EvoSpex: An Evolutionary Algorithm for Learning Postconditions

TL;DR

EvoSpex uses a genetic algorithm to automatically generate accurate and strong postcondition assertions for Java methods, improving software reliability analysis by inferring specifications where they are missing.

Contribution

This paper introduces EvoSpex, a novel evolutionary algorithm-based technique for automatically inferring method postconditions in Java, outperforming existing automated approaches.

Findings

Generated postconditions are stronger and more accurate.

The technique infers rich postconditions similar to manual specifications.

It successfully reproduces contracts for synthesized class methods.

Abstract

Software reliability is a primary concern in the construction of software, and thus a fundamental component in the definition of software quality. Analyzing software reliability requires a specification of the intended behavior of the software under analysis, and at the source code level, such specifications typically take the form of assertions. Unfortunately, software many times lacks such specifications, or only provides them for scenario-specific behaviors, as assertions accompanying tests. This issue seriously diminishes the analyzability of software with respect to its reliability. In this paper, we tackle this problem by proposing a technique that, given a Java method, automatically produces a specification of the method's current behavior, in the form of postcondition assertions. This mechanism is based on generating executions of the method under analysis to obtain valid pre/post state pairs, mutating these pairs to obtain (allegedly) invalid ones, and then using a genetic algorithm to produce an assertion that is satisfied by the valid pre/post pairs, while leaving out the invalid ones. The technique, which targets in particular methods of reference-based class implementations, is assessed on a benchmark of open source Java projects, showing that our genetic algorithm is able to generate post-conditions that are stronger and more accurate, than those generated by related automated approaches, as evaluated by an automated oracle assessment tool. Moreover, our technique is also able to infer an important part of manually written rich postconditions in verified classes, and reproduce contracts for methods whose class implementations were automatically synthesized from specifications.