A Formula-Based Approach for Automatic Fault Localization of Imperative Programs

Among various automatic fault localization methods, two of them are specifically noticed, coverage-based and formula-based. While the coverage-based method relies on statistical measures, the formula-based approach is an algorithmic method being able to provide fine-grained information account for identified root causes. The method combines the SAT-based formal verification techniques with the Reiter’s model-based diagnosis theory. This paper adapts the formula-based fault localization method, and improves the efficiency of computing the potential root causes by using the push & pop mechanism of the Yices solver. The technique is particularly useful for programs with multiple faults. We implemented the method in a tool, SNIPER, which was applied to the TCAS benchmark. All single and multiple faults were successfully identified and discriminated by using the original test cases of the TCAS.

[1]  Vikram S. Adve,et al.  LLVM: a compilation framework for lifelong program analysis & transformation , 2004, International Symposium on Code Generation and Optimization, 2004. CGO 2004..

[2]  James A. Jones,et al.  On the influence of multiple faults on coverage-based fault localization , 2011, ISSTA '11.

[3]  Rupak Majumdar,et al.  Cause clue clauses: error localization using maximum satisfiability , 2010, PLDI '11.

[4]  Mary Jean Harrold,et al.  Empirical evaluation of the tarantula automatic fault-localization technique , 2005, ASE.

[5]  Raymond Reiter,et al.  A Theory of Diagnosis from First Principles , 1986, Artif. Intell..

[6]  L. D. Moura,et al.  The YICES SMT Solver , 2006 .

[7]  Sean Safarpour,et al.  Improved Design Debugging Using Maximum Satisfiability , 2007 .

[8]  Daniel Kroening,et al.  A Tool for Checking ANSI-C Programs , 2004, TACAS.

[9]  Roderick Bloem,et al.  Fault localization using a model checker , 2010 .

[10]  Thomas Wies,et al.  Flow-Sensitive Fault Localization , 2013, VMCAI.

[11]  Joao Marques-Silva,et al.  MaxSAT-Based MCS Enumeration , 2012, Haifa Verification Conference.

[12]  Karem A. Sakallah,et al.  Algorithms for Computing Minimal Unsatisfiable Subsets of Constraints , 2007, Journal of Automated Reasoning.

[13]  Andreas Zeller,et al.  Simplifying and Isolating Failure-Inducing Input , 2002, IEEE Trans. Software Eng..

[14]  Mark Weiser,et al.  Programmers use slices when debugging , 1982, CACM.

[15]  Alex Groce,et al.  SPECIAL S ECTION O N T OOLS A ND A LGORITHMS F OR THE C ONSTRUCTION A ND A NALYSIS O F S YSTEMS , 2005 .

[16]  Rajeev Alur,et al.  A Temporal Logic of Nested Calls and Returns , 2004, TACAS.

[17]  Armin Biere,et al.  A survey of recent advances in SAT-based formal verification , 2005, International Journal on Software Tools for Technology Transfer.

[18]  Carsten Sinz,et al.  LLBMC: Bounded Model Checking of C and C++ Programs Using a Compiler IR , 2012, VSTTE.

[19]  Franz Wotawa,et al.  Automated debugging based on a constraint model of the program and a test case , 2012, J. Log. Algebraic Methods Program..

[20]  Mark Harman,et al.  An empirical study of static program slice size , 2007, TSEM.

[21]  Shinji Kusumoto,et al.  Experimental Evaluation of Program Slicing for Fault Localization , 2002, Empirical Software Engineering.

[22]  Franz Wotawa,et al.  On the relationship between model-based debugging and program slicing , 2002, Artif. Intell..