Users around the world rely on software-intensive systems in their day-to-day activities. These systems regularly contain bugs and security vulnerabilities. To facilitate bug fixing, data-driven models of automatic program repair use pairs of buggy and fixed code to learn transformations that fix errors in code. However, automatic repair of security vulnerabilities remains under-explored. In this work, we propose ways to improve code representations for vulnerability repair from three perspectives: input data type, data-driven models, and downstream tasks. The expected results of this work are improved code representations for automatic program repair and, specifically, fixing security vulnerabilities.
翻译:世界各地的用户在日常活动中依赖软件密集型系统,这些系统经常含有错误和安全弱点。为了便利故障修复,数据驱动的自动程序修理模型使用一对错误和固定代码来学习修正代码错误的转换。然而,对安全弱点的自动修复仍然未得到充分探讨。在这项工作中,我们从三个角度提出改进脆弱性修复代号的方法:输入数据类型、数据驱动模型和下游任务。这项工作的预期成果是改进自动程序修理的代号,特别是安全弱点的修复。