A System Identification Based Oracle for Control-CPS Software Fault Localization

Control-CPS software fault localization (SFL, aka bug localization) is of critical importance as bugs may cause major failures, even injuries/deaths. To locate the bugs in control-CPSs, SFL tools often demand many labeled ("correct"/"incorrect") source code execution traces as inputs. To label the correctness of these traces, we must judge the corresponding control-CPS physical trajectories' correctness. However, unlike discrete outputs, the boundaries between correct and incorrect physical trajectories are often vague. The mechanism (aka oracle) to judge the physical trajectories' correctness thus becomes a major challenge. So far, the ad hoc practice of ``human oracles'' is still widely used, whose qualities heavily depend on the human experts' expertise and availability. This paper proposes an oracle based on the well adopted autoregressive system identification (AR-SI). With proven success for controlling black-box physical systems, AR-SI is adapted by us to identify the buggy control-CPS as a black-box. We use this identification result as an oracle to judge the control-CPS's behaviors, and propose a methodology to prepare traces for control-CPS debugging. Comprehensive evaluations on classic control-CPSs with injected real-life and artificial bugs show that our proposed approach significantly outperforms the human oracle approach in SFL accuracy (recall) and latency, and in oracle false positive/negative rates. Our approach also helps discover a new real-life bug in a consumer-grade control-CPS.

[1]  Jacob Cohen Statistical Power Analysis for the Behavioral Sciences , 1969, The SAGE Encyclopedia of Research Design.

[2]  William E. Howden,et al.  Tutorial : software testing & validation techniques , 1981 .

[3]  Elaine J. Weyuker,et al.  On Testing Non-Testable Programs , 1982, Comput. J..

[4]  Lennart Ljung,et al.  System Identification: Theory for the User , 1987 .

[5]  Bertrand Meyer,et al.  Eiffel: A language and environment for software engineering , 1988, J. Syst. Softw..

[6]  Algirdas Avizienis,et al.  Software Fault Tolerance , 1989, IFIP Congress.

[7]  Jeannette M. Wing A specifier's introduction to formal methods , 1990, Computer.

[8]  William L. Brogan,et al.  Modern control theory (3rd ed.) , 1991 .

[9]  Weiping Li,et al.  Applied Nonlinear Control , 1991 .

[10]  Qing Yu,et al.  Oracles for checking temporal properties of concurrent systems , 1994, SIGSOFT '94.

[11]  Phyllis G. Frankl,et al.  The ASTOOT approach to testing object-oriented programs , 1994, TSEM.

[12]  C. Borland,et al.  Effect Size , 2019, SAGE Research Methods Foundations.

[13]  David Lorge Parnas,et al.  Using Test Oracles Generated from Program Documentation , 1998, IEEE Trans. Software Eng..

[14]  William G. Griswold,et al.  Dynamically discovering likely program invariants to support program evolution , 1999, Proceedings of the 1999 International Conference on Software Engineering (IEEE Cat. No.99CB37002).

[15]  Claes Wohlin,et al.  Experimentation in software engineering: an introduction , 2000 .

[16]  Adam Pettle Therac 25 , 2000 .

[17]  Hyoung Seok Hong,et al.  Qualitative Modeling of Hybrid Systems , 2001 .

[18]  Marko Bacic,et al.  Model predictive control , 2003 .

[19]  James J. Filliben,et al.  NIST/SEMATECH e-Handbook of Statistical Methods; Chapter 1: Exploratory Data Analysis , 2003 .

[20]  George J. Pappas,et al.  Hybrid Modeling and Experimental Cooperative Control of Multiple Unmanned Aerial Vehicles , 2004 .

[21]  Mary Jean Harrold,et al.  Empirical evaluation of the tarantula automatic fault-localization technique , 2005, ASE.

[22]  Patrick Cousot,et al.  The ASTREÉ Analyzer , 2005, ESOP.

[23]  Andreas Zeller,et al.  Mining object behavior with ADABU , 2006, WODA '06.

[24]  Tao Xie,et al.  Augmenting Automatically Generated Unit-Test Suites with Regression Oracle Checking , 2006, ECOOP.

[25]  Nikolai Tillmann,et al.  DySy: dynamic symbolic execution for invariant inference , 2008, ICSE.

[26]  Lei Zhao,et al.  A Crosstab-based Statistical Method for Effective Fault Localization , 2008, 2008 1st International Conference on Software Testing, Verification, and Validation.

[27]  Lui Sha,et al.  Cyber-Physical Systems: A New Frontier , 2008, 2008 IEEE International Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing (sutc 2008).

[28]  Paulo Tabuada,et al.  Verification and Control of Hybrid Systems - A Symbolic Approach , 2009 .

[29]  Yu Qi,et al.  Bp Neural Network-Based Effective Fault Localization , 2009, Int. J. Softw. Eng. Knowl. Eng..

[30]  Mark Harman,et al.  Reducing qualitative human oracle costs associated with automatically generated test data , 2010, STOV '10.

[31]  Gordon Fraser,et al.  EvoSuite: automatic test suite generation for object-oriented software , 2011, ESEC/FSE '11.

[32]  Tsong Yueh Chen,et al.  Semi-Proving: An Integrated Method for Program Proving, Testing, and Debugging , 2011, IEEE Transactions on Software Engineering.

[33]  Dimitra Giannakopoulou,et al.  Automated test case generation for an autopilot requirement prototype , 2011, 2011 IEEE International Conference on Systems, Man, and Cybernetics.

[34]  Tao Xie,et al.  Mining test oracles of web search engines , 2011, 2011 26th IEEE/ACM International Conference on Automated Software Engineering (ASE 2011).

[35]  Tsong Yueh Chen,et al.  Testing a Software-based PID Controller using Metamorphic Testing , 2011, PECCS.

[36]  Mark Harman,et al.  Regression testing minimization, selection and prioritization: a survey , 2012, Softw. Test. Verification Reliab..

[37]  Bernhard Steffen,et al.  Automated Inference of Models for Black Box Systems Based on Interface Descriptions , 2012, ISoLA.

[38]  Marijn J. H. Heule,et al.  Software model synthesis using satisfiability solvers , 2012, Empirical Software Engineering.

[39]  Andreas Zeller,et al.  Mutation-Driven Generation of Unit Tests and Oracles , 2010, IEEE Transactions on Software Engineering.

[40]  Thomas R. Gross,et al.  Leveraging test generation and specification mining for automated bug detection without false positives , 2012, 2012 34th International Conference on Software Engineering (ICSE).

[41]  Alex Simpkins,et al.  System Identification: Theory for the User, 2nd Edition (Ljung, L.; 1999) [On the Shelf] , 2012, IEEE Robotics & Automation Magazine.

[42]  Deepak Kapur,et al.  Using dynamic analysis to discover polynomial and array invariants , 2012, 2012 34th International Conference on Software Engineering (ICSE).

[43]  Ricardo G. Sanfelice,et al.  Hybrid Dynamical Systems: Modeling, Stability, and Robustness , 2012 .

[44]  Carlos Bordons Alba,et al.  Model Predictive Control , 2012 .

[45]  Baowen Xu,et al.  Metamorphic slice: An application in spectrum-based fault localization , 2013, Inf. Softw. Technol..

[46]  Gordon Fraser,et al.  CrowdOracles: Can the Crowd Solve the Oracle Problem? , 2013, 2013 IEEE Sixth International Conference on Software Testing, Verification and Validation.

[47]  Sheeva Afshan,et al.  Evolving Readable String Test Inputs Using a Natural Language Model to Reduce Human Oracle Cost , 2013, 2013 IEEE Sixth International Conference on Software Testing, Verification and Validation.

[48]  Domenico Cotroneo,et al.  On Fault Representativeness of Software Fault Injection , 2013, IEEE Transactions on Software Engineering.

[49]  Ahmed E. Hassan,et al.  Automatic detection of performance deviations in the load testing of Large Scale Systems , 2013, 2013 35th International Conference on Software Engineering (ICSE).

[50]  Gregg Rothermel,et al.  An empirical comparison of the fault-detection capabilities of internal oracles , 2013, 2013 IEEE 24th International Symposium on Software Reliability Engineering (ISSRE).

[51]  Patrick Mäder,et al.  Software traceability: trends and future directions , 2014, FOSE.

[52]  Gregg Rothermel,et al.  Dodona: automated oracle data set selection , 2014, ISSTA 2014.

[53]  Deepak Kapur,et al.  Using dynamic analysis to generate disjunctive invariants , 2014, ICSE.

[54]  Arun K. Tangirala,et al.  Principles of System Identification , 2014 .

[55]  Philip Koopman,et al.  Monitor Based Oracles for Cyber-Physical System Testing: Practical Experience Report , 2014, 2014 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks.

[56]  Mahesh Viswanathan,et al.  Temporal Precedence Checking for Switched Models and Its Application to a Parallel Landing Protocol , 2014, FM.

[57]  Mark Harman,et al.  The Oracle Problem in Software Testing: A Survey , 2015, IEEE Transactions on Software Engineering.

[58]  Sebastian Fischmeister,et al.  A framework for mining hybrid automata from input/output traces , 2015, 2015 International Conference on Embedded Software (EMSOFT).

[59]  Ilya V. Kolmanovsky,et al.  Model Predictive Control for Spacecraft Rendezvous and Docking: Strategies for Handling Constraints and Case Studies , 2015, IEEE Transactions on Control Systems Technology.

[60]  Sanjai Rayadurgam,et al.  Design Considerations for Modeling Modes in Cyber–Physical Systems , 2015, IEEE Design & Test.

[61]  Gregory Gay,et al.  Automated Oracle Data Selection Support , 2015, IEEE Transactions on Software Engineering.

[62]  Aranya Chakrabortty,et al.  A model predictive control design for selective modal damping in power systems , 2015, 2015 American Control Conference (ACC).

[63]  Davide Di Ruscio,et al.  FLYAQ: Enabling Non-expert Users to Specify and Generate Missions of Autonomous Multicopters , 2015, 2015 30th IEEE/ACM International Conference on Automated Software Engineering (ASE).

[64]  David Lo,et al.  Code coverage and test suite effectiveness: Empirical study with real bugs in large systems , 2015, 2015 IEEE 22nd International Conference on Software Analysis, Evolution, and Reengineering (SANER).

[65]  Paulo Tabuada,et al.  Underminer: A framework for automatically identifying non-converging behaviors in black box system models , 2016, 2016 International Conference on Embedded Software (EMSOFT).

[66]  Lionel C. Briand,et al.  Simulink fault localization: an iterative statistical debugging approach , 2016, Softw. Test. Verification Reliab..

[67]  Rui Abreu,et al.  A Survey on Software Fault Localization , 2016, IEEE Transactions on Software Engineering.

[68]  Ashish Tiwari,et al.  Love Thy Neighbor: V-Formation as a Problem of Model Predictive Control , 2016, CONCUR.

[69]  Lionel C. Briand,et al.  Automated Test Suite Generation for Time-Continuous Simulink Models , 2016, 2016 IEEE/ACM 38th International Conference on Software Engineering (ICSE).

[70]  Lu Zhang,et al.  Supporting oracle construction via static analysis , 2016, 2016 31st IEEE/ACM International Conference on Automated Software Engineering (ASE).

[71]  Holger Voos,et al.  A tracking error control approach for model predictive position control of a quadrotor with time varying reference , 2016, 2016 IEEE International Conference on Robotics and Biomimetics (ROBIO).

[72]  Cesare Alippi,et al.  Model-Free Fault Detection and Isolation in Large-Scale Cyber-Physical Systems , 2017, IEEE Transactions on Emerging Topics in Computational Intelligence.

[73]  Ewen Denney,et al.  Model-Driven Development of Safety Architectures , 2017, 2017 ACM/IEEE 20th International Conference on Model Driven Engineering Languages and Systems (MODELS).

[74]  Peter Schrammel,et al.  Parallel bug-finding in concurrent programs via reduced interleaving instances , 2017, 2017 32nd IEEE/ACM International Conference on Automated Software Engineering (ASE).

[75]  Yuriy Brun,et al.  Clarifications on the Construction and Use of the ManyBugs Benchmark , 2017, IEEE Transactions on Software Engineering.

[76]  Miguel A. Olivares-Mendez,et al.  Model predictive control for cooperative control of space robots , 2017 .

[77]  Erdal Kayacan,et al.  Model Predictive Control in Aerospace Systems: Current State and Opportunities , 2017 .

[78]  Jyotirmoy V. Deshmukh,et al.  Underminer: A Framework for Automatically Identifying Nonconverging Behaviors in Black-Box System Models , 2017, ACM Trans. Embed. Comput. Syst..

[79]  Eric Bodden,et al.  Towards ensuring security by design in cyber-physical systems engineering processes , 2018, ICSSP.

[80]  Lin Tan,et al.  On the correctness of electronic documents: studying, finding, and localizing inconsistency bugs in PDF readers and files , 2018, Empirical Software Engineering.

[81]  Rupak Majumdar,et al.  Parameter Optimization in Control Software Using Statistical Fault Localization Techniques , 2018, 2018 ACM/IEEE 9th International Conference on Cyber-Physical Systems (ICCPS).

[82]  Wen-Chuan Lee,et al.  Detecting Attacks Against Robotic Vehicles: A Control Invariant Approach , 2018, CCS.

[83]  Afsoon Afzal,et al.  Crashing Simulated Planes is Cheap: Can Simulation Detect Robotics Bugs Early? , 2018, 2018 IEEE 11th International Conference on Software Testing, Verification and Validation (ICST).

[84]  Tsong Yueh Chen,et al.  Metamorphic Testing: A New Approach for Generating Next Test Cases , 2020, ArXiv.

[85]  Box Plot , 2020, Definitions.

[86]  Quartile , 2020, Definitions.

[87]  Vandana Sharma Outlier. , 2021, International journal of epidemiology.