research-article

Hybrid learning: interface generation through static, dynamic, and symbolic analysis

Authors:
Falk Howar

CMU, USA

CMU, USA
View Profile

,
Dimitra Giannakopoulou

NASA Ames Research Center, USA

NASA Ames Research Center, USA
View Profile

,
Zvonimir Rakamarić

University of Utah, USA

University of Utah, USA
View Profile

ISSTA 2013: Proceedings of the 2013 International Symposium on Software Testing and AnalysisJuly 2013Pages 268–279https://doi.org/10.1145/2483760.2483783

Published:15 July 2013Publication History

ISSTA 2013: Proceedings of the 2013 International Symposium on Software Testing and Analysis

Pages 268–279

ABSTRACT

This paper addresses the problem of efficient generation of component interfaces through learning. Given a white-box component C with specified unsafe states, an interface captures safe orderings of invocations of C's public methods. In previous work we presented Psyco, an interface generation framework that combines automata learning with symbolic component analysis: learning drives the framework in exploring different combinations of method invocations, and symbolic analysis computes method guards corresponding to constraints on the method parameters for safe execution. In this work we propose solutions to the two main bottlenecks of Psyco. The explosion of method sequences that learning generates to validate its computed interfaces is reduced through partial order reduction resulting from a static analysis of the component. To avoid scalability issues associated with symbolic analysis, we propose novel algorithms that are primarily based on dynamic, concrete component execution, while resorting to symbolic analysis on a limited, as needed, basis. Dynamic execution enables the introduction of a concept of state matching, based on which our proposed approach detects, in some cases, that it has exhausted the exploration of all component behaviors. On the other hand, symbolic analysis is enhanced with symbolic summaries. Our new approach, X-Psyco, has been implemented in the Java PathFinder (JPF) software model checking platform. We demonstrated the effectiveness of X-Psyco on a number of realistic software components by generating more complete and precise interfaces than was previously possible.

References

F. Aarts, B. Jonsson, and J. Uijen. Generating models of infinite-state communication protocols using regular inference with abstraction. In International Conference on Testing Software and Systems (ICTSS), pages 188–204, 2010. Google ScholarDigital Library
Circuit—simple J2ME game. http://gamesdev.wordpress.com/2008/11/03/ circuit-simple-j2me-game/.Google Scholar
R. Alur, P. Cern´ y, P. Madhusudan, and W. Nam. Synthesis of interface specifications for Java classes. In ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL), pages 98–109, 2005. Google ScholarDigital Library
G. Ammons, R. Bod´ık, and J. R. Larus. Mining specifications. In ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL), pages 4–16, 2002. Google ScholarDigital Library
S. Anand, C. S. Păsăreanu, and W. Visser. Symbolic execution with abstract subsumption checking. In International conference on Model Checking Software (SPIN), pages 163–181, 2006. Google ScholarDigital Library
D. Angluin. Learning regular sets from queries and counterexamples. Information and Computation, 75(2):87–106, 1987. Google ScholarDigital Library
S. Burckhardt, C. Dern, M. Musuvathi, and R. Tan. Line-up: A complete and automatic linearizability checker. In ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), pages 330–340, 2010. Google ScholarDigital Library
S. Chaki and O. Strichman. Three optimizations for assume-guarantee reasoning with L*. Formal Methods in System Design (FMSD), 32(3):267–284, 2008. Google ScholarDigital Library
Y.-F. Chen, E. M. Clarke, A. Farzan, M.-H. Tsai, Y.-K. Tsay, and B.-Y. Wang. Automated assume-guarantee reasoning through implicit learning. In International Conference on Computer Aided Verification (CAV), pages 511–526, 2010. Google ScholarDigital Library
Y.-F. Chen, A. Farzan, E. M. Clarke, Y.-K. Tsay, and B.-Y. Wang. Learning minimal separating DFA’s for compositional verification. In International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS), pages 31–45, 2009. Google ScholarDigital Library
C. Y. Cho, D. Babi´ c, P. Poosankam, K. Z. Chen, E. X. Wu, and D. Song. MACE: Model-inference-assisted concolic exploration for protocol and vulnerability discovery. In USENIX Security Symposium, 2011. Google ScholarDigital Library
L. A. Clarke. A system to generate test data and symbolically execute programs. IEEE Transactions on Software Engineering, 2:215–222, 1976. Google ScholarDigital Library
L. de Moura and N. Bjørner. Z3: An eﬃcient SMT solver. In International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS), pages 337–340, 2008.Google ScholarDigital Library
M. Gheorghiu, D. Giannakopoulou, and C. S. Pasareanu. Refining interface alphabets for compositional verification. In International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS), pages 292–307, 2007. Google ScholarDigital Library
D. Giannakopoulou and C. S. Pasareanu. Interface generation and compositional verification in JavaPathfinder. In International Conference on Fundamental Approaches to Software Engineering (FASE), pages 94–108, 2009. Google ScholarDigital Library
D. Giannakopoulou, Z. Rakamari´ c, and V. Raman. Symbolic learning of component interfaces. In International Static Analysis Symposium (SAS), pages 248–264, 2012. Google ScholarDigital Library
P. Godefroid, N. Klarlund, and K. Sen. DART: directed automated random testing. In ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), pages 213–223, 2005. Google ScholarDigital Library
Guava: Google core libraries. http://code.google.com/p/guava-libraries/.Google Scholar
A. Gupta, K. L. McMillan, and Z. Fu. Automated assumption generation for compositional verification. In International Conference on Computer Aided Verification (CAV), pages 420–432, 2007. Google ScholarDigital Library
T. A. Henzinger, R. Jhala, and R. Majumdar. Permissive interfaces. In European Software Engineering Conference (ESEC) held jointly with ACM SIGSOFT International Symposium on Foundations of Software Engineering (FSE), pages 31–40, 2005. Google ScholarDigital Library
F. Howar, B. Steffen, and M. Merten. Automata learning with automated alphabet abstraction refinement. In International Conference on Verification, Model Checking, and Abstract Interpretation (VMCAI), pages 263–277, 2011. Google ScholarDigital Library
S. Joshi, S. K. Lahiri, and A. Lal. Underspecified harnesses and interleaved bugs. In ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL), pages 19–30, 2012. Google ScholarDigital Library
JPF (Java Pathfinder). http://babelfish.arc.nasa.gov/trac/jpf.Google Scholar
J. C. King. Symbolic execution and program testing. Communications of the ACM, 19(7):385–394, 1976. Google ScholarDigital Library
D. Lorenzoli, L. Mariani, and M. Pezzè. Automatic generation of software behavioral models. In International Conference on Software Engineering (ICSE), pages 501–510, 2008. Google ScholarDigital Library
M. Merten, B. Steffen, F. Howar, and T. Margaria. Next generation LearnLib. In International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS), pages 220–223, 2011. Google ScholarDigital Library
C. S. Pasareanu, D. Giannakopoulou, M. G. Bobaru, J. M. Cobleigh, and H. Barringer. Learning to divide and conquer: applying the L* algorithm to automate assume-guarantee reasoning. Formal Methods in System Design (FMSD), 32(3):175–205, 2008. Google ScholarDigital Library
R. L. Rivest and R. E. Schapire. Inference of finite automata using homing sequences. Information and Computation, 103(2):299–347, 1993. Google ScholarDigital Library
K. Sen, D. Marinov, and G. Agha. CUTE: A concolic unit testing engine for C. In European Software Engineering Conference (ESEC) held jointly with ACM SIGSOFT International Symposium on Foundations of Software Engineering (FSE), pages 263–272, 2005. Google ScholarDigital Library
R. Singh, D. Giannakopoulou, and C. S. Pasareanu. Learning component interfaces with may and must abstractions. In International Conference on Computer Aided Verification (CAV), pages 527–542, 2010. Google ScholarDigital Library
B. Steffen, F. Howar, and M. Merten. Introduction to active automata learning from a practical perspective. In Formal Methods for Eternal Networked Software Systems (SFM), pages 256–296, 2011.Google ScholarCross Ref
O. Tkachuk. OCSEGen. http://code.google.com/p/envgen/.Google Scholar
O. Tkachuk. OCSEGen: Open components and systems environment generator. In ACM SIGPLAN International Workshop on the State Of the Art in Java Program Analysis (SOAP), 2013. To appear.Google ScholarDigital Library
O. Tkachuk and M. B. Dwyer. Adapting side effects analysis for modular program model checking. In European Software Engineering Conference (ESEC) held jointly with ACM SIGSOFT International Symposium on Foundations of Software Engineering (FSE), pages 188–197, 2003. Google ScholarDigital Library
J. Whaley, M. C. Martin, and M. S. Lam. Automatic extraction of object-oriented component interfaces. In International Symposium on Software Testing and Analysis (ISSTA), pages 218–228, 2002. Google ScholarDigital Library
T. Xie, D. Marinov, W. Schulte, and D. Notkin. Symstra: a framework for generating object-oriented unit tests using symbolic execution. In International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS), pages 365–381, 2005. Google ScholarDigital Library

Index Terms

Hybrid learning: interface generation through static, dynamic, and symbolic analysis
1. Software and its engineering
  1. Software creation and management

Recommendations

Combining static analysis error traces with dynamic symbolic execution (experience paper)
ISSTA 2022: Proceedings of the 31st ACM SIGSOFT International Symposium on Software Testing and Analysis

This paper reports on our experience implementing a technique for sifting through static analysis reports using dynamic symbolic execution. Our insight is that if a static analysis tool produces a partial trace through the program under analysis, ...
Read More
Directed test generation using symbolic grammars
ESEC-FSE companion '07: The 6th Joint Meeting on European software engineering conference and the ACM SIGSOFT symposium on the foundations of software engineering: companion papers

We present CESI, an algorithm that combines exhaustive enumeration of test inputs from a structured domain with symbolic execution driven test generation. CESI is a hybrid of two predominant techniques: specification-based enumerative test generation (...
Read More
Veritesting Challenges in Symbolic Execution of Java

Scaling symbolic execution to industrial-sized programs is an important open research problem. Veritesting is a promising technique that improves scalability by combining the advantages of static symbolic execution with those of dynamic symbolic ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
ISSTA 2013: Proceedings of the 2013 International Symposium on Software Testing and Analysis
July 2013
381 pages
ISBN:9781450321594
DOI:10.1145/2483760
General Chair:
Mauro Pezzè,
Program Chair:
Mark Harman
Copyright © 2013 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 15 July 2013
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
Concolic Execution
Dynamic Analysis
Interfaces
Learning
Software Components
Static Analysis
Qualifiers
- research-article
Conference

Acceptance Rates
Overall Acceptance Rate58of213submissions,27%
Upcoming Conference
ISSTA '24

Sponsor:

sigsoft

33rd ACM SIGSOFT International Symposium on Software Testing and Analysis

September 16 - 20, 2024

Vienna , Austria
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 28
  Total Citations
  View Citations
- 274
  Total Downloads
- Downloads (Last 12 months)8
- Downloads (Last 6 weeks)1
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Hybrid learning: interface generation through static, dynamic, and symbolic analysis

ISSTA 2013: Proceedings of the 2013 International Symposium on Software Testing and Analysis

ABSTRACT

References

Cited By

Index Terms

Recommendations

Combining static analysis error traces with dynamic symbolic execution (experience paper)

Directed test generation using symbolic grammars

Veritesting Challenges in Symbolic Execution of Java