Finding and fixing faults

Knowing that a program has a bug is good, knowing its location is better, but a fix is best. We present a method to automatically locate and correct faults in a finite state system, either at the gate level or at the source level. We assume that the specification is given in Linear Temporal Logic, and state the correction problem as a game, in which the protagonist selects a faulty component and suggests alternative behavior. The basic approach is complete but as complex as synthesis. It also suffers from problems of readability: the correction may add state and logic to the system. We present two heuristics. The first avoids the doubly exponential blowup associated with synthesis by using nondeterministic automata. The second heuristic finds a memoryless strategy, which we show is an NP-complete problem. A memoryless strategy corresponds to a simple, local correction that does not add any state. The drawback of the two heuristics is that they are not complete unless the specification is an invariant. Our approach is general: the user can define what constitutes a component, and the suggested correction can be an arbitrary combinational function of the current state and the inputs. We show experimental results supporting the applicability of our approach.

[1]  Pierre Wolper,et al.  Reasoning About Infinite Computations , 1994, Inf. Comput..

[2]  William G. Griswold,et al.  Dynamically discovering likely program invariants to support program evolution , 1999, Proceedings of the 1999 International Conference on Software Engineering (IEEE Cat. No.99CB37002).

[3]  Franz Wotawa,et al.  Automated source-level error localization in hardware designs , 2006, IEEE Design & Test of Computers.

[4]  P. Dangerfield Logic , 1996, Aristotle and the Stoics.

[5]  Dominique Borrione,et al.  Design error diagnosis in sequential circuits , 1995, CHARME.

[6]  Ieee Circuits,et al.  IEEE Transactions on Very Large Scale Integration (VLSI) Systems , 2018, IEEE Transactions on Very Large Scale Integration (VLSI) Systems.

[7]  Rajeev Alur,et al.  Deterministic generators and games for Ltl fragments , 2004, TOCL.

[8]  Sanjit A. Seshia,et al.  Combinatorial sketching for finite programs , 2006, ASPLOS XII.

[9]  Markus Stumptner,et al.  Debugging Functional Programs , 1999, IJCAI.

[10]  Amir Pnueli,et al.  Automatic Hardware Synthesis from Specifications: A Case Study , 2007, 2007 Design, Automation & Test in Europe Conference & Exhibition.

[11]  Amir Pnueli,et al.  On the synthesis of a reactive module , 1989, POPL '89.

[12]  Liaw Heh-Tyan,et al.  Efficient automatic diagnosis of digital circuits , 1990, 1990 IEEE International Conference on Computer-Aided Design. Digest of Technical Papers.

[13]  Amir Pnueli,et al.  Automatic Hardware Synthesis from Specifications: A Case Study , 2007 .

[14]  umar. janjua,et al.  Automatic Correction to Safety Violations in Programs , 2006 .

[15]  Roderick Bloem,et al.  Finding and Fixing Faults , 2005, CHARME.

[16]  Roberto Sebastiani,et al.  "More Deterministic" vs. "Smaller" Büchi Automata for Efficient LTL Model Checking , 2003, CHARME.

[17]  Roderick Bloem,et al.  Program Repair as a Game , 2005, CAV.

[18]  Kavita Ravi,et al.  Fate and free will in error traces , 2004, International Journal on Software Tools for Technology Transfer.

[19]  Orna Kupferman,et al.  Church's Problem Revisited , 1999, Bulletin of Symbolic Logic.

[20]  R. Bloem,et al.  Diagnosis is Repair , 2005 .

[21]  Georg Gottlob,et al.  Enhancing Model Checking in Verification by AI Techniques , 1999, Artif. Intell..

[22]  Fabio Somenzi,et al.  An Algorithm for Strongly Connected Component Analysis in n log n Symbolic Steps , 2000, Formal Methods Syst. Des..

[23]  Roderick Bloem,et al.  Anzu: A Tool for Property Synthesis , 2007, CAV.

[24]  Alan J. Hu,et al.  Reducing BDD Size by Exploiting Functional Dependencies , 1993, 30th ACM/IEEE Design Automation Conference.

[25]  Tiziano Villa,et al.  VIS: A System for Verification and Synthesis , 1996, CAV.

[26]  Kotaro Hirano,et al.  Rectification of Multiple Logic Design Errors in Multiple Output Circuits , 1994, 31st Design Automation Conference.

[27]  W. M. Wonham,et al.  The control of discrete event systems , 1989 .

[28]  Andreas Zeller,et al.  Simplifying and Isolating Failure-Inducing Input , 2002, IEEE Trans. Software Eng..

[29]  Olivier Coudert,et al.  Automating the diagnosis and the rectification of design errors with PRIAM , 1989, ICCAD 1989.

[30]  Stephan Merz,et al.  Model Checking , 2000 .

[31]  Warrick Harniess,et al.  Freedom , 1890, The Hospital.

[32]  Markus Stumptner,et al.  A model-based approach to software debugging , 1996 .

[33]  Pierre Wolper,et al.  Reasoning about infinite computation paths , 1983, 24th Annual Symposium on Foundations of Computer Science (sfcs 1983).

[34]  Gordon I. McCalla,et al.  The knowledge frontier: essays in the representation of knowledge , 1987 .

[35]  Kavita Ravi,et al.  Fate and free will in error traces , 2004, International Journal on Software Tools for Technology Transfer.

[36]  A. Zeller Isolating cause-effect chains from computer programs , 2002, SIGSOFT '02/FSE-10.

[37]  Walter Murray Wonham,et al.  On observability of discrete-event systems , 1988, Inf. Sci..

[38]  Mayur Naik,et al.  From symptom to cause: localizing errors in counterexample traces , 2003, POPL '03.

[39]  M. Maidi The common fragment of CTL and LTL , 2000, Proceedings 41st Annual Symposium on Foundations of Computer Science.

[40]  Kavita Ravi,et al.  Minimal Assignments for Bounded Model Checking , 2004, TACAS.

[41]  Raymond Reiter,et al.  A Theory of Diagnosis from First Principles , 1986, Artif. Intell..

[42]  Ali Ebnenasir,et al.  Revising UNITY Programs: Possibilities and Limitations , 2005, OPODIS.

[43]  Daniele Theseider Dupré,et al.  Model-Based Diagnosis Meets Error Diagnosis in Logic Programs , 1993, IJCAI.

[44]  Amir Pnueli,et al.  The temporal logic of programs , 1977, 18th Annual Symposium on Foundations of Computer Science (sfcs 1977).

[45]  Franz Wotawa,et al.  A Value-Based Diagnosis Model for Java Programs , 2000 .

[46]  Alonzo Church,et al.  Logic, arithmetic, and automata , 1962 .

[47]  Monika Maidl,et al.  The Common Fragment of CTL and LTL , 2000, FOCS.

[48]  Edmund M. Clarke,et al.  Efficient generation of counterexamples and witnesses in symbolic model checking , 1995, DAC '95.

[49]  Roderick Bloem,et al.  Fault Localization and Correction with QBF , 2007, SAT.

[50]  Amir Pnueli,et al.  Specify, Compile, Run: Hardware from PSL , 2007, COCV@ETAPS.

[51]  Kavita Ravi,et al.  A Comparative Study of Symbolic Algorithms for the Computation of Fair Cycles , 2000, FMCAD.

[52]  Igor L. Markov,et al.  Fixing Design Errors with Counterexamples and Resynthesis , 2007, 2007 Asia and South Pacific Design Automation Conference.

[53]  Brian C. Williams,et al.  Diagnosing Multiple Faults , 1987, Artif. Intell..

[54]  Alex Groce,et al.  What Went Wrong: Explaining Counterexamples , 2003, SPIN.

[55]  John E. Hopcroft,et al.  The Directed Subgraph Homeomorphism Problem , 1978, Theor. Comput. Sci..

[56]  Sriram K. Rajamani,et al.  Automatically validating temporal safety properties of interfaces , 2001, SPIN '01.

[57]  Gregg Rothermel,et al.  Supporting Controlled Experimentation with Testing Techniques: An Infrastructure and its Potential Impact , 2005, Empirical Software Engineering.

[58]  Markus Stumptner,et al.  Model-Based Diagnosis of Hardware Designs , 1999, Artif. Intell..

[59]  Steven P. Reiss,et al.  Fault localization with nearest neighbor queries , 2003, 18th IEEE International Conference on Automated Software Engineering, 2003. Proceedings..

[60]  Randy Goebel,et al.  Theorist: A Logical Reasoning System for Defaults and Diagnosis , 1987 .

[61]  Pietro Torasso,et al.  A spectrum of logical definitions of model‐based diagnosis 1 , 1991, Comput. Intell..

[62]  Fabio Somenzi,et al.  Logic synthesis and verification algorithms , 1996 .

[63]  Roderick Bloem,et al.  Optimizations for LTL Synthesis , 2006, 2006 Formal Methods in Computer Aided Design.

[64]  Igor L. Markov,et al.  Fixing Design Errors with Counterexamples and Resynthesis , 2007 .

[65]  Pierre Wolper,et al.  Simple on-the-fly automatic verification of linear temporal logic , 1995, PSTV.

[66]  Gary L. Peterson,et al.  Myths About the Mutual Exclusion Problem , 1981, Inf. Process. Lett..

[67]  Roderick Bloem,et al.  Repair of Boolean Programs with an Application to C , 2006, CAV.

[68]  Wolfgang Thomas,et al.  On the Synthesis of Strategies in Infinite Games , 1995, STACS.

[69]  Fabio Somenzi,et al.  Efficient Büchi Automata from LTL Formulae , 2000, CAV.

[70]  Daniel Kroening,et al.  A Tool for Checking ANSI-C Programs , 2004, TACAS.

[71]  Rolf Drechsler,et al.  Automatic Fault Localization for Property Checking , 2008, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.

[72]  Ibrahim N. Hajj,et al.  Logic design error diagnosis and correction , 1994, IEEE Trans. Very Large Scale Integr. Syst..

[73]  Moshe Y. Vardi An Automata-Theoretic Approach to Fair Realizability and Synthesis , 1995, CAV.

[74]  Rolf Drechsler,et al.  Debugging sequential circuits using Boolean satisfiability , 2004, ICCAD 2004.

[75]  Alex Groce,et al.  Error explanation with distance metrics , 2004, International Journal on Software Tools for Technology Transfer.

[76]  Chin-Laung Lei,et al.  Efficient Model Checking in Fragments of the Propositional Mu-Calculus (Extended Abstract) , 1986, LICS.

[77]  Anna Philippou,et al.  Tools and Algorithms for the Construction and Analysis of Systems , 2018, Lecture Notes in Computer Science.

[78]  Amir Pnueli,et al.  Checking that finite state concurrent programs satisfy their linear specification , 1985, POPL.

[79]  Rolf Drechsler,et al.  Automatic Fault Localization for Property Checking , 2006, Haifa Verification Conference.

[80]  Olivier Coudert,et al.  Automating the diagnosis and the rectification of design errors with PRIAM , 1989, 1989 IEEE International Conference on Computer-Aided Design. Digest of Technical Papers.

[81]  Rolf Drechsler,et al.  Debugging sequential circuits using Boolean satisfiability , 2004, IEEE/ACM International Conference on Computer Aided Design, 2004. ICCAD-2004..

[82]  Thomas A. Henzinger,et al.  Lazy abstraction , 2002, POPL '02.

[83]  Randall Davis,et al.  Diagnosing Circuits With State: An Inherently Underconstrained Problem , 1984, AAAI.

[84]  Roderick Bloem,et al.  Automated Fault Localization for C Programs , 2007, V&D@FLoC.

[85]  Orna Kupferman,et al.  Freedom, weakness, and determinism: from linear-time to branching-time , 1998, Proceedings. Thirteenth Annual IEEE Symposium on Logic in Computer Science (Cat. No.98CB36226).

[86]  Stefan Leue,et al.  Trail-directed model checking , 2001, Workshop on Software Model Checking @ CAV.