Inferring Extended Finite State Machine models from software executions

Walkinshaw, Neil; Taylor, Ramsay; Derrick, John

doi:10.1109/wcre.2013.6671305

Cited by 24 publications

(18 citation statements)

References 25 publications

(30 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Whereas this is reasonably straightforward for Java systems and the Erlang systems used in our case studies, there are classes of system for which obtaining such a trace can be difficult. As an example, for the PoolBoy system used in our initial evaluation [51], the variables are recorded as Strings, but actually correspond to nested lists or fixed tuples of process identifiers. To enable the inference of models from such systems, it is invariably necessary to re-code the traces to a more suitable abstraction (as discussed in Section 2.1.1).…”

Section: Discussionmentioning

confidence: 99%

“…One approach which we adopted in our initial experiments [51] involved introducing small code changes (mutations) to the program code to change its behaviour. The approach we have subsequently adopted for the experiments in this paper involved the provision of a manually selected set of trace mutations, and applying them to the sets of traces to yield negative traces.…”

Section: Synthesis Of Negative Tracesmentioning

confidence: 99%

“…We used this approach to generate negative traces for a preliminary study of our work [51], using the MAJOR mutation framework [27] for Java classes, and a custom mutation tool based on Wrangler [33] for the Erlang programs.…”

Section: Synthesis Of Negative Tracesmentioning

confidence: 99%

See 2 more Smart Citations

Inferring extended finite state machine models from software executions

2015

Self Cite

View full text Add to dashboard Cite

The ability to reverse-engineer models of software behaviour is valuable for a wide range of software maintenance, validation and verification tasks. Current reverse-engineering techniques focus either on control-specific behaviour (e.g., in the form of Finite State Machines), or data-specific behaviour (e.g., as pre / post-conditions or invariants). However, typical software behaviour is usually a product of the two; models must combine both aspects to fully represent the software's operation. Extended Finite State Machines (EFSMs) provide such a model. Although attempts have been made to infer EFSMs, these have been problematic. The models inferred by these techniques can be non-deterministic, the inference algorithms can be inflexible, and only applicable to traces with specific characteristics. This paper presentsWe thank Ivo Krka at the University of Southern California for providing us with some of the traces for the evaluation. Ramsay Taylor and John Derrick are supported by the EU FP7 PROWESS projects. Neil Walkinshaw is grateful for the support provided by the UK Ministry of Defence (MOD) through the BATS and HASTE projects. Information contained in this document should not be interpreted as representing the views of the MOD, nor should it be assumed that it reflects any current or future MOD policy. The information cannot supersede any statutory or contractual requirements or liabilities and is offered without prejudice or commitment.

show abstract

Section: Discussionmentioning

confidence: 99%

Section: Synthesis Of Negative Tracesmentioning

confidence: 99%

See 1 more Smart Citation

Inferring extended finite state machine models from software executions

2015

Self Cite

View full text Add to dashboard Cite

show abstract

“…There is also been more recent work on software reverseengineering using regular inference [5] and even EFSM inference with help of machine learning [14].…”

Section: Related Workmentioning

confidence: 99%

Model extraction and test generation from JUnit test suites

2018

View full text Add to dashboard Cite

In this paper we describe how to infer state machine models of systems from legacy unit test suites, and how to generate new tests from those models. The novelty of our approach is to combine control dependencies and data dependencies in the same model, in contrast to most other work in this area. Combining both kinds of dependency helps us to build more expressive models, which in turn allows us to produce smarter tests. We illustrate those techniques with examples from our implementation, the James tool, designed to apply these techniques in practice to Java code and tests.

show abstract

“…This analysis guarantees that, when we merge two states, they represent the same context and, therefore, any paths from these states, however long they might be, are always valid at the defined level of abstraction. The work presented in [58] describes an iterative approach to build EFSMs from a combination of names of events (function calls or I/O events) and values of some variables. They use a data classifier technique to classify each event according to a class of values.…”

Section: Related Workmentioning

confidence: 99%

Using contexts to extract models from code

2015

View full text Add to dashboard Cite

Behaviour models facilitate the understanding and analysis of software systems by providing an abstract view of their behaviours and also by enabling the use of validation and verification techniques to detect errors. However, depending on the size and complexity of these systems, constructing models may not be a trivial task, even for experienced developers. Model extraction techniques can automatically obtain models from existing code, thus reducing the effort and expertise required of engineers and helping avoid errors often present in manually constructed models. Existing approaches for model extraction often fail to produce faithful models, either because they only consider static information, which may include infeasible behaviours, or because they are based only on dynamic information, thus relying on observed executions, which usually results in incomplete models. This paper describes a model extraction approach based on the concept of contexts, which are abstractions of concrete states of a program, combining static and dynamic information. Contexts merge some of the advantages of using either type of information and, by their combination, can overcome some of their problems. The approach is partially implemented by a tool called LTS Extractor (LTSE), which translates information collected from execution traces produced by instrumented Java code to Labelled Transition Systems (LTS), which can be analysed in an existing verification tool. Results from case studies are presented and discussed, showing that, considering a level of abstraction and a set of execution traces, the produced models are correct descriptions of the programs from which they were extracted. Thus, they can be used for a variety of analyses, such as program understanding, validation, verification, and evolution.

show abstract

Inferring Extended Finite State Machine models from software executions

Cited by 24 publications

References 25 publications

Inferring extended finite state machine models from software executions

Inferring extended finite state machine models from software executions

Model extraction and test generation from JUnit test suites

Using contexts to extract models from code

Contact Info

Product

Resources

About