Publication Type

Journal Article

Version

acceptedVersion

Publication Date

1-2021

Abstract

There have been numerous studies on mining temporal specifications from execution traces. These approaches learn finite-state automata (FSA) from execution traces when running tests. To learn accurate specifications of a software system, many tests are required. Existing approaches generalize from a limited number of traces or use simple test generation strategies. Unfortunately, these strategies may not exercise uncommon usage patterns of a software system. To address this problem, we propose a new approach, adversarial specification mining, and develop a prototype, DICE (Diversity through Counter-Examples). DICE has two components: DICE-Tester and DICE-Miner. After mining Linear Temporal Logic specifications from an input test suite, DICE-Tester adversarially guides test generation, searching for counterexamples to these specifications to invalidate spurious properties. These counterexamples represent gaps in the diversity of the input test suite. This process produces execution traces of usage patterns that were unrepresented in the input test suite. Next, we propose a new specification inference algorithm, DICE-Miner, to infer FSAs using the traces, guided by the temporal specifications. We find that the inferred specifications are of higher quality than those produced by existing state-of-the-art specification miners. Finally, we use the FSAs in a fuzzer for servers of stateful protocols, increasing its coverage.

Keywords

specification mining, search-based test generation, fuzzing

Discipline

Databases and Information Systems | Software Engineering

Research Areas

Data Science and Engineering

Publication

ACM Transactions on Software Engineering and Methodology

Volume

30

Issue

2

First Page

1

Last Page

40

ISSN

1049-331X

Identifier

10.1145/3424307

Publisher

Association for Computing Machinery (ACM)

Download

Share

COinS