Automatic State Reaching for Debugging Reactive Programs

Reactive systems are made of programs that permanently interact with their environment. Debuggers generally provide support for data and state inspection, given a sequence of inputs. But, because the reactive programs and their environments are interdependent, a very useful feature is to be able to go the other way around; namely, given a state, obtain a sequence of inputs that leads to that state. This problem is equivalent to the general verification of safety properties, which is notoriously undecidable in presence of numeric variables. However, a lot of progress has been done in recent years through the development of model checking and abstract-interpretation-based techniques.In this article, we take advantage of those recent advances to implement a fully automatic state reaching capability inside a debugger of reactive programs. To achieve that, we connect a debugger, a verification tool, and a testing tool. One of the key contributions of our proposal is the proper handling of numeric variables.

[1]  Leslie Lamport,et al.  Proving the Correctness of Multiprocess Programs , 1977, IEEE Transactions on Software Engineering.

[2]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[3]  Sheldon B. Akers,et al.  Binary Decision Diagrams , 1978, IEEE Transactions on Computers.

[4]  Nicolas Halbwachs,et al.  Automatic discovery of linear restraints among variables of a program , 1978, POPL.

[5]  Mark David Weiser,et al.  Program slices: formal, psychological, and practical investigations of an automatic program abstraction method , 1979 .

[6]  Joseph Sifakis,et al.  Specification and verification of concurrent systems in CESAR , 1982, Symposium on Programming.

[7]  Ehud Shapiro,et al.  Algorithmic Program Debugging , 1983 .

[8]  Randal E. Bryant,et al.  Graph-Based Algorithms for Boolean Function Manipulation , 1986, IEEE Transactions on Computers.

[9]  A. P. Sistla,et al.  Automatic verification of finite-state concurrent systems using temporal logic specifications , 1986, TOPL.

[10]  Thierry Gautier,et al.  Programming real-time applications with SIGNAL , 1991, Proc. IEEE.

[11]  Pascal Raymond,et al.  The synchronous data flow programming language LUSTRE , 1991, Proc. IEEE.

[12]  Gérard Berry,et al.  The Esterel Synchronous Programming Language: Design, Semantics, Implementation , 1992, Sci. Comput. Program..

[13]  Nicolas Halbwachs,et al.  Synchronous Observers and the Verification of Reactive Systems , 1993, AMAST.

[14]  Edmund M. Clarke,et al.  Efficient generation of counterexamples and witnesses in symbolic model checking , 1995, DAC '95.

[15]  Nicolas Halbwachs,et al.  Synchronous Programming of Reactive Systems , 1992, CAV.

[16]  Nicolas Halbwachs,et al.  Automatic testing of reactive systems , 1998, Proceedings 19th IEEE Real-Time Systems Symposium (Cat. No.98CB36279).

[17]  Saburo Muroga,et al.  Binary Decision Diagrams , 2000, The VLSI Handbook.

[18]  Nicolas Halbwachs,et al.  Dynamic Partitioning in Analyses of Numerical Properties , 1999, SAS.

[19]  Florence Maraninchi,et al.  Step-wise + Algorithmic debugging for Reactive Programs: Ludic, a debugger for Lustre , 2000, AADEBUG.

[20]  Zhihong Zeng,et al.  Functional Test Generation using Constraint Logic Programming , 2001, VLSI-SOC.

[21]  Scott Hazelhurst,et al.  A hybrid verification approach: getting deep into the design , 2002, DAC '02.

[22]  Pascal Raymond,et al.  Describing Non-Deterministic Reactive Systems by Means of Regular Expressions , 2002, SLAP@ETAPS.

[23]  Helmut Veith,et al.  Automated Abstraction Refinement for Model Checking Large State Spaces Using SAT Based Conflict Analysis , 2002, FMCAD.

[24]  Edmund M. Clarke,et al.  Counterexample-Guided Abstraction Refinement , 2000, CAV.

[25]  Bertrand Jeannet,et al.  Dynamic Partitioning in Linear Relation Analysis: Application to the Verification of Reactive Systems , 2003, Formal Methods Syst. Des..

[26]  Nicolas Halbwachs,et al.  Counter-example generation in symbolic abstract model-checking , 2004, International Journal on Software Tools for Technology Transfer.

[27]  Edmund M. Clarke,et al.  Counterexample-guided abstraction refinement , 2003, 10th International Symposium on Temporal Representation and Reasoning, 2003 and Fourth International Conference on Temporal Logic. Proceedings..