Program Repair
Xiang Gao, Yannic Noller, Abhik Roychoudhury
TL;DR
Automated program repair (APR) aims to automatically fix bugs and vulnerabilities by leveraging test suites as specifications. The paper surveys three core APR families—search-based, constraint-based (semantic), and learning-based—faithfully detailing their workflows, capabilities, and the central challenge of patch overfitting. It discusses methods to mitigate overfitting, including test generation, heuristic ranking, semantic analysis, and human in the loop, and reviews the landscape of tools, industrial deployments, and diverse applications in security, development workflows, and education. Finally, it adresses emerging opportunities with language model based code generation and synergies with testing to enhance trust and adoption in real-world software engineering.
Abstract
Automated program repair is an emerging technology which consists of a suite of techniques to automatically fix bugs or vulnerabilities in programs. In this paper, we present a comprehensive survey of the state of the art in program repair. We first study the different suite of techniques used including search based repair, constraint based repair and learning based repair. We then discuss one of the main challenges in program repair namely patch overfitting, by distilling a class of techniques which can alleviate patch overfitting. We then discuss classes of program repair tools, applications of program repair as well as uses of program repair in industry. We conclude the survey with a forward looking outlook on future usages of program repair, as well as research opportunities arising from work on code from large language models.