Adversarial specification mining
There have been numerous studies on mining temporal specifications from execution traces. These approaches learn finite-state automata (FSA) from execution traces when running tests. To learn accurate specifications of a software system, many tests are required. Existing approaches generalize from a...
Saved in:
| Main Authors: | , |
|---|---|
| Format: | text |
| Language: | English |
| Published: |
Institutional Knowledge at Singapore Management University
2021
|
| Subjects: | |
| Online Access: | https://ink.library.smu.edu.sg/sis_research/6758 https://ink.library.smu.edu.sg/context/sis_research/article/7761/viewcontent/2103.15350.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Singapore Management University |
| Language: | English |
| id |
sg-smu-ink.sis_research-7761 |
|---|---|
| record_format |
dspace |
| spelling |
sg-smu-ink.sis_research-77612022-01-27T10:41:23Z Adversarial specification mining KANG, Hong Jin LO, David There have been numerous studies on mining temporal specifications from execution traces. These approaches learn finite-state automata (FSA) from execution traces when running tests. To learn accurate specifications of a software system, many tests are required. Existing approaches generalize from a limited number of traces or use simple test generation strategies. Unfortunately, these strategies may not exercise uncommon usage patterns of a software system. To address this problem, we propose a new approach, adversarial specification mining, and develop a prototype, DICE (Diversity through Counter-Examples). DICE has two components: DICE-Tester and DICE-Miner. After mining Linear Temporal Logic specifications from an input test suite, DICE-Tester adversarially guides test generation, searching for counterexamples to these specifications to invalidate spurious properties. These counterexamples represent gaps in the diversity of the input test suite. This process produces execution traces of usage patterns that were unrepresented in the input test suite. Next, we propose a new specification inference algorithm, DICE-Miner, to infer FSAs using the traces, guided by the temporal specifications. We find that the inferred specifications are of higher quality than those produced by existing state-of-the-art specification miners. Finally, we use the FSAs in a fuzzer for servers of stateful protocols, increasing its coverage. 2021-01-01T08:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/6758 info:doi/10.1145/3424307 https://ink.library.smu.edu.sg/context/sis_research/article/7761/viewcontent/2103.15350.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University specification mining search-based test generation fuzzing Databases and Information Systems Software Engineering |
| institution |
Singapore Management University |
| building |
SMU Libraries |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
SMU Libraries |
| collection |
InK@SMU |
| language |
English |
| topic |
specification mining search-based test generation fuzzing Databases and Information Systems Software Engineering |
| spellingShingle |
specification mining search-based test generation fuzzing Databases and Information Systems Software Engineering KANG, Hong Jin LO, David Adversarial specification mining |
| description |
There have been numerous studies on mining temporal specifications from execution traces. These approaches learn finite-state automata (FSA) from execution traces when running tests. To learn accurate specifications of a software system, many tests are required. Existing approaches generalize from a limited number of traces or use simple test generation strategies. Unfortunately, these strategies may not exercise uncommon usage patterns of a software system. To address this problem, we propose a new approach, adversarial specification mining, and develop a prototype, DICE (Diversity through Counter-Examples). DICE has two components: DICE-Tester and DICE-Miner. After mining Linear Temporal Logic specifications from an input test suite, DICE-Tester adversarially guides test generation, searching for counterexamples to these specifications to invalidate spurious properties. These counterexamples represent gaps in the diversity of the input test suite. This process produces execution traces of usage patterns that were unrepresented in the input test suite. Next, we propose a new specification inference algorithm, DICE-Miner, to infer FSAs using the traces, guided by the temporal specifications. We find that the inferred specifications are of higher quality than those produced by existing state-of-the-art specification miners. Finally, we use the FSAs in a fuzzer for servers of stateful protocols, increasing its coverage. |
| format |
text |
| author |
KANG, Hong Jin LO, David |
| author_facet |
KANG, Hong Jin LO, David |
| author_sort |
KANG, Hong Jin |
| title |
Adversarial specification mining |
| title_short |
Adversarial specification mining |
| title_full |
Adversarial specification mining |
| title_fullStr |
Adversarial specification mining |
| title_full_unstemmed |
Adversarial specification mining |
| title_sort |
adversarial specification mining |
| publisher |
Institutional Knowledge at Singapore Management University |
| publishDate |
2021 |
| url |
https://ink.library.smu.edu.sg/sis_research/6758 https://ink.library.smu.edu.sg/context/sis_research/article/7761/viewcontent/2103.15350.pdf |
| _version_ |
1770576059756969984 |