Fate and free will in error traces

The ability to generate counterexamples for failing properties is often cited as one of the strengths of model checking. However, it is often difficult to interpret long error traces in which many variables appear. Besides, a traditional error trace presents only one possible behavior of the system causing the failure, with no further annotation. Our objective is to identify some structure in the error trace to make debugging easier. We present an enhanced error trace as an alternation of fated (forced) and free segments. The fated segments show unavoidable progress toward the error while the free segments show choices that, if avoided, may have prevented the error. Hence, the demarcation into segments tends to highlight critical events. The segmentation of a trace raises the questions of whether the fated segment should indeed be inevitable and whether the free segments are critical in causing the error. Addressing these questions may help the user to better analyze the failure of the property.

[1]  Pierre Wolper,et al.  Reasoning about infinite computation paths , 1983, 24th Annual Symposium on Foundations of Computer Science (sfcs 1983).

[2]  E. Allen Emerson,et al.  Tree automata, mu-calculus and determinacy , 1991, [1991] Proceedings 32nd Annual Symposium of Foundations of Computer Science.

[3]  Joseph Y. Halpern,et al.  “Sometimes” and “not never” revisited: on branching versus linear time temporal logic , 1986, JACM.

[4]  J. R. Büchi On a Decision Method in Restricted Second Order Arithmetic , 1990 .

[5]  Edmund M. Clarke,et al.  Efficient generation of counterexamples and witnesses in symbolic model checking , 1995, DAC '95.

[6]  Kenneth L. McMillan,et al.  Symbolic model checking , 1992 .

[7]  Thomas A. Henzinger,et al.  Detecting Errors Before Reaching Them , 2000, CAV.

[8]  F. Somenzi,et al.  To split or to conjoin: the question in image computation , 2000, Proceedings 37th Design Automation Conference.

[9]  Edmund M. Clarke,et al.  Design and Synthesis of Synchronization Skeletons Using Branching-Time Temporal Logic , 1981, Logic of Programs.

[10]  Edmund M. Clarke,et al.  Model Checking , 1999, Handbook of Automated Reasoning.

[11]  Orna Kupferman,et al.  Vacuity Detection in Temporal Model Checking , 1999, CHARME.

[12]  Amir Pnueli,et al.  Checking that finite state concurrent programs satisfy their linear specification , 1985, POPL.

[13]  Thomas A. Henzinger,et al.  Alternating-time temporal logic , 1999 .

[14]  Tiziano Villa,et al.  VIS: A System for Verification and Synthesis , 1996, CAV.

[15]  Mayur Naik,et al.  From symptom to cause: localizing errors in counterexample traces , 2003, POPL '03.

[16]  Yaacov Choueka,et al.  Theories of Automata on omega-Tapes: A Simplified Approach , 1974, J. Comput. Syst. Sci..

[17]  S. Sieber On a decision method in restricted second-order arithmetic , 1960 .

[18]  George J. Milne,et al.  Correct Hardware Design and Verification Methods , 2003, Lecture Notes in Computer Science.

[19]  Randal E. Bryant,et al.  Graph-Based Algorithms for Boolean Function Manipulation , 1986, IEEE Transactions on Computers.

[20]  C. Eisner,et al.  Efficient Detection of Vacuity in ACTL Formulaas , 1997, CAV.

[21]  Bowen Alpern,et al.  Defining Liveness , 1984, Inf. Process. Lett..

[22]  Kavita Ravi,et al.  A Comparative Study of Symbolic Algorithms for the Computation of Fair Cycles , 2000, FMCAD.

[23]  Robert P. Kurshan,et al.  Computer-Aided Verification of Coordinating Processes: The Automata-Theoretic Approach , 2014 .

[24]  Alex Groce,et al.  What Went Wrong: Explaining Counterexamples , 2003, SPIN.

[25]  A. Zeller Isolating cause-effect chains from computer programs , 2002, SIGSOFT '02/FSE-10.