A model checker can produce a trace of counter-example for erroneous program, which is often difficult to exploit to locate errors in source code. In my thesis, we proposed an error localization algorithm from counter-examples, named LocFaults, combining approaches of Bounded Model-Checking (BMC) with constraint satisfaction problem (CSP). This algorithm analyzes the paths of CFG (Control Flow Graph) of the erroneous program to calculate the subsets of suspicious instructions to correct the program. Indeed, we generate a system of constraints for paths of control flow graph for which at most k conditional statements can be wrong. Then we calculate the MCSs (Minimal Correction Sets) of limited size on each of these paths. Removal of one of these sets of constraints gives a maximal satisfiable subset, in other words, a maximal subset of constraints satisfying the postcondition. To calculate the MCSs, we extend the generic algorithm proposed by Liffiton and Sakallah in order to deal with programs with numerical instructions more efficiently. This approach has been experimentally evaluated on a set of academic and realistic programs.

中文翻译：

---

结合有界模型检查和约束编程技术，以帮助进行错误定位

模型检查器可以为错误的程序生成反例的痕迹，通常很难利用它来定位源代码中的错误。在本文中，我们结合了边界模型检查（BMC）和约束满足问题（CSP），从反例中提出了一种错误定位算法LocFaults。该算法分析错误程序的CFG（控制流图）路径，以计算可疑指令的子集以更正程序。实际上，我们为控制流程图的路径生成了一个约束系统，对于该约束系统，最多k个条件语句可能是错误的。然后，我们在每条路径上计算有限大小的MCS（最小校正集）。除去这些约束中的一组约束，可以得到最大的可满足子集，换句话说，满足后置条件的约束的最大子集。为了计算MCS，我们扩展了Liffiton和Sakallah提出的通用算法，以便更有效地处理带有数字指令的程序。该方法已在一组学术和现实计划上进行了实验评估。