Fault localization is a practical research topic that helps developers identify code locations that might cause bugs in a program. Most existing fault localization techniques are designed for imperative programs (e.g., C and Java) and rely on analyzing correct and incorrect executions of the program to identify suspicious statements. In this work, we introduce a fault localization approach for models written in a declarative language, where the models are not "executed," but rather converted into a logical formula and solved using backend constraint solvers. We present FLACK, a tool that takes as input an Alloy model consisting of some violated assertion and returns a ranked list of suspicious expressions contributing to the assertion violation. The key idea is to analyze the differences between counterexamples, i.e., instances of the model that do not satisfy the assertion, and instances that do satisfy the assertion to find suspicious expressions in the input model. The experimental results show that FLACK is efficient (can handle complex, real-world Alloy models with thousand lines of code within 5 seconds), accurate (can consistently rank buggy expressions in the top 1.9\% of the suspicious list), and useful (can often narrow down the error to the exact location within the suspicious expressions).
翻译:错误本地化是一个实用的研究课题, 帮助开发者识别可能导致程序错误的代码位置。 大多数现有的错误本地化技术是为紧急程序( 如 C 和 Java ) 设计的, 并依赖于对程序正确和不正确执行的分析来识别可疑的报表。 在这项工作中, 我们对以声明语言撰写的模型引入了错误本地化方法, 模型不是“ 执行”, 而是转换成逻辑公式, 并使用后端限制解答器解决 。 我们提出了一个工具 FLACK, 这个工具将包含某些被违反的主张的 Alloy 模型作为输入, 并返回了导致声明被违反的可疑表达的排名列表 。 关键的想法是分析对应样本之间的差异, 即不满足此主张的模型实例, 以及能够满足在输入模型中找到可疑表达方式的断言。 实验结果显示 FLACK 效率很高( 能够在5秒内处理复杂、 真实世界 Aloy 模型, 代码为千行), 准确性( 能够将错误表达方式始终排在可疑列表的前1. 9 中) 和有用( 错误到确切位置 ) 。
相关内容
微信扫码咨询专知VIP会员