Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Model-Based Diagnosis with Multiple Observations: A Unified Approach for C Software and Boolean Circuits

Pedro Orvalho, Marta Kwiatkowska, Mikoláš Janota, Vasco Manquinho

TL;DR

CFaults introduces a unified Model-Based Diagnosis (MBD) approach for fault localisation that handles multiple failing observations by encoding all test cases into a single MaxSAT problem. It unrolls and instruments both C programs and Boolean circuits, uses relaxation variables to model faulty statements, and employs an oracle to obtain subset-minimal aggregated diagnoses. Empirically, CFaults outperforms Bug-Assist, SNI-PER, and HSD on TCAS and C-Pack-IPAs, locating faults faster and across more programs, while remaining competitive on ISCAS85 circuits. This work delivers the first end-to-end, cross-domain FBFL framework, with broader applicability and publicly available tooling in future releases.

Abstract

Debugging is one of the most time-consuming and expensive tasks in software development and circuit design. Several formula-based fault localisation (FBFL) methods have been proposed, but they fail to guarantee a set of diagnoses across all failing tests or may produce redundant diagnoses that are not subset-minimal, particularly for programs/circuits with multiple faults. This paper introduces CFaults, a novel fault localisation tool for C software and Boolean circuits with multiple faults. CFaults leverages Model-Based Diagnosis (MBD) with multiple observations and aggregates all failing test cases into a unified Maximum Satisfiability (MaxSAT) formula. Consequently, our method guarantees consistency across observations and simplifies the fault localisation procedure. Experimental results on three benchmark sets, two of C programs, TCAS and C-Pack-IPAs, and one of Boolean circuits, ISCAS85, show that CFaults is faster at localising faults in C software than other FBFL approaches such as BugAssist, SNIPER, and HSD. On the ISCAS85 benchmark, CFaults is generally slower than HSD; however, it localises faults in only 6% fewer circuits, demonstrating that it remains competitive in this domain. Furthermore, CFaults produces only subset-minimal diagnoses of faulty statements, whereas the other approaches tend to enumerate redundant diagnoses (e.g., BugAssist and SNIPER).

Model-Based Diagnosis with Multiple Observations: A Unified Approach for C Software and Boolean Circuits

TL;DR

CFaults introduces a unified Model-Based Diagnosis (MBD) approach for fault localisation that handles multiple failing observations by encoding all test cases into a single MaxSAT problem. It unrolls and instruments both C programs and Boolean circuits, uses relaxation variables to model faulty statements, and employs an oracle to obtain subset-minimal aggregated diagnoses. Empirically, CFaults outperforms Bug-Assist, SNI-PER, and HSD on TCAS and C-Pack-IPAs, locating faults faster and across more programs, while remaining competitive on ISCAS85 circuits. This work delivers the first end-to-end, cross-domain FBFL framework, with broader applicability and publicly available tooling in future releases.

Abstract

Debugging is one of the most time-consuming and expensive tasks in software development and circuit design. Several formula-based fault localisation (FBFL) methods have been proposed, but they fail to guarantee a set of diagnoses across all failing tests or may produce redundant diagnoses that are not subset-minimal, particularly for programs/circuits with multiple faults. This paper introduces CFaults, a novel fault localisation tool for C software and Boolean circuits with multiple faults. CFaults leverages Model-Based Diagnosis (MBD) with multiple observations and aggregates all failing test cases into a unified Maximum Satisfiability (MaxSAT) formula. Consequently, our method guarantees consistency across observations and simplifies the fault localisation procedure. Experimental results on three benchmark sets, two of C programs, TCAS and C-Pack-IPAs, and one of Boolean circuits, ISCAS85, show that CFaults is faster at localising faults in C software than other FBFL approaches such as BugAssist, SNIPER, and HSD. On the ISCAS85 benchmark, CFaults is generally slower than HSD; however, it localises faults in only 6% fewer circuits, demonstrating that it remains competitive in this domain. Furthermore, CFaults produces only subset-minimal diagnoses of faulty statements, whereas the other approaches tend to enumerate redundant diagnoses (e.g., BugAssist and SNIPER).

Paper Structure

This paper contains 44 sections, 5 equations, 11 figures, 9 tables, 5 algorithms.

Table of Contents

  1. Introduction
  2. Contributions Beyond the Conference Version
  3. Preliminaries
  4. Model-Based Diagnosis With One Observation
  5. Bug-Assist
  6. SNI-PER
  7. Model-Based Diagnosis with Multiple Observations
  8. HSD
  9. Our approach
  10. Our Approach vs HSD
  11. CFaults: MBD with Multiple Observations for C Software and Boolean Circuits
  12. CFaults sees Faults in C Programs
  13. Program unrolling
  14. Program Intrumentalisation
  15. CBMC
  16. ...and 29 more sections

Figures (11)

  • Figure 1: Overview of CFaults.
  • Figure 2: Total CPU time comparison between Bug-Assist, SNI-PER, HSD and CFaults on the TCAStcas-dataset-ESE05 benchmark.
  • Figure 3: Total CPU time performance of all FBFL approaches on C-Pack-IPAs.
  • Figure 4: CPU time comparison between Bug-Assist, SNI-PER, HSD, HSD with core minimisation (HSD-CM) and CFaults on C-Pack-IPAs.
  • Figure 5: Comparison between Bug-Assist's, SNI-PER's and CFaults' diagnoses.
  • ...and 6 more figures

Theorems & Definitions (15)

  • Example 1: Motivation
  • Definition 1: Boolean Satisfiability (SAT)
  • Example 2: Satisfiable Formula
  • Example 3: Unsatisfiable Formula
  • Definition 2: SAT Solver Call
  • Example 4: Unsatisfiable Core
  • Definition 3: Maximum Satisfiability (MaxSAT)
  • Example 5: MaxSAT
  • Definition 4: Minimal Correction Subset (MCS)
  • Example 6: MCS
  • ...and 5 more