ICSE NIER 2017 论文阅读 - Production-Driven Patch Generation

前言

这个是前天的文章，昨天、今天的文章都还没看的。很僵硬。

决定先补上这一篇，然后再读两篇SSBSE的文章。

简介

本文旨在阅读 ICSE NIER 2017 论文- Production-Driven Patch Generation。

Durieux T, Hamadi Y, Monperrus M. Production-driven patch generation[C]// Ieee/acm, International Conference on Software Engineering: New Ideas and Emerging Technologies Results Track. IEEE, 2017:23-26.

1 摘要说什么了

讲真我一开始真的没看懂。

We present an original concept for patch generation: we propose to do it directly in production.

2 introduction说了啥

难点：

Program repair requires the presence of a failing test case to reproduce a failure that has happened in production. Writing such a failing test case is a really hard task, because the developer in charge of reproducing a failure has little access to the system state at the point of failure (she basically only has logs).

作者要干的事情：（原来是要尽量弱化 需要错误用例的程序修复的要求）

The difficulty of reproducing production failures has a direct impact on applicability of program repair: with no failing test, there is no patch generation. We aim at weakening the requirements of program repair by removing the mandatory presence of a failing test case.

他直接在摘要里强调这个 weaken the requirements of program repair by removing the mandatory presence of a failing test case. 不就好了吗，搞得我半天没看懂
还是比较难理解的

作者的想法：

Our intuition is to perform program repair directly in
production, so that the repair process has a direct access to
the system state at the point of failure.

作者搞了一个工具，叫做Itzal，用production assertions 或者 runtime exceptions来发现错误，然后在沙箱里面search 一个补丁，如果一个补丁fixes 这个failure，那么它就是候选补丁，然后再tested for regression（直接在production里面），based on the shadow traffic。

而且，这个Itzal has been realized in a prototype implementation for Java which focuses on generating source code patches for null dereferences.

This paper presents an architecture, called Itzal, it generates patches without requiring a failing test case. The process of Itzal is as follows. First, Itzal uses production assertions or runtime exceptions to detect failures. Second, right after the failure is detected in production, a patch is searched in a sandboxed environment that mimics the production one. If a patch fixes the failure, it is a “candidate patch”. Third, the patches are tested for regression, directly in production, based on traffic that is an exact copy of the production traffic – we call it shadow traffic. Itzal has been realized in a prototype implementation for Java which focuses on generating source code patches for null dereferences.

mimic
VERB 模仿;仿效;效尤
If someone or something mimics another person or thing, they try to be like them.
Don’t try to mimic anybody. You have to be yourself if you are going to do your best…
不要试图仿效任何人，要是你想做到最好，就得做你自己。

作者用的单词是我不熟悉的，比如null dereferences，原来是空指针引用？

dereference
英 [ˌdi:ˈrefrəns]
间接引用
to use a piece of data to discover where another piece of data is held
The program contains a null pointer dereference.
程序包含一个空指针引用。

专门花一段时间来讲Itzal和现在工具的区别，但是讲真，对我来说还是不好懂，可能我不太懂repair in the production和runtime state吧：

This is a new line of research in automatic repair. Compared to classical test-suite based patch generation (e.g. [1]), Itzal does patch generation online, i.e. as soon as the failure happens, with no need for reproducing the failure. Yet, Itzal is not a classical runtime repair technique either (e.g. [2]): while the patches are generated online in production, the system state is never altered. The Itzal patches are applied later, once the developer has validated them.

[1] C. Le Goues, T. Nguyen, S. Forrest, and W. Weimer, “Genprog: A
generic method for automatic software repair,” IEEE Transactions on
Software Engineering, vol. 38, no. 1, pp. 54–72, 2012.
[2] M. C. Rinard, C. Cadar, D. Dumitran, D. M. Roy, T. Leu, and W. S.
Beebee, “Enhancing server availability and security through failureoblivious computing.” in OSDI, vol. 4, 2004, pp. 21–21.

这两个文献，【1】可以说是经典了，【2】应该是10多年以前的文献了

作者的贡献：

• Itzal, an architecture for patch generation in production
that does not require a failing test case.
• The use of shadow production systems and shadow traffic
in the context of automatic repair to generate patches in
production.
• The design and implementation of a Java implementation
of this vision for null pointer exceptions.

讲真，我觉得1）和3）有点重合了，不过一个是architecture，一个是design and implementation。
终于知道哪里不对劲了，没有benchmark！！！
看来是没有一个empirical study，这样大家怎么知道你的好不好呢。

第一次看到说 this paper is based on content from Arxiv’s document 的，比较神奇：

This paper is based on content from Arxiv’s document #1609.06848 [3] and is structured as follows. Section II presents Itzal. Section III presents the related works and Section IV concludes.

原文有11页，看来这个是强势缩减版。

这个是Itzal的架构，构想

3 工具实现

Itzal 是基于现有工具Itzal4j实现的？？？

We have implemented a prototype of Itzal for Java in a tool named Itzal4j, dedicated to reactive applications based on HTTP. Itzal4j generates patches for null dereference failures. In Itzal4j, the Request Oracle Service is based on exceptions. Any uncaught exception happening during the processing of a request is considered as a failure. The Patch Synthesis Service is dedicated to null pointers and uses the NPEFix technique [4] for searching the space of possible patches for null dereferences. Sandboxing of patch search is achieved using Docker, a major software containerization platform which provides powerful sandboxing (both disk and IO based).

还用了docker技术。

Our work is much inspired by the classical work on runtime
repair. Rinard et al. [2] present a technique called “failure
oblivious computing” to avoid illegal memory accesses by
adding additional code around each memory operation during
the compilation process.

原来2004年，这么久的都可以作为灵感来源，看来作者功底很深丫。

Assure [5] is a self-healing system based on error-virtualization. Long et al. [6] proposes the concept of “recovery shepherding” in a system called RCV. Those techniques do not produce patches and do not perform regression testing in production

原来Itzal是一个self-healing system？
这一块我不是很了解，好像不是修改源代码的？

Perkins et al. [8] propose ClearView, a system for automatically repairing errors in production. Itzal and ClearView both
perform repair in production, yet they are very different: 1)
ClearView does not produce source code patches while Itzal
does; 2) ClearView modifies the production state, while Itzal
only modifies the sandboxed shadow requests and state (this
means that ClearView can mess up the application while Itzal
never does so); 3) ClearView works with learned invariantbased oracles, while Itzal uses human designed request oracles

和clearview的比较。

The concept of shadow traffic is related to the execution of multiple versions of the same software in parallel, called in the literature “multi-version execution” [9], or “parallel execution” [10]. However, none of the related work uses shadow traffic to generate patches.

synchronize
英 [ˈsɪŋkrənaɪz] 美 [ˈsɪŋkrəˌnaɪz, ˈsɪn-]
vt. 使同步;使同时 vi. 同时发生;共同行动