Whodunit? Causal Analysis for Counterexamples [chapter]

Chao Wang, Zijiang Yang, Franjo Ivančić, Aarti Gupta
2006 Lecture Notes in Computer Science  
Although the counterexample returned by a model checker can help in reproducing the symptom related to a defect, a significant amount of effort is often required for the programmer to interpret it in order to locate the cause. In this paper, we provide an automated procedure to zoom in to potential software defects by analyzing a single concrete counterexample. Our analysis relies on extracting from the counterexample a syntactic-level proof of infeasibility, i.e., a minimal set of word-level
more » ... edicates that contradict with each other. The procedure uses an efficient weakest pre-condition algorithm carried out on a single concrete execution path, which is significantly more scalable than other model checking based approaches. Unlike most of the existing methods, we do not need additional execution traces other than the buggy one. We use public-domain examples to demonstrate the effectiveness of our new algorithm. A whodunit, for "who done it?", is a plot-driven variety of detective story in which the reader is provided with clues from which the identity of the perpetrator of the crime may be deduced. Examples are the Sherlock Holmes stories by Conan Doyle.
doi:10.1007/11901914_9 fatcat:txhziw2jfveljc2qocqpctrtcm