2024
Yinbo Yu, Yuanqi Xu, Kepu Huang, Jiajia Liu
USENIX Security
Exploring ChatGPT’s Capabilities on Vulnerability Management
Peiyu Liu, Junming Liu, Lirong Fu, Kangjie Lu, Yifan Xia, Xuhong Zhang, Wenzhi Chen, Haiqin Weng, Shouling Ji, and Wenhai Wang
USENIX Security
What IF Is Not Enough? Fixing Null Pointer Dereference With Contextual Check
Yunlong Xing, Shu Wang, Shiyu Sun, Xu He, Kun Sun, Qi Li
USENIX Security
Xin Zhou, Kisub Kim, Bowen Xu, Donggyun Han, David Lo
ICSE
Code Security Vulnerability Repair Using Reinforcement Learning with Large Language Models
Nafis Tanveer Islam, Mohammad Bahrami Karkevandi, Peyman Najafirad
AAAI
On Hardware Security Bug Code Fixes by Prompting Large Language Models
Baleegh Ahmad, Shailja Thakur,Benjamin Tan, Ramesh Karri, Hammond Pearce
TSE
Vision Transformer Inspired Automated Vulnerability Repair
Michael Fu, Van Nguyen, Chakkrit Tantithamthavorn, Dinh Phung, Trung Le
TSE
Yu Nong, Mohammed Aldeen, Long Cheng, Hongxin Hu, Feng Chen, and Haipeng Cai
Arxiv
Kulsum, Ummay and Zhu, Haotian and Xu, Bowen and d’Amorim, Marcelo
Arxiv
ContractTinker: LLM-Empowered Vulnerability Repair for Real-World Smart Contracts
Che Wang, Jiashuo Zhang, Jianbo Gao, Libin Xia, Zhi Guan, Zhong Chen
Arxiv
2023
SeqTrans: Automatic Vulnerability Fix via Sequence to Sequence Learning
Jianlei Chi, Yu Qu, Ting Liu, Qinghua Zheng, Heng Yin
TSE
How Effective Are Neural Networks for Fixing Security Vulnerabilities
Yi Wu, Nan Jiang, Hung Viet Pham, Thibaud Lutellier, Jordan Davis, Lin Tan, Petr Babkin, Sameena Shah.
ISSTA
Examining Zero-Shot Vulnerability Repair with Large Language Models
Hammond Pearce, Benjamin Tan, Baleegh Ahmad, Ramesh Karri, Brendan Dolan-Gavitt
IEEE S&P
ChatGPT for Vulnerability Detection, Classification, and Repair: How Far Are We?
Michael Fu, Chakkrit Kla Tantithamthavorn, Van Nguyen, Trung Le
APSEC
CONTRACTFIX: A Framework for Automatically Fixing Vulnerabilities in Smart Contracts
Pengcheng Fang
ESEC/FSE
Property-Based Automated Repair of DeFi Protocols
Palina Tolmach, Yi Li, Shang-Wei Lin
ASE
Enhancing OSS Patch Backporting with Semantics
Su Yang, Yang Xiao, Zhengzi Xu, Chengyi Sun, Chen Ji, Yuqing Zhang
CCS
Program Repair Guided by Datalog-Defined Static Analysis
Yu Liu, Sergey Mechtaev, Pavle Subotić, Abhik Roychoudhury
ESEC/FSE
Exploring the Limits of ChatGPT in Software Security Applications
Fangzhou Wu, Qingzhao Zhang, Ati Priya Bajaj, Tiffany Bao, Ning Zhang, Ruoyu Wang, Chaowei Xiao, et al
Arxiv
2022
Program vulnerability repair via inductive inference
Yuntong Zhang, Xiang Gao, Gregory J Duck, Abhik Roychoudhury
ISSTA
Elysium: Context-Aware Bytecode-Level Patching to Automatically Heal Vulnerable Smart Contracts
Christof Ferreira Torres, Hugo Jonker, Radu State
RAID
Youkun Shi, Yuan Zhang, Tianhan Luo, Xiangyu Mao, Yinzhi Cao, Ziwen Wang, Yudi Zhao, Zongan Huang, Min Yang
USENIX Security
Repairing Security Vulnerabilities Using Pre-trained Programming Language Models
Kai Huang, Su Yang, Hongyu Sun, Chengyi Sun, Xuejun Li, and Yuqing Zhang
Others
2021
Beyond Tests: Program Vulnerability Repair via Crash Constraint Extraction
Xiang Gao, Bo Wang, Gregory J Duck, Ruyi Ji, Yingfei Xiong, Abhik Roychoudhury
TOSEM
Neural Transfer Learning for Repairing Security Vulnerabilities in C Code
Zimin Chen, Steve Kommrusch, Martin Monperrus
TSE
IntRepair: Informed Repairing of Integer Overflows
Paul Muntean, Martin Monperrus, Hao Sun, Jens Grossklags, Claudia Eckert
TSE
Rupair: Towards Automatic Buffer Overflow Detection and Rectification for Rust
Baojian Hua,Wanrong Ouyang, Chengman Jiang, Qiliang Fan, Zhizhong Pan
ACSAC
EVMPatch: Timely and Automated Patching of Ethereum Smart Contracts
Michael Rodler, Wenting Li, Ghassan O. Karame, Lucas Davi
USENIX Security
SGUARD: Towards Fixing Vulnerable Smart Contracts Automatically
Tai D Nguyen, Long H Pham, Jun Sun
IEEE S&P
HyperGI: Automated Detection and Repair of Information Flow Leakage
Ibrahim Mesecan, Daniel Blackwell, David Clark, Myra B Cohen, and Justyna Petke
ASE
Automated patch backporting in Linux (experience paper)
Ridwan Shariffdeen, Xiang Gao, Gregory J Duck, Shin Hwei Tan, Julia Lawall, and Abhik Roychoudhury
ISSTA
Ridwan Shariffdeen, Yannic Noller, Lars Grunske, Abhik Roychoudhury
PLDI
2020
SAVER: scalable, precise, and safe memory-error repair
Seongjoon Hong, Junhee Lee, Jeongsoo Lee, Hakjoo Oh
ICSE
SMARTSHIELD: Automatic Smart Contract Protection Made Easy
Yuyao Zhang, Siqi Ma, Juanru Li, Kailai Li, Surya Nepal, Dawu Gu
SANER
Binary rewriting without control flow recovery
Gregory J Duck, Xiang Gao, Abhik Roychoudhury
PLDI
Automated Patch Transplantation
Ridwan Salihin Shariffdeen, Shin Hwei Tan, Mingyuan Gao, Abhik Roychoudhury
TOSEM
Automatic Hot Patch Generation for Android Kernels
Zhengzi Xu, Yulong Zhang, Longri Zheng, Liangzhao Xia, Chenfu Bao, Zhi Wang, Yang Liu
USENIX Security
Repairing DoS Vulnerability of Real-World Regexes
Nariyoshi Chida and Tachio Terauchi
IEEE S&P
2019
Using Safety Properties to Generate Vulnerability Patches
Zhen Huang, David Lie, Gang Tan, Trent Jaeger
IEEE S&P
Automatic Integer Error Repair by Proper-Type Inference
Xi Cheng, Min Zhou, Xiaoyu Song, Ming Gu, Jiaguang Sun
TDSC
VFix: value-flow-guided precise program repair for null pointer dereferences
Xuezheng Xu, Yulei Sui, Hua Yan, Jingling Xue
ICSE
SapFix: Automated End-to-End Repair at Scale
Alexandru Marginean, Johannes Bader, Satish Chandra, Mark Harman, Yue Jia, Ke Mao, Alexander Mols, Andrew Scott
ICSE
Automating Patching of Vulnerable Open-Source Software Versions in Application Binaries
Ruian Duan, Ashish Bijlani, Yang Ji, Omar Alrawi, Yiyuan Xiong, Moses Ike, Brendan Saltaformaggio, Wenke Lee
NDSS
2018
Static automated program repair for heap properties
Rijnard van Tonder and Claire Le Goues
ICSE
MemFix: static analysis-based repair of memory deallocation errors for C
Junhee Lee, Seongjoon Hong, Hakjoo Oh
ESEC/FSE
Learning to repair software vulnerabilities with generative adversarial networks
Jacob Harer, Onur Ozdemir, Tomo Lazovich, Christopher Reale, Rebecca Russell, Louis Kim, et al
NIPS
2017
Automatically diagnosing and repairing error handling bugs in C
Yuchi Tian, Baishakhi Ray
ESEC/FSE
VuRLE: Automatic Vulnerability Detection and Repair by Learning from Examples
Siqi Ma, Ferdian Thung, David Lo, Cong Sun, Robert H Deng
ESORICS
Dynamic patch generation for null pointer exceptions using metaprogramming
Thomas Durieux, Benoit Cornu, Lionel Seinturier, Martin Monperrus
SANER
Adaptive Android Kernel Live Patching
Yue Chen, Yulong Zhang, Zhi Wang, Liangzhao Xia, Chenfu Bao, and Tao Wei
USENIX Security
Nopol: Automatic Repair of Conditional Statement Bugs in Java Programs
Jifeng Xuan, Matias Martinez, Favio Demarco, Maxime Clement, Sebastian Lamelas Marcote, Thomas Durieux, Daniel Le Berre, and Martin Monperrus
TSE
2016
BovInspector: automatic inspection and repair of buffer overflow vulnerabilities
Fengjuan Gao, Linzhang Wang, and Xuandong Li
ASE
Automated memory leak fixing on value-flow slices for C programs
Hua Yan, Yulei Sui, Shiping Chen, Jingling Xue
SAC
CDRep: Automatic Repair of Cryptographic Misuses in Android Applications
Siqi Ma, David Lo, Teng Li, and Robert H Deng
ASIACCS
Anti-patterns in search-based program repair
Shin Hwei Tan, Hiroaki Yoshida, Mukul R Prasad, Abhik Roychoudhury
FSE
Angelix: Scalable Multiline Program Patch Synthesis via Symbolic Analysis
Sergey Mechtaev, Jooyong Yi, Abhik Roychoudhury
ICSE
2015
Safe Memory-Leak Fixing for C Programs
Qing Gao, Yingfei Xiong, Yaqing Mi, Lu Zhang, Weikun Yang, Zhaoping Zhou, Bing Xie, Hong Mei
ICSE
Repairing programs with semantic code search(t)
Yalin Ke, Kathryn T Stolee, Claire Le Goues, Yuriy Brun
ASE
DirectFix: looking for simple program repairs
Sergey Mechtaev, Jooyong Yi, Abhik Roychoudhury
ICSE
2014
Automatically Fixing C Buffer Overflows Using Program Transformations
Alex Shaw, Dusten Doggett, Munawar Hafiz
DSN
2013
Program transformations to fix C integers
Zack Coker, Munawar Hafiz
ICSE
Automatic patch generation learned from human-written patches
Dongsun Kim, Jaechang Nam, Jaewoo Song, Sunghun Kim
ICSE
Fix Me Up: Repairing Access-Control Bugs in Web Applications
Sooel Son, Kathryn S McKinley, Vitaly Shmatikov
NDSS
Semfix: Program repair via semantic analysis
Hoang Duong Thien Nguyen, Dawei Qi, Abhik Roychoudhury, Satish Chandra
ICSE
2012
A systematic study of automated program repair: fixing 55 out of 105 bugs for $8 each
Claire Le Goues, Michael Dewey-Vogt, Stephanie Forrest, Westley Weimer
ICSE
2011
Automatically fixing security vulnerabilities in Java code
Aharon Abadi, Ran Ettinger, Yishai A Feldman, Mati Shomrat
OOPSLA
Genprog: A generic method for automatic software repair
Claire Le Goues, ThanhVu Nguyen, Stephanie Forrest, Westley Weimer
TSE
2010
Recurring bug fixes in object-oriented programs
Tung Thanh Nguyen, Hoan Anh Nguyen, Nam H Pham, Jafar Al-Kofahi, Tien N Nguyen
ICSE
2009
Automatically finding patches using genetic programming
Westley Weimer, ThanhVu Nguyen, Claire Le Goues, Stephanie Forrest
ICSE
A genetic programming approach to automated software repair
Stephanie Forrest, ThanhVu Nguyen, Westley Weimer, Claire Le Goues
GECCO
2008
Exterminator: Automatically correcting memory errors with high probability
Gene Novark, Emery D Berger, Benjamin G Zorn
PLDI
2007
Zhiqiang Lin, Xuxian Jiang, Dongyan Xu, Bing Mao, Li Xie
ASIACCS
2006
Westley Weimer
GPCE