Behind the implementation of Singapore’s Smart Nation Initiative are programmers working hard at developing software for a myriad of applications. Code debugging — a colloquial term used to identify and remove errors from computer software code — is a major focus in this effort. In fact, it has been estimated that software developers spend half of their time debugging software, which translates to $312 billion per year. Automating the debugging process would improve efficiency of programmers, in addition to saving development costs.

At the forefront of this emerging field is Professor Abhik Roychoudhury, a recipient of the Ministry of Education’s AcRF Tier 3 grant for his research on Automated Program Repair. Automated program repair allows the identification and rectification of software errors and vulnerabilities to be performed in an automated manner — an approach that would not only improve a programmer’s productivity, but could also help to fix security vulnerabilities in real-time. For example, the ability to identify and patch vulnerabilities before they are exploited by hackers or those with malicious intent, may enable developers to gain the upper hand in securing online systems.

In addition, Prof Roychoudhury and his team are also conducting research to find vulnerabilities in computer programs by combining black-box or grey-box fuzzing with symbolic execution approaches. Fuzzing is a technique used for software testing, where invalid or unexpected inputs are generated to allow users to detect coding errors and security loopholes automatically. Using black-box or grey-box fuzzing techniques, inputs are automatically generated with little to no knowledge of the computer program itself.