Abstract
During software debugging, a significant amount of effort is required for programmers to identify the root cause of a manifested failure. In this article, we propose a cascade fault localization method to help speed up this labor-intensive process via a combination of weakest precondition computation and constraint solving. Our approach produces a cause tree, where each node is a potential cause of the failure and each edge represents a casual relationship between two causes. There are two main contributions of this article that differentiate our approach from existing methods. First, our method systematically computes all potential causes of a failure and augments each cause with a proper context for ease of comprehension by the user. Second, our method organizes the potential causes in a tree structure to enable on-the-fly pruning based on domain knowledge and feedback from the user. We have implemented our new method in a software tool called CaFL, which builds upon the LLVM compiler and KLEE symbolic virtual machine. We have conducted experiments on a large set of public benchmarks, including real applications from GNU Coreutils and Busybox. Our results show that in most cases the user has to examine only a small fraction of the execution trace before identifying the root cause of the failure.
- Hiralal Agrawal and Joseph R. Horgan. 1990. Dynamic program slicing. In Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation. 246--256. Google ScholarDigital Library
- Gogul Balakrishnan and Malay Ganai. 2008. PED: Proof-guided error diagnosis by triangulation of program error causes. In Proceedings of the International Conference on Software Engineering and Formal Methods. 268--278. Google ScholarDigital Library
- Thomas Ball, Mayur Naik, and Sriram K. Rajamani. 2003. From symptom to cause: localizing errors in counterexample traces. In Proceedings of the ACM SIGACT-SIGPLAN Symposium on Principles of Programming Languages. 97--105. Google ScholarDigital Library
- Ansuman Banerjee, Abhik Roychoudhury, Johannes A. Harlie, and Zhenkai Liang. 2010. Golden implementation driven software debugging. In Proceedings of the ACM SIGSOFT Symposium on Foundations of Software Engineering. 177--186. Google ScholarDigital Library
- Mitra Tabaei Befrouei, Chao Wang, and Georg Weissenbacher. 2014. Abstraction and mining of traces to explain concurrency bugs. In Proceedings of the International Conference on Runtime Verification. 162--177.Google ScholarCross Ref
- Boris Beizer. 1990. Software Testing Techniques. Van Nostrand Reinhold Co., New York. Google ScholarDigital Library
- Busybox. http://busybox.net/.Google Scholar
- Cristian Cadar, Daniel Dunbar, and Dawson Engler. 2008. KLEE: Unassisted and automatic generation of high-coverage tests for complex systems programs. In Proceedings of the USENIX Symposium on Operating Systems Design and Implementation. 209--224. Google ScholarDigital Library
- Jürgen Christ, Evren Ermis, Martin Schäf, and Thomas Wies. 2013. Flow-sensitive fault localization. In Proceedings of the International Conference on Verification, Model Checking, and Abstract Interpretation. Lecture Notes in Computer Science, vol. 7737, 189--208.Google ScholarDigital Library
- Holger Cleve and Andreas Zeller. 2005. Locating causes of program failures. In Proceedings of the International Conference on Software Engineering. 342--351. Google ScholarDigital Library
- Coreutils. http://www.gnu.org/software/coreutils/.Google Scholar
- William Craig. 1957. Three uses of the herbrand-gentzen theorem in relating model theory and proof theory. J. Symb. Logic 22, 3, 269--285.Google ScholarCross Ref
- Edsger Wybe Dijkstra. 1976. A Discipline of Programming. Prentice-Hall, Englewood Cliffs, NJ.Google Scholar
- Hyunsook Do, Sebastian Elbaum, and Gregg Rothermel. 2005. Supporting controlled experimentation with testing techniques: An infrastructure and its potential impact. Empirical Softw. Eng. 10, 4, 405--435. Google ScholarDigital Library
- Evren Ermis, Martin Schäf, and Thomas Wies. 2012. Error invariants. In Proceedings of the International Symposium on Formal Methods. Lecture Notes in Computer Science, vol. 7436, 187--201.Google ScholarCross Ref
- Vijay Ganesh and David L. Dill. 2007. A decision procedure for bit-vectors and arrays. In Proceedings of the International Conference on Computer Aided Verification. 519--531. Google ScholarDigital Library
- Andreas Griesmayer, Roderick Bloem, and Byron Cook. 2006. Repair of Boolean programs with an application to C. In Proceedings of the International Conference on Computer Aided Verification. 358--371. Google ScholarDigital Library
- Andreas Griesmayer, Stefan Staber, and Roderick Bloem. 2007. Automated Fault Localization for C Programs. Electron. Notes Theor. Comput. Sci. 174, 4, 95--111. Google ScholarDigital Library
- Alex Groce, Sagar Chaki, Daniel Kroening, and Ofer Strichman. 2006. Error explanation with distance metrics. Int. J. Softw. Tools Technol. Transf. 8, 3, 229--247. Google ScholarDigital Library
- Alex Groce, Daniel Kroening, and Flavio Lerda. 2004. Understanding counterexamples with explain. In Proceedings of the International Conference on Computer Aided Verification. 453--456.Google ScholarCross Ref
- Alex Groce and Willem Visser. 2003. What went wrong: explaining counterexamples. In Proceedings of the International SPIN Workshop on Model Checking Software. 121--136. Google ScholarDigital Library
- Tibor Gyimóthy, Árpád Beszédes, and Istán Forgács. 1999. An efficient relevant slicing method for debugging. In Proceedings of the ACM SIGSOFT Symposium on Foundations of Software Engineering. 303--321. Google ScholarDigital Library
- Manu Jose and Rupak Majumdar. 2011a. Bug-Assist: Assisting fault localization in ANSI-C programs. In Proceedings of the International Conference on Computer Aided Verification. 504--509. Google ScholarDigital Library
- Manu Jose and Rupak Majumdar. 2011b. Cause clue clauses: error localization using maximum satisfiability. In Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation. 437--446. Google ScholarDigital Library
- B. Korel and J. Laski. 1988. Dynamic program slicing. Inf. Process. Lett. 29, 3, 155--163. Google ScholarDigital Library
- Chris Lattner. 2002. LLVM: An infrastructure for multi-stage optimization. Master's Thesis.Google Scholar
- Dongyoon Lee, Mahmoud Said, Satish Narayanasamy, and Zijiang Yang. 2011. Offline symbolic analysis to infer total store order. In Proceedings of the IEEE International Symposium on High Performance Computer Architecture. Google ScholarDigital Library
- Dongyoon Lee, Mahmoud Said, Satish Narayanasamy, Zijiang Yang, and Cristiano Pereira. 2009. Offline symbolic analysis for multi-processor execution replay. In Proceedings of the IEEE/ACM International Symposium on Microarchitecture. 564--575. Google ScholarDigital Library
- Mark H. Liffiton and Karem A. Sakallah. 2008. Algorithms for computing minimal unsatisfiable subsets of constraints. J. Autom. Reasoning 40, 1, 1--33. Google ScholarDigital Library
- Yongmei Y. Liu and Bing Li. 2010. Automated program debugging via multiple predicate switching. In Proceedings of the AAAI Conference on Artificial Intelligence. 327--332.Google Scholar
- Inês Lynce and Joao Marques-Silva. 2004. On computing minimum unsatisfiable cores. In Proceedings of the International Conference on Theory and Applications of Satisfiability Testing (SAT'04).Google Scholar
- Vijayaraghavan Murali, Nishant Sinha, Emina Torlak, and Satish Chandra. 2014. What gives? A hybrid algorithm for error trace explanation. In Proceedings of the 6th International Conference on Verified Software: Theories, Tools and Experiments (VSTTE'14). 270--286.Google ScholarCross Ref
- Brock Pytlik, Manos Renieris, Shriram Krishnamurthi, and Steven P. Reiss. 2003. Automated fault localization using potential invariants. CoRR cs.SE/0310040 (2003).Google Scholar
- Dawei Qi, Abhik Roychoudhury, Zhenkai Liang, and Kapil Vaswani. 2009. Darwin: An approach for debugging evolving programs. In Proceedings of the ACM SIGSOFT Symposium on Foundations of Software Engineering. 33--42. Google ScholarDigital Library
- Manos Renieris and Steven P. Reiss. 2003. Fault localization with nearest neighbor queries. In Proceedings of the IEEE/ACM International Conference On Automated Software Engineering. 30--39.Google Scholar
- Jeremias RöBler, Gordon Fraser, Andreas Zeller, and Alessandro Orso. 2012. Isolating failure causes through test case generation. In Proceedings of the International Symposium on Software Testing and Analysis. 309--319. Google ScholarDigital Library
- Swarup Kumar Sahoo, John Criswell, Chase Geigle, and Vikram Adve. 2013. Using likely invariants for automated software fault localization. In Proceedings of the International Conference on Architectural Support for Programming Languages and Operating Systems. 139--152. Google ScholarDigital Library
- Chao Wang, Zijiang Yang, Franjo Ivančić, and Aarti Gupta. 2006. Whodunit? Causal analysis for counterexamples. In Proceedings of the International Symposium on Automated Technology for Verification and Analysis. 82--95. Google ScholarDigital Library
- Mark Weiser. 1984. Program slicing.IEEE Trans. Software Eng. SE-10, 4, 352--357. Google ScholarDigital Library
- Qiuping Yi, Zijiang Yang, Jian Liu, Chen Zhao, and ChaoWang. 2015. A synergistic analysis method for explaining failed regression tests. In Proceedings of the International Conference on Software Engineering (ICSE'15).Google ScholarCross Ref
- Yices: An SMT Solver. In http://yices.csl.com/.Google Scholar
- Andreas Zeller. 2002. Isolating cause-effect chains from computer programs. In Proceedings of the ACM SIGSOFT Symposium on Foundations of Software Engineering. 1--10. Google ScholarDigital Library
- Lintao Zhang and Sharad Malik. 2003. Validating SAT solvers using an independent resolution-based checker: Practical implementations and other applications. In Proceedings of the Conference on Design, Automation and Test in Europe (DATE'03). 880--885. Google ScholarDigital Library
- Xiangyu Zhang, Neelam Gupta, and Rajiv Gupta. 2006. Locating faults through automated predicate switching. In Proceedings of the International Conference on Software Engineering. 272--281. Google ScholarDigital Library
- Xiangyu Zhang, Sriraman Tallam, Neelam Gupta, and Rajiv Gupta. 2007. Towards locating execution omission errors. In Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation. 415--424. Google ScholarDigital Library
Index Terms
- Explaining Software Failures by Cascade Fault Localization
Recommendations
Using likely invariants for automated software fault localization
ASPLOS '13: Proceedings of the eighteenth international conference on Architectural support for programming languages and operating systemsWe propose an automatic diagnosis technique for isolating the root cause(s) of software failures. We use likely program invariants, automatically generated using correct inputs that are close to the fault-triggering input, to select a set of candidate ...
Using likely invariants for automated software fault localization
ASPLOS '13We propose an automatic diagnosis technique for isolating the root cause(s) of software failures. We use likely program invariants, automatically generated using correct inputs that are close to the fault-triggering input, to select a set of candidate ...
F3: fault localization for field failures
ISSTA 2013: Proceedings of the 2013 International Symposium on Software Testing and AnalysisReproducing and debugging field failures--failures that occur on user machines after release--are challenging tasks for developers. To help the first task, in previous work we have proposed BugRedux, a technique for reproducing, in-house, failures ...
Comments