1103, pp. 419–472. Springer, Heidelberg (1984). https://doi.org/10.1007/BFb0099397

    Chapter  Google Scholar 

Download references

Acknowledgement

This work was partially supported by the Israel Science Foundation (ISF), Grant No. 979/11.

Author information

Authors and Affiliations

  1. CISPA Helmholtz Center for Information Security, Saarbrücken, Germany

    Hadar Frenkel

  2. Department of Computer Science, The Technion, Haifa, Israel

    Orna Grumberg & Bat-Chen Rothenberg

  3. Department of Software Engineering, Braude College of Engineering, Karmiel, Israel

    Sarai Sheinvald

Authors
  1. Hadar Frenkel
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Orna Grumberg
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Bat-Chen Rothenberg
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Sarai Sheinvald
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Bat-Chen Rothenberg .

Editor information

Editors and Affiliations

  1. Université Libre de Bruxelles, Brussels, Belgium

    Jean-François Raskin

  2. Institute of Science and Technology Austria, Klosterneuburg, Austria

    Krishnendu Chatterjee

  3. École Normale Supérieure Paris-Saclay, Gif-sur-Yvette, France

    Laurent Doyen

  4. MPI for Software Systems, Kaiserslautern, Germany

    Rupak Majumdar

Rights and permissions

Reprints and permissions

Copyright information

© 2022 Springer Nature Switzerland AG

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Frenkel, H., Grumberg, O., Rothenberg, BC., Sheinvald, S. (2022). Automated Program Repair Using Formal Verification Techniques. In: Raskin, JF., Chatterjee, K., Doyen, L., Majumdar, R. (eds) Principles of Systems Design. Lecture Notes in Computer Science, vol 13660. Springer, Cham. https://doi.org/10.1007/978-3-031-22337-2_25

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-22337-2_25

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-22336-5

  • Online ISBN: 978-3-031-22337-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation