AVATAR: Fixing Semantic Bugs with
Fix Patterns of Static Analysis Violations
Kui Liu, Anil Koyuncu, Dongsun Kim, and Tegawendé F. Bissyandé
SnT, University of Luxembourg, Luxembourg
@ Hangzhou, China, 26th SANER 2019February 27, 2019

1
> Static Code Analysis
Static Analysis Tools can detect:
1. Security Vulnerabilities,
2. Performance Issues,
3. Bad Programming Practices (so-called
Code Smells).InferErrorProne
These are called Violations , Alarms, or Alerts.

2
> Example of Fixing a Static Analysis Violation
@Override
public boolean equals(Object obj) {
return getModule().equals(((ModuleWrapper) obj).getModule());
}
// Violation Type:
// BC_EQUALS_METHOD_SHOULD_WORK_FOR_ALL_OBJECTS
@Override
public boolean equals(Object obj) {
- return getModule().equals(((ModuleWrapper) obj).getModule());
+ return obj instanceof ModuleWrapper &&
+ getModule().equals(((ModuleWrapper) obj).getModule());
}
Developer’s Patch

3
> Fix Patterns of Static Analysis Violations
[29] Kui Liu, Dongsun Kim, Tegawendé F. Bissyandé, Shin Yoo, and Yves Le Traon, “Mining fix
patterns for findbugs violations,” IEEE Transactions on Software Engineering, 2018.
[30] R. Rolim, G. Soares, R. Gheyi, and L. D’Antoni, “Learning quick fixes from code
repositories,” arXiv preprint arXiv:1803.03806, 2018
PATCH###
Violation Type :BC_EQUALS_METHOD_SHOULD_WORK_FOR_ALL_OBJECTS
- return exp1().equals(((T)obj).exp2());
+ return obj instanceof T && exp1().equals(((T)obj).exp2());
Pattern with AST Diff###:
UPD ReturnStatement
---INS InfixExpression
------MOV MethodInvocation
------INS InstanceofExpression
---------INS Variable
---------INS Instanceof
---------INS SimpleType
------INS Operator
Live
Study

4
> Are static analysis tools good bug detectors?
[32] Andrew Habib and Michael Pradel, “How many of all bugs do we find? a
study of static bug detectors,” in Proceedings of the 33rd ACM/IEEE
International Conference on Automated Software Engineering. 2018, pp. 317–328.
Tool Bugs
Error Prone 8
Infer 5
SpotBugs 18
Total 31
Total of 27 unique bugs.
# bugs found by static analysis
tools in Defects4J dataset.

5
> Idea for a new direction
Tool Bugs
Error Prone 8
Infer 5
SpotBugs 18
Total 31
Total of 27 unique bugs.
# Defects4J bugs found by
static analysis tools.
Pattern with AST Diff###:
UPD ReturnStatement
---INS InfixExpression
------MOV MethodInvocation
------INS InstanceofExpression
---------INS Variable
---------INS Instanceof
---------INS SimpleType
------INS Operator
Live
Study
Fix Patterns of
Static Analysis Violations

6
> Fix Pattern based APR Systems
PAR
ELIXIR
Genesis
SOFix
HDRepair
NPEfix
SketchFix
CapGen
SimFix
1. Manual Summarization of Human-written
Patches.
2. Mining fix patterns.
3. Pre-definition of fix patterns.
4. Statistics on code change actions of patches.
How about the fix patterns of static analysis violations?

7
Static analysis violation fix patterns:
• They are recurrent and consistent in projects.
• Fixes are very reliable (They are assessed by detection
tools), and consistent (simple and recurrent).
• Eventually, mined fix patterns are reliable.
> Static Violation Fix Patterns vs. Semantic Bugs
Semantic Bugs:
Making the program behavior deviate from developer’s intention [1] [17].
Generally detected through dynamic testing.

8
> Motivating Example
--- a/src/com/google/javascript/jscomp/Compiler.java
+++ b/src/com/google/javascript/jscomp/Compiler.java
@@ -1283,4 +1283,3 @@
// Check if the sources need to be re-ordered.
if (options.dependencyOptions.needsManagement() &&
- !options.skipAllPasses &&
options.closurePass) {
// Patch diff at AST level.
UPD IfStatement@@‘‘if statement code’’
---UPD InfixExpression@@‘‘infix-expression code’’
------DEL PrefixExpression@@‘‘!options.skipAllPasses’’
------DEL Operator@@‘‘&’’
// Fix Pattern: Remove a useless sub-predicate expression.
UPD IfStatement
---UPD InfixExpression@expA Operator expB
------DEL Expression@expB
------DEL Operator
A fix pattern for UC_USELESS_CONDITION violation [29].
Developer’s patch
of fixing the bug Closure-13in Defects4J.

9
> AVATAR: Static analysis violation fix pattern-based automated
program repair
Fix patterns of
static violations

10
AVATAR DESIGN

11
> AVATAR basic workflow
Patch Generation
Patch Validation
Fix Pattern Selection
Fault Localization
AVATAR

12
Fault
Localization
Technique
A Ranked List of
Suspicious
Code Locations
Buggy Program
Passing
tests
tests
Failing
Fault Localization
> AVATAR: Fault Localization
Gzoltar with Ochiai.

13
Selected
fix pattern
Fix Pattern Selection
Fault
Localization
Technique
Buggy Program
Passing
tests
tests
Failing
Fix pattern
data base
< Code Fragment >
Select relevant
fix patterns
Fault Localization
> AVATAR: Fix Pattern Selection
A Ranked List of
Suspicious
Code Locations
< Code Fragment >

14
Patch CandidatesSelected
fix pattern
Patch Generation
Fault
Localization
Technique
Buggy Program
Passing
tests
tests
Failing
Fix pattern
data base
Mutate
suspicious code
Next
fix
pattern
Next suspicious code location
> AVATAR: Patch Generation
Fix Pattern Selection
< Code Fragment >
Select relevant
fix patterns
Fault Localization
A Ranked List of
Suspicious
Code Locations
// Buggy code of Closure-13 in Defects4J dataset.
if (options.dependencyOptions.needsManagement() &&
!options.skipAllPasses &&
options.closurePass) {
// Fix Pattern: Remove a useless sub-predicate expression.
UPD IfStatement
---UPD InfixExpression@expA Operator expB
------DEL Expression@expB
------DEL Operator
// Patch Candidate I.
- if (options.dependencyOptions.needsManagement() &&
- !options.skipAllPasses &&
+ if (!options.skipAllPasses &&
options.closurePass) {
// Patch Candidate II.
if (options.dependencyOptions.needsManagement() &&
- !options.skipAllPasses &&
options.closurePass) {
// Patch Candidate III.
if (options.dependencyOptions.needsManagement() &&
- !options.skipAllPasses &&
- options.closurePass) {
+ !options.skipAllPasses) {

15
Patch CandidatesSelected
fix pattern
Patch Generation
Pass
Fail
Patch Validation
Patch
Testing
Fault
Localization
Technique
Buggy Program
Passing
tests
tests
Failing
Fix pattern
data base
Mutate
suspicious code
Next
fix
pattern
Next suspicious code location
Next
patch
candidate
> AVATAR: Patch Validation
Fix Pattern Selection
< Code Fragment >
Select relevant
fix patterns
Fault Localization
A Ranked List of
Suspicious
Code Locations

16
ASSESSMENT

17
RQ1: How effective are fix patterns of static analysis violations
for repairing programs with semantic bugs?
RQ2: Which bugs and which patterns are relevant targets for
AVATAR in an automated program repair scenario?
RQ3: How does AVATAR compare to the state-of-the-art APR
tools with respect to repair performance?
> RQs: Research Questions

18
> Fix Patterns and Benchmark
#
Projects
# violation
fix patches
# violation
types
# fix
patterns
Liu et al. [29] 730 88,927 111 174
Rolim et al. [30] 9 288,899 9 9
Statistics on Fix Patterns of Static Analysis Violations.
Project # Bugs # kLoc # Tests
Chart 26 96 2,205
Closure 133 90 7,927
Lang 65 22 2,245
Math 106 85 3,602
Mockito 38 11 1,457
Time 27 28 4,130
Total 395 332 21,566
Defects4J Dataset Information.

19
> RQ1: Fix bugs which can be localized by static analysis tools
Bug ID SpotBugs Infer ErrorProne Static Analysis Violation Type
Chart-1 ✔ ✔ NP_ALWAYS_NULL
Chart-4 ✔ ✔ NP_NULL_ON_SOME_PATH
Chart-24 ✔ DLS_DEAD_LOCAL_STORE
Math-77 ✔ UPM_UNCALLED_PRIVATE_METHOD
Statically-Detected Bugs Fixed by AVATAR.
AVATAR demonstrates the usefulness of violation fix patterns in a
scenario of automating some maintenance tasks involving
systematic checking of developer code with static checkers.

20
> RQ1: Fix Bugs with perfect fault localization
Fixed Bugs Chart
(C)
Closure
(Cl)
Lang
(L)
Math
(M)
Mockito
(Moc)
Time
(T)
Total
# of fully fixed
bugs
7/8 10/13 5/10 8/13 2/2 2/3 34/49
# of partially fixed
bugs
2/3 1/4 1/3 1/4 0/0 0/0 5/14
Number of Defects4J Bugs Fixed by AVATAR with an
Assumption of Perfect Localization Information.
AVATAR can effectively fix several semantic
bugs from the Defects4J dataset.

21
> RQ2: Why AVATAR can fix semantic bugs?
Violation Types associated with
fix patterns
Fix ingredients from the violation fix patterns Fixed Bugs Bug Patterns Repair Actions
NP_ALWAYS_NULL Mutate the operator of null-check expression:
“var != == null”, or “var == != null”.
C-1 Conditional expression
modification.
Logic expression modification.
NP_NULL_ON_SOME_PATH 1. Wrap buggy code with if-non-null-check block:
“if (var != null) {buggy code}”;
2. Insert if-null-check block before buggy code:
“if (var == null) {return false;} buggy code;” or
“if (var == null) {return null;} buggy code;” or
“if (var == null) {throw IllegalArgumentException.} buggy code;”
C-4, 26. Missing non-null check
addition
Conditional (if) branch
addition
C-14, 19, 25, Cl-2,
M-4, Moc-29, 38.
Missing null check addition Conditional (if) branch
addition.
DLS_DEAD_LOCAL_STORE Replace a variable with other one:
e.g., “var1 = var2 var3;”.
C-11, 24, L-6, 57,
59, M-33, 59, T-7.
Wrong variable reference Variable replacement by
another variable.
UC_USELESS_CONDITION 1. Mutate the operator of an expression in an if statement:
e.g., “if (expA > >= expB) {...}”;
2. Remove a sub-predicate expression in an if statement:
“if (expA || expB) {...}” or “if (expA || expB) {...}”;
3. Remove the conditional expression:
“expA ? expB : expC” or “expA ? expB : expC”.
Cl-38. Logic expression expansion Conditional expression
expansion.
Cl-18, 31, L-15. Logic expression reduction Conditional expression
reduction
Cl-62, 63, 73, M-82,
85, T-19
Logic expression
modification
Conditional expression
modification.
UCF_USELESS_CONTROL_FLOW 1. Remove an if statement but keep the code inside its block:
“if (exp) { code }”;
2. Remove an if statement with its block code:
“if (exp) { code }”.
C-18, Cl-106, M-46. Unwraps-from if-else
statement
Conditional (if or else) branch
removal.
Cl-115, 126, L-7,
10, M-50.
Conditional block removal Conditional (if or else) branch
removal
UPM_UNCALLED_PRIVATE_MET
HOD
Remove a method declaration:
“Modifier ReutrnType methodName(Parameters) { code }”.
Cl-46, M-77. Unclassified Method definition removal.
BC_UNCONFIRMED_CAST Wrap buggy code with if-instanceof-check block:
“if (var instanceof Type) {buggy code} else {throw IllegalArgumentException;}”
M-89. Wraps-with if-else
statement
Conditional (if-else) branches
addition
AVATAR exploits a variety of fix
ingredients from static violations fix
patterns to address a diverse set of bug
patterns in the Defects4J dataset.

22
> RQ3: Comparing bug fix performance with state-of-the-art APR tools
APR Tool Chart Closure Lang Math Mockito Time Total
AVATAR
Fully Fixed 5/12 8/12 5/11 6/13 2/2 1/3 27/53
Partially Fixed 1/2 1/1 0/2 1/3 0/0 0/0 3/8
jGenProg 0/7 0/0 0/0 5/18 0/0 0/2 5/27
jKali 0/6 0/0 0/0 1/14 0/0 0/2 1/22
jMutRepair 1/4 0/0 0/1 2/11 0/0 0/1 3/17
Nopol 1/6 0/0 3/7 1/21 0/0 0/1 5/35
HDRepair 0/2 0/7 2/6 4/7 0/0 0/1 6/23
FixMiner 5/8 5/5 2/3 12/14 0/0 1/1 25/31
LSRepair 3/8 0/0 8/14 7/14 1/1 0/0 19/37
ACS 2/2 0/0 3/4 12/16 0/0 1/1 18/23
ELIXIR 4/7 0/0 8/12 12/19 0/0 2/3 26/41
JAID 2/4 5/11 1/8 1/8 0/0 0/0 9/31
ssFix 3/7 2/11 5/12 10/26 0/0 0/4 20/60
CapGen 4/4 0/0 5/5 12/16 0/0 0/0 21/25
SketchFix 6/8 3/5 3/4 7/8 0/0 0/1 19/26
SimFix 4/8 6/8 9/13 14/26 0/0 1/1 34/56
Cl-2,31,46,
L-7,10,
M-46,
Moc-29,38.
AVATAR is comparable and
complementary to the other state-of-
the-art APR systems.

23
> Conclusion
1. AVATAR demonstrates the usefulness of violation fix patterns
for effectively fixing several semantic bugs from the Defects4J
dataset.
2. AVATAR exploits a variety of fix ingredients.  It can address
a diverse set of bug types in the Defects4J dataset.
3. AVATAR is comparable and complementary to the state-of-
the-art APR systems.
AVATAR can fix 8 new bugs which had not been fix by the state-of-the-art.

24
> Summary
14
Patch CandidatesSelected
fix pattern
Patch Generation
Pass
Fail
Patch Validation
Patch
Testing
Fault
Localization
with GZoltar
Buggy Program
Passing
tests
tests
Failing
Fix pattern
data base
Mutate
suspicious code
Next
fix
pattern
Next suspicious code location
Next
patch
candidate
> AVATAR Overview
Fix Pattern Matching
< Code Fragment >
Select relevant
fix patterns
Fault Localization
A Ranked List of
Suspicious
Code Locations
https://github.com/SerVal-DTF/AVATAR