Explaining Inconsistent Code Muhammad Numair Mansur Introduction - PowerPoint PPT Presentation

Explaining Inconsistent Code Muhammad Numair Mansur

Introduction ● 50% of the time in debugging ● Fault localization. ● Becomes more tedious as the program size increase. ● Automatically explaining and localizing inconsistent code . 2

Code Inconsistency ● A code fragment is inconsistent if it is not a part of any normally terminating execution. ● Not necessarily always a bug ! ● But sometimes inconsistent code results in an error. 3

Examples (Unreachability) Generated using Bixie 4

Examples (Unreachability) Generated using Bixie 5

Examples (conflicting assumptions) Generated using Bixie 6

Examples (conflicting assumptions) Generated using Bixie 7

Our Goal Automatically explain inconsistent code. 8

Our Goal Automatically explain inconsistent code. Pre Error Invariant Inconsistent Algorithm Automaton program Automata Post 9

Our Goal Automatically explain inconsistent code. Pre Error Invariant Inconsistent Algorithm Automaton program Automata Post 10

Finite automata A F.A is a 5 tuple: (Q, Σ, δ, q o ,F) Q : A finite set of states. Σ : A finite set of input symbols called an alphabet. δ : A transition function ( δ: Q x Σ → Q ). q o : initial state. F : A finite set of final states. 11

Finite automata Example: S 1 S 2 S 3 S 4 12

Finite automata Example: States S 1 S 2 S 3 S 4 13

Finite automata Example: States S 1 Transitions S 2 S 3 S 4 14

Finite automata F.A input Output (A sequence (accept or reject) from the input alphabet) ● Transitions through the states based on the input ● True, if ends in an accepting state 15

Finite automata Example: S 1 Σ = {a,b,c} Input: abca S 2 S 3 S 4 16

Finite automata Example: S 1 a Σ = {a,b,c} Input: abca S 2 S 3 S 4 17

Finite automata Example: S 1 a Σ = {a,b,c} Input: abca S 2 S 3 b S 4 18

Finite automata Example: S 1 a Σ = {a,b,c} Input: abca S 2 S 3 c b S 4 19

Finite automata Example: S 1 a Σ = {a,b,c} Input: abca S 2 S 3 c b a S 4 accept ! 20

Program automata A simple and an abstract model of a program. 21

Program automata A simple and an abstract model of a program. Defined in terms of a finite automata. State (Q) = Program Location (Loc) Transition (δ) = Program Statement (δ p ) Alphabet(Σ) = A set of program statements Initial State (q 0 ) = Initial program Location ( ) Final State ( F ) = Final program Location ( ) 22

Program automata 23

Program automata assume( b ) means that assume( !b ) means that the branch of if () is taken the branch of if () is taken where b is “true” where b is “not true” 24

Program automata An assertion on the program state that x != null 25

Program automata ● A run ρ is a finite sequence of locations and statements. l o st o l 1 …..st n-1 l n ● A path(ρ) st o st 1 ….. st n-1 is the path associated with a run. ● A run ρ is accepting if its final state is l e A word π ∈ � * is a path if π = path(ρ) for some accepting run ρ. ● 26

Our Goal To automatically explain inconsistent code. Pre Error Invariant Inconsistent Algorithm Automaton program Automata Post 27

Algorithm Input : : precondition state formula : program automata : Postcondition state formula output: : error invariant automata. requires: is inconsistent subject to and . ensures: explains . 28

Algorithm Step 1: Translate the program automata into a single path of statements π . 29

Algorithm Step 1: Translate the program automata into a single path of statements π . 30

Algorithm Step 1: Translate the program automata into a single path of statements π . It can be composed of many atomic statements. 31

Algorithm 1 1 Example: 2 2 3 4 2,9 5 7 6 8 9 9 This was the first step in getting the final result, an error invariant automata. 32

Error Invariant Automaton ● An abstraction of the program, that only mentions the statements and facts that are relevant for understanding the cause of the inconsistency. ● The irrelevant statements are first summarized as first order logical formulas and then eliminated. ● These formulas are called error invariants . ● An error invariant captures the reason of abnormal program termination. ● So, at a high level, an Error Invariant Automaton replaces code which does not contribute to the inconsistency with a suitably chosen invariant. Lets see this in practice on a fragment of code. 33

Error Invariant Automaton 1: public TaskDialog(Tast task) ~: . . . . . . 6: txtDescription.setTask(task.getDescription()); ~: . . . . . . 16: if (notification) { . . . . . } ~: . . . . 27: chbRegular.setEnabled(task == null); ~: . . . . } 34

Error Invariant Automaton No Effect on inconsistency line 1 - 5 1: public TaskDialog(Tast task) ~: . . . . . . 6: txtDescription.setTask(task.getDescription()); line 6 assert ( task != null ) ~: . . . . . . 16: if (notification) { Arbitrary code line 7 - 26 . . . . . No effect on task == null } ~: . . . . 27: chbRegular.setEnabled(task == null); An assertion that task might line 27 be null ~: . . . . line 28 - end No Effect on inconsistency } 35

Error Invariant Automaton No Effect on inconsistency line 1 - 5 1: public TaskDialog(Tast task) ~: . . . . . . 6: txtDescription.setTask(task.getDescription()); line 6 assert ( task != null ) ~: . . . . . . 16: if (notification) { Arbitrary code line 7 - 26 . . . . . No effect on task == null } ~: . . . . 27: chbRegular.setEnabled(task == null); An assertion that task might line 27 be null ~: . . . . line 28 - end No Effect on inconsistency } 36

Error Invariant Automaton No Effect on inconsistency line 1 - 5 1: public TaskDialog(Tast task) ~: . . . . . . 6: txtDescription.setTask(task.getDescription()); line 6 assert ( task != null ) ~: . . . . . . 16: if (notification) { Arbitrary code line 7 - 26 . . . . . No effect on task == null } ~: . . . . 27: chbRegular.setEnabled(task == null); An assertion that task might line 27 be null ~: . . . . line 28 - end No Effect on inconsistency } 37

Error Trace An error trace is a sequence of statements π = st 0 st 1 ... st n , together with and . describes the initial state and is an assertion that is violated. That means, in an error trace Λ PF( π ) Λ is unsatisfiable. 38

Error Trace An error trace is a sequence of statements π = st 0 st 1 ... st n , together with and . describes the initial state and is an assertion that is violated. That means, in an error trace Λ PF( π ) Λ is unsatisfiable. Example: Λ null Λ null Λ task task 39

Error Invariant An error invariant for a position ∈ [ ] in an error trace is a first order logical formula such that. ● The conjunction of the first order logical formulas for each statement implies I i . ● I i and the conjunction of the remaining formulas is unsatisfiable. 40

ErrInv( ) In the previous work, the authors introduced a function which ⊼ given an error trace, computes: I 0 ,st i1 ,I 1 ,st i2 . . . st ik ,I k Such that, st i1 , st i2 …..st ik is a subsequence of ⊼ and I j is an inductive invariant for the position i j and i j+1 . 41

Inductive error invariant We say that an error invariant is inductive for position i < j if : 42

Inductive error invariant We say that an error invariant is inductive for position i < j if : 43

Inductive error invariant We say that an error invariant is inductive for position i < j if : is called an inductive error invariant. 44

Error Invariant Automaton An Error Invariant Automaton is an inconsistent program automaton with a mapping from locations of to state formulas, such that for all locations , is an error invariant for . 45

Algorithm Now, after applying step 1 we got a single path π A . Step 2: Apply ErrInv( π A ) ErrInv(π A ) = ErrInv( ) π = I 0 st(l i1 ). . . . . . st(l ik )I k.

Algorithm I 0 Now, after applying step 1 we got a single path π A . I 1 I 2 Step 2: Apply ErrInv( π A ) ErrInv(π A ) = ErrInv( ) π I 3 = I 0 st(l i1 ). . . . . . st(l ik )I k. I 4 47 I 5

Algorithm I 0 Now, after applying step 1 we got a single path π A . I 1 I 2 Step 2: Apply ErrInv( π A ) ErrInv(π A ) = ErrInv( ) π I 3 = I 0 st(l i1 ). . . . . . st(l ik )I k. error invariants I 4 48 I 5

Algorithm Example: assume(task !=null) assume(task =null) 49

Algorithm Example: true assume(task !=null) assume(task !=null) ErrInv() task != null assume(task =null) assume(task =null) false 50

Algorithm Step 3 : I 0 The locations covered with I 0 I 0 an inductive error invariant I 1 can be collapsed into a single I 1 I 1 location. I 4 I 4 I 5 I 5 51

Algorithm Step 4 : For each remaining non-atomic statement, apply the algorithm recursively to all these smaller automata. I 0 I 1 I 2 52 I 5

Algorithm Step 4 : For each remaining non-atomic statement, apply the algorithm recursively to all these smaller automata. I 0 I 1 Apply the algo recursively to these non- atomic statements I 2 53 I 5