article

Explaining abstract counterexamples

Authors:

Ofer StrichmanAuthors Info & Claims

ACM SIGSOFT Software Engineering Notes, Volume 29, Issue 6

Pages 73 - 82

https://doi.org/10.1145/1041685.1029908

Published: 31 October 2004 Publication History

Abstract

When a program violates its specification a model checker produces a counterexample that shows an example of undesirable behavior. It is up to the user to understand the error, locate it, and fix the problem. Previous work introduced a technique for explaining and localizing errors based on finding the closest execution to a counterexample, with respect to a distance metric. That approach was applied only to concrete executions of programs. This paper extends and generalizes the approach by combining it with predicate abstraction. Using an abstract state-space increases scalability and makes explanations more informative. Differences between executions are presented in terms of predicates derived from the specification and program, rather than specific changes to variable values. Reasoning to the cause of an error from the factthat in the failing run x < y, but in the successful execution x = y is easier than reasoning from the information that in the failing run y = 239, but in the successful execution y = 232. An abstract explanation is <i>automatically generalized</i>

Predicate abstraction has previously been used in model checking purely as a state-space reduction technique. However, an abstraction good enough to enable a model checking tool to find an error is also likely to be useful as an <i>automatically generated high-level description of a state space</i> --- suitable for use by programmers. Results demonstrating the effectiveness of abstract explanations support this claim.

References

[1]

F. Aloul, A. Ramani, I. Markov, and K. Sakallah. PBS: A backtrack search pseudo Boolean solver. In Symposium on the theory and applications of satisfiability testing (SAT), pages 346--353, 2002.]]

[2]

B. Alpern, M. Wegman, and F. Zadeck. Detecting equality of variables in programs. In Principles of Programming Languages, pages 1--11, 1988.]]

Digital Library

[3]

P. Anderson and T. Teitelbaum. Software inspection using CodeSurfer. In Workshop on Inspection in Software Engineering, 2001.]]

[4]

T. Ball, M. Naik, and S. Rajamani. From symptom to cause: Localizing errors in counterexample traces. In Principles of Programming Languages, pages 97--105, 2003.]]

Digital Library

[5]

T. Ball and S. Rajamani. Automatically validating temporal safety properties of interfaces. In SPIN Workshop on Model Checking of Software, pages 103--122, 2001.]]

Digital Library

[6]

A. Biere, A. Cimatti, E. Clarke, and Y. Zhu. Symbolic model checking without BDDs. In Tools and Algorithms for the Construction and Analysis of Systems, pages 193--207, 1999.]]

[7]

S. Chaki, E. Clarke, A. Groce, S. Jha, and H. Veith. Modular verification of software components in C. IEEE Transactions on Software Engineering, 30(6):388--402, 2004.]]

Digital Library

[8]

S. Chaki, E. Clarke, A. Groce, and O. Strichman. Predicate abstraction with minimum predicates. In Advanced Research Working Conference on Correct Hardware Design and Verification Methods (CHARME), pages 19--34, 2003.]]

[9]

E. Clarke, O. Grumberg, S. Jha, Y. Lu, and H. Veith. Counterexample-guided abstraction refinement. In Computer-Aided Verification, pages 154--169, 2000.]]

Digital Library

[10]

E. Clarke, O. Grumberg, and D. Peled. Model Checking. MIT Press, 2000.]]

Digital Library

[11]

R. Gerth, D. Peled, M. Vardi, and P. Wolper. Simple on-the-fly automatic verification of linear temporal logic. In Protocol Specification Testing and Verification, pages 3--18, 1995.]]

Digital Library

[12]

S. Graf and H. Saidi. Construction of abstract state graphs with PVS. In Computer-Aided Verification, pages 72--83, 1997.]]

Digital Library

[13]

A. Groce. Error explanation with distance metrics. In Tools and Algorithms for the Construction and Analysis of Systems, pages 108--122, 2004.]]

[14]

A. Groce, D. Kroening, and F. Lerda. Understanding counterexamples with explain. In Computer-Aided Verification, 2004. To appear.]]

[15]

A. Groce and W. Visser. What went wrong: Explaining counterexamples. In SPIN Workshop on Model Checking of Software, pages 121--135, 2003.]]

Digital Library

[16]

T. A. Henzinger, R. Jhala, R. Majumdar, and G. Sutre. Lazy abstraction. In Principles of Programming Languages, pages 58--70, 2002.]]

Digital Library

[17]

S. Horwitz and T. Reps. The use of program dependence graphs in software engineering. In International Conference of Software Engineering, pages 392--411, 1992.]]

Digital Library

[18]

H. Jin, K. Ravi, and F. Somenzi. Fate and free will in error traces. In Tools and Algorithms for the Construction and Analysis of Systems, pages 445--458, 2002.]]

Digital Library

[19]

D. Kroening, E. Clarke, and F. Lerda. A tool for checking ANSI-C programs. In Tools and Algorithms for the Construction and Analysis of Systems, pages 168--176, 2004.]]

[20]

D. Lewis. Causation. Journal of Philosophy, 70:556--567, 1973.]]

[21]

M. Renieris and S. Reiss. Fault localization with nearest neighbor queries. In Automated Software Engineering, pages 30--39, 2003.]]

[22]

G. Rothermel and M. J. Harrold. Empirical studies of a safe regression test selection technique. Software Engineering, 24(6):401--419, 1999.]]

Digital Library

[23]

D. Sankoff and J. Kruskal, editors. Time Warps, String Edits, and Macromolecules: the Theory and Practice of Sequence Comparison. Addison Wesley, 1983.]]

[24]

A. Zeller. Isolating cause-effect chains from computer programs. In Foundations of Software Engineering, pages 1--10, 2002.]]

Digital Library

[25]

A. Zeller and R. Hildebrandt. Simplifying and isolating failure-inducing input. IEEE Transactions on Software Engineering, 28(2):183--200, 2002.]]

Digital Library

Cited By

Dutta S(2024)Localizing faults using verification techniqueJournal of Systems and Software10.1016/j.jss.2023.111897209(111897)Online publication date: Mar-2024
https://doi.org/10.1016/j.jss.2023.111897
Wong WGao RLi YAbreu RWotawa FLi D(2023)Software Fault Localization: an Overview of Research, Techniques, and ToolsHandbook of Software Fault Localization10.1002/9781119880929.ch1(1-117)Online publication date: 21-Apr-2023
https://doi.org/10.1002/9781119880929.ch1
Widyasari RPrana GHaryono SWang SLo D(2022)Real world projects, real faults: evaluating spectrum based fault localization techniques on Python projectsEmpirical Software Engineering10.1007/s10664-022-10189-427:6Online publication date: 1-Nov-2022
https://dl.acm.org/doi/10.1007/s10664-022-10189-4
Show More Cited By

Index Terms

Explaining abstract counterexamples

Recommendations

Explaining abstract counterexamples
SIGSOFT '04/FSE-12: Proceedings of the 12th ACM SIGSOFT twelfth international symposium on Foundations of software engineering

When a program violates its specification a model checker produces a counterexample that shows an example of undesirable behavior. It is up to the user to understand the error, locate it, and fix the problem. Previous work introduced a technique for ...
Combining Theorem Proving with Model Checking through Predicate Abstraction

This article presents a procedure for proving invariants of infinite-state reactive systems using a combination of two formal verification techniques: theorem proving and model checking. This method uses term rewriting on the definition of the target ...
Formal Verification for C Program

Iterative abstraction refinement has emerged in the last few years as the leading approach to software model checking. We present an approach for automatically verifying C programs against safety specifications based on finite state machine. The ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM SIGSOFT Software Engineering Notes

ACM SIGSOFT Software Engineering Notes Volume 29, Issue 6

November 2004

275 pages

ISSN:0163-5948

DOI:10.1145/1041685

Issue’s Table of Contents

SIGSOFT '04/FSE-12: Proceedings of the 12th ACM SIGSOFT twelfth international symposium on Foundations of software engineering
October 2004
282 pages
ISBN:1581138555
DOI:10.1145/1029894
General Chair:
Richard N. Taylor
University of California, Irvine, CA
,
Program Chair:
Matthew B. Dwyer
University of Nebraska - Lincoln

Copyright © 2004 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 31 October 2004

Published in SIGSOFT Volume 29, Issue 6

Check for updates

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

46
Total Citations
View Citations
516
Total Downloads

Downloads (Last 12 months)14
Downloads (Last 6 weeks)0

Reflects downloads up to 02 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

Dutta S(2024)Localizing faults using verification techniqueJournal of Systems and Software10.1016/j.jss.2023.111897209(111897)Online publication date: Mar-2024
https://doi.org/10.1016/j.jss.2023.111897
Wong WGao RLi YAbreu RWotawa FLi D(2023)Software Fault Localization: an Overview of Research, Techniques, and ToolsHandbook of Software Fault Localization10.1002/9781119880929.ch1(1-117)Online publication date: 21-Apr-2023
https://doi.org/10.1002/9781119880929.ch1
Widyasari RPrana GHaryono SWang SLo D(2022)Real world projects, real faults: evaluating spectrum based fault localization techniques on Python projectsEmpirical Software Engineering10.1007/s10664-022-10189-427:6Online publication date: 1-Nov-2022
https://dl.acm.org/doi/10.1007/s10664-022-10189-4
Rungta N(2022)A Billion SMT Queries a Day (Invited Paper)Computer Aided Verification10.1007/978-3-031-13185-1_1(3-18)Online publication date: 7-Aug-2022
https://dl.acm.org/doi/10.1007/978-3-031-13185-1_1
Holmes JGroce A(2020)Using mutants to help developers distinguish and debug (compiler) faultsSoftware Testing, Verification and Reliability10.1002/stvr.172730:2Online publication date: 13-Jan-2020
https://doi.org/10.1002/stvr.1727
Alves ECordeiro LFilho E(2015)Fault Localization in Multi-threaded C Programs Using Bounded Model CheckingProceedings of the 2015 Brazilian Symposium on Computing Systems Engineering (SBESC)10.1109/SBESC.2015.25(96-101)Online publication date: 3-Nov-2015
https://dl.acm.org/doi/10.1109/SBESC.2015.25
Wang SGeoffroy YGössler GSokolsky OLee I(2015)A Hybrid Approach to Causality AnalysisRuntime Verification10.1007/978-3-319-23820-3_16(250-265)Online publication date: 15-Nov-2015
https://doi.org/10.1007/978-3-319-23820-3_16
Christ JErmis ESchäf MWies T(2013)Flow-Sensitive Fault LocalizationProceedings of the 14th International Conference on Verification, Model Checking, and Abstract Interpretation - Volume 773710.1007/978-3-642-35873-9_13(189-208)Online publication date: 20-Jan-2013
https://dl.acm.org/doi/10.1007/978-3-642-35873-9_13
Changyan Zhou Kumar RShengbing Jiang (2011)Analysis of runtime data-log for software fault localizationProceedings of the 2011 American Control Conference10.1109/ACC.2011.5989966(5127-5132)Online publication date: Jun-2011
https://doi.org/10.1109/ACC.2011.5989966
Biallas SBrauer JGückel DKowalewski S(2011)On-The-Fly Path ReductionElectronic Notes in Theoretical Computer Science (ENTCS)10.1016/j.entcs.2011.07.003274(3-16)Online publication date: 1-Aug-2011
https://dl.acm.org/doi/10.1016/j.entcs.2011.07.003
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Issue’s Table of Contents