Two-dimensional pinpointing: debugging with formal specifications

Debugging techniques and tools that draw on both the high-level concepts (defined as functions) used in formal specifications and the abstraction and information-hiding constructs used in modern languages are described. The technique is based on two components. One is a novel specification language with support tools. Ada programs are specified with a language that the authors created called Anna. Their tool set is used to check the Ada program's runtime behavior for consistency with the Anna specifications. The other technique uses the tool set to find missing specifications by comparing the specification with program prototypes and to test and debug Ada programs after an accepted specification has been developed. The approach, called two-dimensional pinpointing, locates inconsistencies in software that is structured in levels     

Improved usability and performance of SMT solvers for debugging specifications

It is now common to construct an extended static checker or software verification system using an SMT theorem prover as the underlying logical verifier. SMT provers have improved significantly in performance over the last several years. However, their usability as a component of software checking and verification systems still has gaps. This paper describes investigations in two areas: the reporting of counterexample information and the testing of vacuity, both of which are important to realistic use of such tools for typical software development. The use of solvers in verification is more effective if the solvers support minimal unsatisfiable cores and incremental construction, evolution and querying of satisfying assignments; current solvers only partially support these capabilities.     

A Deterministic Logical Semantics for Esterel

Esterel is a synchronous design language for the specification of reactive systems. There exist two main semantics for Esterel. On the one hand, the logical behavioral semantics provides a simple and compact formalization of the behavior of programs using SOS rules. But it does not ensure deterministic executions for all programs and all inputs. As non-deterministic programs have to be rejected as incorrect, this means it defines behaviors for incorrect programs, which is not convenient. On the other hand, the constructive semantics is deterministic (amongst other properties) but at the expense of a much more complex formalism. In this work, we construct and thoroughly analyze a new deterministic semantics for Esterel that retains the simplicity of the logical behavioral semantics, from which it derives. In our view, it provides a much better framework for formal reasoning about Esterel programs.     

Compiling Esterel into Static Discrete-Event Code

Executing concurrent specifications on sequential hardware is important for both simulation of systems that are eventually implemented on concurrent hardware and for those most conveniently described as a set of concurrent processes. As with most forms of simulation, this is easy to do correctly but difficult to do efficiently. Solutions such as preemptive operating systems and discrete-event simulators present significant overhead.In this paper, we present a technique for compiling the concurrent language Esterel into very efficient C code. Our technique minimizes runtime overhead by making most scheduling decisions at compile time and using a very simple linked-list-based event queue at runtime.While these techniques work particularly well for Esterel with its high-level concurrent semantics, the same technique could also be applied to efficiently execute other concurrent specifications.     

ESUIF: An Open Esterel Compiler

I describe a new compiler infrastructure for imperative synchronous languages such as Esterel and E↕. Built on the S〉{ 2 system, it includes a new intermediate representation for this class of languages that has simple semantics designed for easy implementation in hardware or software. I describe the structure of this new compiler, the intermediate representation, and how Esterel source is translated into this intermediate representation.     

Towards a Model Theory for Esterel

Esterel is a synchronous language for reactive-systems design and builds the core of the commercial tool Esterel Studio. This paper shows how the constructive semantics of a combinational fragment of Esterel, as presented by Berry, can be derived in a model-theoretic fashion, thus complementing the existing behavioral, operational, and circuit-based approaches to Esterel semantics. Technically, Esterel programs are read as formulas in propositional intuitionistic logic, which are interpreted over simple linear Kripke structures, referred to as Gödel valuations. Esterel reactions are then characterized as specific Gödel valuations, called response models, and it is shown that the approach is compositional in the structure of Esterel programs.The obtained results are an important step towards explaining the logic behind Esterel semantics. In addition, the intuitionistic setting advocated in this paper nicely links to Pnueli and Shalev's semantics of Harel's Statecharts, another synchronous language for reactive-systems design. This offers interesting insights into the similarities of and the differences between Esterel and Statecharts semantics.     

Goto and Concurrency Introducing Safe Jumps in Esterel

Esterel is a design language for the specification of real time embedded systems. Based on the synchronous concurrency paradigm, its semantics describes execution as a succession of instants of computation. In this work, we consider the introduction of a new gotopause instruction in the language, which acts as a non-instantaneous jump instruction compatible with concurrency. It allows the programmer to activate state control points anywhere in the program, from where the execution is resumed in the next instant. In order to provide the formal semantics of the extended language, we first define a state semantics of Esterel, which we prove observationally equivalent to the original logical behavioral semantics. Including gotopause in the state semantics is then straightforward. We sketch two key applications of our new primitive: a direct encoding of automata and a quasi-linear rewriting of programs eliminating schizophrenic behaviors.     

Visual debugging

We developed an approach that uses our innate visual pattern recognition skills as part of the debugging process. Inspired by Huang's (1996) use of color to visualize energy distributions while untangling knots, we represented the particles graphically and color-coded them by energy value. Thus far, we've applied this approach to three domains: particle systems, cluster hardware configurations, and physics codes using finite element models. This debugging paradigm differs from software or program visualization in that we don't visualize software elements such as procedures, message passing between processors, or graph-based representations of data structures. In most application domains developers that use algorithm visualization tools must make decisions about what kind of visualization would best represent their code, and they must, in effect, code this visualization in addition to their application. For many developers, the time investment is too great compared to their perceived benefit, so they return to a traditional debugging approach. We believe that restricting the application domain increases the ease of use of visual debuggers. However, we go one step further by creating a, visual tool tailored to a particular application domain that can use either captured data or simulation outputs and requires no coding effort on the part of the user.     

Design of an Automatic Teller Machine with Esterel Studio

This paper describes how the cash-point service can be specified and simulated using Esterel Studio. Received July 2000 / Accepted in revised form December 2000     

Design of a Mobile Robot Controller using Esterel Tools

Robot controllers are often programmed using either standard sequential programming languages or a robot-specific language, which are then compiled to assembly language specific to the robot. Modern real-time programming languages, on the other hand, are more appropriate to program robots, as they better fit the real-time reactive model of robots. This paper reports on a project to program a non-trivial robot, the Rug Warrior, in the Artificial Intelligence Laboratory of UNSW, using Esterel, which is a real-time programming language. The approach is illustrated by simulation of a colony of Siberian ants using a group of Rug Warriors.     

Iterative delta debugging

Automated debugging attempts to locate the reason for a failure. Delta debugging minimizes the difference between two inputs, where one input is processed correctly while the other input causes a failure, using a series of test runs to determine the outcome of applied changes. Delta debugging is applicable to inputs or to the program itself, as long as a correct version of the program exists. However, complex errors are often masked by other program defects, making it impossible to obtain a correct version of the program through delta debugging in such cases. Iterative delta debugging extends delta debugging and removes a series of defects step by step, until the originally unresolved defect is isolated. The method is automated and managed to localize a bug in some real-life examples.     

Visualizing performance debugging

The authors examine a special software development environment called the Parallel Programming and Instrumentation Environment (PIE). PIE is designed to develop performance-efficient parallel and sequential computations. Following an explanation of PIE's general theory and features, PIE's visualization tools are used to isolate and repair the parallelism problem of an eight-process computation. Two more difficult examples using PIE are discussed. Some of the issues involved in correctly presenting visual information, such as the features users ask for and what can be done about a performance monitor's perturbation of computations, are addressed     

Hardware assisted high-level debugging

Hardware assistance has long been used for logic level and functional unit level hardware debugging, as well as for machine language level software debugging. Such hardware assistance includes probes to detect signals, comparators to identify matches with expected patterns, buffers to record selected events, and independent logic and software to analyze and interpret the observed events. It can also include the ability to generate selected signals to stimulate the object being debugged and the ability to isolate it from normal changes so its state can be examined. Through knowledge of the data structures and algorithms used by the operating systems, and the runtime representation, register usage, and code bursts produced by compilers, it is possible to take advantage of such hardware assistance in high-level debugging. High-level debugging here refers to debugging in terms of abstractions supported by the operating system and programming languages, as well as user defined abstractions built on top of these. This paper discusses design considerations behind a project to build such a hardware assisted high-level debugger.     

Deriving protocol specifications from service specifications written in LOTOS

Summary.  A complete communication system is broken down into a number of protocol layers each of which provides services to the layer above it and uses services provided by its underlying layer. A service specification defines a particular ordering of the operations that a given layer provides to the layer above it. The active elements in each layer are called entities and they use a protocol in order to implement their service definition. On the basis of this relation between the service and protocol concepts we have developed algorithms for deriving protocol entity specifications from a formal service specification. The derived protocol entities ensure the correct ordering of the service primitives by exchanging synchronization messages through an underlying communication medium. This paper presents an extended version of our earlier derivation algorithms. This version of the algorithm can handle all operators and unrestricted process invocation and recursion as defined by basis LOTOS. The correctness of this derivation algorithm is formally proved. Received: January 1992 / Accepted: February 1996     

Simultaneous debugging of software faults

(Semi-)automated diagnosis of software faults can drastically increase debugging efficiency, improving reliability and time-to-market. Current automatic diagnosis techniques are predominantly of a statistical nature and, despite typical defect densities, do not explicitly consider multiple faults, as also demonstrated by the popularity of the single-fault benchmark set of programs. We present a reasoning approach, called Zoltar-M(ultiple fault), that yields multiple-fault diagnoses, ranked in order of their probability. Although application of Zoltar-M to programs with many faults requires heuristics (trading-off completeness) to reduce the inherent computational complexity, theory as well as experiments on synthetic program models and multiple-fault program versions available from the software infrastructure repository (SIR) show that for multiple-fault programs this approach can outperform statistical techniques, notably spectrum-based fault localization (SFL). As a side-effect of this research, we present a new SFL variant, called Zoltar-S(ingle fault), that is optimal for single-fault programs, outperforming all other variants known to date.     

A database model of debugging

Debugging a program can be viewed as performing queries and updates on a database that contains program source information as well as the state of the executing program. This approach integrates the facilities of a traditional debugger into a programming environment by providing access to runtime information through normal database query operations. We are building a programming environment in which all program information is stored in a relational database system. This system will include capabilities to provide the programmer a simple yet powerful mechanism for describing debugging requests.     

Modeling Embedded Systems: From SystemC and Esterel to DFCharts

This article addresses the need for directly expressing heterogeneous, hierarchical behaviors for modeling specific embedded systems. After analyzing two existing ESL languages, SystemC and Esterel, the authors created a new model of computation and a graphical language to gain the direct expressivity they need for their model. Although researchers have suggested various changes to SystemC and Esterel to fit modeling requirements, this article considers mainly standard SystemC and Esterel.