Zhilei Ren
ABSTRACT
Software reproducibility plays an essential role in establishing trust between source code and the built artifacts, by comparing compilation outputs acquired from independent users. Although the testing for unreproducible builds could be automated, fixing unreproducible build issues poses a set of challenges within the reproducible builds practice, among which we consider the localization granularity and the historical knowledge utilization as the most significant ones. To tackle these challenges, we propose a novel approach RepFix that combines tracing-based fine-grained localization with history-based patch generation mechanisms.
On the one hand, to tackle the localization granularity challenge, we adopt system-level dynamic tracing to capture both the system call traces and user-space function call information. By integrating the kernel probes and user-space probes, we could determine the location of each executed build command more accurately. On the other hand, to tackle the historical knowledge utilization challenge, we design a similarity based relevant patch retrieving mechanism, and generate patches by applying the edit operations of the existing patches. With the abundant patches accumulated by the reproducible builds practice, we could generate patches to fix the unreproducible builds automatically.
To evaluate the usefulness of RepFix, extensive experiments are conducted over a dataset with 116 real-world packages. Based on RepFix, we successfully fix the unreproducible build issues for 64 packages. Moreover, we apply RepFix to the Arch Linux packages, and successfully fix four packages. Two patches have been accepted by the repository, and there is one package for which the patch is pushed and accepted by its upstream repository, so that the fixing could be helpful for other downstream repositories.
- 2021. About Event Tracing. https://docs.microsoft.com/en-us/windows/win32/etw/about-event-tracing. Accessed: 2021-09-02.Google Scholar
- 2021. DTrace. http://dtrace.org. Accessed: 2021-09-01.Google Scholar
- 2021. FS#69535: when. https://bugs.archlinux.org/task/69535. Accessed: 2021-09-02.Google Scholar
- 2021. FS#70302: pythia8. https://bugs.archlinux.org/task/70302. Accessed: 2021-09-02.Google Scholar
- 2021. FS#70303: zssh. https://bugs.archlinux.org/task/70303. Accessed: 2021-09-02.Google Scholar
- 2021. FS#71953: dd_rescue. https://bugs.archlinux.org/task/71953. Accessed: 2021-09-02.Google Scholar
- 2021. GNU gzip: General file (de)compression. https://www.gnu.org/software/gzip/manual/gzip.html. Accessed: 2021-04-3.Google Scholar
- 2021. History of reproducible builds. https://reproducible-builds.org/docs/history/. Accessed: 2021-08-30.Google Scholar
- 2021. mylvmbackup. https://tracker.debian.org/pkg/mylvmbackup. Accessed: 2022-02-01.Google Scholar
- 2021. ptrace(2) Linux manual page. https://man7.org/linux/man-pages/man2/ptrace.2.html. Accessed: 2021-08-21.Google Scholar
- 2021. The SOURCE_DATE_EPOCH specification. https://reproducible-builds.org/docs/source-date-epoch/. Accessed: 2021-09-02.Google Scholar
- 2021. Strace. https://strace.io. Accessed: 2021-04-17.Google Scholar
- Muhammad Asaduzzaman, Chanchal K Roy, Kevin A Schneider, and Massimiliano Di Penta. 2013. Lhdiff: A language-independent hybrid approach for tracking source code lines. In 2013 IEEE International Conference on Software Maintenance (ICSM). IEEE, 230--239.Google ScholarDigital Library
- Raymond Chen. 2018. Why are the module timestamps in Windows 10 so nonsensical? https://devblogs.microsoft.com/oldnewthing/20180103-00/?p=97705. Accessed: 2021-08-31.Google Scholar
- Zhe Chen, Junqi Yan, Shuanglong Kan, Ju Qian, and Jingling Xue. 2019. Detecting memory errors at runtime with source-level instrumentation. In Proceedings of the 28th ACM SIGSOFT International Symposium on Software Testing and Analysis. 341--351.Google ScholarDigital Library
- Domenico Cotroneo, Luigi De Simone, and Roberto Natella. 2018. Run-time detection of protocol bugs in storage I/O device drivers. IEEE Transactions on Reliability 67, 3 (2018), 847--869.Google ScholarCross Ref
- Nick Craswell. 2009. Mean Reciprocal Rank. In Encyclopedia of Database Systems, Ling Liu and M. Tamer Özsu (Eds.). Springer US, Boston, MA, 1703--1703.Google Scholar
- Jake Edge. 2017. Reproducible builds. https://lwn.net/Articles/719823/. Accessed: 2021-08-27.Google Scholar
- Mohamed Elsabagh, Daniel Barbará, Dan Fleck, and Angelos Stavrou. 2018. On early detection of application-level resource exhaustion and starvation. Journal of Systems and Software 137 (2018), 430--447.Google ScholarCross Ref
- Paul Gazzillo. 2017. Kmax: Finding All Configurations of Kbuild Makefiles Statically. In Proceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering (ESEC/FSE) (Paderborn, Germany) (ESEC/FSE 2017). ACM, 279--290.Google ScholarDigital Library
- Michael Greenberg, Konstantinos Kallas, and Nikos Vasilakis. 2021. Unix shell programming: the next 50 years. In Proceedings of the Workshop on Hot Topics in Operating Systems. 104--111.Google ScholarDigital Library
- Jiatao Gu, Changhan Wang, and Junbo Zhao. 2019. Levenshtein Transformer. Advances in Neural Information Processing Systems 32 (2019), 11181--11191.Google Scholar
- Foyzul Hassan and Xiaoyin Wang. 2018. Hirebuild: An automatic approach to history-driven repair of build scripts. In 2018 IEEE/ACM 40th International Conference on Software Engineering (ICSE). IEEE, 1078--1089.Google ScholarDigital Library
- Hongjun He, Jicheng Cao, Lesheng Du, Hao Li, Shilong Wang, and Shengyu Cheng. 2020. ConstBin: A Tool for Automatic Fixing of Unreproducible Builds. In 2020 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW). IEEE, 97--102.Google Scholar
- Jingzhu He, Ting Dai, and Xiaohui Gu. 2018. Tscope: Automatic timeout bug identification for server systems. In 2018 IEEE International Conference on Autonomic Computing (ICAC). IEEE, 1--10.Google ScholarCross Ref
- Ryan Hurst. 2021. Verifiable design in modern systems. https://security.googleblog.com/2021/07/verifiable-design-in-modern-systems.html. Accessed: 2021-08-31.Google Scholar
- Pascal Jungblut, Roger Kowalewski, and Karl Fürlinger. 2018. Source-to-Source Instrumentation for Profiling Runtime Behavior of C++ Containers. In 2018 IEEE 20th International Conference on High Performance Computing and Communications (HPCC). IEEE, 948--953.Google ScholarCross Ref
- Chris Lamb and Stefano Zacchiroli. 2021. Reproducible Builds: Increasing the Integrity of Software Supply Chains. IEEE Software (2021). Early Access. Google ScholarCross Ref
- Xia Li, Wei Li, Yuqun Zhang, and Lingming Zhang. 2019. Deepfl: Integrating multiple fault diagnosis dimensions for deep fault localization. In Proceedings of the 28th ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA). 169--180.Google ScholarDigital Library
- Nándor Licker and Andrew Rice. 2019. Detecting incorrect build rules. In 2019 IEEE/ACM 41st International Conference on Software Engineering (ICSE). IEEE, 1234--1244.Google ScholarDigital Library
- Chang Liu, Zhengong Cai, Bingshen Wang, Zhimin Tang, and Jiaxu Liu. 2020. A protocol-independent container network observability analysis system based on eBPF. In 2020 IEEE 26th International Conference on Parallel and Distributed Systems (ICPADS). IEEE, 697--702.Google ScholarCross Ref
- Kui Liu, Shangwen Wang, Anil Koyuncu, Kisub Kim, Tegawendé F Bissyandé, Dongsun Kim, Peng Wu, Jacques Klein, Xiaoguang Mao, and Yves Le Traon. 2020. On the efficiency of test suite based program repair: A systematic assessment of 16 automated repair systems for java programs. In Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering (ICSE). 615--627.Google ScholarDigital Library
- Yiling Lou, Junjie Chen, Lingming Zhang, DanHao, and Lu Zhang. 2019. History-driven build failure fixing: how far are we?. In Proceedings of the 28th ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA). 43--54.Google ScholarDigital Library
- Yiling Lou, Zhenpeng Chen, Yanbin Cao, Dan Hao, and Lu Zhang. 2020. Understanding Build Issue Resolution in Practice: Symptoms and Fix Patterns. In Proceedings of the 28th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE) (Virtual Event, USA). ACM, 617--628.Google ScholarDigital Library
- Douglas H Martin, James R Cordy, Bram Adams, and Giulio Antoniol. 2015. Make it simple-an empirical analysis of gnu make feature use in open source projects. In 2015 IEEE 23rd International Conference on Program Comprehension. IEEE, 207--217.Google ScholarDigital Library
- Omar S Navarro Leija, Kelly Shiptoski, Ryan G Scott, Baojun Wang, Nicholas Renner, Ryan R Newton, and Joseph Devietti. 2020. Reproducible Containers. In Proceedings of the Twenty-Fifth International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS). 167--182.Google Scholar
- Zhilei Ren, He Jiang, Jifeng Xuan, and Zijiang Yang. 2018. Automated localization for unreproducible builds. In Proceedings of the 40th International Conference on Software Engineering (ICSE). 71--81.Google ScholarDigital Library
- Zhilei Ren, Changlin Liu, Xusheng Xiao, He Jiang, and Tao Xie. 2019. Root cause localization for unreproducible builds via causality analysis over system call tracing. In 2019 34th IEEE/ACM International Conference on Automated Software Engineering (ASE). IEEE, 527--538.Google ScholarDigital Library
- Young Shi, Mingzhi Wen, Filipe Roseiro Cogo, Boyuan Chen, and Zhen Ming Jack Jiang. 2021. An Experience Report on Producing Verifiable Builds for Large-Scale Commercial Systems. IEEE Transactions on Software Engineering (2021). Google ScholarCross Ref
- Paul D. Smith. 2004. Makefile grammar. https://www.mail-archive.com/[email protected]/msg02778.html. Accessed: 2021-08-23.Google Scholar
- Thodoris Sotiropoulos, Stefanos Chaliasos, Dimitris Mitropoulos, and Diomidis Spinellis. 2020. A Model for Detecting Faults in Build Specifications. Proc. ACM Program. Lang. 4, OOPSLA, Article 144 (Nov. 2020), 30 pages.Google ScholarDigital Library
- Ahmed Tamrawi, Hoan Anh Nguyen, Hung Viet Nguyen, and Tien N Nguyen. 2012. Build code analysis with symbolic evaluation. In 34th International Conference on Software Engineering (ICSE). IEEE, 650--660.Google ScholarCross Ref
- Xin Ye, Razvan Bunescu, and Chang Liu. 2014. Learning to rank relevant files for bug reports using domain knowledge. In Proceedings of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering. ACM, 689--699.Google ScholarDigital Library
- Daming Zou, Jingjing Liang, Yingfei Xiong, Michael D. Ernst, and Lu Zhang. 2021. An Empirical Study of Fault Localization Families and Their Combinations. IEEE Transactions on Software Engineering 47, 2 (2021), 332--347.Google ScholarDigital Library
Index Terms
Automated patching for unreproducible builds
Recommendations
Automated localization for unreproducible builds
ICSE '18: Proceedings of the 40th International Conference on Software EngineeringReproducibility is the ability of recreating identical binaries under pre-defined build environments. Due to the need of quality assurance and the benefit of better detecting attacks against build environments, the practice of reproducible builds has ...
Hallucinating face by position-patch
A novel face hallucination method is proposed in this paper for the reconstruction of a high-resolution face image from a low-resolution observation based on a set of high- and low-resolution training image pairs. Different from most of the established ...
Patch Based Blind Image Super Resolution
ICCV '05: Proceedings of the Tenth IEEE International Conference on Computer Vision (ICCV'05) Volume 1 - Volume 01In this paper, a novel method for learning based image super resolution (SR) is presented. The basic idea is to bridge the gap between a set of low resolution (LR) images and the corresponding high resolution (HR) image using both the SR reconstruction ...
Comments