Pattern-based Automatic program Repair (PAR)

Patches generated by different approaches

Case 1: Rhino bug #76683

The following code is buggy code described in Mozilla bug report #76683. The statement in the for loop (state.parens[i].length = 0;) may throw a Null Pointer Exception when state.parens[i] is equal to null. Note that state.parens[i] is not an array.

if (kidMatch != -1) return kidMatch;

for (int i = num; i < state.parenCount; i++)

{

state.parens[i].length = 0;

}

state.parenCount = num;

The followings are patches generated by human developers, FTA, and GenProg to fix this bug.

Human-written patch

if (kidMatch != -1) return kidMatch;

for ( ... )

{

state.parens[i] = null;

}

state.parenCount = num;

Patch generated by FTA

if (kidMatch != -1) return kidMatch;

for ( ... )

{

if( state != null && state.parens[i] != null)

state.parens[i].length = 0;

}

state.parenCount = num;

Patch generated by GenProg

if (kidMatch != -1) return kidMatch;

for (int i = num; i < state.parenCount; i++)

{

}

state.parenCount = num;

Case 2: Rhino bug #114493

The following code is buggy code described in Mozilla bug report #114493. The statement in the second if block (lhs = strings[getShort(iCode, pc + 1)];) may throw an Array Index Out of Bound Exception when getShort(iCode, pc + 1) returns a negative number or larger than the size of strings array.

1918 if (lhs == DBL_MRK) lhs = ...;

1919 if (lhs == undefined) {

1920 lhs = strings[getShort(iCode, pc + 1)];

1921 }

1922 Scriptable calleeScope = scope;

The followings are patches generated by human developers, FTA, and GenProg to fix this bug.

Human-written patch

1918 if (lhs == DBL_MRK) lhs = ...;

1919 if (lhs == undefined) {

1920+ i = getShort(iCode, pc + 1);

1921+ if (i != -1) }

1922+ lhs = strings[i];

1923 }

1924 Scriptable calleeScope = scope;

Patch generated by FTA

1918 if (lhs == DBL_MRK) lhs = ...;

1919 if (lhs == undefined) {

1920+ if (getShort(iCode, pc + 1) < strings.length && getShort(iCode, pc + 1) >= 0)

1921+ {

1922+ lhs = strings[getShort(iCode, pc + 1)];

1923+ }

1924 }

1925 Scriptable calleeScope = scope;

Patch generated by GenProg

1918 if (lhs == DBL_MRK) lhs = ...;

1919 if (lhs == undefined) {

1920+ lhs = ((Scriptable)lhs).getDefaultValue(null);

1921 }

1922 Scriptable calleeScope = scope;

Case 3: Rhino bug #192226

The following code is buggy code described in Mozilla bug report #192226. The conditional expression in the first if block (type != TokenStream.NEW) leads to a Null Pointer Exception at child = child.getNext().getNext();.

1917         boolean isSimpleCall = false;

1918         String simpleCallName = null;

1919         if (type != TokenStream.NEW) {

1920             simpleCallName = getSimpleCallName(node);

1921             if (simpleCallName != null && !isSpecialCall) {

1922                 isSimpleCall = true;

1923                 push(simpleCallName);

1924                 aload(variableObjectLocal);

1925                 child = child.getNext().getNext();

The followings are patches generated by human developers, FTA, and GenProg to fix this bug.

Human-written patch

1917         boolean isSimpleCall = false;

1918         String simpleCallName = null;

1919+        if (!firstArgDone && type != TokenStream.NEW) {

1920             simpleCallName = getSimpleCallName(node);

1921             if (simpleCallName != null && !isSpecialCall) {

1922                 isSimpleCall = true;

1923                 push(simpleCallName);

1924                 aload(variableObjectLocal);

1925                 child = child.getNext().getNext();

Patch generated by FTA

1917         boolean isSimpleCall = false;

1918         String simpleCallName = null;

1919         if (type != TokenStream.NEW) {

1920+          if(!firstArgDone) {

1921             simpleCallName = getSimpleCallName(node);

1922             if (simpleCallName != null && !isSpecialCall) {

1923                 isSimpleCall = true;

1924                 push(simpleCallName);

1925                 aload(variableObjectLocal);

1926                 child = child.getNext().getNext();

Patch generated by GenProg

1917         boolean isSimpleCall = false;

1918         String simpleCallName = null;

1919+        visitStatement(node);

1921         while (child != null) {

Case 4: Rhino bug #217379

The following code is buggy code described in Mozilla bug report #217379. The statement in for loop (args[i+1] = sub.toString();) may throw a Null Pointer Exception when sub is equal to null.

483 args[0] = reImpl.lastMatch.toString();

484 for (int i=0; i < parenCount; i++) {

485 SubString sub = (SubString) parens.get(i);

486 args[i+1] = sub.toString();

487 }

488 args[parenCount+1] = new Integer(reImpl.leftContext.length);

The followings are patches generated by human developers, FTA, and GenProg to fix this bug.

Human-written patch

483 args[0] = reImpl.lastMatch.toString();

484 for (int i=0; i < parenCount; i++) {

485 SubString sub = (SubString) parens.get(i);

486+ if (sub != null) {

487 args[i+1] = sub.toString();

488+ } else {

489+ args[i+1] = Undefined.instance;

490+ }

491 }

492 args[parenCount+1] = new Integer(reImpl.leftContext.length);

Patch generated by FTA

483 args[0] = reImpl.lastMatch.toString();

484 for (int i=0; i < parenCount; i++) {

485 SubString sub = (SubString) parens.get(i);

486+ if (sub != null) {

487 args[i+1] = sub.toString();

488+ }

489 }

490 args[parenCount+1] = new Integer(reImpl.leftContext.length);

Patch generated by GenProg

483 args[0] = reImpl.lastMatch.toString();

484 for (int i=0; i < parenCount; i++) {

485 SubString sub = (SubString) parens.get(i);

486+ args[parenCount + 1] = new Integer(reImpl.leftContext.length);

487 }

488 args[parenCount+1] = new Integer(reImpl.leftContext.length);

Case 5: Math Bug #280

The following code is buggy code described in Apache Commons Math bug report #280. The expression in the if statement ( if (fa * fb >= 0.0 ) { ) should be not be true when "fa * fb = 0.0".

194             numIterations++ ;

195         } while ((fa * fb > 0.0) && (numIterations < maximumIterations) &&

196                 ((a > lowerBound) || (b < upperBound)));

198         if (fa * fb >= 0.0 ) {

199             throw new ConvergenceException(

200                       "number of iterations={0}, maximum iterations={1}, " +

201                       "initial={2}, lower bound={3}, upper bound={4}, final a value={5}, " +

202                       "final b value={6}, f(a)={7}, f(b)={8}",

The followings are patches generated by human developers, FTA, and GenProg to fix this bug.

Human-written Patch

194             numIterations++ ;

195         } while ((fa * fb > 0.0) && (numIterations < maximumIterations) &&

196                 ((a > lowerBound) || (b < upperBound)));

198 +        if (fa * fb > 0.0 ) {

199             throw new ConvergenceException(

200                       "number of iterations={0}, maximum iterations={1}, " +

201                       "initial={2}, lower bound={3}, upper bound={4}, final a value={5}, " +

202                       "final b value={6}, f(a)={7}, f(b)={8}",

Patch generated by FTA

194             numIterations++ ;

195         } while ((fa * fb > 0.0) && (numIterations < maximumIterations) &&

196                 ((a > lowerBound) || (b < upperBound)));

198         if (fa * fb > 0.0 || fa * fb >= 0.0 ) {

199             throw new ConvergenceException(

200                       "number of iterations={0}, maximum iterations={1}, " +

201                       "initial={2}, lower bound={3}, upper bound={4}, final a value={5}, " +

202                       "final b value={6}, f(a)={7}, f(b)={8}",

Patch generated by GenProg

194             numIterations++ ;

195         } while ((fa * fb > 0.0) && (numIterations < maximumIterations) &&

196                 ((a > lowerBound) || (b < upperBound)));

198         if (function == null) {

199               throw MathRuntimeException.createIllegalArgumentException("function is null");

200         }

Page updated

Google Sites

Report abuse