TY - JOUR
T1 - IntRepair
T2 - Informed Repairing of Integer Overflows
AU - Muntean, Paul
AU - Monperrus, Martin
AU - Sun, Hao
AU - Grossklags, Jens
AU - Eckert, Claudia
N1 - Publisher Copyright:
© 1976-2012 IEEE.
PY - 2021/10/1
Y1 - 2021/10/1
N2 - Integer overflows have threatened software applications for decades. Thus, in this paper, we propose a novel technique to provide automatic repairs of integer overflows in C source code. Our technique, based on static symbolic execution, fuses detection, repair generation and validation. This technique is implemented in a prototype named IntRepair. We applied IntRepair to 2,052 C programs (approx. 1 million lines of code) contained in SAMATE's Juliet test suite and 50 synthesized programs that range up to 20 KLOC. Our experimental results show that IntRepair is able to effectively detect integer overflows and successfully repair them, while only increasing the source code (LOC) and binary (Kb) size by around 1 percent, respectively. Further, we present the results of a user study with 30 participants which shows that IntRepair repairs are more than 10x efficient as compared to manually generated code repairs.
AB - Integer overflows have threatened software applications for decades. Thus, in this paper, we propose a novel technique to provide automatic repairs of integer overflows in C source code. Our technique, based on static symbolic execution, fuses detection, repair generation and validation. This technique is implemented in a prototype named IntRepair. We applied IntRepair to 2,052 C programs (approx. 1 million lines of code) contained in SAMATE's Juliet test suite and 50 synthesized programs that range up to 20 KLOC. Our experimental results show that IntRepair is able to effectively detect integer overflows and successfully repair them, while only increasing the source code (LOC) and binary (Kb) size by around 1 percent, respectively. Further, we present the results of a user study with 30 participants which shows that IntRepair repairs are more than 10x efficient as compared to manually generated code repairs.
KW - Program repair
KW - integer overflow
KW - software fault
KW - source code refactoring
KW - static program analysis
KW - symbolic execution
UR - http://www.scopus.com/inward/record.url?scp=85075530278&partnerID=8YFLogxK
U2 - 10.1109/TSE.2019.2946148
DO - 10.1109/TSE.2019.2946148
M3 - Article
AN - SCOPUS:85075530278
SN - 0098-5589
VL - 47
SP - 2225
EP - 2241
JO - IEEE Transactions on Software Engineering
JF - IEEE Transactions on Software Engineering
IS - 10
ER -