Skip to main content

Error Invariants for Fault Localization via Abstract Interpretation

  • Conference paper
  • First Online:
Static Analysis (SAS 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14284))

Included in the following conference series:

Abstract

Fault localization aims to automatically identify the cause of an error in a program by localizing the error to a relatively small part of the program. In this paper, we present a novel technique for automated fault localization via error invariants inferred by abstract interpretation. An error invariant for a location in an error program over-approximates the reachable states at the given location that may produce the error, if the execution of the program is continued from that location. Error invariants can be used for statement-wise semantic slicing of error programs and for obtaining concise error explanations. We use an iterative refinement sequence of backward-forward static analyses by abstract interpretation to compute error invariants, which are designed to explain why an error program violates a particular assertion. We demonstrate the effectiveness of our approach to localize errors in realistic C programs.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    \(p[^{l_1:} s ^{l_2}]\) is a complete program in which statement s is inserted at the place of hole.

  2. 2.

    Concretization-based abstraction is a relaxation of the known Galois connection abstraction, which is more used in practice (e.g., Polyhedra domain).

  3. 3.

    The other known logic formula-based tool [4, 20] is not available online.

References

  1. Bourdoncle, F.: Abstract debugging of higher-order imperative languages. In: Proceedings of the ACM SIGPLAN 1993 Conference on Programming Language Design and Implementation (PLDI), pp. 46–55. ACM (1993). https://doi.org/10.1145/155090.155095

  2. Bryant, R.E.: Graph-based algorithms for Boolean function manipulation. IEEE Trans. Comput. 35(8), 677–691 (1986). https://doi.org/10.1109/TC.1986.1676819

    Article  Google Scholar 

  3. Chen, J., Cousot, P.: A binary decision tree abstract domain functor. In: Blazy, S., Jensen, T. (eds.) SAS 2015. LNCS, vol. 9291, pp. 36–53. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-48288-9_3

    Chapter  Google Scholar 

  4. Christ, J., Ermis, E., Schäf, M., Wies, T.: Flow-sensitive fault localization. In: Giacobazzi, R., Berdine, J., Mastroeni, I. (eds.) VMCAI 2013. LNCS, vol. 7737, pp. 189–208. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-35873-9_13

    Chapter  Google Scholar 

  5. Christakis, M., Heizmann, M., Mansur, M.N., Schilling, C., Wüstholz, V.: Semantic fault localization and suspiciousness ranking. In: Vojnar, T., Zhang, L. (eds.) TACAS 2019, Part I. LNCS, vol. 11427, pp. 226–243. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-17462-0_13

    Chapter  Google Scholar 

  6. Clarke, E., Kroening, D., Lerda, F.: A tool for checking ANSI-C programs. In: Jensen, K., Podelski, A. (eds.) TACAS 2004. LNCS, vol. 2988, pp. 168–176. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24730-2_15

    Chapter  Google Scholar 

  7. Cousot, P., Cousot, R.: Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints. In: Conference Record of the Fourth ACM Symposium on POPL, pp. 238–252. ACM (1977). https://doi.org/10.1145/512950.512973, http://doi.acm.org/10.1145/512950.512973

  8. Cousot, P., et al.: The ASTREÉ analyzer. In: Sagiv, M. (ed.) ESOP 2005. LNCS, vol. 3444, pp. 21–30. Springer, Heidelberg (2005). https://doi.org/10.1007/978-3-540-31987-0_3

    Chapter  Google Scholar 

  9. Cousot, P., Cousot, R., Feret, J., Mauborgne, L., Miné, A., Rival, X.: Why does ASTRÉE scale up? Formal Methods Syst. Design 35(3), 229–264 (2009). https://doi.org/10.1007/s10703-009-0089-6

    Article  Google Scholar 

  10. Cousot, P., Cousot, R., Mauborgne, L.: A scalable segmented decision tree abstract domain. In: Manna, Z., Peled, D.A. (eds.) Time for Verification. LNCS, vol. 6200, pp. 72–95. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-13754-9_5

    Chapter  Google Scholar 

  11. Dimovski, A.S.: A binary decision diagram lifted domain for analyzing program families. J. Comput. Lang. 63, 101032 (2021). https://doi.org/10.1016/j.cola.2021.101032

    Article  Google Scholar 

  12. Dimovski, A.S.: Lifted termination analysis by abstract interpretation and its applications. In: GPCE 2021: Concepts and Experiences, Chicago, IL, USA, October 2021, pp. 96–109. ACM (2021). https://doi.org/10.1145/3486609.3487202

  13. Dimovski, A.S.: Quantitative program sketching using lifted static analysis. In: FASE 2022. LNCS, vol. 13241, pp. 102–122. Springer, Cham (2022). https://doi.org/10.1007/978-3-030-99429-7_6

    Chapter  Google Scholar 

  14. Dimovski, A.S.: Artifact for the paper “error invariants for fault localization via abstract interpretation”. Zenodo (2023). https://doi.org/10.5281/zenodo.8167960

  15. Dimovski, A.S.: Quantitative program sketching using decision tree-based lifted analysis. J. Comput. Lang. 75, 101206 (2023). https://doi.org/10.1016/j.cola.2023.101206

    Article  Google Scholar 

  16. Dimovski, A.S., Apel, S.: Lifted static analysis of dynamic program families by abstract interpretation. In: 35th European Conference on Object-Oriented Programming, ECOOP 2021. LIPIcs, vol. 194, pp. 14:1–14:28. Schloss Dagstuhl - Leibniz-Zentrum für Informatik (2021). https://doi.org/10.4230/LIPIcs.ECOOP.2021.14

  17. Dimovski, A.S., Apel, S., Legay, A.: Program sketching using lifted analysis for numerical program families. In: Dutle, A., Moscato, M.M., Titolo, L., Muñoz, C.A., Perez, I. (eds.) NFM 2021. LNCS, vol. 12673, pp. 95–112. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-76384-8_7

    Chapter  Google Scholar 

  18. Dimovski, A.S., Apel, S., Legay, A.: Several lifted abstract domains for static analysis of numerical program families. Sci. Comput. Program. 213, 102725 (2022). https://doi.org/10.1016/j.scico.2021.102725

    Article  Google Scholar 

  19. Dimovski, A.S., Legay, A.: Computing program reliability using forward-backward precondition analysis and model counting. In: FASE 2020. LNCS, vol. 12076, pp. 182–202. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-45234-6_9

    Chapter  Google Scholar 

  20. Ermis, E., Schäf, M., Wies, T.: Error invariants. In: Giannakopoulou, D., Méry, D. (eds.) FM 2012. LNCS, vol. 7436, pp. 187–201. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-32759-9_17

    Chapter  Google Scholar 

  21. Graves, T.L., Harrold, M.J., Kim, J., Porter, A.A., Rothermel, G.: An empirical study of regression test selection techiques. ACM Trans. Softw. Eng. Methodol. 10(2), 184–208 (2001). https://doi.org/10.1145/367008.367020

    Article  Google Scholar 

  22. Greitschus, M., Dietsch, D., Heizmann, M., Nutz, A., Schätzle, C., Schilling, C., Schüssele, F., Podelski, A.: Ultimate taipan: trace abstraction and abstract interpretation. In: Legay, A., Margaria, T. (eds.) TACAS 2017, Part II. LNCS, vol. 10206, pp. 399–403. Springer, Heidelberg (2017). https://doi.org/10.1007/978-3-662-54580-5_31

    Chapter  Google Scholar 

  23. Harris, W.R., Sankaranarayanan, S., Ivancic, F., Gupta, A.: Program analysis via satisfiability modulo path programs. In: Proceedings of the 37th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2010, Madrid, Spain, 17–23 January 2010, pp. 71–82. ACM (2010). https://doi.org/10.1145/1706299.1706309

  24. Jeannet, B.: Relational interprocedural verification of concurrent programs. In: Seventh IEEE International Conference on Software Engineering and Formal Methods, SEFM 2009, pp. 83–92. IEEE Computer Society (2009). https://doi.org/10.1109/SEFM.2009.29

  25. Jeannet, B., Miné, A.: Apron: a library of numerical abstract domains for static analysis. In: Bouajjani, A., Maler, O. (eds.) CAV 2009. LNCS, vol. 5643, pp. 661–667. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-02658-4_52

    Chapter  Google Scholar 

  26. Jose, M., Majumdar, R.: Cause clue clauses: error localization using maximum satisfiability. In: Proceedings of the 32nd ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2011, pp. 437–446. ACM (2011). https://doi.org/10.1145/1993498.1993550

  27. King, J.C.: Symbolic execution and program testing. Commun. ACM 19(7), 385–394 (1976). https://doi.org/10.1145/360248.360252

    Article  MathSciNet  Google Scholar 

  28. Miné, A.: Backward under-approximations in numeric abstract domains to automatically infer sufficient program conditions. Sci. Comput. Program. 93, 154–182 (2014). https://doi.org/10.1016/j.scico.2013.09.014

    Article  Google Scholar 

  29. Miné, A.: Tutorial on static inference of numeric invariants by abstract interpretation. Found. Trends Program. Lang. 4(3–4), 120–372 (2017). https://doi.org/10.1561/2500000034

    Article  Google Scholar 

  30. de Moura, L., Bjørner, N.: Z3: an efficient SMT solver. In: Ramakrishnan, C.R., Rehof, J. (eds.) TACAS 2008. LNCS, vol. 4963, pp. 337–340. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-78800-3_24

    Chapter  Google Scholar 

  31. Nguyen, H.D.T., Qi, D., Roychoudhury, A., Chandra, S.: SemFix: program repair via semantic analysis. In: 35th International Conference on Software Engineering, ICSE 2013, pp. 772–781. IEEE Computer Society (2013). https://doi.org/10.1109/ICSE.2013.6606623

  32. Rival, X.: Understanding the origin of alarms in ASTRÉE. In: Hankin, C., Siveroni, I. (eds.) SAS 2005. LNCS, vol. 3672, pp. 303–319. Springer, Heidelberg (2005). https://doi.org/10.1007/11547662_21

    Chapter  Google Scholar 

  33. Rothenberg, B.-C., Grumberg, O.: Must fault localization for program repair. In: Lahiri, S.K., Wang, C. (eds.) CAV 2020, Part II. LNCS, vol. 12225, pp. 658–680. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-53291-8_33

    Chapter  Google Scholar 

  34. Solar-Lezama, A.: Program sketching. STTT 15(5–6), 475–495 (2013). https://doi.org/10.1007/s10009-012-0249-7

    Article  Google Scholar 

  35. Urban, C., Miné, A.: A decision tree abstract domain for proving conditional termination. In: Müller-Olm, M., Seidl, H. (eds.) SAS 2014. LNCS, vol. 8723, pp. 302–318. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-10936-7_19

    Chapter  Google Scholar 

  36. Yin, B., Chen, L., Liu, J., Wang, J., Cousot, P.: Verifying numerical programs via iterative abstract testing. In: Chang, B.-Y.E. (ed.) SAS 2019. LNCS, vol. 11822, pp. 247–267. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-32304-2_13

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Aleksandar S. Dimovski .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Dimovski, A.S. (2023). Error Invariants for Fault Localization via Abstract Interpretation. In: Hermenegildo, M.V., Morales, J.F. (eds) Static Analysis. SAS 2023. Lecture Notes in Computer Science, vol 14284. Springer, Cham. https://doi.org/10.1007/978-3-031-44245-2_10

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-44245-2_10

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-44244-5

  • Online ISBN: 978-3-031-44245-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics