Debugging: Techniques and Beyond

Yanyan Jiang


The last assignment

Debugging (2)

  • Trace, profiling, and time traveling
  • Fault isolation
  • Automatic program repair

Trace, Profiling, and Time Traveling

Complete and Incomplete Traces

Fault → Error → Failure

  • Fault: over programs
  • Error/failure: over traces

Program as a state transition system

  • The full trace has all information for debugging
  • The crux: we can't even store it!

Trace Recovery: Deterministic Replay

Key idea

  • Restoring a trace does not need every state snapshot
  • Most state transitions are deterministic
    • Only log non-deterministic actions


Key idea

  • Log less, search more
  • We don't really need a full-scale replay
    • Any “reasonable” trace reproducing the bug would be good
    • Shorter one, even better



This is human-in-the-loop

  • GDB is difficult to use? Yes!
  • So does any other debugger
    • (This problem is still open)

Fault Isolation

Often people who encounter a bug spend a lot of time investigating which changes to the input file will make the bug go away and which changes will not affect it.

— Richard Stallman, Using and Porting GNU CC

Delta Debugging

Fault → Error → Failure

  • Fault: over programs
  • Error/failure: over traces

Key insight

  • We don't really need exactly the same error state
  • Better smaller error state with the same failure $$ \min_{t}{ \textrm{failure}(t) = \textrm{failure}({t_0}) } $$
    • Simplifying and isolating failure-inducing input, (TSE'02)

Spectrum-based Fault Localization

Similarly, what if we have tons of test cases?

  • We can mine correlations between code/branches with errors
    • Visualization of test information to assist fault localization (ICSE'02)

Automatic Program Repair

A (Seemingly Crazy) Idea

Search for a “minimum” change that can make test cases pass!

$$\min_{P' \in \textrm{PASS} } d(P, P')$$

The GenProg

  • Does not work at all
    • (For real and hard bugs)
    • Still, ICSE'09 Best Paper
  • But sheds some light
    • How to improve it?




  • The state machine perspective
    • Fault (code) → Error (trace) → Failure (trace)
  • Debugging
    • Recover/minify trace
    • Find (alternative) error states
    • Isolate the failure