Y.Li,T.Tan,Y.Zhang,and J.Xue XX:5 Potential Point of Failure typestate specifications regarding file operations used will in- Statement:fw.write(info)at line 12 clude "accessing a closed file leads to an error state".For our Related Program Points: Statement out.close()at line 27 example,CLARA produces an error report shown on the left Statement:new FileWriter(..)at line 2 marking line 12 as a"potential point of failure",together with a sequence of two method calls leading to line 12.We have one SCline 12:line 2-line 27-line 12.As static analyses like CLARA are either conservative or unsound,there may or may not be an error at line 12.Now our debugging task begins. The error at line 12 happens only when a Driver object is created in the if branch of main().Therefore,a tool that instructs the developer to examine this if branch only would enable its cause to be identified quickly.In contrast,marking some lines in its matching else branch as also being relevant can increase human analysis effort significantly(especially if the developer has to trace the flow of values across many nested heap structures). Traditional Slicing For large object-oriented programs,traditional(sound)slicing [21,53] is unscalable or yields slices that are too large for human consumption 47.Given a virtual call fw.write(info)at line 12,the set of variables of interest consists of(1)the receiver reference and the arguments of the call [52],and(2)some relevant variables selected manually or recognized automatically [2.13.In our example,these variables form the set {fw,info,fw.isOpen}.Then,a(backward)slice that affects their values comprises all the statements except lines 7-8 and 19-20.This slice,which includes everything in main(), contains too many statements that are not all directly relevant to the task at line 12. Thin Slicing Thin slicing [47]is introduced to facilitate program debugging and understand- ing for object-oriented programs by trading soundness for scalability and(direct)relevance. All control dependences and all base pointer data dependences are excluded.Given a point of interest,thin slicing includes only so-called producer statements that affect directly the values at the point.Statements that serve to explain why producer statements affect the point are ignored.For example,given x=p.f and q.f=y,where p and q may be aliased, q.f=y is a producer statement for r=p.f,because there may be a direct value flow from y to z.All statements that help explain or establish why p and q are aliases are ignored. If we adopt the same slicing criterion at line 12 as above,thin slicing will include only seven statements at lines 2,12,16.17,36,39 and 40.Compared with the traditional slice obtained,this smaller slice still retains line 17,a statement for explaining an immediate cause of the error at line 12.However,two SCline 12-irrelevant statements at lines 39-40(in the else branch of main())are also present,which can cost human analysis effort unnecessarily. Program Tailoring Given SCline 12:line 2-line 27-line 12,TAILOR produces a tailored program consisting of all the statements in all execution paths passing through lines 2,27 and 12 in that order.As line 27 is only reachable from line 9,which resides in the config method invoked at line 35,the tailored program includes all the lines in the example except lines 37-41 that appear in the else branch of main()and lines 19-20. Let us revisit the two slices obtained above,the traditional slice,Ptrad and the thin slice,Pthin.Let our tailored program be identified as Ptal.Despite Pthin<Ptall<Ptradl, tailoring brings several benefits,obtained from exploiting the temporal order of invocation sequences in SCline 12.First,Ptal is the only one that includes nothing from the else branch of main(),revealing more clearly to a human debugger that the potential error at line 12 is triggered by a Driver object created in the if branch of main()("according to some user input")rather than in its matching else branch ("according to some default configuration").Such contextual information enables the developer to locate the cause for the error at line 12 more quickly.In the case of Ptrad and Pthin,the developer may end up wasting a lot of analysis effort on navigating through a lot of SCline 12-irrelevant code, EC00P2016Y. Li, T. Tan, Y. Zhang, and J. Xue XX:5 Potential Point of Failure : Statement: fw.write(info) at line 12 Related Program Points : Statement: out.close() at line 27 Statement: new FileWriter(...) at line 2 typestate specifications regarding file operations used will in￾clude “accessing a closed file leads to an error state”. For our example, Clara produces an error report shown on the left, marking line 12 as a “potential point of failure”, together with a sequence of two method calls leading to line 12. We have one SCline 12 : line 2 → line 27 → line 12. As static analyses like Clara are either conservative or unsound, there may or may not be an error at line 12. Now our debugging task begins. The error at line 12 happens only when a Driver object is created in the if branch of main(). Therefore, a tool that instructs the developer to examine this if branch only would enable its cause to be identified quickly. In contrast, marking some lines in its matching else branch as also being relevant can increase human analysis effort significantly (especially if the developer has to trace the flow of values across many nested heap structures). Traditional Slicing For large object-oriented programs, traditional (sound) slicing [21, 53] is unscalable or yields slices that are too large for human consumption [47]. Given a virtual call fw.write(info) at line 12, the set of variables of interest consists of (1) the receiver reference and the arguments of the call [52], and (2) some relevant variables selected manually or recognized automatically [2, 13]. In our example, these variables form the set {fw, info, fw.isOpen}. Then, a (backward) slice that affects their values comprises all the statements except lines 7 – 8 and 19 – 20. This slice, which includes everything in main(), contains too many statements that are not all directly relevant to the task at line 12. Thin Slicing Thin slicing [47] is introduced to facilitate program debugging and understand￾ing for object-oriented programs by trading soundness for scalability and (direct) relevance. All control dependences and all base pointer data dependences are excluded. Given a point of interest, thin slicing includes only so-called producer statements that affect directly the values at the point. Statements that serve to explain why producer statements affect the point are ignored. For example, given x = p.f and q.f = y, where p and q may be aliased, q.f = y is a producer statement for x = p.f, because there may be a direct value flow from y to x. All statements that help explain or establish why p and q are aliases are ignored. If we adopt the same slicing criterion at line 12 as above, thin slicing will include only seven statements at lines 2, 12, 16, 17, 36, 39 and 40. Compared with the traditional slice obtained, this smaller slice still retains line 17, a statement for explaining an immediate cause of the error at line 12. However, two SCline 12-irrelevant statements at lines 39 – 40 (in the else branch of main()) are also present, which can cost human analysis effort unnecessarily. Program Tailoring Given SCline 12 : line 2→line 27→line 12, Tailor produces a tailored program consisting of all the statements in all execution paths passing through lines 2, 27 and 12 in that order. As line 27 is only reachable from line 9, which resides in the config method invoked at line 35, the tailored program includes all the lines in the example except lines 37 – 41 that appear in the else branch of main() and lines 19 – 20. Let us revisit the two slices obtained above, the traditional slice, Ptrad and the thin slice, Pthin. Let our tailored program be identified as Ptal. Despite |Pthin| < |Ptal| < |Ptrad|, tailoring brings several benefits, obtained from exploiting the temporal order of invocation sequences in SCline 12. First, Ptal is the only one that includes nothing from the else branch of main(), revealing more clearly to a human debugger that the potential error at line 12 is triggered by a Driver object created in the if branch of main() (“according to some user input”) rather than in its matching else branch (“according to some default configuration”). Such contextual information enables the developer to locate the cause for the error at line 12 more quickly. In the case of Ptrad and Pthin, the developer may end up wasting a lot of analysis effort on navigating through a lot of SCline 12-irrelevant code, E COO P 2 0 1 6