Model-Based Diagnosis with Multiple Observations: A Unified Approach for C Software and Boolean Circuits

TL;DR

This paper presents CFaults, a new fault localisation tool for C software and Boolean circuits with multiple faults, using Model-Based Diagnosis and MaxSAT to improve accuracy and efficiency over existing methods.

Contribution

CFaults introduces a unified approach leveraging MBD with multiple observations and MaxSAT, guaranteeing consistent diagnoses and reducing redundancy in fault localisation.

Findings

CFaults outperforms existing FBFL methods in speed on C programs.

CFaults localises faults in fewer circuits compared to HSD.

CFaults produces only subset-minimal diagnoses, reducing redundancy.

Abstract

Debugging is one of the most time-consuming and expensive tasks in software development and circuit design. Several formula-based fault localisation (FBFL) methods have been proposed, but they fail to guarantee a set of diagnoses across all failing tests or may produce redundant diagnoses that are not subset-minimal, particularly for programs/circuits with multiple faults. This paper introduces CFaults, a novel fault localisation tool for C software and Boolean circuits with multiple faults. CFaults leverages Model-Based Diagnosis (MBD) with multiple observations and aggregates all failing test cases into a unified Maximum Satisfiability (MaxSAT) formula. Consequently, our method guarantees consistency across observations and simplifies the fault localisation procedure. Experimental results on three benchmark sets, two of C programs, TCAS and C-Pack-IPAs, and one of Boolean circuits, ISCAS85, show that CFaults is faster at localising faults in C software than other FBFL approaches such as BugAssist, SNIPER, and HSD. On the ISCAS85 benchmark, CFaults is generally slower than HSD; however, it localises faults in only 6% fewer circuits, demonstrating that it remains competitive in this domain. Furthermore, CFaults produces only subset-minimal diagnoses of faulty statements, whereas the other approaches tend to enumerate redundant diagnoses (e.g., BugAssist and SNIPER).