Martin Rinard

Automatic Patch Generation

Software defects can impair functionality, open up security vulnerabilities, and consume a significant amount of developer time and effort. Motivated by these issues, we have developed multiple systems that automatically generate patches for software defects. These systems target real-world defects in large, production software systems (up to a million lines of code or more) and have demonstrated the ability to successfully patch a significant proportion of the defects in the benchmarks we use to evaluate our systems. Specifically, our systems have demonstrated the ability to generate correct patches for between 20% and 40% of these benchmark defects, depending on the system and the target defect class.

Our systems use a generate and validate approach. They generate candidate patches, then validate the patches against a test suite of inputs to find patches that validate. Because the test suites do not fully characterize desired application behavior, we have developed techniques that 1) deliver focused search spaces with many correct patches and 2) learn from previous successful human patches to recognize correct patches. The following papers present systems that we have developed: