TL;DR
This paper introduces adversarial specification mining with DICE, a method that enhances the diversity of execution traces and improves the accuracy of inferred temporal specifications for software systems.
Contribution
It proposes a novel adversarial approach combining test generation and specification inference, leading to higher quality specifications and better coverage in fuzzing.
Findings
DICE produces more accurate FSAs than existing methods.
Adversarial test generation uncovers previously unrepresented usage patterns.
Enhanced specifications improve fuzzing coverage.
Abstract
There have been numerous studies on mining temporal specifications from execution traces. These approaches learn finite-state automata (FSA) from execution traces when running tests. To learn accurate specifications of a software system, many tests are required. Existing approaches generalize from a limited number of traces or use simple test generation strategies. Unfortunately, these strategies may not exercise uncommon usage patterns of a software system. To address this problem, we propose a new approach, adversarial specification mining, and develop a prototype, DICE (Diversity through Counter-Examples). DICE has two components: DICE-Tester and DICE-Miner. After mining Linear Temporal Logic specifications from an input test suite, DICE-Tester adversarially guides test generation, searching for counterexamples to these specifications to invalidate spurious properties. These…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.