SEPIA: Search for Proofs Using Inferred Automata

This paper describes SEPIA, a tool for automated proof generation in Coq. SEPIA combines model inference with interactive theorem proving. Existing proof corpora are modelled using state-based models inferred from tactic sequences. These can then be traversed automatically to identify proofs. The SEPIA system is described and its performance evaluated on three Coq datasets. Our results show that SEPIA provides a useful complement to existing automated tactics in Coq.Comment: To appear at 25th International Conference on Automated Deductio

Guest editorial: special section on software reverse engineering

n/

Learning Concise Models from Long Execution Traces

Abstract models of system-level behaviour have applications in design exploration, analysis, testing and verification. We describe a new algorithm for automatically extracting useful models, as automata, from execution traces of a HW/SW system driven by software exercising a use-case of interest. Our algorithm leverages modern program synthesis techniques to generate predicates on automaton edges, succinctly describing system behaviour. It employs trace segmentation to tackle complexity for long traces. We learn concise models capturing transaction-level, system-wide behaviour--experimentally demonstrating the approach using traces from a variety of sources, including the x86 QEMU virtual platform and the Real-Time Linux kernel

Mining State-Based Models from Proof Corpora

Interactive theorem provers have been used extensively to reason about various software/hardware systems and mathematical theorems. The key challenge when using an interactive prover is finding a suitable sequence of proof steps that will lead to a successful proof requires a significant amount of human intervention. This paper presents an automated technique that takes as input examples of successful proofs and infers an Extended Finite State Machine as output. This can in turn be used to generate proofs of new conjectures. Our preliminary experiments show that the inferred models are generally accurate (contain few false-positive sequences) and that representing existing proofs in such a way can be very useful when guiding new ones.Comment: To Appear at Conferences on Intelligent Computer Mathematics 201

Recursion Aware Modeling and Discovery For Hierarchical Software Event Log Analysis (Extended)

This extended paper presents 1) a novel hierarchy and recursion extension to the process tree model; and 2) the first, recursion aware process model discovery technique that leverages hierarchical information in event logs, typically available for software systems. This technique allows us to analyze the operational processes of software systems under real-life conditions at multiple levels of granularity. The work can be positioned in-between reverse engineering and process mining. An implementation of the proposed approach is available as a ProM plugin. Experimental results based on real-life (software) event logs demonstrate the feasibility and usefulness of the approach and show the huge potential to speed up discovery by exploiting the available hierarchy.Comment: Extended version (14 pages total) of the paper Recursion Aware Modeling and Discovery For Hierarchical Software Event Log Analysis. This Technical Report version includes the guarantee proofs for the proposed discovery algorithm

Incorporating Data into EFSM Inference

This is the author accepted manuscript. The final version is available from Springer Verlag via the DOI in this record17th International Conference, SEFM 2019 Oslo, Norway, September 18–20, 2019Models are an important way of understanding software systems. If they do not already exist, then we need to infer them from system behaviour. Most current approaches infer classical FSM models that do not consider data, thus limiting applicability. EFSMs provide a way to concisely model systems with an internal state but existing inference techniques either do not infer models which allow outputs to be computed from inputs, or rely heavily on comprehensive white-box traces that reveal the internal program state, which are often unavailable. In this paper, we present an approach for inferring EFSM models, including functions that modify the internal state. Our technique uses black-box traces which only contain information visible to an external observer of the system. We implemented our approach as a prototype