Abstract—Programmers using an API often must follow protocols that specify when it is legal to call particular methods. Several techniques have been proposed to find violations of such protocols based on mined specifications. However, existing techniques either focus on single-object protocols or on particular kinds of bugs, such as missing method calls. There is no practical technique to find multi-object protocol bugs without a priori known specifications. In this paper, we combine a dynamic analysis that infers multi-object protocols and a static checker of API usage constraints into a fully automatic protocol conformance checker. The combined system statically detects illegal uses of an API without human-written specifications. Our approach finds 41 bugs and code smells in mature, real-world Java programs with a true positive rate of 51%. Furthermore, we show that the analysis reveals bugs not found by state of the art approaches. Keywords-Typestate; Static analysis; Specification mining I.

Automatic mining or inference of formal specifications from program source code is a desirable goal for documentation and verification purposes. However, current approaches that generate invariants, pre- and post-conditions, procedure summaries and sometimes also class invariants have mostly focused on extracting specifications from concrete method bodies. Consequently, almost all results have a low level of abstraction that is very close to the analyzed source code. We use JML model fields to raise the abstraction level of such automatically generated specifications, relying on the constraints imposed by behavioral subtyping. Starting from several derived classes we attempt to generate model fields for the supertype and represents clauses for each subtype. The relations between concrete and model fields are generated by checking the validity of predefined patterns against the specifications of subtype methods. Our prototype tool uses as inputs specifications generated with dynamic analysis (Daikon), identifies model fields and their representations, and generates specifications for supertype methods.

to remote software maintenance. In order to achieve this, the project considers approaches relying on context elicitation, event correlation, fault-replication and self-healing. Self-healing helps systems return to a normal state after the occurrence of a fault or vulnerability exploitation has been detected. The problem is intuitively appealing as a way to automate the different maintenance type processes (corrective, adaptive and perfective) and forms an interesting area of research that has inspired many research initiatives. In this paper, we propose a framework for automating corrective maintenance and present its early stage development, based on software control principles. Our approach automates the engineering of self-healing systems as it does not require the system to be designed in a specific way. Instead it can be applied to legacy systems and automatically equips them with observation and control points. Moreover, the proposed approach relies on a sound control theory developed for Discrete Event Systems. Finally, this paper contributes to the field by introducing challenges for effective application of this approach to relevant industrial systems. I.