Skip to main content
Springer Nature Link
Log in

Whodunit? Causal Analysis for Counterexamples

  • Conference paper
Automated Technology for Verification and Analysis (ATVA 2006)

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 4218))

  • 463 Accesses

Abstract

Although the counterexample returned by a model checker can help in reproducing the symptom related to a defect, a significant amount of effort is often required for the programmer to interpret it in order to locate the cause. In this paper, we provide an automated procedure to zoom in to potential software defects by analyzing a single concrete counterexample. Our analysis relies on extracting from the counterexample a syntactic-level proof of infeasibility, i.e., a minimal set of word-level predicates that contradict with each other. The procedure uses an efficient weakest pre-condition algorithm carried out on a single concrete execution path, which is significantly more scalable than other model checking based approaches. Unlike most of the existing methods, we do not need additional execution traces other than the buggy one. We use public-domain examples to demonstrate the effectiveness of our new algorithm.

A whodunit, for “who done it?”, is a plot-driven variety of detective story in which the reader is provided with clues from which the identity of the perpetrator of the crime may be deduced. Examples are the Sherlock Holmes stories by Conan Doyle.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Agrawal, H., DeMillo, R.A., Spafford, E.H.: Debugging with dynamic slicing and backtracking. Software - Practice and Experience 23(6), 589–616 (1993)

    Article  Google Scholar 

  2. Aloul, F.A., Sierawski, B.D., Sakallah, K.A.: Satometer: How much have we searched? In: Proceedings of the Design Automation Conference, New Orleans, LA, June 2002, pp. 737–742 (2002)

    Google Scholar 

  3. Ball, T., Naik, M., Rajamani, S.K.: From symptom to cause: Localizing errors in counterexample traces. In: Symposium on Principles of Programming Languages (POPL 2003), January 2003, pp. 97–105 (2003)

    Google Scholar 

  4. Beer, I., Ben-David, S., Eisner, C., Rodeh, Y.: Efficient detection of vacuity in ACTL formulas. In: Grumberg, O. (ed.) CAV 1997. LNCS, vol. 1254, pp. 279–290. Springer, Heidelberg (1997)

    Google Scholar 

  5. Clarke, E.M., Emerson, E.A.: Design and synthesis of synchronization skeletons using branching time temporal logic. In: Kozen, D. (ed.) Logic of Programs 1981. LNCS, vol. 131, pp. 52–71. Springer, Heidelberg (1982)

    Chapter  Google Scholar 

  6. Cleve, H., Zeller, A.: Locating causes of program failures. In: ACM/IEEE International Conference on Software Engineering (2005)

    Google Scholar 

  7. Coen-Porisini, A., Denaro, G., Ghezzi, C., Pezze, M.: Using symbolic execution for verifying safety-critical systems. In: European Software Engineering Conference/Foundations of Software Engineering, pp. 142–151 (2001)

    Google Scholar 

  8. Dijkstra, E.: A Discipline of Programming. Prentice Hall, Englewood Cliffs (1976)

    MATH  Google Scholar 

  9. Griesmayer, A., Bloem, R., Cook, B.: Repair of boolean programs with an application to c. In: Ball, T., Jones, R.B. (eds.) CAV 2006. LNCS, vol. 4144, Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  10. Groce, A., Chaki, S., Kroening, D., Strichman, O.: Error explanation with distance metrics. International Journal on Software Tools for Technology Transfer (2005)

    Google Scholar 

  11. Groce, A., Visser, W.: What went wrong: Explaining counterexamples. In: Ball, T., Rajamani, S.K. (eds.) SPIN 2003. LNCS, vol. 2648, pp. 121–135. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  12. Gyimóthy, T., Beszédes, Á., Forgács, I.: An efficient relevant slicing method for debugging. In: Nierstrasz, O., Lemoine, M. (eds.) ESEC 1999 and ESEC-FSE 1999. LNCS, vol. 1687, pp. 303–321. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

  13. Jain, H., Ivančić, F., Gupta, A., Ganai, M.: Localization and register sharing for predicate abstraction. In: Halbwachs, N., Zuck, L.D. (eds.) TACAS 2005. LNCS, vol. 3440, pp. 394–409. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  14. Jain, H., Ivančić, F., Gupta, A., Shlyakhter, I., Wang, C.: Using statically computed invariants inside the predicate abstraction and refinement loop. In: Ball, T., Jones, R.B. (eds.) CAV 2006. LNCS, vol. 4144, Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  15. Jobstmann, B., Griesmayer, A., Bloem, R.: Program repair as a game. In: Etessami, K., Rajamani, S.K. (eds.) CAV 2005. LNCS, vol. 3576, pp. 226–238. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  16. Jones, J.A., Harrold, M.J., Stasko, J.: Visualization of test information to assist fault localization. In: ACM/IEEE International Conference on Software Engineering (2002)

    Google Scholar 

  17. Korel, B., Laski, J.W.: Dynamic slicing of computer programs. Journal of Systems and Software 13(3), 187–195 (1990)

    Article  Google Scholar 

  18. Kupferman, O., Vardi, M.Y.: Vacuity detection in temporal model checking. In: Pierre, L., Kropf, T. (eds.) CHARME 1999. LNCS, vol. 1703, pp. 82–96. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

  19. McMillan, K.L., Amla, N.: Automatic abstraction without counterexamples. In: Garavel, H., Hatcliff, J. (eds.) ETAPS 2003 and TACAS 2003. LNCS, vol. 2619, pp. 2–17. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  20. Namjoshi, K.S., Kurshan, R.P.: Syntactic program transformations for automatic abstraction. In: Emerson, E.A., Sistla, A.P. (eds.) CAV 2000. LNCS, vol. 1855, pp. 435–449. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  21. Purandare, M., Somenzi, F.: Vacuum cleaning CTL formulae. In: Brinksma, E., Larsen, K.G. (eds.) CAV 2002. LNCS, vol. 2404, pp. 485–499. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  22. Quielle, J.P., Sifakis, J.: Specification and verification of concurrent systems in CESAR. In: Proceedings of the Fifth Annual Symposium on Programming (1981)

    Google Scholar 

  23. Renieris, M., Reiss, S.P.: Fault localization with nearest neighbor queries. In: International Conference on Automated Software Engineering, Montreal, Canada, October 2003, pp. 30–39 (2003)

    Google Scholar 

  24. Rothermel, G., Harrold, M.J.: Empirical studies of a safe regression test selection technique. Software Engineering 24, 401–419 (1999)

    Article  Google Scholar 

  25. Staber, S., Jobstmann, B., Bloem, R.: Finding and fixing faults. In: Borrione, D., Paul, W. (eds.) CHARME 2005. LNCS, vol. 3725, pp. 35–49. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  26. Zeller, A.: Isolating cause-effect chains from computer programs. In: Daemen, J., Rijmen, V. (eds.) FSE 2002. LNCS, vol. 2365, pp. 1–10. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. NEC Laboratories America, 4 Independence way, Princeton, NJ, 08540, USA

    Chao Wang, Franjo Ivančić & Aarti Gupta

  2. Department of Computer Science, Western Michigan University, Kalamazoo, MI, 49008, USA

    Zijiang Yang

Authors
  1. Chao Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Zijiang Yang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Franjo Ivančić
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Aarti Gupta
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. VERIMAG, 2 Avenue de Vignate, Centre Equitation, 38610, Grenoble-Gières, France

    Susanne Graf

  2. Laboratory of Computer Science, Institute of Software, Chinese Academy of Sciences, Beijing, China

    Wenhui Zhang

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Wang, C., Yang, Z., Ivančić, F., Gupta, A. (2006). Whodunit? Causal Analysis for Counterexamples. In: Graf, S., Zhang, W. (eds) Automated Technology for Verification and Analysis. ATVA 2006. Lecture Notes in Computer Science, vol 4218. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11901914_9

Download citation

  • DOI: https://doi.org/10.1007/11901914_9

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-47237-7

  • Online ISBN: 978-3-540-47238-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics