Explaining Inconsistent Codeswt.informatik.uni-freiburg.de/teaching/SS2015/... · Muhammad Numair...
Transcript of Explaining Inconsistent Codeswt.informatik.uni-freiburg.de/teaching/SS2015/... · Muhammad Numair...
![Page 1: Explaining Inconsistent Codeswt.informatik.uni-freiburg.de/teaching/SS2015/... · Muhammad Numair Mansur. Introduction 50% of the time in debugging Fault localization. Becomes more](https://reader034.fdocuments.net/reader034/viewer/2022042415/5f300ca2af607e648232d185/html5/thumbnails/1.jpg)
Explaining Inconsistent CodeMuhammad Numair Mansur
![Page 2: Explaining Inconsistent Codeswt.informatik.uni-freiburg.de/teaching/SS2015/... · Muhammad Numair Mansur. Introduction 50% of the time in debugging Fault localization. Becomes more](https://reader034.fdocuments.net/reader034/viewer/2022042415/5f300ca2af607e648232d185/html5/thumbnails/2.jpg)
Introduction● 50% of the time in debugging● Fault localization.● Becomes more tedious as the program size increase.● Automatically explaining and localizing inconsistent code.
2
![Page 3: Explaining Inconsistent Codeswt.informatik.uni-freiburg.de/teaching/SS2015/... · Muhammad Numair Mansur. Introduction 50% of the time in debugging Fault localization. Becomes more](https://reader034.fdocuments.net/reader034/viewer/2022042415/5f300ca2af607e648232d185/html5/thumbnails/3.jpg)
Code Inconsistency● A code fragment is inconsistent if it is not a part of any normally terminating
execution. ● Not necessarily always a bug !● But sometimes inconsistent code results in an error.
3
![Page 4: Explaining Inconsistent Codeswt.informatik.uni-freiburg.de/teaching/SS2015/... · Muhammad Numair Mansur. Introduction 50% of the time in debugging Fault localization. Becomes more](https://reader034.fdocuments.net/reader034/viewer/2022042415/5f300ca2af607e648232d185/html5/thumbnails/4.jpg)
Examples (Unreachability) Generated using Bixie
4
![Page 5: Explaining Inconsistent Codeswt.informatik.uni-freiburg.de/teaching/SS2015/... · Muhammad Numair Mansur. Introduction 50% of the time in debugging Fault localization. Becomes more](https://reader034.fdocuments.net/reader034/viewer/2022042415/5f300ca2af607e648232d185/html5/thumbnails/5.jpg)
Examples (Unreachability) Generated using Bixie
5
![Page 6: Explaining Inconsistent Codeswt.informatik.uni-freiburg.de/teaching/SS2015/... · Muhammad Numair Mansur. Introduction 50% of the time in debugging Fault localization. Becomes more](https://reader034.fdocuments.net/reader034/viewer/2022042415/5f300ca2af607e648232d185/html5/thumbnails/6.jpg)
Examples (conflicting assumptions) Generated using Bixie
6
![Page 7: Explaining Inconsistent Codeswt.informatik.uni-freiburg.de/teaching/SS2015/... · Muhammad Numair Mansur. Introduction 50% of the time in debugging Fault localization. Becomes more](https://reader034.fdocuments.net/reader034/viewer/2022042415/5f300ca2af607e648232d185/html5/thumbnails/7.jpg)
Examples (conflicting assumptions) Generated using Bixie
7
![Page 8: Explaining Inconsistent Codeswt.informatik.uni-freiburg.de/teaching/SS2015/... · Muhammad Numair Mansur. Introduction 50% of the time in debugging Fault localization. Becomes more](https://reader034.fdocuments.net/reader034/viewer/2022042415/5f300ca2af607e648232d185/html5/thumbnails/8.jpg)
Our Goal
Automatically explain inconsistent code.
8
![Page 9: Explaining Inconsistent Codeswt.informatik.uni-freiburg.de/teaching/SS2015/... · Muhammad Numair Mansur. Introduction 50% of the time in debugging Fault localization. Becomes more](https://reader034.fdocuments.net/reader034/viewer/2022042415/5f300ca2af607e648232d185/html5/thumbnails/9.jpg)
Our Goal
Automatically explain inconsistent code.
9
AlgorithmInconsistentprogram Automata
Error Invariant Automaton
Pre
Post
![Page 10: Explaining Inconsistent Codeswt.informatik.uni-freiburg.de/teaching/SS2015/... · Muhammad Numair Mansur. Introduction 50% of the time in debugging Fault localization. Becomes more](https://reader034.fdocuments.net/reader034/viewer/2022042415/5f300ca2af607e648232d185/html5/thumbnails/10.jpg)
Our Goal
Automatically explain inconsistent code.
10
AlgorithmInconsistentprogram Automata
Error Invariant Automaton
Pre
Post
![Page 11: Explaining Inconsistent Codeswt.informatik.uni-freiburg.de/teaching/SS2015/... · Muhammad Numair Mansur. Introduction 50% of the time in debugging Fault localization. Becomes more](https://reader034.fdocuments.net/reader034/viewer/2022042415/5f300ca2af607e648232d185/html5/thumbnails/11.jpg)
Finite automataA F.A is a 5 tuple: (Q, Σ, δ, qo,F)
Q: A finite set of states.
Σ: A finite set of input symbols called an alphabet.
δ: A transition function ( δ: Q x Σ → Q ).
qo : initial state.
F: A finite set of final states.
11
![Page 12: Explaining Inconsistent Codeswt.informatik.uni-freiburg.de/teaching/SS2015/... · Muhammad Numair Mansur. Introduction 50% of the time in debugging Fault localization. Becomes more](https://reader034.fdocuments.net/reader034/viewer/2022042415/5f300ca2af607e648232d185/html5/thumbnails/12.jpg)
Finite automataExample:
12
S1
S4
S2 S3
![Page 13: Explaining Inconsistent Codeswt.informatik.uni-freiburg.de/teaching/SS2015/... · Muhammad Numair Mansur. Introduction 50% of the time in debugging Fault localization. Becomes more](https://reader034.fdocuments.net/reader034/viewer/2022042415/5f300ca2af607e648232d185/html5/thumbnails/13.jpg)
Finite automataExample:
13
S1
S4
S2 S3
States
![Page 14: Explaining Inconsistent Codeswt.informatik.uni-freiburg.de/teaching/SS2015/... · Muhammad Numair Mansur. Introduction 50% of the time in debugging Fault localization. Becomes more](https://reader034.fdocuments.net/reader034/viewer/2022042415/5f300ca2af607e648232d185/html5/thumbnails/14.jpg)
Finite automataExample:
14
S1
S4
S2 S3
States
Transitions
![Page 15: Explaining Inconsistent Codeswt.informatik.uni-freiburg.de/teaching/SS2015/... · Muhammad Numair Mansur. Introduction 50% of the time in debugging Fault localization. Becomes more](https://reader034.fdocuments.net/reader034/viewer/2022042415/5f300ca2af607e648232d185/html5/thumbnails/15.jpg)
Finite automata
15
F.Ainput(A sequence from the input alphabet)
Output(accept or reject)
● Transitions through the states based on the input● True, if ends in an accepting state
![Page 16: Explaining Inconsistent Codeswt.informatik.uni-freiburg.de/teaching/SS2015/... · Muhammad Numair Mansur. Introduction 50% of the time in debugging Fault localization. Becomes more](https://reader034.fdocuments.net/reader034/viewer/2022042415/5f300ca2af607e648232d185/html5/thumbnails/16.jpg)
Finite automata
16
S1
S4
S2 S3
Σ = {a,b,c}Input: abca
Example:
![Page 17: Explaining Inconsistent Codeswt.informatik.uni-freiburg.de/teaching/SS2015/... · Muhammad Numair Mansur. Introduction 50% of the time in debugging Fault localization. Becomes more](https://reader034.fdocuments.net/reader034/viewer/2022042415/5f300ca2af607e648232d185/html5/thumbnails/17.jpg)
Finite automataExample:
17
S1
S4
S2 S3
aΣ = {a,b,c}Input: abca
![Page 18: Explaining Inconsistent Codeswt.informatik.uni-freiburg.de/teaching/SS2015/... · Muhammad Numair Mansur. Introduction 50% of the time in debugging Fault localization. Becomes more](https://reader034.fdocuments.net/reader034/viewer/2022042415/5f300ca2af607e648232d185/html5/thumbnails/18.jpg)
Finite automataExample:
18
S1
S4
S2 S3
a
b
Σ = {a,b,c}Input: abca
![Page 19: Explaining Inconsistent Codeswt.informatik.uni-freiburg.de/teaching/SS2015/... · Muhammad Numair Mansur. Introduction 50% of the time in debugging Fault localization. Becomes more](https://reader034.fdocuments.net/reader034/viewer/2022042415/5f300ca2af607e648232d185/html5/thumbnails/19.jpg)
Finite automataExample:
19
S1
S2 S3
a
b
c
Σ = {a,b,c}Input: abca
S4
![Page 20: Explaining Inconsistent Codeswt.informatik.uni-freiburg.de/teaching/SS2015/... · Muhammad Numair Mansur. Introduction 50% of the time in debugging Fault localization. Becomes more](https://reader034.fdocuments.net/reader034/viewer/2022042415/5f300ca2af607e648232d185/html5/thumbnails/20.jpg)
Finite automataExample:
20
S1
S4
S2 S3
a
b
c
a
accept !
Σ = {a,b,c}Input: abca
![Page 21: Explaining Inconsistent Codeswt.informatik.uni-freiburg.de/teaching/SS2015/... · Muhammad Numair Mansur. Introduction 50% of the time in debugging Fault localization. Becomes more](https://reader034.fdocuments.net/reader034/viewer/2022042415/5f300ca2af607e648232d185/html5/thumbnails/21.jpg)
Program automataA simple and an abstract model of a program.
21
![Page 22: Explaining Inconsistent Codeswt.informatik.uni-freiburg.de/teaching/SS2015/... · Muhammad Numair Mansur. Introduction 50% of the time in debugging Fault localization. Becomes more](https://reader034.fdocuments.net/reader034/viewer/2022042415/5f300ca2af607e648232d185/html5/thumbnails/22.jpg)
Program automataA simple and an abstract model of a program.Defined in terms of a finite automata. State (Q) = Program Location (Loc)Transition (δ) = Program Statement (δp)Alphabet(Σ) = A set of program statementsInitial State (q0) = Initial program Location ( )Final State ( F ) = Final program Location ( )
22
![Page 23: Explaining Inconsistent Codeswt.informatik.uni-freiburg.de/teaching/SS2015/... · Muhammad Numair Mansur. Introduction 50% of the time in debugging Fault localization. Becomes more](https://reader034.fdocuments.net/reader034/viewer/2022042415/5f300ca2af607e648232d185/html5/thumbnails/23.jpg)
Program automata
23
![Page 24: Explaining Inconsistent Codeswt.informatik.uni-freiburg.de/teaching/SS2015/... · Muhammad Numair Mansur. Introduction 50% of the time in debugging Fault localization. Becomes more](https://reader034.fdocuments.net/reader034/viewer/2022042415/5f300ca2af607e648232d185/html5/thumbnails/24.jpg)
Program automata
24
assume( !b ) means that the branch of if () is taken where b is “not true”
assume( b ) means that the branch of if () is taken where b is “true”
![Page 25: Explaining Inconsistent Codeswt.informatik.uni-freiburg.de/teaching/SS2015/... · Muhammad Numair Mansur. Introduction 50% of the time in debugging Fault localization. Becomes more](https://reader034.fdocuments.net/reader034/viewer/2022042415/5f300ca2af607e648232d185/html5/thumbnails/25.jpg)
Program automata
25
An assertion on the program state that x != null
![Page 26: Explaining Inconsistent Codeswt.informatik.uni-freiburg.de/teaching/SS2015/... · Muhammad Numair Mansur. Introduction 50% of the time in debugging Fault localization. Becomes more](https://reader034.fdocuments.net/reader034/viewer/2022042415/5f300ca2af607e648232d185/html5/thumbnails/26.jpg)
Program automata
● A run ρ is a finite sequence of locations and statements.lo sto l1 …..stn-1 ln
● A path(ρ) sto st1 ….. stn-1 is the path associated with a run.● A run ρ is accepting if its final state is le ● A word π ∈ * is a path if π = path(ρ) for some accepting run ρ.
26
![Page 27: Explaining Inconsistent Codeswt.informatik.uni-freiburg.de/teaching/SS2015/... · Muhammad Numair Mansur. Introduction 50% of the time in debugging Fault localization. Becomes more](https://reader034.fdocuments.net/reader034/viewer/2022042415/5f300ca2af607e648232d185/html5/thumbnails/27.jpg)
Our Goal
To automatically explain inconsistent code.
27
AlgorithmInconsistentprogram Automata
Error Invariant Automaton
Pre
Post
![Page 28: Explaining Inconsistent Codeswt.informatik.uni-freiburg.de/teaching/SS2015/... · Muhammad Numair Mansur. Introduction 50% of the time in debugging Fault localization. Becomes more](https://reader034.fdocuments.net/reader034/viewer/2022042415/5f300ca2af607e648232d185/html5/thumbnails/28.jpg)
AlgorithmInput: : precondition state formula
: program automata : Postcondition state formula
output: : error invariant automata.
requires: is inconsistent subject to and .
ensures: explains .28
![Page 29: Explaining Inconsistent Codeswt.informatik.uni-freiburg.de/teaching/SS2015/... · Muhammad Numair Mansur. Introduction 50% of the time in debugging Fault localization. Becomes more](https://reader034.fdocuments.net/reader034/viewer/2022042415/5f300ca2af607e648232d185/html5/thumbnails/29.jpg)
AlgorithmStep 1: Translate the program automata into a single path of statements π .
29
![Page 30: Explaining Inconsistent Codeswt.informatik.uni-freiburg.de/teaching/SS2015/... · Muhammad Numair Mansur. Introduction 50% of the time in debugging Fault localization. Becomes more](https://reader034.fdocuments.net/reader034/viewer/2022042415/5f300ca2af607e648232d185/html5/thumbnails/30.jpg)
AlgorithmStep 1: Translate the program automata into a single path of statements π .
30
![Page 31: Explaining Inconsistent Codeswt.informatik.uni-freiburg.de/teaching/SS2015/... · Muhammad Numair Mansur. Introduction 50% of the time in debugging Fault localization. Becomes more](https://reader034.fdocuments.net/reader034/viewer/2022042415/5f300ca2af607e648232d185/html5/thumbnails/31.jpg)
AlgorithmStep 1: Translate the program automata into a single path of statements π .
31
It can be composed of many atomic statements.
![Page 32: Explaining Inconsistent Codeswt.informatik.uni-freiburg.de/teaching/SS2015/... · Muhammad Numair Mansur. Introduction 50% of the time in debugging Fault localization. Becomes more](https://reader034.fdocuments.net/reader034/viewer/2022042415/5f300ca2af607e648232d185/html5/thumbnails/32.jpg)
AlgorithmExample:
This was the first step in getting the final result, an error invariant automata.32
1
2
3 4
5 6 7
8
9
1
2
2,9
9
![Page 33: Explaining Inconsistent Codeswt.informatik.uni-freiburg.de/teaching/SS2015/... · Muhammad Numair Mansur. Introduction 50% of the time in debugging Fault localization. Becomes more](https://reader034.fdocuments.net/reader034/viewer/2022042415/5f300ca2af607e648232d185/html5/thumbnails/33.jpg)
Error Invariant Automaton● An abstraction of the program, that only mentions the statements and facts
that are relevant for understanding the cause of the inconsistency. ● The irrelevant statements are first summarized as first order logical
formulas and then eliminated. ● These formulas are called error invariants. ● An error invariant captures the reason of abnormal program termination.● So, at a high level, an Error Invariant Automaton replaces code which does
not contribute to the inconsistency with a suitably chosen invariant.
Lets see this in practice on a fragment of code.
33
![Page 34: Explaining Inconsistent Codeswt.informatik.uni-freiburg.de/teaching/SS2015/... · Muhammad Numair Mansur. Introduction 50% of the time in debugging Fault localization. Becomes more](https://reader034.fdocuments.net/reader034/viewer/2022042415/5f300ca2af607e648232d185/html5/thumbnails/34.jpg)
Error Invariant Automaton 1: public TaskDialog(Tast task)
~: . . . . . . 6: txtDescription.setTask(task.getDescription());~: . . . . . .16: if (notification)
{. . . . .
}~: . . . . 27: chbRegular.setEnabled(task == null);
~: . . . .
}
34
![Page 35: Explaining Inconsistent Codeswt.informatik.uni-freiburg.de/teaching/SS2015/... · Muhammad Numair Mansur. Introduction 50% of the time in debugging Fault localization. Becomes more](https://reader034.fdocuments.net/reader034/viewer/2022042415/5f300ca2af607e648232d185/html5/thumbnails/35.jpg)
Error Invariant Automaton 1: public TaskDialog(Tast task)
~: . . . . . . 6: txtDescription.setTask(task.getDescription());~: . . . . . .16: if (notification)
{. . . . .
}~: . . . . 27: chbRegular.setEnabled(task == null);
~: . . . .
}
line 1 - 5
line 6
line 7 - 26
line 27
line 28 - end
No Effect on inconsistency
assert ( task != null )
Arbitrary codeNo effect on task == null
An assertion that task might be null
No Effect on inconsistency
35
![Page 36: Explaining Inconsistent Codeswt.informatik.uni-freiburg.de/teaching/SS2015/... · Muhammad Numair Mansur. Introduction 50% of the time in debugging Fault localization. Becomes more](https://reader034.fdocuments.net/reader034/viewer/2022042415/5f300ca2af607e648232d185/html5/thumbnails/36.jpg)
Error Invariant Automaton 1: public TaskDialog(Tast task)
~: . . . . . . 6: txtDescription.setTask(task.getDescription());~: . . . . . .16: if (notification)
{. . . . .
}~: . . . . 27: chbRegular.setEnabled(task == null);
~: . . . .
}
line 1 - 5
line 6
line 7 - 26
line 27
line 28 - end
No Effect on inconsistency
assert ( task != null )
Arbitrary codeNo effect on task == null
An assertion that task might be null
No Effect on inconsistency
36
![Page 37: Explaining Inconsistent Codeswt.informatik.uni-freiburg.de/teaching/SS2015/... · Muhammad Numair Mansur. Introduction 50% of the time in debugging Fault localization. Becomes more](https://reader034.fdocuments.net/reader034/viewer/2022042415/5f300ca2af607e648232d185/html5/thumbnails/37.jpg)
Error Invariant Automaton 1: public TaskDialog(Tast task)
~: . . . . . . 6: txtDescription.setTask(task.getDescription());~: . . . . . .16: if (notification)
{. . . . .
}~: . . . . 27: chbRegular.setEnabled(task == null);
~: . . . .
}
line 1 - 5
line 6
line 7 - 26
line 27
line 28 - end
No Effect on inconsistency
assert ( task != null )
Arbitrary codeNo effect on task == null
An assertion that task might be null
No Effect on inconsistency
37
![Page 38: Explaining Inconsistent Codeswt.informatik.uni-freiburg.de/teaching/SS2015/... · Muhammad Numair Mansur. Introduction 50% of the time in debugging Fault localization. Becomes more](https://reader034.fdocuments.net/reader034/viewer/2022042415/5f300ca2af607e648232d185/html5/thumbnails/38.jpg)
Error TraceAn error trace is a sequence of statements π = st0st1... stn, together with and
. describes the initial state and is an assertion that is violated.
That means, in an error trace Λ PF( π ) Λ
is unsatisfiable.
38
![Page 39: Explaining Inconsistent Codeswt.informatik.uni-freiburg.de/teaching/SS2015/... · Muhammad Numair Mansur. Introduction 50% of the time in debugging Fault localization. Becomes more](https://reader034.fdocuments.net/reader034/viewer/2022042415/5f300ca2af607e648232d185/html5/thumbnails/39.jpg)
Error TraceAn error trace is a sequence of statements π = st0st1... stn, together with and
. describes the initial state and is an assertion that is violated.
That means, in an error trace Λ PF( π ) Λ
is unsatisfiable.Example:
Λ task null Λ task null Λ
39
![Page 40: Explaining Inconsistent Codeswt.informatik.uni-freiburg.de/teaching/SS2015/... · Muhammad Numair Mansur. Introduction 50% of the time in debugging Fault localization. Becomes more](https://reader034.fdocuments.net/reader034/viewer/2022042415/5f300ca2af607e648232d185/html5/thumbnails/40.jpg)
Error InvariantAn error invariant for a position ∈ [ ] in an error trace is a first order logical formula such that.● The conjunction of the first order logical formulas for each statement
implies Ii.● Ii and the conjunction of the remaining formulas is unsatisfiable.
40
![Page 41: Explaining Inconsistent Codeswt.informatik.uni-freiburg.de/teaching/SS2015/... · Muhammad Numair Mansur. Introduction 50% of the time in debugging Fault localization. Becomes more](https://reader034.fdocuments.net/reader034/viewer/2022042415/5f300ca2af607e648232d185/html5/thumbnails/41.jpg)
ErrInv( )In the previous work, the authors introduced a function ⊼ which given an error trace, computes:
I0,sti1,I1,sti2. . . stik,IkSuch that,sti1, sti2 …..stik is a subsequence of ⊼ and Ij is an inductive invariant for the position ij and ij+1 .
41
![Page 42: Explaining Inconsistent Codeswt.informatik.uni-freiburg.de/teaching/SS2015/... · Muhammad Numair Mansur. Introduction 50% of the time in debugging Fault localization. Becomes more](https://reader034.fdocuments.net/reader034/viewer/2022042415/5f300ca2af607e648232d185/html5/thumbnails/42.jpg)
Inductive error invariantWe say that an error invariant is inductive for position i < j if :
42
![Page 43: Explaining Inconsistent Codeswt.informatik.uni-freiburg.de/teaching/SS2015/... · Muhammad Numair Mansur. Introduction 50% of the time in debugging Fault localization. Becomes more](https://reader034.fdocuments.net/reader034/viewer/2022042415/5f300ca2af607e648232d185/html5/thumbnails/43.jpg)
Inductive error invariantWe say that an error invariant is inductive for position i < j if :
43
![Page 44: Explaining Inconsistent Codeswt.informatik.uni-freiburg.de/teaching/SS2015/... · Muhammad Numair Mansur. Introduction 50% of the time in debugging Fault localization. Becomes more](https://reader034.fdocuments.net/reader034/viewer/2022042415/5f300ca2af607e648232d185/html5/thumbnails/44.jpg)
Inductive error invariantWe say that an error invariant is inductive for position i < j if :
is called an inductive error invariant.
44
![Page 45: Explaining Inconsistent Codeswt.informatik.uni-freiburg.de/teaching/SS2015/... · Muhammad Numair Mansur. Introduction 50% of the time in debugging Fault localization. Becomes more](https://reader034.fdocuments.net/reader034/viewer/2022042415/5f300ca2af607e648232d185/html5/thumbnails/45.jpg)
Error Invariant AutomatonAn Error Invariant Automaton is an inconsistent program automaton with a mapping from locations of to state formulas, such that for all locations , is an error invariant for .
45
![Page 46: Explaining Inconsistent Codeswt.informatik.uni-freiburg.de/teaching/SS2015/... · Muhammad Numair Mansur. Introduction 50% of the time in debugging Fault localization. Becomes more](https://reader034.fdocuments.net/reader034/viewer/2022042415/5f300ca2af607e648232d185/html5/thumbnails/46.jpg)
AlgorithmNow, after applying step 1 we got a single path π A.
Step 2: Apply ErrInv( π A )ErrInv(π A) = ErrInv( π )
= I0st(li1). . . . . . st(lik)Ik.
![Page 47: Explaining Inconsistent Codeswt.informatik.uni-freiburg.de/teaching/SS2015/... · Muhammad Numair Mansur. Introduction 50% of the time in debugging Fault localization. Becomes more](https://reader034.fdocuments.net/reader034/viewer/2022042415/5f300ca2af607e648232d185/html5/thumbnails/47.jpg)
Algorithm
47
Now, after applying step 1 we got a single path π A.
Step 2: Apply ErrInv( π A )ErrInv(π A) = ErrInv( π )
= I0st(li1). . . . . . st(lik)Ik.
I2
I5
I3
I4
I1
I0
![Page 48: Explaining Inconsistent Codeswt.informatik.uni-freiburg.de/teaching/SS2015/... · Muhammad Numair Mansur. Introduction 50% of the time in debugging Fault localization. Becomes more](https://reader034.fdocuments.net/reader034/viewer/2022042415/5f300ca2af607e648232d185/html5/thumbnails/48.jpg)
Algorithm
48
Now, after applying step 1 we got a single path π A.
Step 2: Apply ErrInv( π A )ErrInv(π A) = ErrInv( π )
= I0st(li1). . . . . . st(lik)Ik.
I2
I5
I3
I4
I1
I0
errorinvariants
![Page 49: Explaining Inconsistent Codeswt.informatik.uni-freiburg.de/teaching/SS2015/... · Muhammad Numair Mansur. Introduction 50% of the time in debugging Fault localization. Becomes more](https://reader034.fdocuments.net/reader034/viewer/2022042415/5f300ca2af607e648232d185/html5/thumbnails/49.jpg)
Algorithm
49
Example:
assume(task !=null)
assume(task =null)
![Page 50: Explaining Inconsistent Codeswt.informatik.uni-freiburg.de/teaching/SS2015/... · Muhammad Numair Mansur. Introduction 50% of the time in debugging Fault localization. Becomes more](https://reader034.fdocuments.net/reader034/viewer/2022042415/5f300ca2af607e648232d185/html5/thumbnails/50.jpg)
Algorithm
50
Example:
assume(task !=null)
assume(task =null)
assume(task !=null)
assume(task =null)
true
task != null
false
ErrInv()
![Page 51: Explaining Inconsistent Codeswt.informatik.uni-freiburg.de/teaching/SS2015/... · Muhammad Numair Mansur. Introduction 50% of the time in debugging Fault localization. Becomes more](https://reader034.fdocuments.net/reader034/viewer/2022042415/5f300ca2af607e648232d185/html5/thumbnails/51.jpg)
AlgorithmStep 3:The locations covered with an inductive error invariant can be collapsed into a single location.
51
I0I1
I5
I1
I4
I0
I0
I1
I4
I5
![Page 52: Explaining Inconsistent Codeswt.informatik.uni-freiburg.de/teaching/SS2015/... · Muhammad Numair Mansur. Introduction 50% of the time in debugging Fault localization. Becomes more](https://reader034.fdocuments.net/reader034/viewer/2022042415/5f300ca2af607e648232d185/html5/thumbnails/52.jpg)
AlgorithmStep 4: For each remaining non-atomic statement, apply the algorithm recursively to all these smaller automata.
52
I0
I5
I2
I1
![Page 53: Explaining Inconsistent Codeswt.informatik.uni-freiburg.de/teaching/SS2015/... · Muhammad Numair Mansur. Introduction 50% of the time in debugging Fault localization. Becomes more](https://reader034.fdocuments.net/reader034/viewer/2022042415/5f300ca2af607e648232d185/html5/thumbnails/53.jpg)
AlgorithmStep 4: For each remaining non-atomic statement, apply the algorithm recursively to all these smaller automata.
53
I0
I5
Apply the algo recursively to these non-atomic statements
I2
I1
![Page 54: Explaining Inconsistent Codeswt.informatik.uni-freiburg.de/teaching/SS2015/... · Muhammad Numair Mansur. Introduction 50% of the time in debugging Fault localization. Becomes more](https://reader034.fdocuments.net/reader034/viewer/2022042415/5f300ca2af607e648232d185/html5/thumbnails/54.jpg)
AlgorithmStep 4: For each remaining non-atomic statement, apply the algorithm recursively to all these smaller automata.
54
I0
I5
In case of this location
Pre
PostI2
I1
![Page 55: Explaining Inconsistent Codeswt.informatik.uni-freiburg.de/teaching/SS2015/... · Muhammad Numair Mansur. Introduction 50% of the time in debugging Fault localization. Becomes more](https://reader034.fdocuments.net/reader034/viewer/2022042415/5f300ca2af607e648232d185/html5/thumbnails/55.jpg)
AlgorithmStep 4: For each remaining non-atomic statement, apply the algorithm recursively to all these smaller automata.
55
I0
I5
In case of the location with invariant I2
Inconsistent w.r.t pre and post
PostI2
I1 Pre
![Page 56: Explaining Inconsistent Codeswt.informatik.uni-freiburg.de/teaching/SS2015/... · Muhammad Numair Mansur. Introduction 50% of the time in debugging Fault localization. Becomes more](https://reader034.fdocuments.net/reader034/viewer/2022042415/5f300ca2af607e648232d185/html5/thumbnails/56.jpg)
AlgorithmStep 4: For each remaining non-atomic statement, apply the algorithm recursively to all these smaller automata.
56
I0
I5
In case of the location with invariant I2
I2
I1
![Page 57: Explaining Inconsistent Codeswt.informatik.uni-freiburg.de/teaching/SS2015/... · Muhammad Numair Mansur. Introduction 50% of the time in debugging Fault localization. Becomes more](https://reader034.fdocuments.net/reader034/viewer/2022042415/5f300ca2af607e648232d185/html5/thumbnails/57.jpg)
AlgorithmStep 4: For each remaining non-atomic statement, apply the algorithm recursively to all these smaller automata.
57
I0
I5
In case of the location with invariant I2
pre
post
I2
recursively
I1
![Page 58: Explaining Inconsistent Codeswt.informatik.uni-freiburg.de/teaching/SS2015/... · Muhammad Numair Mansur. Introduction 50% of the time in debugging Fault localization. Becomes more](https://reader034.fdocuments.net/reader034/viewer/2022042415/5f300ca2af607e648232d185/html5/thumbnails/58.jpg)
AlgorithmStep 4: For each remaining non-atomic statement, apply the algorithm recursively to all these smaller automata.
58
I0
I5
I2
I
I1
![Page 59: Explaining Inconsistent Codeswt.informatik.uni-freiburg.de/teaching/SS2015/... · Muhammad Numair Mansur. Introduction 50% of the time in debugging Fault localization. Becomes more](https://reader034.fdocuments.net/reader034/viewer/2022042415/5f300ca2af607e648232d185/html5/thumbnails/59.jpg)
Algorithm1: public TaskDialog(Tast task)~: . . . . . . 6: txtDescription.setTask(task.getDescription());~: . . . . . .16: if (notification)
{. . . . .
}~: . . . . 27: chbRegular.setEnabled(task == null);
~: . . . .
}
59
![Page 60: Explaining Inconsistent Codeswt.informatik.uni-freiburg.de/teaching/SS2015/... · Muhammad Numair Mansur. Introduction 50% of the time in debugging Fault localization. Becomes more](https://reader034.fdocuments.net/reader034/viewer/2022042415/5f300ca2af607e648232d185/html5/thumbnails/60.jpg)
EvaluationsThe approach was tested on 6 real world examples.For each of these examples, Error invariant automatas were generated using the technique introduced.All the generated error invariant automatas represented real world inconsistencies with no false alarms.Running time to prove inconsistency using unsat ranged from 0.008 seconds in one of the experiments to 0.019 seconds.
60
![Page 61: Explaining Inconsistent Codeswt.informatik.uni-freiburg.de/teaching/SS2015/... · Muhammad Numair Mansur. Introduction 50% of the time in debugging Fault localization. Becomes more](https://reader034.fdocuments.net/reader034/viewer/2022042415/5f300ca2af607e648232d185/html5/thumbnails/61.jpg)
EvaluationsUsability testing was also conducted on 11 programmers.Half of the test subjects were shown the full programs, while the other half were just shown the error invariant automata.All candidates took 1 hour and 6 minutes to identify the bug.For the full programs without error invariant automata : 51 minutesWith error invariant automata : 17 minutes
61
![Page 62: Explaining Inconsistent Codeswt.informatik.uni-freiburg.de/teaching/SS2015/... · Muhammad Numair Mansur. Introduction 50% of the time in debugging Fault localization. Becomes more](https://reader034.fdocuments.net/reader034/viewer/2022042415/5f300ca2af607e648232d185/html5/thumbnails/62.jpg)
ConclusionThe experiments indicate that EIA provide useful visual assistance to spot inconsistencies.EIA can also be used for fault localization on a single trace and thus provide a general tool to assist programmers in debugging.
62
![Page 63: Explaining Inconsistent Codeswt.informatik.uni-freiburg.de/teaching/SS2015/... · Muhammad Numair Mansur. Introduction 50% of the time in debugging Fault localization. Becomes more](https://reader034.fdocuments.net/reader034/viewer/2022042415/5f300ca2af607e648232d185/html5/thumbnails/63.jpg)
References
63
Martin Schaf, Daniel Schawrtz, Thomas Wies Book Title: Joint meeting of the European Software Engineering conference and the Symposium on the Foundations of Software Engineering, ESEC/FSE’13, Saint Petersburg, Russian Federation, August18-26,2013 url: http://dl.acm.org/citation.cfm?id=2491411 Title: Explaining Inconsistent Code, pages: 521 - 531
Bixie - FInd inconsistencies in Java code. http://martinschaef.github.io/bixie/
Jurgen Christ, Evren Ermis, Martin Schaf, Thomas Weis Book Title: Verification, Model Checking, and Abstract Interpretation,14th International Conference, VMCAI 2013, Rome, Italy, January 20-22, 2013. Proceedingsurl: http://link.springer.com/book/10.1007/978-3-642-35873-9 Title: Flow-Sensitive Fault Localization, pages : 189 - 208
.