Skip to content

pku-msv-lab/f1x

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

299 Commits

demo

demo

 
 

doc

doc

 
 

infra

infra

 
 

repair

repair

 
 

tests

tests

 
 

thirdparty

thirdparty

 
 

tools

tools

 
 

transform

transform

 
 

.gitignore

.gitignore

 
 

CMakeLists.txt

CMakeLists.txt

 
 

Config.h.in

Config.h.in

 
 

Dockerfile

Dockerfile

 
 

LICENSE.txt

LICENSE.txt

 
 

README.md

README.md

 
 

Repository files navigation

logo

f1x [ɛf-wʌn-ɛks] is a test-driven patch generation engine for C/C++ programs. It automatically finds and fixes software bugs by analyzing behaviour of passing and failing tests. f1x aims to be efficient, robust and easy-to-use.

How does it work?

f1x generates bug fixes by enumerating and testing a large number of source code changes. Suppose we have a buggy program p and a set of tests [t1, t2, t3, t4, ...]. f1x generates a space of modifications [p1, p2, p3, p4, ...] and validates each of these programs until it finds one that passes all the tests. In the other words, it fills the following table:

t1 t2 t3 t4 ...
p1 Pass Pass Pass Fail
p2 Fail Fail Pass Fail
p3 Pass Pass Pass Pass
p4 Pass Fail Fail Pass
...

As has been shown in previous research, this approach has two shortcomings:

  • Efficiency: testing a large number of patches can be very time-consuming.
  • Overfitting: even if a patch passes all the tests, it may still be incorrect.

To improve efficiency, f1x applies test-equivalence analyses to group patches that produce the same result on a given test. For example, after executing the program p1 with the test t2, it can detect that p3 has the same result on t2 as p1 and skip a redundant execution of p3 on t2. As a result, f1x validates around 1000 different patches in a single test execution.

To address overfitting, f1x allows to prioritize patches. It assigns a cost (a rational number) to each patch and searches for a patch with the lowest cost. For example, if both p3 and p6 pass all the tests, but cost(p6) < cost(p3), then f1x outputs p6 as the result.

Documentation

To install f1x, you can either use our docker image or build it from source. Detailed information about the tool is given in Manual. If you encounter a problem while using f1x, please consult Troubleshooting guide or ask us by email (contact: Sergey Mechtaev, s.mechtaev@ucl.ac.uk). If you plan to modify f1x, please refer to Developer guide.

Related projects

f1x is a lightweight (enumerative) counterpart of our constraint-based program repair system Angelix. Compared with Angelix, f1x cannot synthesize multi-line patches and cannot use a reference implementation, however it is significantly more efficient and easy-to-use. f1x relies on test-equivalence analysis similarly to mutation testing tools such as AccMut.

Publication

More information about the tool is available in the following publications:

Test-equivalence Analysis for Automatic Patch Generation
Sergey Mechtaev, Xiang Gao, Shin Hwei Tan, Abhik Roychoudhury
TOSEM 2018

About

Efficient patch generation engine for C/C++ programs

Topics

debugger program-synthesis program-repair bug-fixing

Resources

Readme

License

GPL-3.0 license
Activity
Custom properties

Stars

16 stars

Watchers

16 watching

Forks

3 forks
Report repository

Releases

1 tags

Packages

No packages published

Contributors 5

Languages