This repository shows the source code of paper Well Begun is Half Done: Location-Aware and Trace-Guided Iterative Automated Vulnerability Repair (ICSE 2026 Distinguished Paper Award).
LoopRepair improves iterative repair strategies by Location-Aware and Trace-Guided strageties.
Method 1: Download docker image (Recomend)
docker pull fino2020/looprepair:v1.0
Method 2: Build from source code Please go to CrashRepair project to download the docker images. And the original VulnLoc dataset is provided by VulnLoc.
git clone https://github.com/nus-apr/CrashRepair.git
cd CrashRepair
./scripts/install
It is worth noting that some projects should be executed with special version (project version):
spdlog==v1.12.0
z3==z3-4.13.4
pegtl==main
Please git checkout to the special version of these three project when install VulnLoc+ dataset. Otherwise, this dataset project will error. For example:
git clone https://github.com/gabime/spdlog.git
cd spdlog # enter the spdlog directory
git checkout v1.12.0
Futhermore, the built crepair:aio image from this method is 24.6GB in size, so please check that the installed image is correct.
Base Environment:
This project is built in docker enviroment under WSL2 (Specifically Ubuntu 22.04) with Python 3.9.11 (using Anaconda). So, please:
- Install Ubuntu 22.04 (I'm not sure whether other Ubuntu version is OK, but this version is suitable) by yourself.
- Install docker under Ubuntu 22.04.
Step 1: Download our LoopRepair project to path/to/looprepair. The path/to/looprepair is the directory path of your project location, replace it using your own path, the same as following Steps.
Step 2: If you have installed this docker image, use the following code to create the container. Replacing path/to/looprepair using your own directory path.
docker run --name LoopRepair -v path/to/looprepair/results:/results -v path/to/looprepair/logs:/logs -v path/to/looprepair/src:/looprepair -t fino2020/looprepair:v1.0
Step 3: Use the following code to get into the container.
docker exec -it fino2020/looprepair:v1.0 bash
Step 4: Install the Anaconda3. wget the Anaconda3-2024.02-1-Linux-x86_64.sh by yourself and install Anaconda3.
- Download Anaconda3.
wget https://mirrors.tuna.tsinghua.edu.cn/anaconda/archive/Anaconda3-2024.02-1-Linux-x86_64.sh - Install Anaconda3 and skip the documentation.
bash Anaconda3-2024.02-1-Linux-x86_64.sh -b -p $HOME/anaconda3 - Add the Anaconda environment variable.
vim ~/.bashrc - Add these two lines into the bottom of the
~/.bashrcfile.export PATH="/root/anaconda3/bin":$PATH source /root/anaconda3/bin/activate - update ~/.bashrc file.
source ~/.bashrc - Check whether conda is installed.
conda -V
Step 5: Create a vitual environment.
conda create -n looprepair python=3.9.11
conda activate looprepair
Step 6: pip install these packages that needed. Add -i https://mirrors.tuna.tsinghua.edu.cn/pypi/web/simple some-package if you need.
cd looprepair
pip install -r requirements.txt -i https://mirrors.tuna.tsinghua.edu.cn/pypi/web/simple some-package
Step 7: Add OpenAI base_url and api_key in Lines 12, 13, and 15 in LLMRepair.py.
openai.api_key = ""
openai.base_url = ""
api_model = "gpt-4o-mini" # you can change the model name here.
Step 8: Run repair. Noting that copy the /data/ directory first using cp /data/ /data_bak/, because the original program will be modified if you terminate.
- Noting that
copythe/data/directory first.cp -r /data/ /data_bak/ - Run looprepair.
python run.py - After every time you run or terminate the
run.py, remove/data/directory and replace it using/data_bakdirectory. This step aim to keep the program the same as original program.rm -rf /data/ cp /data_bak/ /data/
If you have any questions, feel free to raise an issue and contact me.
Lastly, our project is an improvement based on the CrashRepair project, and we would like to thank Ridwan Shariffdeen and other contributors for their contributions to the original project.