Maestro: A platform for benchmarking automatic program repair tools on software vulnerabilities

Start Page
789
End Page
792
Citation
31st ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA 2022)
Contribution to Conference
31st ACM SIGSOFT International Symposium on Software Testing and Analysis, ISSTA 2022  
Publisher DOI
10.1145/3533767.3543291
Scopus ID
2-s2.0-85136778840
Automating the repair of vulnerabilities is emerging in the field of software security. Previous efforts have leveraged Automated Program Repair (APR) for the task. Reproducible pipelines of repair tools on vulnerability benchmarks can promote advances in the field, such as new repair techniques. We propose Maestro, a decentralized platform with RESTful APIs for performing automated software vulnerability repair. Our platform connects benchmarks of vulnerabilities with APR tools for performing controlled experiments. It also promotes fair comparisons among different APR tools. We compare the performance of Maestro with previous studies on four APR tools in finding repairs for ten projects. Our execution time results indicate an overhead of 23 seconds for projects in C and a reduction of 14 seconds for Java projects. We introduce an agnostic platform for vulnerability repair with preliminary tools/datasets for both C and Java. Maestro is modular and can accommodate tools, benchmarks, and repair workflows with dedicated plugins.
Subjects
program repair
Vulnerability