History-Aware Data Structure Repair Using SAT

  • Razieh Nokhbeh Zaeem
  • Divya Gopinath
  • Sarfraz Khurshid
  • Kathryn S. McKinley
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7214)

Abstract

Data structure repair corrects erroneous executions in deployed programs while they execute, eliminating costly downtime. Recent techniques show how to leverage specifications and a SAT solver to enforce specification conformance at runtime. While this powerful methodology increases the reliability of deployed programs, scalability remains a key technical challenge—satisfying a specification often results in the exploration of a huge state space. We present a novel technique, called history-aware contract-based repair for more efficient data structure repair using SAT. Our insight is two-fold: (1) the dynamic program trace of field writes and reads provides useful guidance to repair incorrect state mutations by a faulty program; and (2) we show how to execute SAT using unsatisfiable cores it generates, in an efficient iterative approach on successive problems with increasing state spaces, in order to utilize the history of previous runs as captured in the unsatisfiable core. We implement this approach in a new tool, called Cobbler, that repairs Java programs. Experimental results on two large applications and a library implementation of a linked list show that Cobbler significantly outperforms previous techniques for specification-based repair using SAT, and finds and repairs a previously undetected bug.

Keywords

Symbolic Execution Input Tree Java Virtual Machine Binary Search Tree Complex Data Structure 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. 1.
    Blackburn, S.M., Hosking, A.: Barriers: Friend or foe? In: ISMM (2004)Google Scholar
  2. 2.
    Blackburn, S.M., et al.: The DaCapo Benchmarks: Java Benchmarking Development and Analysis. In: OOPSLA (2006)Google Scholar
  3. 3.
    Boyapati, C., Khurshid, S., Marinov, D.: Korat: Automated testing based on Java predicates. In: ISSTA (2002)Google Scholar
  4. 4.
    Demsky, B., Rinard, M.: Automatic detection and repair of errors in data structures. In: OOPSLA (2003)Google Scholar
  5. 5.
    Elkarablieh, B., Garcia, I., Suen, Y.L., Khurshid, S.: Assertion-based repair of complex data structures. In: ASE (2007)Google Scholar
  6. 6.
    Ext2 fsck. manual page, http://e2fsprogs.sourceforge.net
  7. 7.
    Haugk, G., Lax, F., Royer, R., Williams, J.: The 5ESS(TM) switching system: Maintenance capabilities. AT&T Technical Journal 64(6 part 2), 1385–1416 (1985)Google Scholar
  8. 8.
    Hussain, I., Csallner, C.: Dynamic symbolic data structure repair. In: ICSE (2010)Google Scholar
  9. 9.
    Jackson, D.: Software Abstractions: Logic, Language, and Analysis. The MIT Press (2006)Google Scholar
  10. 10.
    Khurshid, S., García, I., Suen, Y.L.: Repairing Structurally Complex Data. In: Godefroid, P. (ed.) SPIN 2005. LNCS, vol. 3639, pp. 123–138. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  11. 11.
    Malik, M.Z., Ghori, K., Elkarablieh, B., Khurshid, S.: A case for automated debugging using data structure repair. In: ASE (2009)Google Scholar
  12. 12.
    Mayer, W., Stumptner, M.: Evaluating models for Model-Based debugging. In: ASE (2008)Google Scholar
  13. 13.
    Microsoft. chkdsk manual page, http://support.microsoft.com/kb/315265
  14. 14.
    Mourad, S., Andrews, D.: On the reliability of the IBM MVS/XA operating system. IEEE Transactions on Software Engineering 13(10), 1135–1139 (1987)CrossRefGoogle Scholar
  15. 15.
    Novark, G., Berger, E.D., Zorn, B.G.: Exterminator: automatically correcting memory errors with high probability. In: PLDI (2007)Google Scholar
  16. 16.
    Parr, T., Bovet, J.: Antlr parser generator home page, http://www.antlr.org
  17. 17.
    Perkins, J., et al.: Automatically patching errors in deployed software. In: SOSP (2009)Google Scholar
  18. 18.
    Samimi, H., Aung, E.D., Millstein, T.: Falling Back on Executable Specifications. In: D’Hondt, T. (ed.) ECOOP 2010. LNCS, vol. 6183, pp. 552–576. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  19. 19.
    Sanfeliu, A., Fu, K.-S.: Distance measure between attributed relational graphs for pattern recognition. IEEE Trans. Systems, Man and Cybernetics 13(3), 353–362 (1983)MATHGoogle Scholar
  20. 20.
    Smirnov, A., Chiueh, T.-c.: DIRA: Automatic detection, identification, and repair of control-hijacking attacks. In: NDSS (2005)Google Scholar
  21. 21.
    Staber, S., Jobstmann, B., Bloem, R.: Finding and Fixing Faults. In: Borrione, D., Paul, W. (eds.) CHARME 2005. LNCS, vol. 3725, pp. 35–49. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  22. 22.
    Torlak, E., Jackson, D.: Kodkod: A Relational Model Finder. In: Grumberg, O., Huth, M. (eds.) TACAS 2007. LNCS, vol. 4424, pp. 632–647. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  23. 23.
    Wei, Y., et al.: Automated fixing of programs with contracts. In: ISSTA (2010)Google Scholar
  24. 24.
    Weimer, W.: Patches as better bug reports. In: GPCE (2006)Google Scholar
  25. 25.
    Zaeem, R.N., Khurshid, S.: Contract-Based Data Structure Repair Using Alloy. In: D’Hondt, T. (ed.) ECOOP 2010. LNCS, vol. 6183, pp. 577–598. Springer, Heidelberg (2010)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Razieh Nokhbeh Zaeem
    • 1
  • Divya Gopinath
    • 1
  • Sarfraz Khurshid
    • 1
  • Kathryn S. McKinley
    • 1
    • 2
  1. 1.The University of TexasAustinUSA
  2. 2.Microsoft ResearchUSA

Personalised recommendations