1,272 research outputs found
Fault Localization in Multi-Threaded C Programs using Bounded Model Checking (extended version)
Software debugging is a very time-consuming process, which is even worse for
multi-threaded programs, due to the non-deterministic behavior of
thread-scheduling algorithms. However, the debugging time may be greatly
reduced, if automatic methods are used for localizing faults. In this study, a
new method for fault localization, in multi-threaded C programs, is proposed.
It transforms a multi-threaded program into a corresponding sequential one and
then uses a fault-diagnosis method suitable for this type of program, in order
to localize faults. The code transformation is implemented with rules and
context switch information from counterexamples, which are typically generated
by bounded model checkers. Experimental results show that the proposed method
is effective, in such a way that sequential fault-localization methods can be
extended to multi-threaded programs.Comment: extended version of paper published at SBESC'1
Cause Clue Clauses: Error Localization using Maximum Satisfiability
Much effort is spent everyday by programmers in trying to reduce long,
failing execution traces to the cause of the error. We present a new algorithm
for error cause localization based on a reduction to the maximal satisfiability
problem (MAX-SAT), which asks what is the maximum number of clauses of a
Boolean formula that can be simultaneously satisfied by an assignment. At an
intuitive level, our algorithm takes as input a program and a failing test, and
comprises the following three steps. First, using symbolic execution, we encode
a trace of a program as a Boolean trace formula which is satisfiable iff the
trace is feasible. Second, for a failing program execution (e.g., one that
violates an assertion or a post-condition), we construct an unsatisfiable
formula by taking the trace formula and additionally asserting that the input
is the failing test and that the assertion condition does hold at the end.
Third, using MAX-SAT, we find a maximal set of clauses in this formula that can
be satisfied together, and output the complement set as a potential cause of
the error. We have implemented our algorithm in a tool called bug-assist for C
programs. We demonstrate the surprising effectiveness of the tool on a set of
benchmark examples with injected faults, and show that in most cases,
bug-assist can quickly and precisely isolate the exact few lines of code whose
change eliminates the error. We also demonstrate how our algorithm can be
modified to automatically suggest fixes for common classes of errors such as
off-by-one.Comment: The pre-alpha version of the tool can be downloaded from
http://bugassist.mpi-sws.or
Path-Based Program Repair
We propose a path-based approach to program repair for imperative programs.
Our repair framework takes as input a faulty program, a logic specification
that is refuted, and a hint where the fault may be located. An iterative
abstraction refinement loop is then used to repair the program: in each
iteration, the faulty program part is re-synthesized considering a symbolic
counterexample, where the control-flow is kept concrete but the data-flow is
symbolic. The appeal of the idea is two-fold: 1) the approach lazily considers
candidate repairs and 2) the repairs are directly derived from the logic
specification. In contrast to prior work, our approach is complete for programs
with finitely many control-flow paths, i.e., the program is repaired if and
only if it can be repaired at the specified fault location. Initial results for
small programs indicate that the approach is useful for debugging programs in
practice.Comment: In Proceedings FESCA 2015, arXiv:1503.0437
IntRepair: Informed Repairing of Integer Overflows
Integer overflows have threatened software applications for decades. Thus, in
this paper, we propose a novel technique to provide automatic repairs of
integer overflows in C source code. Our technique, based on static symbolic
execution, fuses detection, repair generation and validation. This technique is
implemented in a prototype named IntRepair. We applied IntRepair to 2,052C
programs (approx. 1 million lines of code) contained in SAMATE's Juliet test
suite and 50 synthesized programs that range up to 20KLOC. Our experimental
results show that IntRepair is able to effectively detect integer overflows and
successfully repair them, while only increasing the source code (LOC) and
binary (Kb) size by around 1%, respectively. Further, we present the results of
a user study with 30 participants which shows that IntRepair repairs are more
than 10x efficient as compared to manually generated code repairsComment: Accepted for publication at the IEEE TSE journal. arXiv admin note:
text overlap with arXiv:1710.0372
A Critical Review of "Automatic Patch Generation Learned from Human-Written Patches": Essay on the Problem Statement and the Evaluation of Automatic Software Repair
At ICSE'2013, there was the first session ever dedicated to automatic program
repair. In this session, Kim et al. presented PAR, a novel template-based
approach for fixing Java bugs. We strongly disagree with key points of this
paper. Our critical review has two goals. First, we aim at explaining why we
disagree with Kim and colleagues and why the reasons behind this disagreement
are important for research on automatic software repair in general. Second, we
aim at contributing to the field with a clarification of the essential ideas
behind automatic software repair. In particular we discuss the main evaluation
criteria of automatic software repair: understandability, correctness and
completeness. We show that depending on how one sets up the repair scenario,
the evaluation goals may be contradictory. Eventually, we discuss the nature of
fix acceptability and its relation to the notion of software correctness.Comment: ICSE 2014, India (2014
TarTar: A Timed Automata Repair Tool
We present TarTar, an automatic repair analysis tool that, given a timed
diagnostic trace (TDT) obtained during the model checking of a timed automaton
model, suggests possible syntactic repairs of the analyzed model. The suggested
repairs include modified values for clock bounds in location invariants and
transition guards, adding or removing clock resets, etc. The proposed repairs
are guaranteed to eliminate executability of the given TDT, while preserving
the overall functional behavior of the system. We give insights into the design
and architecture of TarTar, and show that it can successfully repair 69% of the
seeded errors in system models taken from a diverse suite of case studies.Comment: 15 pages, 7 figure
Automatic Error Localization for Software using Deductive Verification
Even competent programmers make mistakes. Automatic verification can detect
errors, but leaves the frustrating task of finding the erroneous line of code
to the user. This paper presents an automatic approach for identifying
potential error locations in software. It is based on a deductive verification
engine, which detects errors in functions annotated with pre- and
post-conditions. Using an automatic theorem prover, our approach finds
expressions in the code that can be modified such that the program satisfies
its specification. Scalability is achieved by analyzing each function in
isolation. We have implemented our approach in the widely used Frama-C
framework and present first experimental results. This is an extended version
of [8], featuring an additional appendix.Comment: This is an extended version of [8], featuring an additional appendi
- …