There have been numerous studies on mining temporal specifications from execution traces. These approaches learn finite-state automata (FSA) from execution traces when running tests. To learn accurate specifications of a software system, many tests are required. Existing approaches generalize from a limited number of traces or use simple test generation strategies. Unfortunately, these strategies may not exercise uncommon usage patterns of a software system. To address this problem, we propose a new approach, adversarial specification mining, and develop a prototype, Diversity through Counter-examples (DICE). DICE has two components: DICE-Tester and DICE-Miner. After mining Linear Temporal Logic specifications from an input test suite, DICE-Tester adversarially guides test generation, searching for counterexamples to these specifications to invalidate spurious properties. These counterexamples represent gaps in the diversity of the input test suite. This process produces execution traces of usage patterns that were unrepresented in the input test suite. Next, we propose a new specification inference algorithm, DICE-Miner, to infer FSAs using the traces, guided by the temporal specifications. We find that the inferred specifications are of higher quality than those produced by existing state-of-the-art specification miners. Finally, we use the FSAs in a fuzzer for servers of stateful protocols, increasing its coverage.

中文翻译：

---

对抗性规范挖掘

已经有许多关于从执行跟踪中挖掘时间规范的研究。这些方法在运行测试时从执行跟踪中学习有限状态自动机 (FSA)。要了解软件系统的准确规范，需要进行许多测试。现有方法从有限数量的跟踪中推广或使用简单的测试生成策略。不幸的是，这些策略可能不会执行软件系统的不常见使用模式。为了解决这个问题，我们提出了一种新方法，即对抗性规范挖掘，并开发了一个原型，即通过反例的多样性 (DICE)。DICE 有两个组件：DICE-Tes​​ter 和 DICE-Miner。在从输入测试套件中挖掘线性时间逻辑规范后，DICE-Tes​​ter 以对抗方式指导测试生成，寻找这些规范的反例以使虚假属性无效。这些反例代表了输入测试套件多样性的差距。此过程生成输入测试套件中未表示的使用模式的执行跟踪。接下来，我们提出了一种新的规范推断算法 DICE-Miner，在时间规范的指导下使用轨迹推断 FSA。我们发现推断的规格比现有最先进的规格矿工生产的规格质量更高。最后，我们在有状态协议服务器的模糊器中使用 FSA，增加了它的覆盖范围。接下来，我们提出了一种新的规范推断算法 DICE-Miner，在时间规范的指导下使用轨迹推断 FSA。我们发现推断的规格比现有最先进的规格矿工生产的规格质量更高。最后，我们在有状态协议服务器的模糊器中使用 FSA，增加了它的覆盖范围。接下来，我们提出了一种新的规范推断算法 DICE-Miner，在时间规范的指导下使用轨迹推断 FSA。我们发现推断的规格比现有最先进的规格矿工生产的规格质量更高。最后，我们在有状态协议服务器的模糊器中使用 FSA，增加了它的覆盖范围。