TY - GEN
T1 - A System Identification Based Oracle for Control-CPS Software Fault Localization
AU - He, Zhijian
AU - Chen, Yao
AU - Huang, Enyan
AU - Wang, Qixin
AU - Pei, Yu
AU - Yuan, Haidong
PY - 2019/5
Y1 - 2019/5
N2 - Control-CPS software fault localization (SFL, aka bug localization) is of critical importance as bugs may cause major failures, even injuries/deaths. To locate the bugs in control-CPSs, SFL tools often demand many labeled ('correct'/'incorrect') source code execution traces as inputs. To label the correctness of these traces, we must judge the corresponding control-CPS physical trajectories' correctness. However, unlike discrete outputs, the boundaries between correct and incorrect physical trajectories are often vague. The mechanism (aka oracle) to judge the physical trajectories' correctness thus becomes a major challenge. So far, the ad hoc practice of ''human oracles'' is still widely used, whose qualities heavily depend on the human experts' expertise and availability. This paper proposes an oracle based on the well adopted autoregressive system identification (AR-SI). With proven success for controlling black-box physical systems, AR-SI is adapted by us to identify the buggy control-CPS as a black-box. We use this identification result as an oracle to judge the control-CPS's behaviors, and propose a methodology to prepare traces for control-CPS debugging. Comprehensive evaluations on classic control-CPSs with injected real-life and artificial bugs show that our proposed approach significantly outperforms the human oracle approach in SFL accuracy (recall) and latency, and in oracle false positive/negative rates. Our approach also helps discover a new real-life bug in a consumer-grade control-CPS.
AB - Control-CPS software fault localization (SFL, aka bug localization) is of critical importance as bugs may cause major failures, even injuries/deaths. To locate the bugs in control-CPSs, SFL tools often demand many labeled ('correct'/'incorrect') source code execution traces as inputs. To label the correctness of these traces, we must judge the corresponding control-CPS physical trajectories' correctness. However, unlike discrete outputs, the boundaries between correct and incorrect physical trajectories are often vague. The mechanism (aka oracle) to judge the physical trajectories' correctness thus becomes a major challenge. So far, the ad hoc practice of ''human oracles'' is still widely used, whose qualities heavily depend on the human experts' expertise and availability. This paper proposes an oracle based on the well adopted autoregressive system identification (AR-SI). With proven success for controlling black-box physical systems, AR-SI is adapted by us to identify the buggy control-CPS as a black-box. We use this identification result as an oracle to judge the control-CPS's behaviors, and propose a methodology to prepare traces for control-CPS debugging. Comprehensive evaluations on classic control-CPSs with injected real-life and artificial bugs show that our proposed approach significantly outperforms the human oracle approach in SFL accuracy (recall) and latency, and in oracle false positive/negative rates. Our approach also helps discover a new real-life bug in a consumer-grade control-CPS.
KW - Cyber-Physical System
KW - Debug
KW - Oracle
KW - Testing
UR - http://www.scopus.com/inward/record.url?scp=85072284658&partnerID=8YFLogxK
U2 - 10.1109/ICSE.2019.00029
DO - 10.1109/ICSE.2019.00029
M3 - Conference article published in proceeding or book
AN - SCOPUS:85072284658
T3 - Proceedings - International Conference on Software Engineering
SP - 116
EP - 127
BT - Proceedings - 2019 IEEE/ACM 41st International Conference on Software Engineering, ICSE 2019
PB - IEEE Computer Society
T2 - 41st IEEE/ACM International Conference on Software Engineering, ICSE 2019
Y2 - 25 May 2019 through 31 May 2019
ER -