There have been numerous studies on mining temporal specifications from execution traces. These approaches learn finite-state automata (FSA) from execution traces when running tests. To learn accurate specifications of a software system, many tests are required. Existing approaches generalize from a limited number of traces or use simple test generation strategies. Unfortunately, these strategies may not exercise uncommon usage patterns of a software system. To address this problem, we propose a new approach, adversarial specification mining, and develop a prototype, DICE (Diversity through Counter-Examples). DICE has two components: DICE-Tester and DICE-Miner. After mining Linear Temporal Logic specifications from an input test suite, DICE-Tester adversarially guides test generation, searching for counterexamples to these specifications to invalidate spurious properties. These counterexamples represent gaps in the diversity of the input test suite. This process produces execution traces of usage patterns that were unrepresented in the input test suite. Next, we propose a new specification inference algorithm, DICE-Miner, to infer FSAs using the traces, guided by the temporal specifications. We find that the inferred specifications are of higher quality than those produced by existing state-of-the-art specification miners. Finally, we use the FSAs in a fuzzer for servers of stateful protocols, increasing its coverage.
翻译:有关采矿时间规格的多项研究来自执行痕迹。 这些方法在测试时从执行痕迹中学习有限状态自动地图(FSA) 。 要了解软件系统的准确规格,需要进行许多测试。 现有方法从有限的痕迹中泛化现有方法,或使用简单的测试生成战略。 不幸的是,这些战略可能不会使用软件系统的不寻常使用模式。 为了解决这一问题,我们提议了一种新的方法,即对抗性规格采矿,并开发了一种原型,即DICE(通过反抽样的多样化)。 DICE有两个组成部分: DICE-Tester 和 DICE-Miner。 在从输入测试套套件中开采线性线性线性逻辑规格后,需要进行许多测试。 DICE-Tester 对抗性指南测试生成,寻找这些规格的反样例,以否定虚假的特性。 这些反样例代表了输入测试套件中的多样性差距。 为了解决这个问题,我们提出了一个新的规格,即DICE-miner, 使用新的规格, 将FSA 系统系统现有规格的质量比现有规格更高。 我们发现,根据时间规格的规格的规格,我们用的是FSFISA 。
相关内容
微信扫码咨询专知VIP会员