Prioritising Model-Based Debugging Diagnostic Reports Wolfgang Mayer † and Rui Abreu ‡ and Markus Stumptner † and Arjan J.C. van Gemund ‡ † Advanced Computing Research Centre University of South Australia Australia {mayer,mst}@cs.unisa.edu.au ‡ Embedded Software Lab Delft University of Technology The Netherlands {r.f.abreu,a.j.c.vangemund}@tudelft.nl Abstract Model-based debugging has proved successful as a tool to guide automated debugging efforts, but the technique may suffer from large result sets in prac- tice, since no means to rank or discriminate between the returned candidate explanations are available. We present a unique combination of model- and spectrum-based fault localisation approach to rank explanations and show that the combined frame- work outperforms the individual approaches as well as other state of the art automated debugging mech- anisms. 1 Introduction The problem of faulty software has been recognised as long- standing issue, with considerable costs attached to locating and eliminating problems in development as well as after deployment of software systems [19]. In particular, testing, validation and debugging of software consumes a considerable slice of the overall software development costs. Hence, numer- ous approaches have been proposed to automate parts of this process to help detect more defects earlier in the development cycle and to guide software engineers towards possible faults. Early debugging efforts were geared towards reducing the size of a program that must be investigated by analysing the structure and dependencies between different parts of the pro- gram’s source code [16]. More recently, dynamic analysis techniques have been proposed that exploit traces of program executions to accommodate the size of modern software sys- tems [23]. While applicable to a wide variety of programs, both approaches are limited by the absence of a detailed model of the correct behaviour of a program. To overcome these limitations, a spectrum of model-based fault isolation techniques has been advocated as powerful debugging aid that can help to isolate faults in complex pro- grams [12]. By comparing the state and behaviour of a pro- gram to what is anticipated by its programmer, model-based reasoning techniques separate those parts of a program that may contain a fault from those that cannot be responsible for observed symptoms. A distinguished advantage of the model-based framework is that it helps programmers by sys- tematically exploring different fault assumptions while hiding the complex underlying reasoning procedures behind a simple intuitive conceptual interface. Initial experiences with model-based software debugging (MBSD) have shown that the approach is competitive with other state of the art automated debugging aids [13], but it has also become clear that no single technique is sufficient to deal with a variety of programs and faults. Instead, a combination of approaches must be pursued where the strengths of indi- vidual techniques complement each other to lead to a more accurate and robust debugging tool. In this paper we present a combined framework that inte- grates model-based debugging with popular dynamic program analysis techniques to focus search and rank results. We show that, as a result, fewer program fragments are being impli- cated, leading to considerably increased accuracy as well as reduced computational complexity of the overall approach. While MBSD is general enough to be combined with almost any debugging tool that can expose its findings in terms of the original program’s source code and a set of fault assump- tions, the combination of semantic and trace-based analysis is particularly appealing, since the approaches contribute com- plementary information: MBSD injects and analyses specific modifications to the semantics of a program, while dynamic analysis exploits fault correlation to focus the search. Our presentation is structured as follows: The principles of model-based debugging are outlined in Section 2, followed by a discussion of spectrum-based fault localisation in Section 3. The combined framework is discussed in Section 4. Empirical validation of our approach and our findings are given in Sec- tion 5. Section 6 discusses relevant related works, followed by the conclusion. 2 Model-based Software Fault Localisation In search for effective (semi-) automated debugging aids, many different strategies have been proposed in the last three decades. Approaches to automate analysis and isolation of faults in programs range from purely syntactical checks to isolate common fault patterns [4], over execution trace-based analysis [15] to full-fledged semi-automatic program verifica- tion [2]. Syntax-based analysis can be easily applied to most programs, but its results are often language-specific and de- pend on particular syntactic programming styles; trace-based techniques depend on a suitable test harness being available. Better results can often be achieved if a model of the correct program behaviour is available to guide debugging efforts. For example, a partial specification expressed in some formal lan-