SPECIAL S ECTION O N T OOLS A ND A LGORITHMS F OR THE C ONSTRUCTION A ND A NALYSIS O F S YSTEMS

In the event that a system does not satisfy a spec- ification, a model checker will typically automatically pro- duce a counterexample trace that shows a particular instance of the undesirable behavior. Unfortunately, the important steps that follow the discovery of a counterexample are gen- erally not automated. The user must first decide if the coun- terexample shows genuinely erroneous behavior or is an ar- tifact of improper specification or abstraction. In the event that the error is real, there remains the difficult task of un- derstanding the error well enough to isolate and modify the faulty aspects of the system. This paper describes a (semi-) automated approach for assisting users in understanding and isolating errors in ANSI C programs. The approach, derived from Lewis' counterfactual approach to causality, is based on distance metrics for program executions. Experimental results show that the power of the model checking engine can be used to provide assistance in understanding errors and to isolate faulty portions of the source code.

[1]  Gabriella Kókai,et al.  Algorithmic Debugging and Testing of Prolog Programs , 1997, LPE.

[2]  Judea Pearl,et al.  Axioms of Causal Relevance , 1997, Artif. Intell..

[3]  Thomas W. Reps,et al.  The use of program dependence graphs in software engineering , 1992, International Conference on Software Engineering.

[4]  Marsha Chechik,et al.  Proof-Like Counter-Examples , 2003, TACAS.

[5]  H. Cleve,et al.  Locating causes of program failures , 2005, Proceedings. 27th International Conference on Software Engineering, 2005. ICSE 2005..

[6]  Armin Biere,et al.  Symbolic Model Checking without BDDs , 1999, TACAS.

[7]  Edmund M. Clarke,et al.  Model Checking , 1999, Handbook of Automated Reasoning.

[8]  Jaegwon Kim,et al.  Causes and Counterfactuals , 1973 .

[9]  John T. Stasko,et al.  Visualization of test information to assist fault localization , 2002, ICSE '02.

[10]  Gregg Rothermel,et al.  Empirical Studies of a Safe Regression Test Selection Technique , 1998, IEEE Trans. Software Eng..

[11]  Bowen Alpern,et al.  Detecting equality of variables in programs , 1988, POPL '88.

[12]  Steven P. Reiss,et al.  Fault localization with nearest neighbor queries , 2003, 18th IEEE International Conference on Automated Software Engineering, 2003. Proceedings..

[13]  Carlo Ghezzi,et al.  Using symbolic execution for verifying safety-critical systems , 2001, ESEC/FSE-9.

[14]  James R. Larus,et al.  The use of program profiling for software maintenance with applications to the year 2000 problem , 1997, ESEC '97/FSE-5.

[15]  Daniel Kroening,et al.  A Tool for Checking ANSI-C Programs , 2004, TACAS.

[16]  Mayur Naik,et al.  From symptom to cause: localizing errors in counterexample traces , 2003, POPL '03.

[17]  Kavita Ravi,et al.  Fate and free will in error traces , 2004, International Journal on Software Tools for Technology Transfer.

[18]  Sharad Malik,et al.  Chaff: engineering an efficient SAT solver , 2001, Proceedings of the 38th Design Automation Conference (IEEE Cat. No.01CH37232).

[19]  Joseph Robert Horgan,et al.  Fault localization using execution slices and dataflow tests , 1995, Proceedings of Sixth International Symposium on Software Reliability Engineering. ISSRE'95.

[20]  Alex Groce,et al.  Explaining abstract counterexamples , 2004, SIGSOFT '04/FSE-12.

[21]  Alex Groce,et al.  What Went Wrong: Explaining Counterexamples , 2003, SPIN.

[22]  Paul Horwich,et al.  Asymmetries in time , 1987 .

[23]  Frank Tip,et al.  A survey of program slicing techniques , 1994, J. Program. Lang..

[24]  Viktor Schuppan,et al.  Liveness Checking as Safety Checking , 2002, FMICS.

[25]  Klaus Havelund,et al.  Model Checking Programs , 2004, Automated Software Engineering.

[26]  Doron A. Peled,et al.  A Combined Testing and Verification Approach for Software Reliability , 2001, FME.

[27]  Xiangyu Zhang,et al.  Precise dynamic slicing algorithms , 2003, 25th International Conference on Software Engineering, 2003. Proceedings..

[28]  Edmund M. Clarke,et al.  Design and Synthesis of Synchronization Skeletons Using Branching-Time Temporal Logic , 1981, Logic of Programs.

[29]  Marsha Chechik,et al.  Model exploration with temporal logic query checking , 2002, SIGSOFT '02/FSE-10.

[30]  Jong-Deok Choi,et al.  Isolating failure-inducing thread schedules , 2002, ISSTA '02.

[31]  Kavita Ravi,et al.  Minimal Assignments for Bounded Model Checking , 2004, TACAS.

[32]  Raymond Reiter,et al.  A Theory of Diagnosis from First Principles , 1986, Artif. Intell..

[33]  William G. Griswold,et al.  Dynamically discovering likely program invariants to support program evolution , 1999, Proceedings of the 1999 International Conference on Software Engineering (IEEE Cat. No.99CB37002).

[34]  David Hume A Treatise of Human Nature: Being an Attempt to introduce the experimental Method of Reasoning into Moral Subjects , 1972 .

[35]  Alex Groce,et al.  Error explanation with distance metrics , 2004, International Journal on Software Tools for Technology Transfer.

[36]  Thomas Ball,et al.  Software Visualization in the Large , 1996, Computer.

[37]  Andreas Zeller,et al.  Isolating cause-effect chains from computer programs , 2002, SIGSOFT FSE.

[38]  Salvador Lucas,et al.  Abstract Diagnosis of Functional Programs , 2002, LOPSTR.

[39]  Andreas Zeller,et al.  Simplifying and Isolating Failure-Inducing Input , 2002, IEEE Trans. Software Eng..

[40]  Paul Anderson,et al.  Software Inspection Using CodeSurfer , 2001 .

[41]  Alex Groce,et al.  Modular verification of software components in C , 2003, 25th International Conference on Software Engineering, 2003. Proceedings..

[42]  Edmund M. Clarke,et al.  Efficient generation of counterexamples and witnesses in symbolic model checking , 1995, DAC '95.

[43]  P. Pandurang Nayak,et al.  Fast Context Switching in Real-Time Propositional Reasoning , 1997, AAAI/IAAI.

[44]  Ehud Shapiro,et al.  Algorithmic Program Debugging , 1983 .

[45]  Alex Groce,et al.  Understanding Counterexamples with explain , 2004, CAV.

[46]  Michael D. Ernst,et al.  Selecting Predicates for Implications in Program Analysis , 2002 .

[47]  Franz Wotawa,et al.  On the relationship between model-based debugging and program slicing , 2002, Artif. Intell..

[48]  Alex Groce,et al.  Making the Most of BMC Counterexamples , 2005, BMC@CAV.

[49]  Corina S. Pasareanu,et al.  Learning Assumptions for Compositional Verification , 2003, TACAS.

[50]  Rance Cleaveland,et al.  Evidence-Based Model Checking , 2002, CAV.

[51]  Gregg Rothermel,et al.  An empirical investigation of the relationship between spectra differences and regression faults , 2000 .

[52]  Peter J. F. Lucas,et al.  Analysis of Notions of Diagnosis , 1998, Artif. Intell..

[53]  William Chan Temporal-Locig Queries , 2000, CAV.

[54]  Sriram K. Rajamani,et al.  Automatically validating temporal safety properties of interfaces , 2001, SPIN '01.

[55]  Iris Vessey,et al.  Expertise in Debugging Computer Programs , 1984 .