IntRepair: Informed Repairing of Integer Overflows

Paul Muntean; Martin Monperrus; Hao Sun; Jens Grossklags; Claudia Eckert

doi:10.1109/TSE.2019.2946148

IntRepair: Informed Repairing of Integer Overflows

Paul Muntean, Martin Monperrus, Hao Sun, Jens Grossklags, Claudia Eckert

Research output: Contribution to journal › Article › peer-review

18 Scopus citations

Abstract

Integer overflows have threatened software applications for decades. Thus, in this paper, we propose a novel technique to provide automatic repairs of integer overflows in C source code. Our technique, based on static symbolic execution, fuses detection, repair generation and validation. This technique is implemented in a prototype named IntRepair. We applied IntRepair to 2,052 C programs (approx. 1 million lines of code) contained in SAMATE's Juliet test suite and 50 synthesized programs that range up to 20 KLOC. Our experimental results show that IntRepair is able to effectively detect integer overflows and successfully repair them, while only increasing the source code (LOC) and binary (Kb) size by around 1 percent, respectively. Further, we present the results of a user study with 30 participants which shows that IntRepair repairs are more than 10x efficient as compared to manually generated code repairs.

Original language	English
Pages (from-to)	2225-2241
Number of pages	17
Journal	IEEE Transactions on Software Engineering
Volume	47
Issue number	10
DOIs	https://doi.org/10.1109/TSE.2019.2946148
State	Published - 1 Oct 2021

Keywords

Program repair
integer overflow
software fault
source code refactoring
static program analysis
symbolic execution

Access to Document

10.1109/TSE.2019.2946148

Cite this

@article{58a298b7fbee4c9cb57407d66a9548f1,

title = "IntRepair: Informed Repairing of Integer Overflows",

abstract = "Integer overflows have threatened software applications for decades. Thus, in this paper, we propose a novel technique to provide automatic repairs of integer overflows in C source code. Our technique, based on static symbolic execution, fuses detection, repair generation and validation. This technique is implemented in a prototype named IntRepair. We applied IntRepair to 2,052 C programs (approx. 1 million lines of code) contained in SAMATE's Juliet test suite and 50 synthesized programs that range up to 20 KLOC. Our experimental results show that IntRepair is able to effectively detect integer overflows and successfully repair them, while only increasing the source code (LOC) and binary (Kb) size by around 1 percent, respectively. Further, we present the results of a user study with 30 participants which shows that IntRepair repairs are more than 10x efficient as compared to manually generated code repairs.",

keywords = "Program repair, integer overflow, software fault, source code refactoring, static program analysis, symbolic execution",

author = "Paul Muntean and Martin Monperrus and Hao Sun and Jens Grossklags and Claudia Eckert",

note = "Publisher Copyright: {\textcopyright} 1976-2012 IEEE.",

year = "2021",

month = oct,

day = "1",

doi = "10.1109/TSE.2019.2946148",

language = "English",

volume = "47",

pages = "2225--2241",

journal = "IEEE Transactions on Software Engineering",

issn = "0098-5589",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

number = "10",

}

TY - JOUR

T1 - IntRepair

T2 - Informed Repairing of Integer Overflows

AU - Muntean, Paul

AU - Monperrus, Martin

AU - Sun, Hao

AU - Grossklags, Jens

AU - Eckert, Claudia

PY - 2021/10/1

Y1 - 2021/10/1

N2 - Integer overflows have threatened software applications for decades. Thus, in this paper, we propose a novel technique to provide automatic repairs of integer overflows in C source code. Our technique, based on static symbolic execution, fuses detection, repair generation and validation. This technique is implemented in a prototype named IntRepair. We applied IntRepair to 2,052 C programs (approx. 1 million lines of code) contained in SAMATE's Juliet test suite and 50 synthesized programs that range up to 20 KLOC. Our experimental results show that IntRepair is able to effectively detect integer overflows and successfully repair them, while only increasing the source code (LOC) and binary (Kb) size by around 1 percent, respectively. Further, we present the results of a user study with 30 participants which shows that IntRepair repairs are more than 10x efficient as compared to manually generated code repairs.

AB - Integer overflows have threatened software applications for decades. Thus, in this paper, we propose a novel technique to provide automatic repairs of integer overflows in C source code. Our technique, based on static symbolic execution, fuses detection, repair generation and validation. This technique is implemented in a prototype named IntRepair. We applied IntRepair to 2,052 C programs (approx. 1 million lines of code) contained in SAMATE's Juliet test suite and 50 synthesized programs that range up to 20 KLOC. Our experimental results show that IntRepair is able to effectively detect integer overflows and successfully repair them, while only increasing the source code (LOC) and binary (Kb) size by around 1 percent, respectively. Further, we present the results of a user study with 30 participants which shows that IntRepair repairs are more than 10x efficient as compared to manually generated code repairs.

KW - Program repair

KW - integer overflow

KW - software fault

KW - source code refactoring

KW - static program analysis

KW - symbolic execution

UR - http://www.scopus.com/inward/record.url?scp=85075530278&partnerID=8YFLogxK

U2 - 10.1109/TSE.2019.2946148

DO - 10.1109/TSE.2019.2946148

M3 - Article

AN - SCOPUS:85075530278

SN - 0098-5589

VL - 47

SP - 2225

EP - 2241

JO - IEEE Transactions on Software Engineering

JF - IEEE Transactions on Software Engineering

IS - 10

ER -

IntRepair: Informed Repairing of Integer Overflows

Abstract

Keywords

Access to Document

Other files and links

Fingerprint

Cite this