Yet a Better Error Explanation Algorithm


Error explanation [GV03, GCKS06] is a formal approach to automate diagnosis of software programs with the aid of a Satisfiability (SAT)-based model checker. Firstly, the semantics of the program is modeled as a Finite State Machine (FSM) and is encoded into an instance of the SAT problem [CKL04]. Given a specification expressed in a formal logic which does not hold on the FSM, error explanation utilizes the model checker to produce a pair of similar failing and successful execution traces and highlights the differences of the execution traces as a possible explanation of the error. Thus, an explanation corresponds to a set of locations of the program source. More precisely, in SAT-based model checking execution traces correspond to assignments of logic variables in the SAT instance. The logic variables are used to capture the possible valuations of the program variables. The domains of the logic variables depend on the logic in use. Similarity of execution traces can then be expressed leveraging a distance metric which counts the number of values for which the two execution traces are different. Suppose (A, B) is a pair of a failing and a successful execution trace which correspond to the sequences a = (a 1 ,. .. , a n) and b = (b 1 ,. .. , b n) of logic variables, respectively. The distance metric is then defined as n i=1 (1 − δ a i b i) where the Kronecker delta function δ ij evaluates to 1 only if i = j and to 0 otherwise. Experiments on practical examples, however, revealed that using this distance metric often leads to useless explanations which are characterized by the fact that they do not contain the location of the real error. This may happen because error explanation produces a successful execution trace altering an input which avoids the erroneous part of the program source. As a consequence, the logic variables encoding the program variables in the erroneous part of the source code become don't cares and a SAT-based model checker can assign them any value during SAT checking. In this case, error explanation needs guidance by a human, who provides additional assumptions to explain an error accurately. Groce et al. [GCKS06] called this phenomenon the implication-antecedent problem when they observed this issue during property checking. For particular properties of the form (A → C), error explanation computed successful execution traces which do not …

Extracted Key Phrases

Cite this paper

@inproceedings{Riener2012YetAB, title={Yet a Better Error Explanation Algorithm}, author={Heinz Riener and G{\"{o}rschwin Fey}, year={2012} }