Mining specifications using nested words

Parameter mining of traces identifies formal properties that describe a program's dynamic behaviour. These properties are useful for developers to understand programs, to identify defects, and, in general, to reason about them. The dynamic behavior of programs typically follows a distinct pattern of calls and returns. Prior work uses general logic to identify properties from a given set of templates. Consequently, either the properties are inadequate since the logic is not expressive enough, or the approach fails to scale due to the generality of the logic. This paper uses nested words and nested word automata that are especially well suited for describing the dynamic behaviour of a program. Specifically, these nested words can describe pre/post conditions and inter-procedural data-flow and have constant memory requirements. We propose a framework for mining properties that are in the form of nested words from system traces. As a part of the framework, we propose a novel scalable algorithm optimized for mining nested words. The framework is evaluated on traces from real world applications.

[1]  Yuriy Brun,et al.  Automatic mining of specifications from invocation traces and method invariants , 2014, SIGSOFT FSE.

[2]  Siau-Cheng Khoo,et al.  QUARK: Empirical Assessment of Automaton-based Specification Miners , 2006, 2006 13th Working Conference on Reverse Engineering.

[3]  Yuriy Brun,et al.  Inferring models of concurrent systems from logs of their behavior with CSight , 2014, ICSE.

[4]  General LTL Specification Mining , 2015 .

[5]  Mira Mezini,et al.  Ieee Transactions on Software Engineering 1 Automated Api Property Inference Techniques , 2022 .

[6]  Stavros Tripakis,et al.  Learning Moore machines from input–output traces , 2016, International Journal on Software Tools for Technology Transfer.

[7]  James R. Larus,et al.  Mining specifications , 2002, POPL '02.

[8]  Leonardo Mariani,et al.  Automatic generation of software behavioral models , 2008, 2008 ACM/IEEE 30th International Conference on Software Engineering.

[9]  Sebastian Fischmeister,et al.  Mining timed regular expressions from system traces , 2016, SoftwareMining@ASE.

[10]  Qihan Luo,et al.  Cross-Site Scripting Attacks in Social Network APIs , 2013 .

[11]  R. Alur,et al.  Adding nesting structure to words , 2006, JACM.

[12]  Leonardo Mariani,et al.  GK-Tail+ An Efficient Approach to Learn Software Models , 2017, IEEE Transactions on Software Engineering.

[13]  Chao Liu,et al.  Mining past-time temporal rules from execution traces , 2008, WODA '08.

[14]  George S. Avrunin,et al.  Patterns in property specifications for finite-state verification , 1999, Proceedings of the 1999 International Conference on Software Engineering (IEEE Cat. No.99CB37002).

[15]  Edsger W. Dijkstra,et al.  Letters to the editor: go to statement considered harmful , 1968, CACM.

[16]  Masahiro Fujita,et al.  Dynamic property mining for embedded software , 2012, CODES+ISSS.

[17]  Jochen Hoenicke,et al.  Nested interpolants , 2010, POPL '10.

[18]  Claude Castelluccia,et al.  Code injection attacks on harvard-architecture devices , 2008, CCS.

[19]  Zhendong Su,et al.  Online inference and enforcement of temporal properties , 2010, 2010 ACM/IEEE 32nd International Conference on Software Engineering.

[20]  Andreas Zeller,et al.  Generating test cases for specification mining , 2010, ISSTA '10.

[21]  Ivan Beschastnikh,et al.  General LTL Specification Mining (T) , 2015, 2015 30th IEEE/ACM International Conference on Automated Software Engineering (ASE).

[22]  Runtime Verification , 2010, Lecture Notes in Computer Science.

[23]  David Lo,et al.  Beyond support and confidence: Exploring interestingness measures for rule-based specification mining , 2015, 2015 IEEE 22nd International Conference on Software Analysis, Evolution, and Reengineering (SANER).

[24]  Manuvir Das,et al.  Perracotta: mining temporal API rules from imperfect traces , 2006, ICSE.

[25]  Jochen Hoenicke,et al.  Automated Program Verification , 2015, LATA.

[26]  E. Mark Gold,et al.  Complexity of Automaton Identification from Given Data , 1978, Inf. Control..

[27]  Brij Bhooshan Gupta,et al.  Cross-Site Scripting (XSS) attacks and defense mechanisms: classification and state-of-the-art , 2017, Int. J. Syst. Assur. Eng. Manag..