research-article

Explaining Software Failures by Cascade Fault Localization

Authors:
Qiuping Yi

Chinese Academy of Sciences, Beijing, China

Chinese Academy of Sciences, Beijing, China
View Profile

,
Zijiang Yang

Western Michigan University, Kalamazoo, MI

Western Michigan University, Kalamazoo, MI
View Profile

,
Jian Liu

Chinese Academy of Sciences, Beijing, China

Chinese Academy of Sciences, Beijing, China
View Profile

,
Chen Zhao

Chinese Academy of Sciences, Beijing, China

Chinese Academy of Sciences, Beijing, China
View Profile

,
Chao Wang

Virginia Polytechnic Institute and State University, Blacksburg, VA

Virginia Polytechnic Institute and State University, Blacksburg, VA
View Profile

ACM Transactions on Design Automation of Electronic Systems Volume 20 Issue 3Article No.: 41pp 1–28https://doi.org/10.1145/2738038

Published:24 June 2015Publication History

ACM Transactions on Design Automation of Electronic Systems

Abstract

During software debugging, a significant amount of effort is required for programmers to identify the root cause of a manifested failure. In this article, we propose a cascade fault localization method to help speed up this labor-intensive process via a combination of weakest precondition computation and constraint solving. Our approach produces a cause tree, where each node is a potential cause of the failure and each edge represents a casual relationship between two causes. There are two main contributions of this article that differentiate our approach from existing methods. First, our method systematically computes all potential causes of a failure and augments each cause with a proper context for ease of comprehension by the user. Second, our method organizes the potential causes in a tree structure to enable on-the-fly pruning based on domain knowledge and feedback from the user. We have implemented our new method in a software tool called CaFL, which builds upon the LLVM compiler and KLEE symbolic virtual machine. We have conducted experiments on a large set of public benchmarks, including real applications from GNU Coreutils and Busybox. Our results show that in most cases the user has to examine only a small fraction of the execution trace before identifying the root cause of the failure.

References

Hiralal Agrawal and Joseph R. Horgan. 1990. Dynamic program slicing. In Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation. 246--256. Google ScholarDigital Library
Gogul Balakrishnan and Malay Ganai. 2008. PED: Proof-guided error diagnosis by triangulation of program error causes. In Proceedings of the International Conference on Software Engineering and Formal Methods. 268--278. Google ScholarDigital Library
Thomas Ball, Mayur Naik, and Sriram K. Rajamani. 2003. From symptom to cause: localizing errors in counterexample traces. In Proceedings of the ACM SIGACT-SIGPLAN Symposium on Principles of Programming Languages. 97--105. Google ScholarDigital Library
Ansuman Banerjee, Abhik Roychoudhury, Johannes A. Harlie, and Zhenkai Liang. 2010. Golden implementation driven software debugging. In Proceedings of the ACM SIGSOFT Symposium on Foundations of Software Engineering. 177--186. Google ScholarDigital Library
Mitra Tabaei Befrouei, Chao Wang, and Georg Weissenbacher. 2014. Abstraction and mining of traces to explain concurrency bugs. In Proceedings of the International Conference on Runtime Verification. 162--177.Google ScholarCross Ref
Boris Beizer. 1990. Software Testing Techniques. Van Nostrand Reinhold Co., New York. Google ScholarDigital Library
Busybox. http://busybox.net/.Google Scholar
Cristian Cadar, Daniel Dunbar, and Dawson Engler. 2008. KLEE: Unassisted and automatic generation of high-coverage tests for complex systems programs. In Proceedings of the USENIX Symposium on Operating Systems Design and Implementation. 209--224. Google ScholarDigital Library
Jürgen Christ, Evren Ermis, Martin Schäf, and Thomas Wies. 2013. Flow-sensitive fault localization. In Proceedings of the International Conference on Verification, Model Checking, and Abstract Interpretation. Lecture Notes in Computer Science, vol. 7737, 189--208.Google ScholarDigital Library
Holger Cleve and Andreas Zeller. 2005. Locating causes of program failures. In Proceedings of the International Conference on Software Engineering. 342--351. Google ScholarDigital Library
Coreutils. http://www.gnu.org/software/coreutils/.Google Scholar
William Craig. 1957. Three uses of the herbrand-gentzen theorem in relating model theory and proof theory. J. Symb. Logic 22, 3, 269--285.Google ScholarCross Ref
Edsger Wybe Dijkstra. 1976. A Discipline of Programming. Prentice-Hall, Englewood Cliffs, NJ.Google Scholar
Hyunsook Do, Sebastian Elbaum, and Gregg Rothermel. 2005. Supporting controlled experimentation with testing techniques: An infrastructure and its potential impact. Empirical Softw. Eng. 10, 4, 405--435. Google ScholarDigital Library
Evren Ermis, Martin Schäf, and Thomas Wies. 2012. Error invariants. In Proceedings of the International Symposium on Formal Methods. Lecture Notes in Computer Science, vol. 7436, 187--201.Google ScholarCross Ref
Vijay Ganesh and David L. Dill. 2007. A decision procedure for bit-vectors and arrays. In Proceedings of the International Conference on Computer Aided Verification. 519--531. Google ScholarDigital Library
Andreas Griesmayer, Roderick Bloem, and Byron Cook. 2006. Repair of Boolean programs with an application to C. In Proceedings of the International Conference on Computer Aided Verification. 358--371. Google ScholarDigital Library
Andreas Griesmayer, Stefan Staber, and Roderick Bloem. 2007. Automated Fault Localization for C Programs. Electron. Notes Theor. Comput. Sci. 174, 4, 95--111. Google ScholarDigital Library
Alex Groce, Sagar Chaki, Daniel Kroening, and Ofer Strichman. 2006. Error explanation with distance metrics. Int. J. Softw. Tools Technol. Transf. 8, 3, 229--247. Google ScholarDigital Library
Alex Groce, Daniel Kroening, and Flavio Lerda. 2004. Understanding counterexamples with explain. In Proceedings of the International Conference on Computer Aided Verification. 453--456.Google ScholarCross Ref
Alex Groce and Willem Visser. 2003. What went wrong: explaining counterexamples. In Proceedings of the International SPIN Workshop on Model Checking Software. 121--136. Google ScholarDigital Library
Tibor Gyimóthy, Árpád Beszédes, and Istán Forgács. 1999. An efficient relevant slicing method for debugging. In Proceedings of the ACM SIGSOFT Symposium on Foundations of Software Engineering. 303--321. Google ScholarDigital Library
Manu Jose and Rupak Majumdar. 2011a. Bug-Assist: Assisting fault localization in ANSI-C programs. In Proceedings of the International Conference on Computer Aided Verification. 504--509. Google ScholarDigital Library
Manu Jose and Rupak Majumdar. 2011b. Cause clue clauses: error localization using maximum satisfiability. In Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation. 437--446. Google ScholarDigital Library
B. Korel and J. Laski. 1988. Dynamic program slicing. Inf. Process. Lett. 29, 3, 155--163. Google ScholarDigital Library
Chris Lattner. 2002. LLVM: An infrastructure for multi-stage optimization. Master's Thesis.Google Scholar
Dongyoon Lee, Mahmoud Said, Satish Narayanasamy, and Zijiang Yang. 2011. Offline symbolic analysis to infer total store order. In Proceedings of the IEEE International Symposium on High Performance Computer Architecture. Google ScholarDigital Library
Dongyoon Lee, Mahmoud Said, Satish Narayanasamy, Zijiang Yang, and Cristiano Pereira. 2009. Offline symbolic analysis for multi-processor execution replay. In Proceedings of the IEEE/ACM International Symposium on Microarchitecture. 564--575. Google ScholarDigital Library
Mark H. Liffiton and Karem A. Sakallah. 2008. Algorithms for computing minimal unsatisfiable subsets of constraints. J. Autom. Reasoning 40, 1, 1--33. Google ScholarDigital Library
Yongmei Y. Liu and Bing Li. 2010. Automated program debugging via multiple predicate switching. In Proceedings of the AAAI Conference on Artificial Intelligence. 327--332.Google Scholar
Inês Lynce and Joao Marques-Silva. 2004. On computing minimum unsatisfiable cores. In Proceedings of the International Conference on Theory and Applications of Satisfiability Testing (SAT'04).Google Scholar
Vijayaraghavan Murali, Nishant Sinha, Emina Torlak, and Satish Chandra. 2014. What gives? A hybrid algorithm for error trace explanation. In Proceedings of the 6th International Conference on Verified Software: Theories, Tools and Experiments (VSTTE'14). 270--286.Google ScholarCross Ref
Brock Pytlik, Manos Renieris, Shriram Krishnamurthi, and Steven P. Reiss. 2003. Automated fault localization using potential invariants. CoRR cs.SE/0310040 (2003).Google Scholar
Dawei Qi, Abhik Roychoudhury, Zhenkai Liang, and Kapil Vaswani. 2009. Darwin: An approach for debugging evolving programs. In Proceedings of the ACM SIGSOFT Symposium on Foundations of Software Engineering. 33--42. Google ScholarDigital Library
Manos Renieris and Steven P. Reiss. 2003. Fault localization with nearest neighbor queries. In Proceedings of the IEEE/ACM International Conference On Automated Software Engineering. 30--39.Google Scholar
Jeremias RöBler, Gordon Fraser, Andreas Zeller, and Alessandro Orso. 2012. Isolating failure causes through test case generation. In Proceedings of the International Symposium on Software Testing and Analysis. 309--319. Google ScholarDigital Library
Swarup Kumar Sahoo, John Criswell, Chase Geigle, and Vikram Adve. 2013. Using likely invariants for automated software fault localization. In Proceedings of the International Conference on Architectural Support for Programming Languages and Operating Systems. 139--152. Google ScholarDigital Library
Chao Wang, Zijiang Yang, Franjo Ivančić, and Aarti Gupta. 2006. Whodunit? Causal analysis for counterexamples. In Proceedings of the International Symposium on Automated Technology for Verification and Analysis. 82--95. Google ScholarDigital Library
Mark Weiser. 1984. Program slicing.IEEE Trans. Software Eng. SE-10, 4, 352--357. Google ScholarDigital Library
Qiuping Yi, Zijiang Yang, Jian Liu, Chen Zhao, and ChaoWang. 2015. A synergistic analysis method for explaining failed regression tests. In Proceedings of the International Conference on Software Engineering (ICSE'15).Google ScholarCross Ref
Yices: An SMT Solver. In http://yices.csl.com/.Google Scholar
Andreas Zeller. 2002. Isolating cause-effect chains from computer programs. In Proceedings of the ACM SIGSOFT Symposium on Foundations of Software Engineering. 1--10. Google ScholarDigital Library
Lintao Zhang and Sharad Malik. 2003. Validating SAT solvers using an independent resolution-based checker: Practical implementations and other applications. In Proceedings of the Conference on Design, Automation and Test in Europe (DATE'03). 880--885. Google ScholarDigital Library
Xiangyu Zhang, Neelam Gupta, and Rajiv Gupta. 2006. Locating faults through automated predicate switching. In Proceedings of the International Conference on Software Engineering. 272--281. Google ScholarDigital Library
Xiangyu Zhang, Sriraman Tallam, Neelam Gupta, and Rajiv Gupta. 2007. Towards locating execution omission errors. In Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation. 415--424. Google ScholarDigital Library

Index Terms

Explaining Software Failures by Cascade Fault Localization
1. Software and its engineering
  1. Software creation and management
    1. Software verification and validation
      1. Software defect analysis
        Software testing and debugging
2. Theory of computation
  1. Logic
  2. Semantics and reasoning
    1. Program reasoning

Recommendations

Using likely invariants for automated software fault localization
ASPLOS '13: Proceedings of the eighteenth international conference on Architectural support for programming languages and operating systems

We propose an automatic diagnosis technique for isolating the root cause(s) of software failures. We use likely program invariants, automatically generated using correct inputs that are close to the fault-triggering input, to select a set of candidate ...
Read More
Using likely invariants for automated software fault localization
ASPLOS '13

We propose an automatic diagnosis technique for isolating the root cause(s) of software failures. We use likely program invariants, automatically generated using correct inputs that are close to the fault-triggering input, to select a set of candidate ...
Read More
F3: fault localization for field failures
ISSTA 2013: Proceedings of the 2013 International Symposium on Software Testing and Analysis

Reproducing and debugging field failures--failures that occur on user machines after release--are challenging tasks for developers. To help the first task, in previous work we have proposed BugRedux, a technique for reproducing, in-house, failures ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Published in
ACM Transactions on Design Automation of Electronic Systems Volume 20, Issue 3
June 2015
345 pages
ISSN:1084-4309
EISSN:1557-7309
DOI:10.1145/2796316
Editor:
Naehyuck Chang
Korea Advanced Institute of Science and Technology, Korea
Issue’s Table of Contents
Copyright © 2015 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States

Journal Family
ACM Journals for the Design of Smart and Connected Systems
Publication History
- Published: 24 June 2015
- Accepted: 1 February 2015
- Revised: 1 December 2014
- Received: 1 February 2014
Published in todaes Volume 20, Issue 3

Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
constraint
fault localization
satisfiability modulo theory (SMT)
weakest precondition
Qualifiers
- research-article
- Research
- Refereed
Conference
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 5
  Total Citations
  View Citations
- 263
  Total Downloads
- Downloads (Last 12 months)11
- Downloads (Last 6 weeks)3
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.