Automated program repair is an emerging area that attempts to patch software errors and vulnerabilities. In this article, we formulate and study a problem related to automated repair, namely automated patch transplantation. A patch for an error in a donor program is automatically adapted and inserted into a “similar” target program. We observe that despite standard procedures for vulnerability disclosures and publishing of patches, many un-patched occurrences remain in the wild. One of the main reasons is the fact that various implementations of the same functionality may exist and, hence, published patches need to be modified and adapted. In this article, we therefore propose and implement a workflow for transplanting patches. Our approach centers on identifying patch insertion points, as well as namespaces translation across programs via symbolic execution. Experimental results to eliminate five classes of errors highlight our ability to fix recurring vulnerabilities across various programs through transplantation. We report that in 20 of 24 fixing tasks involving eight application subjects mostly involving file processing programs, we successfully transplanted the patch and validated the transplantation through differential testing. Since the publication of patches make an un-patched implementation more vulnerable, our proposed techniques should serve a long-standing need in practice.

中文翻译：

---

自动补丁移植

自动程序修复是尝试修补软件错误和漏洞的新兴领域。在本文中，我们制定并研究了一个与自动化修复相关的问题，即自动化补丁移植。供体程序中的错误补丁会自动调整并插入“类似”目标程序中。我们观察到，尽管有漏洞披露和补丁发布的标准程序，但许多未打补丁的事件仍然存在。主要原因之一是可能存在相同功能的各种实现，因此需要修改和调整已发布的补丁。因此，在本文中，我们提出并实施了移植补丁的工作流程。我们的方法以识别补丁插入点为中心，以及通过符号执行跨程序的名称空间转换。消除五类错误的实验结果突出了我们通过移植修复各种程序中反复出现的漏洞的能力。我们报告说，在涉及 8 个主要涉及文件处理程序的应用程序主题的 24 项修复任务中，我们成功移植了补丁，并通过差异测试验证了移植。由于补丁的发布使未打补丁的实现更容易受到攻击，因此我们提出的技术应该满足实践中长期存在的需求。我们报告说，在涉及 8 个主要涉及文件处理程序的应用程序主题的 24 项修复任务中，我们成功移植了补丁，并通过差异测试验证了移植。由于补丁的发布使未打补丁的实现更容易受到攻击，因此我们提出的技术应该满足实践中长期存在的需求。我们报告说，在涉及 8 个主要涉及文件处理程序的应用程序主题的 24 项修复任务中，我们成功移植了补丁，并通过差异测试验证了移植。由于补丁的发布使未打补丁的实现更容易受到攻击，因此我们提出的技术应该满足实践中长期存在的需求。