Declarative debugging of Maude modules

A. Riesco, A. Verdejo, R. Caballero, and N. Martí-Oliet

Maude is a declarative language based on both equational and rewriting logic for the specification and implementation of a whole range of models and systems. Here we present a declarative debugger for Maude functional, system, and object-oriented modules. Functional modules define data types and operations on them by means of membership equational logic theories that support multiple sorts, subsort relations, equations, and assertions of membership in a sort. System modules specify rewrite theories that also support rules, defining local concurrent transitions that can take place in a system. Object-oriented modules support a more convenient syntax for this kind of systems.

The debugging process starts with an incorrect transition from an initial term. Our debugger, after building a proof tree for that inference, will present to the user questions about the computation. Moreover, since the questions are located in the proof tree, the answer allows the debugger to discard a subset of the questions, leading and shortening the debugging process. The current version of the tool supports all kinds of modules, debugging of both wrong and missing answers, different ways of trusting statements, two possible constructions of the debugging tree for rewritings, and two strategies for traversing it among many other features. The debugger is implemented on top of Full Maude, taking advantage of the reflective capabilities of Maude.

Papers

• R. Caballero, N. Martí-Oliet, A. Riesco, and A. Verdejo. Declarative debugging of membership equational logic specifications. In P. Degano, R. D. Nicola and J. Meseguer, editors, Concurrency, Graphs and Models, LNCS 5065, pages 174-193. Springer, 2008.
• R. Caballero, N. Martí-Oliet, A. Riesco, and A. Verdejo. A declarative debugger for Maude functional modules. In G. Rosu, editor, Proceedings Seventh International Workshop on Rewriting Logic and its Applications, WRLA 2008. Elsevier, 2008.
• A. Riesco, A. Verdejo, N. Martí-Oliet, and R. Caballero. A declarative debugger for Maude. In J. Meseguer and G. Rosu, editors, Algebraic Methodology and Software Technology - 12th International Conference, AMAST 2008, LNCS 5140, pages 116-221. Springer, 2008.
• A. Riesco, A. Verdejo, R. Caballero, and N. Martí-Oliet. Declarative debugging of rewriting logic specifications. In Andrea Corradini and Ugo Montanari, editors, Recent Trends in Algebraic Development Techniques - 19th International Workshop on Algebraic Development Techniques, WADT 2008, LNCS 5486, pages 308-325. Springer, 2008.
• A. Riesco, A. Verdejo, and N. Martí-Oliet. Enhancing the debugging of Maude specifications. In P. C. Ölveczky, editor, Proceedings of the 8th International Workshop on Rewriting Logic and its Applications, WRLA 2010, LNCS 6381, pages 226-242. Springer, 2010.
• A. Riesco, A. Verdejo, and N. Martí-Oliet. Declarative debugging of missing answers for Maude specifications. In Proceedings of the 21st International Conference on Rewriting Techniques and Applications, RTA 2010, Leibniz International Proceedings in Informatics 6, Schloss Dagstuhl–Leibniz-Zentrum fuer Informatik, pages 277-294, 2010.
• A. Riesco, A. Verdejo, and N. Martí-Oliet. A complete declarative debugger for Maude. In M. Johnson and D. Pavlovic, editors, Proceedings of the 13th International Conference on Algebraic Methodology and Software Technology, AMAST 2010, LNCS 6486, pages 216-225. Springer, 2011.
• A. Riesco, A. Verdejo, N. Martí-Oliet, and R. Caballero. Declarative debugging of rewriting logic specifications. Journal of Logic and Algebraic Programming, 2011. To appear.
• R. Caballero, A. Riesco, A. Verdejo, and N. Martí-Oliet. Simplifying Questions in Maude Declarative Debugger by Transforming Proof Trees. In G. Vidal, editor, 21st International Symposium on Logic-Based Program Synthesis and Transformation, LOPSTR 2011. LNCS 7225, Springer, pages 73-89, 2012.

• R. Caballero, N. Martí-Oliet, A. Riesco y A. Verdejo. Declarative Debugging of Maude Functional Modules. Technical Report SIC-4-07. Dpto. Sistemas Informáticos y Computación, Universidad Complutense de Madrid, 2007. Superseded by last technical report.
• A. Riesco, A. Verdejo, R. Caballero y N. Martí-Oliet. Declarative debugging of Maude modules, Technical Report SIC-6/08. Dpto. Sistemas Informáticos y Computación, Universidad Complutense de Madrid, 2008. Superseded by last technical report.
• A. Riesco, A. Verdejo, and N. Martí-Oliet. Declarative debugging of missing answers in rewriting logic. Technical Report SIC-06/09. Dpto. Sistemas Informáticos y Computación, Universidad Complutense de Madrid, 2009. Superseded by last technical report.
• A. Riesco, A. Verdejo, R. Caballero, and N. Martí-Oliet. Declarative Debugging of Rewriting Logic Specifications. Technical Report 02/10, Dpto. Sistemas Informáticos y Computación, Universidad Complutense de Madrid, 2010.
• R. Caballero, A. Riesco, A. Verdejo, and N. Martí-Oliet. Improving the Debugging of Membership Equational Logic Specifications. Technical Report SIC-02-11, Dpto. Sistemas Informáticos y Computación, Universidad Complutense de Madrid, 2011.

• A. Riesco, A. Verdejo, R. Caballero, and N. Martí-Oliet. A declarative debugger for Maude specifications - User guide. Technical Report SIC-07/09, Dpto. Sistemas Informáticos y Computación, Universidad Complutense de Madrid, 2009.

Download

In order to use the command-line debugger you have to download dd.maude. This version of the debugger works with Maude 2.5 and Maude 2.6.

A version for Maude 2.4 is available here.

If you want to use the Graphical User Interface, then download gui-dd.zip. This version of the GUI works with Maude 2.5 and Maude 2.6.

A version for Maude 2.4 is available here.

Examples

• Sorted lists: functional module example where reductions and memberships are debugged, using both divide and query and top down strategies. A correct module is provided to reduce the number of questions. Files: module with two errors, module with one error fixed, and correct module.
• Search trees: another functional module example. Files: module with two errors, module with membership error fixed.
• Multisets: another functional module example. Files: wrong module.
• Knight: system module example where rewritings and reductions are debugged with the two strategies in the one-step tree and divide and query in the many-steps tree. Files: wrong module.
• Semantics: system module example where rewritings and reductions are debugged, building the one-step and the many-steps trees, and using the divide and query and top down strategies. A correct module and trusting are used to reduce the number of questions. Files: evaluation semantics, computation semantics, and evaluation semantics correct module.
• Semantics revisited: equational version of the evaluation semantics. It uses the trust command to improve the debugging. Files: wrong module.
• Maze: system module used for debugging missing answers. Files: module with two errors and module with rule n4 added.
• CCS semantics: system module used for debugging missing answers. Files: ccs.
• Vending machine: system module used for debugging missing answers. Files: vending-machine with two errors and vending-machine with the search condition fixed.
• Binary search trees: functional modules used for debugging normal forms and least sorts. Files: binary search tree with two errors, binary search tree with one error fixed, and binary search tree with a different error
• Heap: functional modules used for debugging normal forms and least sorts. Files: parameterized heaps with two errors and instantiation with natural numbers.
• Auction: system module used for debugging missing answers due to functional errors. Files: parameterized heap missing one equation and auctions.
• Lazy lists: functional module used for debugging specifications involving the strat attribute. Files: lazy lists.
• Semantics: system modules for debugging small-step and big-step semantics. Files: evaluation and computation.

Detailed examples

• Travelling salesman problem: functional module used for debugging missing answers due to missing equations. Files: traveler specification. Session.
• Firefighters: system module used for debugging missing answers due to wrong equations. Files: firefighters specification. Session.
• Maze: system module used for debugging missing answers in system modules. Files: maze specification. Session.

Commands

The debugger is initiated in Maude by loading the file dd.maude, which starts an input/output loop that allows the user to interact with the tool. Then, the user can enter Full Maude modules and commands, as well as commands for the debugger.

The user can choose between using all the labeled statements in the debugging process (by default) or selecting some of them by means of the command

 (set debug select on .)

Once this mode is activated, the user can select and deselect statements by using

 (debug select LABELS .)
 (debug deselect LABELS .)

Moreover, all the labels in statements of a flattened module can be selected or deselected with the commands

 (debug include MODULES .)
 (debug exclude MODULES .)

Similarly, the user can select to include or exclude from the debugging process only a certain kind of statements. The following commands include and exclude the equations, memberships and rules of the list of modules MODULES:

 (debug include eqs MODULES .)
 (debug exclude eqs MODULES .)
 (debug include mbs MODULES .)
 (debug exclude mbs MODULES .)
 (debug include rls MODULES .)
 (debug exclude rls MODULES .)

The selection mode can be switched off by using the command

 (set debug select off .)

In a similar way, it is also possible to indicate that some terms are final, that is, that they cannot be further rewritten:

• By using the value final in the attribute metadata of an operator, that indicates that the terms built with this operator at the top are final.
• By selecting a set of final sorts. In this case, terms having one of these sorts (or having a subsort of these sorts) and built only with constructors (operators with the attribute ctor) are considered final.
• On the fly, as will be explained below.

In the first two cases, the user must activate the final sorts mode with the command

 (set final select on .)

While the attribute metadata must be written in the Maude file, final sorts can be selected/deselected with the commands

 (final select SORTS .)
 (final deselect SORTS .)

This option can be switched off with the command

 (set final select off .)

A module with only correct definitions can be used to reduce the number of questions. In this case, it must be indicated before starting the debugging process with the command

 (correct with MODULE-NAME .)

 (delete correct module .)

Since rewriting is not assumed to terminate, a bound, which is 42 by default, is used when searching in the correct module and can be set with the command

 (set bound BOUND .)

When debugging wrong rewrites, two different trees can be built: one whose questions are related to one-step rewrites and another whose questions are related to several steps. The user can switch between these trees, before starting the debugging process, with the commands

(one-step tree .)
(many-steps tree .)

In the same way, when debugging missing answers we distinguish between trees whose nodes are related to sets of terms obtained with one (the default case) or many steps. The user can select them with the commands

 (one-step missing tree .)
 (many-steps missing tree .)

The generated debugging tree can be navigated by using two different strategies, namely, top-down and divide and query, being the latter the default one. The user can switch between them in any moment by using the commands

 (top-down strategy .)
 (divide-query strategy .)

When debugging missing answers, the user can prioritize questions related to the fulfillment of the search condition from questions involving the statements defining it. This option, switched off by default, can be activated with the command

 (solutions prioritized on .)

 (solutions prioritized off .)

The debugging process for wrong answers is started with the commands

 (debug [in MODULE-NAME :] INITIAL-TERM -> WRONG-TERM .)
 (debug [in MODULE-NAME :] INITIAL-TERM : WRONG-SORT .)
 (debug [in MODULE-NAME :] INITIAL-TERM =>* WRONG-TERM .)

 (missing [in MODULE-NAME :] INITIAL-TERM -> FINAL-TERM .)
 (missing [in MODULE-NAME :] INITIAL-TERM : LEAST-SORT .)

 (missing [[depth]] [in MODULE-NAME :] INITIAL-TERM =>* PATTERN [s.t. CONDITION] .)
 (missing [[depth]] [in MODULE-NAME :] INITIAL-TERM =>+ PATTERN [s.t. CONDITION] .)
 (missing [[depth]] [in MODULE-NAME :] INITIAL-TERM =>! PATTERN [s.t. CONDITION] .)

How the process continues depends on the selected strategy. In the divide and query strategy, each question refers to one inference that can be either correct or wrong. The different answers are transmitted to the debugger with the answers

 (yes .)
 (no .)

If the question asked is too difficult, the user can avoid to answer it with

 (don't know .)

In addition to these general answers, others can be introduced depending on the kind of question. If it corresponds to the application of a statement, instead of just answering yes, we can also trust some statements on the fly if we decide the bug is not there. To trust the current statement we answer

 (trust .)

If a question refers to a set of reachable terms and one of these terms is not reachable, the user can point it out with the answer

 (I is wrong .)

In case the question is related to a set of reachable solutions, if one of the solutions is reachable but it should not fulfill the search condition, the user can indicate it with

 (I is not a solution .)

If the question is about a final term, additional information can be given by answering

 (its sort is final .)

In case the top-down strategy is selected, several questions will be displayed in each step. The user can introduce then answers of the form (N : answer .), where N is the index of the question and answer is the same answer that would be used in the divide and query strategy for this question. Thus, if there is an invalid question, the user can point it out with the answer

 (N : no .)

 (N : yes .)

As a shortcut to answer (yes .) to all the questions, the debugger provides the answer

 (all : yes .)

When the user considers that a question is too complicated, it can be discarded with

 (N : don't know .)

If one of the questions is associated to a program statement and the user decides that it can be trusted, it is indicated with

 (N : trust .)

When a question presents an inference from a term to a set of terms, and the term in position I is not reachable from the initial one, then we can point it out with

 (N : I is wrong .)

Furthermore, if the question refers to the set of reachable solutions, we can identify a reachable term that does not fulfill the search condition with the command

 (N : I is not a solution .)

If one of the questions is related with a final term, on the fly information is given with

 (N : its sort is final .)

Finally, we can return to the previous state in both strategies by using the command

 (undo .)

Debugging sessions

We illustrate how to use the debugger by means of examples. A debugging session is started by loading into Maude the file dd.maude (which already includes the Full Maude implementation). Then, Full Maude modules and commands can be entered, as well as commands for the debugger.

• Debugging a functional module.
• Debugging a system module.
• Debugging missing answers in functional modules.
• Debugging missing answers in system modules.