Synergizing Specification Miners through Model Fissions and Fusions (T)

Le, Tien-Duy B.; Le, Xuan-Bach D.; Lo, David; Beschastnikh, Ivan

doi:10.1109/ase.2015.83

Cited by 35 publications

(20 citation statements)

References 35 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…APE uses Synoptic [9] to convert observed execution traces into a finite state machine (FSM) model of the target's behavior. (While APE could instead use other model-inference algorithms [6], [7], [8], [20], [23], [25], [32], [37], [39], [40], [41], [42], [43], [48], our experience showed that Synoptic model's enforcement of observed temporal invariants leads to sufficiently precise models for APE's purposes.) Each path through the FSM model represents an execution, in terms of the sequence of messages sent and received by APE.…”

Section: Introductionmentioning

confidence: 79%

“…APE uses predictive model inference to abstract the observed executions into a concise and predictive model. In general, inferring the most concise model from observed examples is NP-complete [1], [17], [26], and most modelinference algorithms approximate a solution [6], [7], [8], [9], [10], [15], [20], [22], [23], [25], [31], [32], [34], [37], [39], [42], [47], [49].…”

Section: Rq1: How Quickly Does Ape Find Vulnerabilities In Tracker?mentioning

confidence: 99%

See 1 more Smart Citation

Discovering specification violations in networked software systems

Walls

Bruii

Liberatore

et al. 2015

2015 IEEE 26th International Symposium on Software Reliability Engineering (ISSRE)

View full text Add to dashboard Cite

Publicly released software implementations of network protocols often have bugs that arise from latent specification violations. We present APE, a technique that explores program behavior to identify potential specification violations. APE overcomes the challenge of exploring the large space of behavior by dynamically inferring precise models of behavior, stimulating unobserved behavior likely to lead to violations, and refining the behavioral models with the new, stimulated behavior. APE can (1) discover new specification violations, (2) verify that violations are removed, (3) identify related violations in other versions and implementations of the protocols, and (4) generate tests. APE works on binaries and requires a lightweight description of the protocol's network messages and a violation characteristic. We use APE to rediscover the known heartbleed bug in OpenSSL, and discover one unknown bug and two unexpected uses of three popular BitTorrent clients. Manual inspection of APE-produced artifacts reveals four additional, previously unknown specification violations in OpenSSL and μTorrent.

show abstract

Section: Introductionmentioning

confidence: 79%

Section: Rq1: How Quickly Does Ape Find Vulnerabilities In Tracker?mentioning

confidence: 99%

Discovering specification violations in networked software systems

Walls

Bruii

Liberatore

et al. 2015

2015 IEEE 26th International Symposium on Software Reliability Engineering (ISSRE)

View full text Add to dashboard Cite

show abstract

“…Also, Rahman et al [55] used static bug-finding to improve the performance of statistical defect prediction (and vice versa). Le et al [34] proposed SpecForge that combines different automaton based specification miners using model fission and model fusion in order to create a more effective specification miner. Kellogg et al [32] presents N-Prog that combines static bug detection and test case generation to avoid unnecessary human effort.…”

Section: Other Related Studiesmentioning

confidence: 99%

Network-Clustered Multi-Modal Bug Localization

Hoang

Oentaryo

et al. 2019

IIEEE Trans. Software Eng.

Self Cite

View full text Add to dashboard Cite

Developers often spend much effort and resources to debug a program. To help the developers debug, numerous information retrieval (IR)-based and spectrum-based bug localization techniques have been devised. IR-based techniques process textual information in bug reports, while spectrum-based techniques process program spectra (i.e., a record of which program elements are executed for each test case). While both techniques ultimately generate a ranked list of program elements that likely contain a bug, they only consider one source of information-either bug reports or program spectrawhich is not optimal. In light of this deficiency, this paper presents a new approach dubbed Network-clustered Multi-modal Bug Localization (NetML), which utilizes multi-modal information from both bug reports and program spectra to localize bugs. NetML facilitates an effective bug localization by carrying out a joint optimization of bug localization error and clustering of both bug reports and program elements (i.e., methods). The clustering is achieved through the incorporation of network Lasso regularization, which incentivizes the model parameters of similar bug reports and similar program elements to be close together. To estimate the model parameters of both bug reports and methods, NetML employs an adaptive learning procedure based on Newton method that updates the parameters on a per-feature basis. Extensive experiments on 355 real bugs from seven software systems have been conducted to benchmark NetML against various state-of-the-art localization methods. The results show that NetML surpasses the best-performing baseline by 31.82%, 22.35%, 19.72%, and 19.24%, in terms of the number of bugs successfully localized when a developer inspects the top 1, 5, and 10 methods and Mean Average Precision (MAP), respectively.

show abstract

“…Also, our approach requires complete specifications in order to completely ensure the soundness of generated patches. We expect that employing advances in specification inference and mining could help reduce this burden [10]. Future work would be to use the history of bug fixes to mine specifications of past patches and inform the future patch generation process in a way that generated patches are likely to conform to desired behaviours.…”

Section: Preliminary Evaluationmentioning

confidence: 99%

Enhancing Automated Program Repair with Deductive Verification

et al. 2016

2016 IEEE International Conference on Software Maintenance and Evolution (ICSME)

Self Cite

View full text Add to dashboard Cite

Abstract-Automated program repair (APR) is a challenging process of detecting bugs, localizing buggy code, generating fix candidates and validating the fixes. Effectiveness of program repair methods relies on the generated fix candidates, and the methods used to traverse the space of generated candidates to search for the best ones. Existing approaches generate fix candidates based on either syntactic searches over source code or semantic analysis of specification, e.g., test cases. In this paper, we propose to combine both syntactic and semantic fix candidates to enhance the search space of APR, and provide a function to effectively traverse the search space. We present an automated repair method based on structured specifications, deductive verification and genetic programming. Given a function with its specification, we utilize a modular verifier to detect bugs and localize both program statements and sub-formulas in the specification that relate to those bugs. While the former are identified as buggy code, the latter are transformed as semantic fix candidates. We additionally generate syntactic fix candidates via various mutation operators. Best candidates, which receives fewer warnings via a static verification, are selected for evolution though genetic programming until we find one satisfying the specification. Another interesting feature of our proposed approach is that we efficiently ensure the soundness of repaired code through modular (or compositional) verification. We implemented our proposal and tested it on C programs taken from the SIR benchmark that are seeded with bugs, achieving promising results.

show abstract

Synergizing Specification Miners through Model Fissions and Fusions (T)

Cited by 35 publications

References 35 publications

Discovering specification violations in networked software systems

Discovering specification violations in networked software systems

Network-Clustered Multi-Modal Bug Localization

Enhancing Automated Program Repair with Deductive Verification

Contact Info

Product

Resources

About