Automatic generation of patches for security violations

Assignee

• Google LLC · US

Inventors

• Domagoj Babic · Mountain View, US
• Omer Tripp · Herzliya, IL
• Franjo Ivancic · Princeton, US
• Sam Kerner · Fairfax, US
• Markus Kusano · Princeton, US
• Timothy King · Mountain View, US
• Stefan Bucur · Lausanne, CH
• Wei Wang · Mountain View, US
• László Szekeres · Brooklyn, US

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F2221/033
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

Aspects of the disclosure provide for automatically generating patches for security violations. For example, a plurality of inputs may be generated for code. The code may be executed using the plurality of inputs to obtain execution states at a plurality of code locations. The execution states may include at least one security violation for at least some of the plurality of inputs. Using the execution states, one or more patch conditions causing the at least one security violation may be determined. Using the execution states, one or more corresponding patch locations may be determined based on a code location of the plurality of code locations where the at least one security violation each of the one or more patch conditions occurred. At least one candidate patch for the at least one security violation may be automatically generated. The at least one candidate patch may include one of the patch conditions and one of the corresponding patch locations.