ABSTRACT
We introduce a general way to locate programmer mistakes that are detected by static analyses such as type checking. The program analysis is expressed in a constraint language in which mistakes result in unsatisfiable constraints. Given an unsatisfiable system of constraints, both satisfiable and unsatisfiable constraints are analyzed, to identify the program expressions most likely to be the cause of unsatisfiability. The likelihood of different error explanations is evaluated under the assumption that the programmer's code is mostly correct, so the simplest explanations are chosen, following Bayesian principles. For analyses that rely on programmer-stated assumptions, the diagnosis also identifies assumptions likely to have been omitted. The new error diagnosis approach has been implemented for two very different program analyses: type inference in OCaml and information flow checking in Jif. The effectiveness of the approach is evaluated using previously collected programs containing errors. The results show that when compared to existing compilers and other tools, the general technique identifies the location of programmer errors significantly more accurately.
Supplemental Material
- A. Aiken. Introduction to set constraint-based program analysis. Science of Computer Programming, 35:79--111, 1999. Google ScholarDigital Library
- A. Aiken and E. L. Wimmers. Type inclusion constraints and type inference. In Conf. Functional Programming Languages and Computer Architecture, pp. 31--41, 1993. Google ScholarDigital Library
- O. Arden, M. D. George, J. Liu, K. Vikram, A. Askarov, and A. C. Myers. Sharing mobile code securely with information flow control. In Proc. IEEE Symp. on Security and Privacy, pp. 191--205, May 2012. Google ScholarDigital Library
- T. Ball, M. Naik, and S. Rajamani. From symptom to cause: Localizing errors in counterexample traces. In POPL 30, pp. 97--105, Jan. 2003. Google ScholarDigital Library
- C. Barrett, R. Jacob, and M. Marathe. Formal-language-constrained path problems. SIAM Journal on Computing, 30:809--837, 2000. Google ScholarDigital Library
- S. Chen and M. Erwig. Counter-factual typing for debugging type errors. In POPL 41, Jan. 2014. Google ScholarDigital Library
- V. Choppella and C. T. Haynes. Diagnosis of ill-typed programs. Technical report, Indiana University, December 1995.Google Scholar
- L. M. M. Damas. Type assignment in programming languages. PhD thesis, Department of Computer Science, University of Edinburgh, 1985.Google Scholar
- D. E. Denning. A lattice model of secure information flow. Comm. of the ACM, 19(5):236--243, 1976. Google ScholarDigital Library
- I. Dillig, T. Dillig, and A. Aiken. Automated error diagnosis using abductive inference. In PLDI'12, pp. 181--192, 2012. Google ScholarDigital Library
- EasyOCaml. http://easyocaml.forge.ocamlcore.org.Google Scholar
- J. S. Foster, R. Johnson, J. Kodumal, and A. Aiken. Flow-insensitive type qualifiers. ACM Trans. Prog. Lang. Syst., 28(6):1035--1087, Nov. 2006. Google ScholarDigital Library
- A. Gelman, J. B. Carlin, H. S. Stern, and D. B. Rubin. Bayesian Data Analysis. Chapman & Hall/CRC, 2nd edition, 2004.Google Scholar
- C. Haack and J. B. Wells. Type error slicing in implicitly typed higherorder languages. Science of Computer Programming, 50(1--3):189--224, 2004. Google ScholarDigital Library
- P. Hart, N. Nilsson, and B. Raphael. A formal basis for the heuristic determination of minimum cost paths. Systems Science and Cybernetics, IEEE Transactions on, 4(2):100--107, 1968.Google Scholar
- B. J. Heeren. Top Quality Type Error Messages. PhD thesis, Universiteit Utrecht, The Netherlands, Sept. 2005.Google Scholar
- P. Hudak, S. P. Jones, and P. Wadler. Report on the programming language Haskell. SIGPLAN Notices, 27(5), May 1992. Google ScholarDigital Library
- G. F. Johnson and J. A. Walz. A maximum flow approach to anomaly isolation in unification-based incremental type inference. In POPL 13, pp. 44--57, 1986. Google ScholarDigital Library
- D. King, T. Jaeger, S. Jha, and S. A. Seshia. Effective blame for information-flow violations. In Int'l Symp. on Foundations of Software Engineering, pp. 250--260, 2008. Google ScholarDigital Library
- T. Kremenek, P. Twohey, G. Back, A. Ng, and D. Engler. From uncertainty to belief: inferring the specification within. In OSDI'06, pp. 161--176, 2006. Google ScholarDigital Library
- O. Lee and K. Yi. Proofs about a folklore let-polymorphic type inference algorithm. ACM Trans. Prog. Lang. Syst., 20(4):707--723, 1998. Google ScholarDigital Library
- B. S. Lerner, M. Flower, D. Grossman, and C. Chambers. Searching for type-error messages. In PLDI'07, pp. 425--434, 2007. Google ScholarDigital Library
- B. Liblit, M. Naik, A. X. Zheng, A. Aiken, and M. I. Jordan. Scalable statistical bug isolation. In PLDI'05, pp. 15--26, 2005. Google ScholarDigital Library
- B. Livshits, A. V. Nori, S. K. Rajamani, and A. Banerjee. Merlin: specification inference for explicit information flow problems. In PLDI'09, pp. 75--86, 2009. Google ScholarDigital Library
- B. J. McAdam. On the unification of substitutions in type inference. In Implementation of Functional Languages, pp. 139--154, 1998. Google ScholarDigital Library
- B. J. McAdam. Repairing Type Errors in Functional Programs. PhD thesis, Laboratory for Foundations of Computer Science, The University of Edinburgh, 2001.Google Scholar
- D. Melski and T. Reps. Interconvertibility of a class of set constraints and context-free language reachability. Theoretical Computer Science, 248(1--2):29--98, 2000. Google ScholarDigital Library
- R. Milner, M. Tofte, and R. Harper. The Definition of Standard ML. MIT Press, Cambridge, MA, 1990. Google ScholarDigital Library
- A. C. Myers and B. Liskov. A decentralized model for information flow control. In SOSP'97, pp. 129--142, 1997. Google ScholarDigital Library
- A. C. Myers, L. Zheng, S. Zdancewic, S. Chong, and N. Nystrom. Jif 3.0: Java information flow. Software release, www.cs.cornell.edu/jif, July 2006.Google Scholar
- OCaml programming language. http://ocaml.org.Google Scholar
- V. Rahli, J. B. Wells, and F. Kamareddine. A constraint system for a SML type error slicer. Technical Report HW-MACS-TR-0079, Heriot- Watt university, 2010.Google Scholar
- T. Reps. Program analysis via graph reachability. Information and Software Technology, 40(11--12):701--726, 1998.Google Scholar
- F. Tip and T. B. Dinesh. A slicing-based approach for locating type errors. ACM Trans. on Software Engineering and Methodology, 10(1):5--55, 2001. Google ScholarDigital Library
- M. Wand. Finding the source of type errors. In POPL 13, 1986. Google ScholarDigital Library
- M.Wand. A simple algorithm and proof for type inference. Fundamenta Informaticae, 10:115--122, 1987.Google ScholarCross Ref
- J.Weijers, J. Hage, and S. Holdermans. Security type error diagnosis for higher-order, polymorphic languages. In ACM SIGPLAN workshop on Partial evaluation and program manipulation, pp. 3--12, 2013. Google ScholarDigital Library
- D. Zhang and A. C. Myers. Toward general diagnosis of static errors: Technical report. Technical Report http://hdl.handle.net/1813/33742, Cornell University, Aug. 2014.Google Scholar
- A. X. Zheng, B. Liblit, and M. Naik. Statistical debugging: simultaneous identification of multiple bugs. In ICML'06, pp. 1105--1112, 2006. Google ScholarDigital Library
Index Terms
- Toward general diagnosis of static errors
Recommendations
Diagnosing type errors with class
PLDI '15: Proceedings of the 36th ACM SIGPLAN Conference on Programming Language Design and ImplementationType inference engines often give terrible error messages, and the more sophisticated the type system the worse the problem. We show that even with the highly expressive type system implemented by the Glasgow Haskell Compiler (GHC)--including type ...
Toward general diagnosis of static errors
POPL '14We introduce a general way to locate programmer mistakes that are detected by static analyses such as type checking. The program analysis is expressed in a constraint language in which mistakes result in unsatisfiable constraints. Given an unsatisfiable ...
SHErrLoc: A Static Holistic Error Locator
We introduce a general way to locate programmer mistakes that are detected by static analyses. The program analysis is expressed in a general constraint language that is powerful enough to model type checking, information flow analysis, dataflow analysis,...
Comments