Software bugs have been reported to take lives and cost billions of dollars annually. Studies have shown that many bugs are "cloned" (i.e., copied-and-pasted) to many places. Unfortunately, existing error detection tools have not provided programmers the ability to efficiently search for bug clones. Thus, they have to resort to ad hoc manual approaches such as grepping the source tree for bug clones.
This project aims to improve software reliability and integrity through automatic detection and repair of bug clones given a newly discovered vulnerability. It will investigate a new dimension, code similarity, for detecting software bugs. Specifically, it will investigate the feasibility of an approach that derives bug "seeds" from a new bug patch or existing static or dynamic error detection tools, searches a large code base (potentially across administrative domains) for bug clones, and automatically protects the bug clones. This approach can detect bugs in cases where many existing techniques cannot due to code complexity: detecting similarity between code is easier than deconstructing its meaning.
If successful, this project will result in accurate tools that will help to detect and repair software vulnerabilities early. Programmers will use these tools to detect and repair bug clones whenever applicable. Improvements in the reliability and security of software on which business, government, and individuals depend on will positively impact society. This project will provide a more reliable and robust computing infrastructure resilient to new threats and attacks. Integrating the proposed research into the CS curriculum will as promote reliability and security awareness.
Software bugs have been reported to take lives and cost billions of dollars annually. Studies have shown that many bugs are "cloned" (i.e., copied-and-pasted) to many places. Unfortunately, existing error detection tools have not provided programmers the ability to efficiently search for bug clones. Thus, they have to resort to ad hoc manual approaches such as grepping the source tree for bug clones. The goal of this project is to improve software reliability and integrity through automatic detection and repair of bug clones given a newly discovered vulnerability. The project has resulted in several accurate and transformative tools that help to detect and repair software vulnerabilities early. Programmers can use these tools to detect and repair bug clones whenever applicable. Improvements in the reliability and security of software on which business, government, and individuals depend on will positively impact society. The project has also resulted in several publications at the best venues, open-source release of several tools, and datasets accessible to all researchers and practitioners. The end result is a more reliable and robust computing infrastructure resilient to new threats and attacks. Some of the proposed research has also been integrated into the CS curriculum to promote reliability and security awareness in undergraduates, master students, and PhD students, who will form the future IT task force.
