Nan Zhang,Bin Yu,Cong Tian,Zhenhua Duan,Xiaoshuai Yuan

DOI: https://doi.org/10.1016/j.tcs.2020.12.032

IF: 1.002

2021-01-01

Theoretical Computer Science

Abstract:This paper proposes a dynamic approach of specification mining for Propositional Projection Temporal Logic (PPTL). To this end, a pattern library is built to collect some common temporal relation among events. Further, several algorithms of specification mining for PPTL are designed. With our approach, PPTL specifications are mined from a trace set of a target program by using patterns in the library. In addition, a specification mining tool PPTLMiner supporting this approach is developed. In practice, given a trace set and user selected patterns, PPTLMiner can capture PPTL specifications of target programs.

Xinya Ning,Nan Zhang,Zhenhua Duan,Cong Tian

DOI: https://doi.org/10.1016/j.tcs.2022.09.032

IF: 1.002

2022-01-01

Theoretical Computer Science

Abstract:A formal specification is a formal description of system requirements, which is a necessity for formal verification. Due to various reasons, some systems lack of formal specifications. Compared with CTL and LTL, Propositional Projection Temporal Logic (PPTL) has a full regular expressive power. Accordingly, a pattern-library-based PPTL specification mining tool PPTLMiner [1] is able to dig out a better expression of system specification. However, there's still some room for improvement in PPTLMiner, such as deep recursion, high time complexity and space complexity, which limit the use of PPTLMiner in practical applications. Therefore, in this paper, a new PPTL specification mining approach based on Labeled Normal Form Graph (LNFG) is proposed and a supporting tool PPTLMiner+ is also developed. Finally, a specification mining example using PPTLMiner+ is given to illustrate the effectiveness and practicality of the new approach. In this example, a typical algorithm in Swarm Intelligence-Bee Colony Algorithm is selected as a target program, and the working order of EmployedBees, OnlookerBees and ScoutBees is obtained using PPTLMiner+. Further, PPTLMiner+ is compared with PPTLMiner as well as the classical linear specification mining tool Texada [2], [3] in terms of time and memory to illustrate the effectiveness and practicability of the proposed method.

David Lo,Siau-Cheng Khoo,Chao Liu

DOI: https://doi.org/10.4018/978-1-60566-758-4.ch013

2010-01-01

Abstract:Specification mining is a process of extracting specifications, often from program execution traces. These specifications can in turn be used to aid program understanding, monitoring and verification. There are a number of dynamic-analysis-based specification mining tools in the literature, however none so far extract past time temporal expressions in the form of rules stating: “whenever a series of events occur, previously another series of events happened before”. Rules of this format are commonly found in practice and useful for various purposes. Most rule-based specification mining tools only mine future-time temporal expression. Many past-time temporal rules like “whenever a resource is used, it was allocated before” are asymmetric as the other direction does not holds. Hence, there is a need to mine past-time temporal rules. In this chapter, the authors describe an approach to mine significant rules of the above format occurring above a certain statistical thresholds from program execution traces. The approach start from a set of traces, each being a sequence of events (i.e., method invocations) and resulting in a set of significant rules obeying minimum thresholds of support and confidence. A rule compaction mechanism is employed to reduce the number of reported rules significantly. Experiments on traces of JBoss Application Server and Jeti instant messaging application shows the utility of our approach in inferring interesting past-time temporal rules.

David Lo,Siau-Cheng Khoo,Chao Liu

DOI: https://doi.org/10.1145/1401827.1401838

2008-01-01

Abstract:Specification mining is a process of extracting specifications, often from program execution traces. These specifications can in turn be used to aid program understanding, monitoring and verification. There are a number of dynamic-analysis-based specification mining tools in the literature, however none so far extract past time temporal expressions in the form of rules stating: "whenever a series of events occurs, previously another series of events has happened". Rules of this format are commonly found in practice and useful for various purposes. Most rule-based specification mining tools only mine future-time temporal expression. Many past-time temporal rules like "whenever a resource is used, it was allocated before" are asymmetric as the other direction does not holds. Hence, there is a need to mine past-time temporal rules. In this paper, we describe an approach to mine significant rules of the above format occurring above a certain statistical thresholds from program execution traces. The approach start from a set of traces, each being a sequence of events (i.e., method invocations) and resulting in a set of significant rules obeying minimum thresholds of support and confidence. A rule compaction mechanism is employed to reduce the number of reported rules significantly. Experiments on traces of JBoss Application Server shows the utility of our approach in inferring interesting past-time temporal rules.

Ziying Dai,Xiaoguang Mao,Liqian Chen,Yan Lei,Yi Zhang

DOI: https://doi.org/10.1109/ISSREW.2013.6688847

2013-01-01

Abstract:In contemporary software development practice, programmers reuse components by invoking their APIs to construct large systems. These APIs often involve constraints on the temporal order of method calls. For the example of the file usage, a programmer should first open a file, then read and/or write its content, and at last close it. Trying to read a closed file will cause exceptions to be thrown. Such constraints are often represented as a finite state machine (FSM) with a set of related events (typically method calls) as its alphabet. A set of events are related if interactions among them possibly obey some meaningful temporal specifications. In recent years, various specification mining techniques have been developed to automatically mine API specifications from API client programs [1]. A typical API specification miner conceptually has three steps. First, it decide which events are related. Second, different interactions among related events (which are sub-traces and sample strings of the specification FSM) are extracted either from source code of client programs or from their execution traces. Third, extracted interactions are passed to customized or off-the-shelf FSM learners which generalize these sample sub-traces to recover the specification FSM.

Jia Lv,Jing Ying,Minghui Wu,Tao Jiang,Fanwei Zhu

DOI: https://doi.org/10.1109/ssiri.2009.20

2009-01-01

Abstract:The behavior model of traditional temporal logic is closed and symmetrical, while the behavior model of aspect-oriented programs is open and asymmetrical. When the programmer designs the base-code, he is not sure what aspects will be woven to it. It is indirect and difficult to specify and verify the behavior of aspect-oriented programs by using traditional temporal logic. In this paper, we propose a new temporal logic named open temporal logic, which introduced some new path operators and one new temporal operator. Since paths are divided into two kinds: internal parts and external parts, the behavioral model of open temporal logic is open and asymmetrical. Base on open temporal logic and the proof system of traditional rely-guarantee method, a new proof system is given to verify the behavior of aspect-oriented programs.

Zhuo CHEN,Bingru YANG,Faguo ZHOU,Liana LI

DOI: https://doi.org/10.3969/j.issn.1008-0562.2009.04.024

2009-01-01

Abstract:In order to extract connotative pattern for scientific decision-making,identify the qualitative temporal patterns from the multiple time series and have a comprehensive understanding on the evolution of the system,a new mining model for multiple time series is proposed based on temporal logic. Firstly,the multiple time series are transformed into multiple event sequences,and then temporal relative pattern in multiple event sequences is defined using a subset of ITL relation. Secondly,the multiple state sequences are synthesized into one state sequence,and then the frequency pattern mining algorithm is applied to discover the frequency time series in multiple time series. The proposed model is useful in time series mining,and expends the capacity of existing time series mining system. The case study shows that the proposed model is valid and has advantages.

Qian Wu,Guang-Tai Liang,Qian-Xiang Wang,Hong Mei

DOI: https://doi.org/10.1007/s11390-011-1201-0

2011-01-01

Abstract:Temporal specifications for Application Programming Interfaces (APIs) serve as an important basis for many defect detection tools. As these specifications are often not well documented, various approaches have been proposed to automatically mine specifications typically from API library source code or from API client programs. However, the library-based approaches take substantial computational resources and produce rather limited useful specifications, while the client-based approaches suffer from high false positive rates. To address the issues of existing approaches, we propose a novel specification mining approach, called MineHEAD, which exploits heterogeneous API data, including information from API client programs as well as API library source code and comments, to produce effective specifications for defect detection with low cost. In particular, MineHEAD first applies client-based specification mining to produce a collection of candidate specifications, and then exploits the related library source code and comments to identify and refine the real specifications from the candidates. Our evaluation results on nine open source projects show that MineHEAD produces effective specifications with average precision of 97.2%.

Hao Zhong,Lu Zhang,Hong Mei

DOI: https://doi.org/10.1109/apsec.2008.53

2008-01-01

Abstract:Temporal specifications can describe the legal call sequences of API libraries. With these specifications, verification tools can find defects in existing clients automatically. However, temporal specifications are often not provided due to the high cost of writing them manually or being out-of-date due to the rapid evolution of software. As API clients contain many usages of libraries including temporal rules, various approaches have been proposed to automatically mine temporal specifications from these clients. Typically, only a small part of the mined specifications are real specifications because the generated traces from clients are quite large and polluted. In this paper, we analyze four types of unwanted method calls that are not useful for mining, and we refer to these method calls as polluting method calls. As these method calls are not useful for mining, it is desirable to filter out them as early as possible. To address the problem, we develop a tool, named mining accurate temporal specifications (MATS), that filters out most of the preceding polluting method calls before traces are generated. Our experiments show that with these filtering techniques, the specifications mined by MATS are more accurate than without these filtering techniques. Our experiments also show the detailed impacts of MATS¿s filtering techniques. The results provide further insight on how and why MATS improves existing specification mining.

Xingxing Pi,Jianqi Shi,Yanhong Huang,Hansheng Wei

DOI: https://doi.org/10.1007/978-3-030-29563-9_8

2019-01-01

Abstract:Bridging the gap between natural language requirements (NLR) and precise formal specifications is a crucial task of knowledge engineering. Software system development has become more complex in recent years, and it includes many requirements in different domains that users need to understand. Many of these requirements are expressed in natural language, which may be incomplete and ambiguous. However, the formal language with its rigorous semantics may accurately represent certain temporal logic properties and allow for automatic validation analysis. It is difficult for software engineers to understand the formal temporal logic from numerous requirements. In this paper, we propose a novel method to automatically mine the linear temporal logic (LTL) from the natural language requirements and check the consistency among different formal properties. We use natural language processing (NLP) to parse requirement sentences and map syntactic dependencies to LTL formulas by using our extraction rules. Also, we apply the automata-based model checking to assess the correctness and consistency of the extracted properties. Through implementation and case studies, we demonstrate that our approach is well suited to deal with the temporal logic requirements upon which the natural language is based.

D. Lo,Siau-Cheng Khoo,Chao Liu

2007-01-01

Abstract:Software evolution incurs difficulties in program comprehension and software verification, and hence increases the cost of software maintenance. In this study, we propose a novel technique, to mine from program execution traces a sound and complete set of statistically significant temporal rules of arbitrary lengths. The extracted temporal rules reveal invariants that the program observes, and will consequently guide developers to understand the program behaviors, and facilitate all downstream applications like verifications. Different from previous studies that are restricted to mining two-event rules (e.g., 〈lock〉 → 〈unlock〉), our algorithm discovers rules of arbitrary lengths. Furthermore, in order to facilitate downstream applications, we represent the mined rules as temporal logic, so that existing model checkers or other formal analysis toolkits can readily consume our mining results. We performed case studies on JBoss Application Server (JBoss AS) and a buggy Concurrent Versions System (CVS) application, and the result clearly demonstrates the usefulness of our technique in recovering underlying program designs and detecting bugs.

Zhiyu Liu,Meng Jiang,Hai Lin

DOI: https://doi.org/10.48550/arXiv.2007.08451

2020-07-17

Abstract:We aim to enable an autonomous robot to learn new skills from demo videos and use these newly learned skills to accomplish non-trivial high-level tasks. The goal of developing such autonomous robot involves knowledge representation, specification mining, and automated task planning. For knowledge representation, we use a graph-based spatial temporal logic (GSTL) to capture spatial and temporal information of related skills demonstrated by demo videos. We design a specification mining algorithm to generate a set of parametric GSTL formulas from demo videos by inductively constructing spatial terms and temporal formulas. The resulting parametric GSTL formulas from specification mining serve as a domain theory, which is used in automated task planning for autonomous robots. We propose an automatic task planning based on GSTL where a proposer is used to generate ordered actions, and a verifier is used to generate executable task plans. A table setting example is used throughout the paper to illustrate the main ideas.

Artificial Intelligence,Robotics,Systems and Control

Ye Liu,Yi Li,Cyrille Artho,Yixuan Liu

2024-03-20

Abstract:Smart contracts are computer programs running on blockchains to implement Decentralized Applications.The absence of contract specifications hinders routine tasks, such as contract understanding and testing. Inthis work, we propose a specification mining approach to infer contract specifications from past transactionhistories. Our approach derives high-level behavioral automata of function invocations, accompanied byprogram invariants statistically inferred from the transaction histories. We implemented our approach as toolSmConand evaluated it on eleven well-studied Azure benchmark smart contracts and six popular real-worldDApp smart contracts. The experiments show thatSmConmines reasonably accurate specifications that canbe used to facilitate DApp understanding and development in terms of document maintenance and test suite improvement.

Software Engineering

David Lo,Siau-Cheng Khoo,Chao Liu

DOI: https://doi.org/10.1002/smr.375

2008-01-01

Abstract:Software evolution incurs difficulties in program comprehensionand software verification, and hence it increases the cost ofsoftware maintenance. In this study, we propose a novel techniqueto mine from program execution traces a sound and complete set ofstatistically significant temporal rules of arbitrary lengths. Theextracted temporal rules reveal invariants that the programobserves, and will consequently guide developers to understand theprogram behaviors, and facilitate all downstream applications suchas verification and debugging. Different from previous studies thatwere restricted to mining two-event rules (e.g., (lock)→(unlock)), our algorithm discovers rules of arbitrarylengths. In order to facilitate downstream applications, werepresent the mined rules as temporal logic expressions, so thatexisting model checkers or other formal analysis toolkit canreadily consume our mining results. Performance studies onbenchmark data sets and a case study on an industrial system havebeen performed to show the scalability and utility of our approach.We performed case studies on JBoss application server and a buggyconcurrent versions system application, and the result clearlydemonstrates the usefulness of our technique in recoveringunderlying program designs and detecting bugs. Copyright ©2008 John Wiley & Sons, Ltd.This work was done while the author was with School ofComputing, National University of Singapore.

Gaia Saveri,Luca Bortolussi

2024-05-23

Abstract:The integration of cyber-physical systems (CPS) into everyday life raises the critical necessity of ensuring their safety and reliability. An important step in this direction is requirement mining, i.e. inferring formally specified system properties from observed behaviors, in order to discover knowledge about the system. Signal Temporal Logic (STL) offers a concise yet expressive language for specifying requirements, particularly suited for CPS, where behaviors are typically represented as time series data. This work addresses the task of learning STL requirements from observed behaviors in a data-driven manner, focusing on binary classification, i.e. on inferring properties of the system which are able to discriminate between regular and anomalous behaviour, and that can be used both as classifiers and as monitors of the compliance of the CPS to desirable specifications. We present a novel framework that combines Bayesian Optimization (BO) and Information Retrieval (IR) techniques to simultaneously learn both the structure and the parameters of STL formulae, without restrictions on the STL grammar. Specifically, we propose a framework that leverages a dense vector database containing semantic-preserving continuous representations of millions of formulae, queried for facilitating the mining of requirements inside a BO loop. We demonstrate the effectiveness of our approach in several signal classification applications, showing its ability to extract interpretable insights from system executions and advance the state-of-the-art in requirement mining for CPS.

Machine Learning

Ding Pan,Yan Pan

DOI: https://doi.org/10.1109/ICMLC.2006.258553

2006-01-01

Abstract:Mass processing request has made temporal data mining a vital branch of data mining field. A general framework for temporal knowledge discovery is proposed to define primary concepts in first-order linear temporal logic. The sequence is transformed firstly into liner ordered sequence of events consisted of basic strings. The framework represents a rule in quasi-Horn clause, defines the measures of the first-order formula valuating on a linear state structure, generates the estimator sequence of the measures based on a session model, quantifies the novelty of the discovered rules in terms of deviations among the rules using dynamic time warping distance function, and proves the relevant properties of the concepts. A process model of continuous data mining is developed, based on the session model.

Shaowei Wang,David Lo,Lingxiao Jiang,Shahar Maoz,Aditya Budi

DOI: https://doi.org/10.1016/b978-0-12-411519-4.00021-5

2015-01-01

Abstract:Mining specifications from logs of execution traces has attracted much research effort in recent years since the mined specifications, such as program invariants, temporal rules, association patterns, or various behavioral models, may be used to improve program documentation, comprehension, and verification. At the same time, a major challenge faced by most specification mining algorithms is related to their scalability, specifically when dealing with many large execution traces. To address this challenge, we present a general, distributed specification mining algorithm that can parallelize and distribute repetitive specification mining tasks across multiple computers to achieve speedup proportional to the number of machines used. This general algorithm is designed on the basis of our observation that most specification mining algorithms are data and memory intensive while computationally repetitive. To validate the general algorithm, we instantiate it with five existing sequential specification mining algorithms (CLIPPER, Daikon, k-tails, LM, and Perracotta) on a particular distributed computing model (MapReduce) and one of its implementations (Hadoop) to create five parallelized specification mining algorithms, and demonstrate the much improved scalability of the algorithms over many large traces ranging from 41 MB to 157 GB collected from seven DaCapo benchmark programs. Our evaluation shows that our parallelized Perracotta running on four machines (using up to eight CPU cores in total) speeds up the original sequential one by 3-18 times; The other four sequential algorithms are unable to complete analyzing the large traces, while our parallelized versions can complete the analysis and gain performance improvement by using more machines and cores. We believe that our general, distributed algorithm fits many specification mining algorithms well, and can be instantiated with them to gain more performance improvement and scalability improvement.

Ziying Dai,Xiaoguang Mao,Yan Lei,Liqian Chen

DOI: https://doi.org/10.1109/wcre.2013.6671291

2013-01-01

Abstract:Specifications play an important role in many software engineering activities. Despite their usefulness, formal specifications are often unavailable in practice. Specification mining techniques try to automatically recover specifications from existing programs. Unfortunately, mined specifications are often overly general, which hampers their applications in the downstream analysis and testing. Nowadays, programmers develop software systems by utilizing existing components that usually have some available specifications. However, benefits of these available specifications are not explored by current specification miners. In this paper, we propose an approach to leverage available specifications of subcomponents to improve the precision of specifications of the composite component mined by state-based mining techniques. We monitor subcomponents against their specifications during the mining process and use states that are reached to construct abstract states of the composite component. Our approach makes subcomponents' states encoded within their specifications visible to their composite component, and improves the precision of mined specifications by effectively increasing the number of their states. The empirical evaluation shows that our approach can significantly improve the precision of mined specifications by removing erroneous behavior without noticeable loss of recall.

Ning Ge,Jinwen Yang,Tianyu Yu,Wei Liu

DOI: https://doi.org/10.1109/ICECCS59891.2023.00018

2023-01-01

Abstract:A smart legal contract is a legally binding contract in which some or all of the contractual obligations are defined and performed automatically by a computer program. As its software requirement, the legal contract is composed of legal clauses expressing the execution logic and time constraints between events in natural language. When formally verifying a smart legal contract to ensure the requirements’ conformance, it is necessary to translate the time-constrained functional requirements (TFRs) into property specifications like Metric temporal logic (MTL) as the input of a model checker. Instead of costly and error-prone manual writing, this work automates the TFR detection and the specification generation using deep learning, named AutoMTL-Spec. We separate the MTL specification generation approach into four tasks: TFR detection, intermediate representation structure extraction, event sequence/time point extraction, and MTL generation, respectively. We construct a dataset including 43 contracts of four categories, 4608 terms, and 277 TFRs. The experimental results showed that all three models significantly outperform the baselines. Most of the indicators of the three learning tasks reached near to or more than 90%.

Calvin Deutschbein

DOI: https://doi.org/10.48550/arXiv.2108.09249

2021-08-20

Cryptography and Security

Abstract:Specification mining offers a solution by automating security specification for hardware. Specification miners use a form of machine learning to specify behaviors of a system by studying a system in execution. However, specification mining was first developed for use with software. Complex hardware designs offer unique challenges for this technique. Further, specification miners traditionally capture functional specifications without a notion of security, and may not use the specification logics necessary to describe some security requirements. This work demonstrates specification mining for hardware security. On CISC architectures such as x86, I demonstrate that a miner partitioning the design state space along control signals discovers a specification that includes manually defined properties and, if followed, would secure CPU designs against Memory Sinkhole and SYSRET privilege escalation. For temporal properties, I demonstrate that a miner using security specific linear temporal logic (LTL) templates for specification detection may find properties that, if followed, would secure designs against historical documented security vulnerabilities and against potential future attacks targeting system initialization. For information--flow hyperproperties, I demonstrate that a miner may use Information Flow Tracking (IFT) to develop output properties containing designer specified information--flow security properties as well as properties that demonstrate a design does not contain certain Common Weakness Enumerations (CWEs).