Abstract
Fault localization aims to automatically identify the cause of an error in a program by localizing the error to a relatively small part of the program. In this paper, we present a novel technique for automated fault localization via error invariants inferred by abstract interpretation. An error invariant for a location in an error program over-approximates the reachable states at the given location that may produce the error, if the execution of the program is continued from that location. Error invariants can be used for statement-wise semantic slicing of error programs and for obtaining concise error explanations. We use an iterative refinement sequence of backward-forward static analyses by abstract interpretation to compute error invariants, which are designed to explain why an error program violates a particular assertion. We demonstrate the effectiveness of our approach to localize errors in realistic C programs.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
\(p[^{l_1:} s ^{l_2}]\) is a complete program in which statement s is inserted at the place of hole.
- 2.
Concretization-based abstraction is a relaxation of the known Galois connection abstraction, which is more used in practice (e.g., Polyhedra domain).
- 3.
References
Bourdoncle, F.: Abstract debugging of higher-order imperative languages. In: Proceedings of the ACM SIGPLAN 1993 Conference on Programming Language Design and Implementation (PLDI), pp. 46–55. ACM (1993). https://doi.org/10.1145/155090.155095
Bryant, R.E.: Graph-based algorithms for Boolean function manipulation. IEEE Trans. Comput. 35(8), 677–691 (1986). https://doi.org/10.1109/TC.1986.1676819
Chen, J., Cousot, P.: A binary decision tree abstract domain functor. In: Blazy, S., Jensen, T. (eds.) SAS 2015. LNCS, vol. 9291, pp. 36–53. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-48288-9_3
Christ, J., Ermis, E., Schäf, M., Wies, T.: Flow-sensitive fault localization. In: Giacobazzi, R., Berdine, J., Mastroeni, I. (eds.) VMCAI 2013. LNCS, vol. 7737, pp. 189–208. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-35873-9_13
Christakis, M., Heizmann, M., Mansur, M.N., Schilling, C., Wüstholz, V.: Semantic fault localization and suspiciousness ranking. In: Vojnar, T., Zhang, L. (eds.) TACAS 2019, Part I. LNCS, vol. 11427, pp. 226–243. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-17462-0_13
Clarke, E., Kroening, D., Lerda, F.: A tool for checking ANSI-C programs. In: Jensen, K., Podelski, A. (eds.) TACAS 2004. LNCS, vol. 2988, pp. 168–176. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24730-2_15
Cousot, P., Cousot, R.: Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints. In: Conference Record of the Fourth ACM Symposium on POPL, pp. 238–252. ACM (1977). https://doi.org/10.1145/512950.512973, http://doi.acm.org/10.1145/512950.512973
Cousot, P., et al.: The ASTREÉ analyzer. In: Sagiv, M. (ed.) ESOP 2005. LNCS, vol. 3444, pp. 21–30. Springer, Heidelberg (2005). https://doi.org/10.1007/978-3-540-31987-0_3
Cousot, P., Cousot, R., Feret, J., Mauborgne, L., Miné, A., Rival, X.: Why does ASTRÉE scale up? Formal Methods Syst. Design 35(3), 229–264 (2009). https://doi.org/10.1007/s10703-009-0089-6
Cousot, P., Cousot, R., Mauborgne, L.: A scalable segmented decision tree abstract domain. In: Manna, Z., Peled, D.A. (eds.) Time for Verification. LNCS, vol. 6200, pp. 72–95. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-13754-9_5
Dimovski, A.S.: A binary decision diagram lifted domain for analyzing program families. J. Comput. Lang. 63, 101032 (2021). https://doi.org/10.1016/j.cola.2021.101032
Dimovski, A.S.: Lifted termination analysis by abstract interpretation and its applications. In: GPCE 2021: Concepts and Experiences, Chicago, IL, USA, October 2021, pp. 96–109. ACM (2021). https://doi.org/10.1145/3486609.3487202
Dimovski, A.S.: Quantitative program sketching using lifted static analysis. In: FASE 2022. LNCS, vol. 13241, pp. 102–122. Springer, Cham (2022). https://doi.org/10.1007/978-3-030-99429-7_6
Dimovski, A.S.: Artifact for the paper “error invariants for fault localization via abstract interpretation”. Zenodo (2023). https://doi.org/10.5281/zenodo.8167960
Dimovski, A.S.: Quantitative program sketching using decision tree-based lifted analysis. J. Comput. Lang. 75, 101206 (2023). https://doi.org/10.1016/j.cola.2023.101206
Dimovski, A.S., Apel, S.: Lifted static analysis of dynamic program families by abstract interpretation. In: 35th European Conference on Object-Oriented Programming, ECOOP 2021. LIPIcs, vol. 194, pp. 14:1–14:28. Schloss Dagstuhl - Leibniz-Zentrum für Informatik (2021). https://doi.org/10.4230/LIPIcs.ECOOP.2021.14
Dimovski, A.S., Apel, S., Legay, A.: Program sketching using lifted analysis for numerical program families. In: Dutle, A., Moscato, M.M., Titolo, L., Muñoz, C.A., Perez, I. (eds.) NFM 2021. LNCS, vol. 12673, pp. 95–112. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-76384-8_7
Dimovski, A.S., Apel, S., Legay, A.: Several lifted abstract domains for static analysis of numerical program families. Sci. Comput. Program. 213, 102725 (2022). https://doi.org/10.1016/j.scico.2021.102725
Dimovski, A.S., Legay, A.: Computing program reliability using forward-backward precondition analysis and model counting. In: FASE 2020. LNCS, vol. 12076, pp. 182–202. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-45234-6_9
Ermis, E., Schäf, M., Wies, T.: Error invariants. In: Giannakopoulou, D., Méry, D. (eds.) FM 2012. LNCS, vol. 7436, pp. 187–201. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-32759-9_17
Graves, T.L., Harrold, M.J., Kim, J., Porter, A.A., Rothermel, G.: An empirical study of regression test selection techiques. ACM Trans. Softw. Eng. Methodol. 10(2), 184–208 (2001). https://doi.org/10.1145/367008.367020
Greitschus, M., Dietsch, D., Heizmann, M., Nutz, A., Schätzle, C., Schilling, C., Schüssele, F., Podelski, A.: Ultimate taipan: trace abstraction and abstract interpretation. In: Legay, A., Margaria, T. (eds.) TACAS 2017, Part II. LNCS, vol. 10206, pp. 399–403. Springer, Heidelberg (2017). https://doi.org/10.1007/978-3-662-54580-5_31
Harris, W.R., Sankaranarayanan, S., Ivancic, F., Gupta, A.: Program analysis via satisfiability modulo path programs. In: Proceedings of the 37th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2010, Madrid, Spain, 17–23 January 2010, pp. 71–82. ACM (2010). https://doi.org/10.1145/1706299.1706309
Jeannet, B.: Relational interprocedural verification of concurrent programs. In: Seventh IEEE International Conference on Software Engineering and Formal Methods, SEFM 2009, pp. 83–92. IEEE Computer Society (2009). https://doi.org/10.1109/SEFM.2009.29
Jeannet, B., Miné, A.: Apron: a library of numerical abstract domains for static analysis. In: Bouajjani, A., Maler, O. (eds.) CAV 2009. LNCS, vol. 5643, pp. 661–667. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-02658-4_52
Jose, M., Majumdar, R.: Cause clue clauses: error localization using maximum satisfiability. In: Proceedings of the 32nd ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2011, pp. 437–446. ACM (2011). https://doi.org/10.1145/1993498.1993550
King, J.C.: Symbolic execution and program testing. Commun. ACM 19(7), 385–394 (1976). https://doi.org/10.1145/360248.360252
Miné, A.: Backward under-approximations in numeric abstract domains to automatically infer sufficient program conditions. Sci. Comput. Program. 93, 154–182 (2014). https://doi.org/10.1016/j.scico.2013.09.014
Miné, A.: Tutorial on static inference of numeric invariants by abstract interpretation. Found. Trends Program. Lang. 4(3–4), 120–372 (2017). https://doi.org/10.1561/2500000034
de Moura, L., Bjørner, N.: Z3: an efficient SMT solver. In: Ramakrishnan, C.R., Rehof, J. (eds.) TACAS 2008. LNCS, vol. 4963, pp. 337–340. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-78800-3_24
Nguyen, H.D.T., Qi, D., Roychoudhury, A., Chandra, S.: SemFix: program repair via semantic analysis. In: 35th International Conference on Software Engineering, ICSE 2013, pp. 772–781. IEEE Computer Society (2013). https://doi.org/10.1109/ICSE.2013.6606623
Rival, X.: Understanding the origin of alarms in ASTRÉE. In: Hankin, C., Siveroni, I. (eds.) SAS 2005. LNCS, vol. 3672, pp. 303–319. Springer, Heidelberg (2005). https://doi.org/10.1007/11547662_21
Rothenberg, B.-C., Grumberg, O.: Must fault localization for program repair. In: Lahiri, S.K., Wang, C. (eds.) CAV 2020, Part II. LNCS, vol. 12225, pp. 658–680. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-53291-8_33
Solar-Lezama, A.: Program sketching. STTT 15(5–6), 475–495 (2013). https://doi.org/10.1007/s10009-012-0249-7
Urban, C., Miné, A.: A decision tree abstract domain for proving conditional termination. In: Müller-Olm, M., Seidl, H. (eds.) SAS 2014. LNCS, vol. 8723, pp. 302–318. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-10936-7_19
Yin, B., Chen, L., Liu, J., Wang, J., Cousot, P.: Verifying numerical programs via iterative abstract testing. In: Chang, B.-Y.E. (ed.) SAS 2019. LNCS, vol. 11822, pp. 247–267. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-32304-2_13
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Dimovski, A.S. (2023). Error Invariants for Fault Localization via Abstract Interpretation. In: Hermenegildo, M.V., Morales, J.F. (eds) Static Analysis. SAS 2023. Lecture Notes in Computer Science, vol 14284. Springer, Cham. https://doi.org/10.1007/978-3-031-44245-2_10
Download citation
DOI: https://doi.org/10.1007/978-3-031-44245-2_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-44244-5
Online ISBN: 978-3-031-44245-2
eBook Packages: Computer ScienceComputer Science (R0)