论文信息 - Automated Program Debugging Via Multiple Predicate Switching

Automated Program Debugging Via Multiple Predicate Switching

In a previous paper, Liu argued for the importance of establishing a precise theoretical foundation for program debugging from first principles. In this paper, we present a first step towards a theoretical exploration of program debugging algorithms. The starting point of our work is the recent debugging approach based on predicate switching. The idea is to switch the outcome of an instance of a predicate to bring the program execution to a successful completion and then identify the fault by examining the switched predicate. However, no theoretical analysis of the approach is available. In this paper, we generalize the above idea, and propose the bounded debugging via multiple predicate switching (BMPS) algorithm, which locates faults through switching the outcomes of instances of multiple predicates to get a successful execution where each loop is executed for a bounded number of times. Clearly, BMPS can be implemented by resorting to a SAT solver. We focus attention on RHS faults, that is, faults that occur in the control predicates and right-hand-sides of assignment statements. We prove that for conditional programs, BMPS is quasi-complete for RHS faults in the sense that some part of any true diagnosis will be returned by BMPS; and for iterative programs, when the bound is sufficiently large, BMPS is also quasi-complete for RHS faults. Initial experimentation with debugging small C programs showed that BMPS can quickly and effectively locate the faults.

Bing Li | Yongmei Liu

[1] Gregg Rothermel,et al. Empirical Studies of a Safe Regression Test Selection Technique , 1998, IEEE Trans. Software Eng..

[2] Yongmei Liu,et al. A Formalization of Program Debugging in the Situation Calculus , 2008, AAAI.

[3] Roderick Bloem,et al. Automated Fault Localization for C Programs , 2007, V&D@FLoC.

[4] Alex Groce,et al. SPECIAL S ECTION O N T OOLS A ND A LGORITHMS F OR THE C ONSTRUCTION A ND A NALYSIS O F S YSTEMS , 2005 .

[5] Hector J. Levesque,et al. GOLOG: A Logic Programming Language for Dynamic Domains , 1997, J. Log. Program..

[6] Alex M. Andrew,et al. Knowledge in Action: Logical Foundations for Specifying and Implementing Dynamical Systems , 2002 .

[7] Steven P. Reiss,et al. Fault localization with nearest neighbor queries , 2003, 18th IEEE International Conference on Automated Software Engineering, 2003. Proceedings..

[8] Xiangyu Zhang,et al. Locating faults through automated predicate switching , 2006, ICSE.

[9] Daniel Kroening,et al. A Tool for Checking ANSI-C Programs , 2004, TACAS.