The Future Can’t Help Fix The Past: Assessing Program Repair In The Wild

Kabadi, Vinay; Kong, Dezhen; Xie, Siyu; Bao, Lingfeng; Azriadi Prana, Gede Artha; Le, Tien-Duy B.; Le, Xuan-Bach D.; Lo, David

doi:10.1109/icsme58846.2023.00017

Cited by 3 publications

(1 citation statement)

References 47 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The process aims to reduce the manual effort required in debugging and can be particularly useful in large codebases. Our dataset can be utilized in a similar manner as implemented by the existing studies in automated patch generation [31,32], security vulnerability repairing [33,34], and program repair [5,35]. In addition, in the field of research in software engineering, techniques and tools are developed to fix software vulnerabilities automatically.…”

Section: Applications Of Fixmementioning

confidence: 99%

An Incremental Lightweight Method for Vulnerability Data Collection for Security Patches

Bhandari,

Gavric

2024

Preprint

View full text Add to dashboard Cite

Automated Program Repair enhances developers’ efficiency by reducing the time dedicated to debugging and fixing source code vulnerabilities. However, the existing datasets utilized to train patch generation models suffer from various limitations, notably the limited bug context, limited size, and reliance on synthetic and unrealistic source code samples. Additionally, existing dataset extraction tools lack an incremental approach, rendering the inclusion of new data a resource-intensive endeavor in terms of both time and computational resources. In this paper, we introduce FixMe , a novel framework designed for generating patches across diverse programming languages. This open-source tool facilitates an incremental approach to gathering vulnerability records from the Common Vulnerabilities and Exposures (CVE) database. Incorporating an incremental methodology accelerates the data acquisition process, encompassing newly identified vulnerabilities and their corresponding patch pairs. Our dataset curation method involves the extraction of security issues, acquiring vulnerability-fixing commits, and extracting source code from relevant projects. The resultant dataset comprises 18,063 CVEs from 2,133 commits, encompassing 19,109 patch sets with 44,059 vulnerability-fix pairs (patch hunks). This dataset spans 884 open-source projects hosted in git-based systems. Additionally , the study explores fostering the potential of APR techniques in reducing debugging costs and improving software quality by generating patches for fixing vulnerabilities automatically.

show abstract