公开(公告)号：US20210004470A1

公开(公告)日：2021-01-07

申请号：US16980546

申请日：2018-07-17

Applicant: Google LLC

Inventor： Domagoj Babic ,  Omer Tripp ,  Franjo Ivancic ,  Sam Kerner ,  Markus Kusano ,  Timothy King ,  Stefan Bucur ,  Wei Wang ,  László Szekeres

IPC: G06F21/57 ,  G06F8/658 ,  G06F11/36

Abstract: Aspects of the disclosure provide for automatically generating patches for security violations. For example, a plurality of inputs may be generated for code. The code may be executed using the plurality of inputs to obtain execution states at a plurality of code locations. The execution states may include at least one security violation for at least some of the plurality of inputs. Using the execution states, one or more patch conditions causing the at least one security violation may be determined. Using the execution states, one or more corresponding patch locations may be determined based on a code location of the plurality of code locations where the at least one security violation each of the one or more patch conditions occurred. At least one candidate patch for the at least one security violation may be automatically generated. The at least one candidate patch may include one of the patch conditions and one of the corresponding patch locations.

公开(公告)号：US12182269B2

公开(公告)日：2024-12-31

申请号：US16980546

申请日：2018-07-17

Applicant: Google LLC

Inventor： Domagoj Babic ,  Omer Tripp ,  Franjo Ivancic ,  Sam Kerner ,  Markus Kusano ,  Timothy King ,  Stefan Bucur ,  Wei Wang ,  László Szekeres

IPC: G06F21/57 ,  G06F8/658 ,  G06F11/36

Abstract: Aspects of the disclosure provide for automatically generating patches for security violations. For example, a plurality of inputs may be generated for code. The code may be executed using the plurality of inputs to obtain execution states at a plurality of code locations. The execution states may include at least one security violation for at least some of the plurality of inputs. Using the execution states, one or more patch conditions causing the at least one security violation may be determined. Using the execution states, one or more corresponding patch locations may be determined based on a code location of the plurality of code locations where the at least one security violation each of the one or more patch conditions occurred. At least one candidate patch for the at least one security violation may be automatically generated. The at least one candidate patch may include one of the patch conditions and one of the corresponding patch locations.