Error Invariants Evren Ermis 1 , Martin Sch¨ af 2⋆ , and Thomas Wies 3 1 University of Freiburg 2 United Nations University, IIST, Macau 3 New York University Abstract. Localizing the cause of an error in an error trace is one of the most time-consuming aspects of debugging. We develop a novel technique to automate this task. For this purpose, we introduce the concept of error invariants. An error invariant for a position in an error trace is a formula over program variables that over-approximates the reachable states at the given position while only capturing states that will still produce the error, if execution of the trace is continued from that position. Error invariants can be used for slicing error traces and for obtaining concise error explanations. We present an algorithm that computes error invari- ants from Craig interpolants, which we construct from proofs of unsatisfiability of formulas that explain why an error trace violates a particular correctness as- sertion. We demonstrate the effectiveness of our algorithm by using it to localize faults in real-world programs. 1 Introduction A central element of a programmer’s work routine is spending time on debugging. Par- ticularly time-consuming (and often the most frustrating part of debugging) is the task of fault localization [1, 3, 9, 10, 13, 14, 18, 20, 21], i.e., isolating the cause of an error by inspecting a failed execution of the program. This task encompasses, for instance, the identification of the program statements that are relevant for the error, and determining the variables whose values should be tracked in order to understand the cause of the error. In this paper, we present a novel technique that enables automated fault localization and the automatic generation of concise error explanations. The input to our technique is a an error trace of the program, which consists of the sequence of program state- ments whose execution produced an error, and formulas describing the initial states of the trace and the expected output states (i.e., the assertion that was violated). Such error traces can be obtained either from failing test cases or from counterexamples produced by static analysis tools. Our technique is based on the new concept of error invariants. An invariant for a given position in a trace is a formula satisfied by all states reaching that position in an execution of the trace. An error invariant is an invariant for a position in an error trace that only captures states that will still produce the error, if execution of the trace is continued from that position. Hence, an error invariant provides an expla- nation for the failure of the trace at the given position. We observe that inductive error ⋆ Supported in part by the projects ARV and COLAB, funded by Macau Science and Technology Development Fund.