Motivation: Automated Program Repair is an emerging technology to alleviate the onerous burden of manually fixing bugs on developers. A substantial number of APR techniques have been proposed over the years with several breakthroughs that inspired potential practical adoption of APR. Unfortunately, developer's trust on APR-generated patches is still a challenge for achieving greater adoption of APR on industry.
Approach: This theme aim not only to enhance the trust of developer on APR-generated patches by providing supporting artifacts/information/evidents about APR-generated patches but also to investigate unknown issues regarding the trustworthiness of APR systems.
Test Overifitting: One key factor compromising the trustworthiness of APR lies in the absence of comprehensive specifications that validate the correctness of APR-generated patches. A common approach involves relying on developer-written test cases as correctness specifications.
However, the incompleteness of test suite usually leads to overfitting problem, in which APR-generated patches can satisfy APR-defined correctness specifications but is still incorrect. As unreliable overfitting patches cause developers to lose trust in APR tools, overfitting problem is an important challenge in trust enhancement of APR systems.
To address this problem, my colleagues and I have proposed Invalidator (TSE'23) an automated method to reason the correctness of APR-generated patches via program invariants and code representations. We further developed PatchZero (Submitted to TSE) , that ultilized large pre-trained code models along with an Instance-wise Tailored Demonstration and an In-context Learning Inference for a zero-shot setting, in which the patches generated by a new/unseen APR tool.
Robustness : Another factor contributing to trust issues is the limited size of the evaluation dataset, particularly in existing Neural Program Repair (NPR) evaluation datasets, which typically contain fewer than a thousand bugs. These small datasets struggle to adequately represent real-world bugs, raising concerns about the robustness of APR tools against unseen bugs.
To address this issue, we propose automated tools, Midas (TSE'23) and VulCurator (FSE'22) for identifying vulnerability-fixing commits based on their source code and related artifacts, such as issues and commit messages. These tools allow us to mining vulnerability-fixing commits and create more comprehensive benchmark for program repair.
Explainability: Lastly, APR tools, especially Neural Program Repair techniques that rely on deep learning models, usually work in a black-box manner.
The opacity of these tools often results in developers lacking a clear understanding and feeling uncertain about APR-generated patches.
To address this issue, I am also interested in self-explainable APR systems.
Particularly, I want to create APR systems that can automatically providing explanations about their generated patches.
I am still hunting for good ideas on this direction.
Related Publications
[[Arxiv] Leveraging Large Language Model for Automatic Patch Correctness Assessment
Authors: Xin Zhou, Bowen Xu, Kisub Kim, DongGyun Han, Hung Nguyen Thanh Le-Cong, Junda He, Bach Le, and David Lo
Venue: Under Review in IEEE Transactions on Software Engineering
One-line Abstract: Zero-shot Patch Correctness Assessment with Large Language Models
Links:
[Arxiv] Adversarial Patch Generation for Automatic Program Repair
Authors: Abdulaziz Alhefdhi, Hoa Khanh Dam, Thanh Le-Cong, Xuan-Bach D Le, Aditya Ghose
Venue: Under Review in Springer Software Quality Journal
One-line Abstract: A new training paradigm for Neural Program Repair using Generative Adversarial Network
Links:
[TSE-ICSE'24] Invalidator: Automated Patch Correctness Assessment via Semantic and Syntactic Reasoning
Authors:Thanh Le-Cong, Duc-Minh Luong, Bach Le, David Lo, Nhat Hoa Tran, Quang Huy Bui and Quyet Thang Huynh
Venue: IEEE Transactions on Software Engineering
One-line Abstract: Reasoning about the correctness of APR-generated patches via program invariants and code representation learning.
Accepted for presentation at IEEE/ACM 46th International Conference on Software Engineering 2024 as a part of Journal-First Track
Links:
[TSE] MiDas: Multi-Granularity Detector for Vulnerability Fixes
Authors: Truong Giang Nguyen, Thanh Le-Cong, Hong Jin Kang, Ratnadira Widyasari, Chengran Yang, Zhipeng Zhao, Bowen Xu, Jiayuan Zhou, Xin Xia, Ahmed E. Hassan, Bach Le, and David Lo
Venue: IEEE Transactions on Software Engineering
One-line Abstract: Identifying vulnerability fixes by analyzing multi-granularity of code changes.
Integrated to internal service of industry partners for managing vulnerability
Links:
[ICSME'22] FFL: Fine-grained Fault Localization for Student Programs via Syntactic and Semantic Reasoning
Authors: Thanh-Dat Nguyen, Thanh Le-Cong, Duc-Minh Luong, Van-Hai Duong, Bach Le, David Lo, and Quyet-Thang Huynh
Venue: IEEE 38th International Conference on Software Maintenance and Evolution (ICSME) 2022, Research Track [Acceptance Rate: 23%]
One-line Abstract: Automatically identifying fault locations in student programs by applying Graph Neural Network on a fine-grained graph-based representation of the program, which combines AST with test coverage information.
Links:
[ESEC/FSE'22] VulCurator: A Vulnerability-Fixing Commit Detector
Authors: Truong Giang Nguyen, Thanh Le-Cong, Hong Jin Kang, Bach Le, and David Lo
Venue: ACM 30th Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE) 2022, Tool Demos Track [Acceptance Rate: 56%]
One-line Abstract: Identifying vulnerability-fixing commits by applying Large Language Model on multiple sources including code changes, commit messages, and related issues.
Links:
[ISSRE'21] Usability and Aesthetics: Better Together for Automated Repair of Web Pages
Authors:Thanh Le-Cong, Bach Le, Quyet-Thang Huynh, and Phi Le Nguyen
Venue: IEEE 32nd International Symposium on Software Reliability Engineering (ISSRE) 2021, Research Track [Acceptance Rate: 27%]
One-line Abstract: Automatically repairing mobile-unfriendly web pages using Evolutionary Optimization.
