Counterexample-Guided Inductive Repair of Reactive Contracts

Soha Hussein; Sanjai Rayadurgam; Stephen McCamant; Vaibhav Sharma; Mats Heimdahl

doi:10.1145/3524482.3527650

Counterexample-Guided Inductive Repair of Reactive Contracts

Soha Hussein, Sanjai Rayadurgam, Stephen McCamant, Vaibhav Sharma, Mats Heimdahl

Computer Science and Engineering

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

1 Scopus citations

Abstract

Executable implementations are ultimately the only dependable representations of a software component's behavior. Incorporating such a component in a rigorous model-based development of reactive systems poses challenges since a formal contract over its behaviors will have to be crafted for system verification. Simply hypothesizing a contract based on informal descriptions of the component is problematic: if it is too weak, we may fail in verifying valid system-level contracts; if it is too strong or simply erroneous, the system may fail in operation. Thus, establishing a valid and strong enough contract is crucially important.In this paper, we propose to repair the invalid hypothesized contract by replacing one or more of its sub-expressions with newly composed expressions, such that the new contract holds over the implementation. To this effect, we present a novel, sound, semantically minimal, and under reasonable assumptions terminating, and complete counterexample-guided general-purpose algorithm for repairing contracts. We implemented and evaluated our technique on more than 4,000 mutants with various complexities generated from 29 valid contracts for 4 non-trivial Java reactive components. Results show a successful repair rate of 81.51%, with 20.72% of the repairs matching the manually written contracts and 60.79% of the repairs describing non-trivial valid contracts.

Original language	English (US)
Title of host publication	Proceedings - IEEE/ACM 10th International Conference on Formal Methods in Software Engineering, FormaliSE 2022
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	46-57
Number of pages	12
ISBN (Electronic)	9781450392877
DOIs	https://doi.org/10.1145/3524482.3527650
State	Published - 2022
Event	10th IEEE/ACM International Conference on Formal Methods in Software Engineering, FormaliSE 2022 - Pittsburgh, United States Duration: May 18 2022 → May 19 2022

Publication series

Name	Proceedings - IEEE/ACM 10th International Conference on Formal Methods in Software Engineering, FormaliSE 2022

Conference

Conference	10th IEEE/ACM International Conference on Formal Methods in Software Engineering, FormaliSE 2022
Country/Territory	United States
City	Pittsburgh
Period	5/18/22 → 5/19/22

Bibliographical note

Funding Information:
Also, the research described in this paper has been supported in part by the National Science Foundation under grant 1563920.

Publisher Copyright:
© 2022 ACM.

Access

10.1145/3524482.3527650

OpenUrl availability

Full text

Cite this

Hussein, S., Rayadurgam, S., McCamant, S., Sharma, V., & Heimdahl, M. (2022). Counterexample-Guided Inductive Repair of Reactive Contracts. In Proceedings - IEEE/ACM 10th International Conference on Formal Methods in Software Engineering, FormaliSE 2022 (pp. 46-57). (Proceedings - IEEE/ACM 10th International Conference on Formal Methods in Software Engineering, FormaliSE 2022). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1145/3524482.3527650

Counterexample-Guided Inductive Repair of Reactive Contracts. / Hussein, Soha; Rayadurgam, Sanjai ; McCamant, Stephen et al.
Proceedings - IEEE/ACM 10th International Conference on Formal Methods in Software Engineering, FormaliSE 2022. Institute of Electrical and Electronics Engineers Inc., 2022. p. 46-57 (Proceedings - IEEE/ACM 10th International Conference on Formal Methods in Software Engineering, FormaliSE 2022).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Hussein, S, Rayadurgam, S , McCamant, S, Sharma, V & Heimdahl, M 2022, Counterexample-Guided Inductive Repair of Reactive Contracts. in Proceedings - IEEE/ACM 10th International Conference on Formal Methods in Software Engineering, FormaliSE 2022. Proceedings - IEEE/ACM 10th International Conference on Formal Methods in Software Engineering, FormaliSE 2022, Institute of Electrical and Electronics Engineers Inc., pp. 46-57, 10th IEEE/ACM International Conference on Formal Methods in Software Engineering, FormaliSE 2022, Pittsburgh, United States, 5/18/22. https://doi.org/10.1145/3524482.3527650

Hussein S, Rayadurgam S , McCamant S, Sharma V, Heimdahl M. Counterexample-Guided Inductive Repair of Reactive Contracts. In Proceedings - IEEE/ACM 10th International Conference on Formal Methods in Software Engineering, FormaliSE 2022. Institute of Electrical and Electronics Engineers Inc. 2022. p. 46-57. (Proceedings - IEEE/ACM 10th International Conference on Formal Methods in Software Engineering, FormaliSE 2022). doi: 10.1145/3524482.3527650

Hussein, Soha ; Rayadurgam, Sanjai ; McCamant, Stephen et al. / Counterexample-Guided Inductive Repair of Reactive Contracts. Proceedings - IEEE/ACM 10th International Conference on Formal Methods in Software Engineering, FormaliSE 2022. Institute of Electrical and Electronics Engineers Inc., 2022. pp. 46-57 (Proceedings - IEEE/ACM 10th International Conference on Formal Methods in Software Engineering, FormaliSE 2022).

@inproceedings{e62973e5bf5f4c21b1d1246a95de35fd,

title = "Counterexample-Guided Inductive Repair of Reactive Contracts",

abstract = "Executable implementations are ultimately the only dependable representations of a software component's behavior. Incorporating such a component in a rigorous model-based development of reactive systems poses challenges since a formal contract over its behaviors will have to be crafted for system verification. Simply hypothesizing a contract based on informal descriptions of the component is problematic: if it is too weak, we may fail in verifying valid system-level contracts; if it is too strong or simply erroneous, the system may fail in operation. Thus, establishing a valid and strong enough contract is crucially important.In this paper, we propose to repair the invalid hypothesized contract by replacing one or more of its sub-expressions with newly composed expressions, such that the new contract holds over the implementation. To this effect, we present a novel, sound, semantically minimal, and under reasonable assumptions terminating, and complete counterexample-guided general-purpose algorithm for repairing contracts. We implemented and evaluated our technique on more than 4,000 mutants with various complexities generated from 29 valid contracts for 4 non-trivial Java reactive components. Results show a successful repair rate of 81.51%, with 20.72% of the repairs matching the manually written contracts and 60.79% of the repairs describing non-trivial valid contracts.",

author = "Soha Hussein and Sanjai Rayadurgam and Stephen McCamant and Vaibhav Sharma and Mats Heimdahl",

note = "Funding Information: Also, the research described in this paper has been supported in part by the National Science Foundation under grant 1563920. Publisher Copyright: {\textcopyright} 2022 ACM.; 10th IEEE/ACM International Conference on Formal Methods in Software Engineering, FormaliSE 2022 ; Conference date: 18-05-2022 Through 19-05-2022",

year = "2022",

doi = "10.1145/3524482.3527650",

language = "English (US)",

series = "Proceedings - IEEE/ACM 10th International Conference on Formal Methods in Software Engineering, FormaliSE 2022",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "46--57",

booktitle = "Proceedings - IEEE/ACM 10th International Conference on Formal Methods in Software Engineering, FormaliSE 2022",

}

TY - GEN

T1 - Counterexample-Guided Inductive Repair of Reactive Contracts

AU - Hussein, Soha

AU - Rayadurgam, Sanjai

AU - McCamant, Stephen

AU - Sharma, Vaibhav

AU - Heimdahl, Mats

PY - 2022

Y1 - 2022

N2 - Executable implementations are ultimately the only dependable representations of a software component's behavior. Incorporating such a component in a rigorous model-based development of reactive systems poses challenges since a formal contract over its behaviors will have to be crafted for system verification. Simply hypothesizing a contract based on informal descriptions of the component is problematic: if it is too weak, we may fail in verifying valid system-level contracts; if it is too strong or simply erroneous, the system may fail in operation. Thus, establishing a valid and strong enough contract is crucially important.In this paper, we propose to repair the invalid hypothesized contract by replacing one or more of its sub-expressions with newly composed expressions, such that the new contract holds over the implementation. To this effect, we present a novel, sound, semantically minimal, and under reasonable assumptions terminating, and complete counterexample-guided general-purpose algorithm for repairing contracts. We implemented and evaluated our technique on more than 4,000 mutants with various complexities generated from 29 valid contracts for 4 non-trivial Java reactive components. Results show a successful repair rate of 81.51%, with 20.72% of the repairs matching the manually written contracts and 60.79% of the repairs describing non-trivial valid contracts.

AB - Executable implementations are ultimately the only dependable representations of a software component's behavior. Incorporating such a component in a rigorous model-based development of reactive systems poses challenges since a formal contract over its behaviors will have to be crafted for system verification. Simply hypothesizing a contract based on informal descriptions of the component is problematic: if it is too weak, we may fail in verifying valid system-level contracts; if it is too strong or simply erroneous, the system may fail in operation. Thus, establishing a valid and strong enough contract is crucially important.In this paper, we propose to repair the invalid hypothesized contract by replacing one or more of its sub-expressions with newly composed expressions, such that the new contract holds over the implementation. To this effect, we present a novel, sound, semantically minimal, and under reasonable assumptions terminating, and complete counterexample-guided general-purpose algorithm for repairing contracts. We implemented and evaluated our technique on more than 4,000 mutants with various complexities generated from 29 valid contracts for 4 non-trivial Java reactive components. Results show a successful repair rate of 81.51%, with 20.72% of the repairs matching the manually written contracts and 60.79% of the repairs describing non-trivial valid contracts.

UR - http://www.scopus.com/inward/record.url?scp=85134046379&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85134046379&partnerID=8YFLogxK

U2 - 10.1145/3524482.3527650

DO - 10.1145/3524482.3527650

M3 - Conference contribution

AN - SCOPUS:85134046379

T3 - Proceedings - IEEE/ACM 10th International Conference on Formal Methods in Software Engineering, FormaliSE 2022

SP - 46

EP - 57

BT - Proceedings - IEEE/ACM 10th International Conference on Formal Methods in Software Engineering, FormaliSE 2022

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 10th IEEE/ACM International Conference on Formal Methods in Software Engineering, FormaliSE 2022

Y2 - 18 May 2022 through 19 May 2022

ER -

Counterexample-Guided Inductive Repair of Reactive Contracts

Abstract

Publication series

Conference

Bibliographical note

Access

OpenUrl availability

Other files and links

Fingerprint

Cite this