PoC+ Test
Quick Answer
A PoC+ test is a patch-validation artifact that extends a vulnerability proof-of-concept from a crash witness into a behavior witness: it asserts not only that the original PoC input no longer triggers the bug, but also what the patched program should output, return, or raise on that input. Introduced by PVBench, PoC+ tests are used to distinguish real fixes from crash-suppression or specification-violating patches in automated vulnerability repair.
PoC+ Test
A PoC+ test, also called a behavior-witness test, is a patch-validation artifact used in automated vulnerability repair (AVR) to check whether a candidate patch actually fixes a bug rather than merely suppressing its crash. Where an ordinary proof-of-concept asserts only "this input used to trigger the vulnerability," a PoC+ test additionally asserts what the patched program should do on that same input — the expected output, intermediate state, return value, error code, or raised exception. The construct was introduced by PVBench (arXiv 2026) and operationalized as a defender's validation layer in agentic patch validation for AVR.
PoC+ is narrower than differential testing or specification validation: it is a single behavior assertion bound to one PoC-derived input, designed to catch crash-suppression and check-circumvention patches that pass build-plus-PoC-non-reproduction screens.