Using Debuggers to Understand Failed Verification Attempts

Automatic program verification allows programmers to detect program errors at compile time. When an attempt to automatically verify a program fails the reason for the failure is often difficult to understand. Many program verifiers provide a counterexample of the failed attempt. These counterexamples are usually very complex and therefore not amenable to manual inspection. Moreover, the counterexample may be invalid, possibly misleading the programmer. We present a new approach to help the programmer understand failed verification attempts by generating an executable program that reproduces the failed verification attempt described by the counterexample. The generated program (1) can be executed within the program debugger to systematically explore the counterexample, (2) encodes the program semantics used by the verifier, which allows us to detect errors in specifications as well as in programs, and (3) contains runtime checks for all specifications, which allows us to detect spurious errors. Our approach is implemented within the Spec# programming system.

[1]  Sarfraz Khurshid,et al.  Korat: automated testing based on Java predicates , 2002, ISSTA '02.

[2]  Reiner Hähnle,et al.  A visual interactive debugger based on symbolic execution , 2010, ASE '10.

[3]  David Detlefs,et al.  Simplify: a theorem prover for program checking , 2005, JACM.

[4]  Peter Müller,et al.  Reasoning About Method Calls in Interface Specifications , 2006, J. Object Technol..

[5]  Nikolai Tillmann,et al.  Mock-object generation with behavior , 2006, 21st IEEE/ACM International Conference on Automated Software Engineering (ASE'06).

[6]  Daniel Kroening,et al.  A Tool for Checking ANSI-C Programs , 2004, TACAS.

[7]  C. Csallner,et al.  Check 'n' crash: combining static checking and testing , 2005, Proceedings. 27th International Conference on Software Engineering, 2005. ICSE 2005..

[8]  Nikolai Tillmann,et al.  Pex-White Box Test Generation for .NET , 2008, TAP.

[9]  Nikolaj Bjørner,et al.  Z3: An Efficient SMT Solver , 2008, TACAS.

[10]  Guoqing Xu,et al.  JMLAutoTest: A Novel Automated Testing Framework Based on JML and JUnit , 2003, FATES.

[11]  Andrea Zisman,et al.  Validating personal requirements by assisted symbolic behavior browsing , 2004, Proceedings. 19th International Conference on Automated Software Engineering, 2004..

[12]  Andreas Zeller,et al.  DDD—a free graphical front-end for UNIX debuggers , 1996, SIGP.

[13]  Alex Groce,et al.  Understanding Counterexamples with explain , 2004, CAV.

[14]  Greg Nelson,et al.  Extended static checking for Java , 2002, PLDI '02.

[15]  W. Marsden I and J , 2012 .

[16]  Frank Tip,et al.  A survey of program slicing techniques , 1994, J. Program. Lang..

[17]  Thomas A. Henzinger,et al.  Generating tests from counterexamples , 2004, Proceedings. 26th International Conference on Software Engineering.

[18]  Felix Sheng-Ho Chang,et al.  Automatic Visualization of Relational Logic Models , 2007, Electron. Commun. Eur. Assoc. Softw. Sci. Technol..

[19]  Mayur Naik,et al.  From symptom to cause: localizing errors in counterexample traces , 2003, POPL '03.

[20]  K. Rustan M. Leino,et al.  Using the Spec# Language, Methodology, and Tools to Write Bug-Free Programs , 2008, LASER Summer School.

[21]  Steve Freeman,et al.  Endo-testing: unit testing with mock objects , 2001 .

[22]  Alex Groce,et al.  Error explanation with distance metrics , 2004, International Journal on Software Tools for Technology Transfer.

[23]  Steve Freeman,et al.  Mock Roles, not Objects , 2004 .