ICST 2023
Sun 16 - Thu 20 April 2023 Dublin, Ireland
Tue 18 Apr 2023 14:40 - 15:00 at Grand canal - Session 10: Program Repair Chair(s): Gunel Jahangirova

Embedded systems are present in many devices, such as the Internet of Things, drones, and Cyber-physical Systems. The software security of these devices can be critical, depending on the context they are integrated and the role they play (e.g., water plant, car). C is the core language used to develop the software for these devices and is known for missing the bounds of its data types, which leads to vulnerabilities such as buffer overflows. These vulnerabilities, when exploited, can cause severe damage, and put human life in danger. One of the concerns with vulnerable C programs is to correct the code automatically, employing secure code that can remove the existing vulnerabilities and avoid attacks. However, such a task faces some challenges after finding the vulnerabilities, namely determining what code is needed to remove them and where to insert that code, maintaining the correct behaviour of the application after applying the code correction, and verifying that the correction applied is secure and effectively removes the vulnerabilities. Another challenge is to accomplish all these elements automatically. This paper presents an approach that automatically, after discovering and confirming potential vulnerabilities of an application, applies code correction to fix the vulnerable code of those confirmed vulnerabilities and validates the new code. We implemented and evaluated the approach with a set of tests and real applications. The experimental results showed that the tool was capable of detecting vulnerabilities and fixing them correctly. Tool and materials are available at https://github.com/iberiam/CorCA/.

Tue 18 Apr

Displayed time zone: Dublin change

14:00 - 15:30
Session 10: Program RepairResearch Papers / Previous Editions / Posters at Grand canal
Chair(s): Gunel Jahangirova USI Lugano, Switzerland
14:00
20m
Talk
Exploring True Test Overfitting in Dynamic Automated Program Repair using Formal Methods
Previous Editions
Amirfarhad Nilizadeh University of Central Florida, Gary T. Leavens University of Central Florida, Xuan Bach D. Le The University of Melbourne, Corina S. Păsăreanu Carnegie Mellon University, David Cok Safer Software Consulting, LLC
DOI
14:20
20m
Talk
Embedding Context as Code Dependencies for Neural Program Repair
Research Papers
Noor Nashid University of British Columbia, Mifta Sintaha University of British Columbia, Ali Mesbah University of British Columbia (UBC)
14:40
20m
Talk
CorCA: An Automatic Program Repair Tool for Checking and Removing Effectively C Flaws
Research Papers
João Inácio LASIGE, Faculdade de Ciências da Universidade de Lisboa, Ibéria Medeiros LaSIGE, Faculdade de Ciências da Universidade de Lisboa
15:00
20m
Talk
Set the right example when teaching programming: Test Informed Learning with Examples (TILE)
Research Papers
Niels Doorn Open Universiteit and NHL Stenden University of Applied Sciences, Tanja E. J. Vos Universitat Politècnica de València and Open Universiteit, Beatriz Marín Universitat Politècnica de València, Erik Barendsen Open Universiteit
15:20
5m
Talk
Poster: Software Fault Localization as a Service (SFLaaS)
Posters
Qusay Idrees Sarhan Department of Software Engineering, University of Szeged, Hassan Bapeer Hassan University of Duhok, Árpád Beszédes Department of Software Engineering, University of Szeged
15:25
5m
Talk
Poster: Improving Spectrum Based Fault Localization For Python Programs Using Weighted Code Elements
Posters
Qusay Idrees Sarhan Department of Software Engineering, University of Szeged, Árpád Beszédes Department of Software Engineering, University of Szeged