报告题目自动化补丁移植Automated Patch Transplantation

报告人:陈馨慧 助理教授  南方科技大学





报告摘要:Automated program repair is an emerging area which attempts to patch software errors and vulnerabilities. In this work, we formulate and study a problem related to automated repair, namely automated patch transplantation. A patch for an error in a donor program is automatically adapted and inserted into a “similar” target program. We observe that despite standard procedures for vulnerability disclosures and publishing of patches, many un-patched occurrences remain in the wild. One of the main reasons is the fact that various implementations of the same functionality may exist and, hence, published patches need to be modified and adapted. Therefore, we propose and implement a workflow for transplanting patches. Our approach centers on identifying patch insertion points, as well as namespaces translation across programs via symbolic execution. Experimental results to eliminate five classes of errors highlight our ability to fix recurring vulnerabilities across various programs through transplantation.

报告人简介:陈馨慧,女,南方科技大学计算机科学与工程系助理教授。2010和2012年获伊利诺伊大学厄巴纳-香槟分校(UIUC)学士和硕士学位,2018年毕业于新加坡国立大学(NUS),获计算机博士学位。研究方向包括自动程序修复,软件测试与程序分析等多个方向。在ICSE、FSE、ISSTA、ASE发表学术论文10余篇。曾荣获2015年Google Anita Borg Memorial Scholarship、2020年FSE优秀审稿人(Distinguished Reviewer Award)和2020年ASE优秀审稿人(Distinguished PC Member)。

