Fault localization is a practical research topic that helps developers identify code locations that might cause bugs in a program. Most existing fault localization techniques are designed for imperative programs (e.g., C and Java) and rely on analyzing correct and incorrect executions of the program to identify suspicious statements. In this work, we introduce a fault localization approach for models written in a declarative language, where the models are not "executed," but rather converted into a logical formula and solved using backend constraint solvers. We present FLACK, a tool that takes as input an Alloy model consisting of some violated assertion and returns a ranked list of suspicious expressions contributing to the assertion violation. The key idea is to analyze the differences between counterexamples, i.e., instances of the model that do not satisfy the assertion, and instances that do satisfy the assertion to find suspicious expressions in the input model. The experimental results show that FLACK is efficient (can handle complex, real-world Alloy models with thousand lines of code within 5 seconds), accurate (can consistently rank buggy expressions in the top 1.9\% of the suspicious list), and useful (can often narrow down the error to the exact location within the suspicious expressions).

中文翻译：

---

FLACK：合金模型的反例指导的故障定位

故障定位是一个实用的研究主题，可以帮助开发人员确定可能导致程序错误的代码位置。大多数现有的故障定位技术都是为命令性程序（例如C和Java）设计的，它们依赖于分析程序的正确和错误执行以识别可疑语句。在这项工作中，我们为用声明性语言编写的模型引入了故障定位方法，该模型不是“执行”的，而是转换为逻辑公式并使用后端约束求解器解决的。我们介绍FLACK，该工具将包含一些违规断言的Alloy模型作为输入，并返回有助于断言违规的可疑表达式的排名列表。关键思想是分析反例之间的差异，即 不满足声明的模型实例，以及满足声明的实例，以在输入模型中找到可疑表达式。实验结果表明，FLACK高效（可以在5秒内处理具有数千行代码的复杂的真实世界的合金模型），准确（可以始终将臭虫表达式排列在可疑列表的前1.9％中）和有用（通常可以将错误缩小到可疑表达式内的确切位置）。