Leveraging test generation and specification mining for automated bug detection without false positives

Pradel,

doi:10.1109/icse.2012.6227185

Cited by 48 publications

(42 citation statements)

References 45 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The high overall quality of the inferred models can aid a variety of software development tasks including API understanding [2,16], debugging, test generation [33], and runtime fault detection [21,37]. For example, during debugging a programmer can analyze whether a given library is invoked as expected.…”

Section: Discussionmentioning

confidence: 99%

“…For example, during debugging a programmer can analyze whether a given library is invoked as expected. Similarly, an inferred TEMI model that exhibits high recall (i.e., that is complete) can help to detect invocations that violate the library's protocol [37], while avoiding spurious warnings.…”

Section: Discussionmentioning

confidence: 99%

“…This, in turn, depends on the quality of the input executions, which are inherently partial. It has been observed previously that techniques that infer FSMs from observed executions suffer from inaccuracies [29,36,37]. On the other hand, with one notable exception [16], techniques that identify invariants capture restrictions on sequences of method invocations only implicitly.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Automatic mining of specifications from invocation traces and method invariants

Krka

Brun

Medvidović

2014

Proceedings of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering

View full text Add to dashboard Cite

Software library documentation often describes the APIs of individual methods, but does not capture the intended protocols and method interactions. This can cause developers to misuse the library by invoking its methods out of sequence, while also restricting effective runtime detection of protocol violations and automated verification of the client code. Specification mining, if accurate, can help mitigate these problems. There are two classes of specification mining techniques: one that observes library executions, and another that identifies internal-state invariants. Unfortunately, models inferred by these state-of-the-art techniques often suffer from inaccuracies. In this paper, we aim to improve the quality of mined specifications in order to facilitate API understanding, test generation, and verification tasks. To that end, we combine the two classes of techniques in two novel ways, producing a pair of new model-inference techniques. We find that our new techniques improve significantly upon the state-of-the-art when applied to nine off-the-shelf libraries, increasing the precision of the inferred models by 4% and the recall by 41% on average. Additionally, we find that our approach automatically exposes both behavior that avoids raising exceptions and good-practice rules that capture proper library use, while being robust to noisy inputs.

show abstract

Section: Discussionmentioning

confidence: 99%

Section: Discussionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Automatic mining of specifications from invocation traces and method invariants

Krka

Brun

Medvidović

2014

Proceedings of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering

View full text Add to dashboard Cite

show abstract

“…[57] is an example of neural reasoning for knowledge base. For programs, even though all non-trivial properties are undecidable, formal methods can be viewed as an approximation with pure mathematical deduction, often giving the guarantee of either no false-positive, or no false-negative, which may be important to program analysis [58]. For now, it seems hard to combine these two techniques, but once they were combined, it would be beneficial for both.…”

Section: B Integrating Prior About Programs To Network Architecturesmentioning

confidence: 99%

Building Program Vector Representations for Deep Learning

Peng

Mou

et al. 2015

Knowledge Science, Engineering and Management

101

View full text Add to dashboard Cite

Abstract-Deep learning has made significant breakthroughs in various fields of artificial intelligence. Advantages of deep learning include the ability to capture highly complicated features, weak involvement of human engineering, etc. However, it is still virtually impossible to use deep learning to analyze programs since deep architectures cannot be trained effectively with pure back propagation. In this pioneering paper, we propose the "coding criterion" to build program vector representations, which are the premise of deep learning for program analysis. Our representation learning approach directly makes deep learning a reality in this new field. We evaluate the learned vector representations both qualitatively and quantitatively. We conclude, based on the experiments, the coding criterion is successful in building program representations. To evaluate whether deep learning is beneficial for program analysis, we feed the representations to deep neural networks, and achieve higher accuracy in the program classification task than "shallow" methods, such as logistic regression and the support vector machine. This result confirms the feasibility of deep learning to analyze programs. It also gives primary evidence of its success in this new field. We believe deep learning will become an outstanding technique for program analysis in the near future.

show abstract

“…For example, calling peek() on java.util.Stack without a preceding push() gives an EmptyStackException, and calling next() on java.util.Iterator without checking whether there is a next element with hasNext() can result in a NoSuchElementException. API clients that violate such protocols do not obtain the desired behaviors and may even crash the program [1].…”

mentioning

confidence: 99%

Distributed API Protocol Mining

Deng

Zhang

Wei

et al. 2017

International Conferences on Software Engineering and Knowledge Engineering

View full text Add to dashboard Cite

Abstract-Dynamic Protocol Mining (DPM) techniques are a promising approach to infer useful API protocols automatically. However, their results are biased to input test cases and the instrumentation overhead discounts their usability in industrial practice. In this paper, we propose a distributed dynamic protocol mining framework NSpecMiner. Our framework is based on a client-server architecture, where the client tracer gathers Program Execution Traces (PETs) and sends them to the server for mining. Mined protocols are saved on the server to provide various kinds of remote services, such as API protocol retrieval and program verification, etc. Compared with local miners, NSpecMiner has many advantages: 1) A large number of diverse PETs are likely to be collected from multiple clients, which is essential for mining accurate and complete API protocols. 2) Instrumentation overhead can be balanced among multiple clients. 3) Via integrating the client tracer into widely used software, we can mine API protocols transparently and automatically without any human effort. To evaluate our technique, we performed a comparison test with a local miner ISpecMiner and NSpecMiner. Preliminary results show that our approach is effective to mine useful API protocols as local miners. While our method is able to gather PETs concurrently from multiple clients and other merits of the distributed technology will further benefit DPM significantly. Keywords

show abstract

Leveraging test generation and specification mining for automated bug detection without false positives

Cited by 48 publications

References 45 publications

Automatic mining of specifications from invocation traces and method invariants

Automatic mining of specifications from invocation traces and method invariants

Building Program Vector Representations for Deep Learning

Distributed API Protocol Mining

Contact Info

Product

Resources

About