The MIT Libraries is completing a major upgrade to DSpace@MIT. Starting May 5 2026, DSpace will remain functional, viewable, searchable, and downloadable, however, you will not be able to edit existing collections or add new material. We are aiming to have full functionality restored by May 18, 2026 but intermittent service interruptions may occur. Please email dspace-lib@mit.edu
with any questions. Thank you for your patience as we implement this important upgrade.
An Analysis of Patch Plausibility and Correctness for Generate-And-Validate Patch Generation Systems
| dc.contributor.advisor | Martin Rinard | |
| dc.contributor.author | Qi, Zichao | en_US |
| dc.contributor.author | Long, Fan | en_US |
| dc.contributor.author | Achour, Sara | en_US |
| dc.contributor.author | Rinard, Martin | en_US |
| dc.contributor.other | Program Analysis | en |
| dc.date.accessioned | 2015-05-26T23:00:02Z | |
| dc.date.available | 2015-05-26T23:00:02Z | |
| dc.date.issued | 2015-05-26 | |
| dc.identifier.uri | http://hdl.handle.net/1721.1/97089 | |
| dc.description.abstract | We analyze reported patches for three existing generate-and-validate patch generation systems (GenProg, RSRepair, and AE). The basic principle behind generate-and-validate systems is to accept only plausible patches that produce correct outputs for all inputs in the test suite used to validate the patches. Because of errors in the patch evaluation infrastructure, the majority of the reported patches are not plausible --- they do not produce correct outputs even for the inputs in the validation test suite. The overwhelming majority of the reported patches are not correct and are equivalent to a single modification that simply deletes functionality. Observed negative effects include the introduction of security vulnerabilities and the elimination of desirable standard functionality. We also present Kali, a generate-and-validate patch generation system that only deletes functionality. Working with a simpler and more effectively focused search space, Kali generates at least as many correct patches as prior GenProg, RSRepair, and AE systems. Kali also generates at least as many patches that produce correct outputs for the inputs in the validation test suite as the three prior systems. We also discuss patches produced by ClearView, a generate-and-validate binary hot patching system that leverages learned invariants to produce patches that enable systems to survive otherwise fatal defects and security attacks. Our analysis indicates that ClearView successfully patches 9 of the 10 security vulnerabilities used to evaluate the system. At least 4 of these patches are correct. | en_US |
| dc.format.extent | 24 p. | en_US |
| dc.relation.ispartofseries | MIT-CSAIL-TR-2015-020 | |
| dc.title | An Analysis of Patch Plausibility and Correctness for Generate-And-Validate Patch Generation Systems | en_US |
| dc.date.updated | 2015-05-26T23:00:02Z |
