ASE 2024
Sun 27 October - Fri 1 November 2024 Sacramento, California, United States
Tue 29 Oct 2024 16:45 - 17:00 at Magnoila - Program repair 1 Chair(s): Vikram Nitin

Software vulnerabilities pose serious threats to the security of modern software systems. Automated vulnerability repair (AVR) has gained attention as a potential solution to accelerate the remediation of vulnerabilities. However, existing AVR approaches often only generate patches under specific preconditions, which may not align with developers’ current repair practices.

In this paper, we introduce VulAdvisor, an automated approach that generates natural language suggestions to guide developers or AVR tools in repairing vulnerabilities. VulAdvisor comprises two main components: oracle extraction and suggestion learning. To address the challenge of limited historical data, we propose an oracle extraction method facilitating ChatGPT to construct a comprehensive and high-quality dataset. For suggestion learning, we take the supervised fine-tuning CodeT5 model as the basis, integrating local context into Multi-Head Attention and introducing a repair action loss, to improve the relevance and meaningfulness of the generated suggestions.

Extensive experiments on a large-scale dataset from real-world C/C++ projects demonstrate the effectiveness of VulAdvisor, surpassing several baselines in terms of lexical and semantic metrics. Additionally, we show that the generated suggestions enhance the patch generation capabilities of existing AVR tools. Human evaluations further validate the quality and utility of VulAdvisor’s suggestions, confirming their potential to improve software vulnerability repair practices.

Tue 29 Oct

Displayed time zone: Pacific Time (US & Canada) change

16:30 - 17:30
Program repair 1Research Papers / Tool Demonstrations / NIER Track at Magnoila
Chair(s): Vikram Nitin Columbia University
16:30
15m
Talk
Enhancing the Efficiency of Automated Program Repair via Greybox Analysis
Research Papers
YoungJae Kim Ulsan National Institute of Science and Technology, Yechan Park UNIST, Seungheon Han UNIST, Jooyong Yi UNIST
16:45
15m
Talk
VulAdvisor: Natural Language Suggestion Generation for Software Vulnerability Repair
Research Papers
Jian Zhang Nanyang Technological University, Chong Wang Nanyang Technological University, Anran Li Nanyang Technological University, Wenhan Wang University of Alberta, Li Tianlin Nanyang Technological University, Yang Liu Nanyang Technological University
17:00
10m
Talk
Automated Repair of Multi-fault Programs: Obstacles, Approaches, and ProspectsRecorded Talk
NIER Track
Omar I. Al Bataineh Gran Sasso Science Institute (GSSI)
17:10
10m
Talk
FixKit: A Program Repair Collection for Python
Tool Demonstrations
Marius Smytzek CISPA Helmholtz Center for Information Security, Martin Eberlein Humboldt University of Berlin, Kai Werk Humboldt-Universität zu Berlin, Lars Grunske Humboldt-Universität zu Berlin, Andreas Zeller CISPA Helmholtz Center for Information Security
Link to publication DOI Pre-print Media Attached