Debugging of Model Transformations and Contracts in SyVOLT Bentley - - PowerPoint PPT Presentation

debugging of model transformations and contracts in syvolt
SMART_READER_LITE
LIVE PREVIEW

Debugging of Model Transformations and Contracts in SyVOLT Bentley - - PowerPoint PPT Presentation

May 02, 2023 269 likes •463 views

Debugging of Model Transformations and Contracts in SyVOLT Bentley James Oakes , Clark Verbrugge, Levi L ucio, Hans Vangheluwe McGill University, fortiss GmbH, University of Antwerp, Flanders Make October 16, 2018 Presentation Structure 1.

slide-1
SLIDE 1

Debugging of Model Transformations and Contracts in SyVOLT

Bentley James Oakes, Clark Verbrugge, Levi L´ ucio, Hans Vangheluwe

McGill University, fortiss GmbH, University of Antwerp, Flanders Make

October 16, 2018

slide-2
SLIDE 2

Presentation Structure

  • 1. Verification activity

Proving structural contracts

  • 2. Debugging

Detecting/localizing artefact errors in the

  • verif. activity

Experience report

Debugging in Verif. Tool - Verification vs. Debugging - Debugging Improvements

Oakes, Verbrugge. L´ ucio, Vangheluwe Debugging in SyVOLT 2 / 19

slide-3
SLIDE 3

Outline

1 Verification Activity 2 Debugging Stage 1: Analysis 3 Debugging Stage 2: Monitoring 4 Debugging Stage 3: Reporting 5 Conclusion

Oakes, Verbrugge. L´ ucio, Vangheluwe Debugging in SyVOLT 3 / 19

slide-4
SLIDE 4

Motivation

GIVEN: A transformation divided into layers, containing LHS/RHS rules GOAL/WHY: Understand transformation’s behaviour

Relation between input/output elements

WHAT: Prove structural contracts to guarantee element existence HOW: Create all possible rule combinations through symbolic execution Bentley Oakes. 2018. A Symbolic Execution-Based Approach to Model Transformation Verification Using Structural Contracts. Ph.D. Dissertation. McGill University.

Oakes, Verbrugge. L´ ucio, Vangheluwe Debugging in SyVOLT 4 / 19

slide-5
SLIDE 5

DSL Transformation Language

Rules are arranged in layers, where each layer fully executes before the next Rules have Match part and Apply part Reduced expressiveness - no deletion/loops

Oakes, Verbrugge. L´ ucio, Vangheluwe Debugging in SyVOLT 5 / 19

slide-6
SLIDE 6

Symbolic Execution

Goal: Create all possible transformation executions Example: Combine four rules into a path condition: Symbolically execute each layer of the transformation Resolve dependencies between rules Final set of path conditions represents all valid transformation possibilities

Oakes, Verbrugge. L´ ucio, Vangheluwe Debugging in SyVOLT 6 / 19

slide-7
SLIDE 7

Contract Proving

Contract: “A Family with a daughter and a mother always produces a Man element” Contract elements matched onto path condition Matching failure indicates counter-example to the contract

Set of rules as counter-example

Oakes, Verbrugge. L´ ucio, Vangheluwe Debugging in SyVOLT 7 / 19

slide-8
SLIDE 8

Overview

Oakes, Verbrugge. L´ ucio, Vangheluwe Debugging in SyVOLT 8 / 19

slide-9
SLIDE 9

Outline

1 Verification Activity 2 Debugging Stage 1: Analysis 3 Debugging Stage 2: Monitoring 4 Debugging Stage 3: Reporting 5 Conclusion

Oakes, Verbrugge. L´ ucio, Vangheluwe Debugging in SyVOLT 9 / 19

slide-10
SLIDE 10

Stage 1: Analysis

Before symbolic execution, analyze transformation and contracts Sanity check - transformation/contract valid Record-keeping - record dependencies “A Family with a father, mother, son and daughter should always produce two Man and two Woman elements connected to a Community” Are contract elements present in the transformation? Are element creation dependencies satisfied? Which rules does this contract depend

  • n?

Enables slicing - selecting subset of rules to symbolically execute

Oakes, Verbrugge. L´ ucio, Vangheluwe Debugging in SyVOLT 10 / 19

slide-11
SLIDE 11

Fixing Input Errors

Rule: Contract: Woman in rule =/= Female in contract Typos/inconsistencies prevent satisfying contracts Analysis: Check if elements and dependencies are satisfied

Error: Meta-model element ‘Female’ not found in any rule!

Lists of rules this contract depends on

Required rules for contract Pos FourMembers: [‘Daughter2Woman’, ‘Father2Man’, ‘Mother2Woman’, ‘Son2Man’...]

Oakes, Verbrugge. L´ ucio, Vangheluwe Debugging in SyVOLT 11 / 19

slide-12
SLIDE 12

Reducing Errors

Contract/rule elements must be typed by transformation meta-models

Should be enforced by tooling

MPS: Discussion Question: Bug prevention is not debugging, but highly related Debugging can be generalizing larger classes of bugs?

Oakes, Verbrugge. L´ ucio, Vangheluwe Debugging in SyVOLT 12 / 19

slide-13
SLIDE 13

Outline

1 Verification Activity 2 Debugging Stage 1: Analysis 3 Debugging Stage 2: Monitoring 4 Debugging Stage 3: Reporting 5 Conclusion

Oakes, Verbrugge. L´ ucio, Vangheluwe Debugging in SyVOLT 13 / 19

slide-14
SLIDE 14

Stage 2: Monitoring

Recall: SyVOLT performs symbolic execution before proving contracts Monitor that all rules are symbolically executed Symbolic Execution Tree: Error: Rule ‘A’ was not symbolically executed on layer C! Rule ‘A’ depends on rules: [...] Causes: Multiplicity issue where dependency is not executed enough times Technique to remove invalid path conditions

Invalid means not respecting containment constraints

Oakes, Verbrugge. L´ ucio, Vangheluwe Debugging in SyVOLT 14 / 19

slide-15
SLIDE 15

Outline

1 Verification Activity 2 Debugging Stage 1: Analysis 3 Debugging Stage 2: Monitoring 4 Debugging Stage 3: Reporting 5 Conclusion

Oakes, Verbrugge. L´ ucio, Vangheluwe Debugging in SyVOLT 15 / 19

slide-16
SLIDE 16

Stage 3: Reporting

Verification produces counter-examples (rule combinations) to a contract Want to report why a particular contract is not satisfied

a) Name: Neg_SchoolOrdFac Num Succeeded Path Conditions: 6 Num Failed Path Conditions: 3 b) Explaining contract result: Good rules: (Rules in success set and not failure set) dfacilities...OrdinaryFacilityPerson Bad rules: (Rules common to all in failure set) dfacilities...SpecialFacilityPerson c) Contract requires elements from successful rules of type: School OrdinaryFacility

Discussion Question: Is this output debugging or verification?

Oakes, Verbrugge. L´ ucio, Vangheluwe Debugging in SyVOLT 16 / 19

slide-17
SLIDE 17

Visualization

Counter-example to the Neg SchoolOrdFac contract has a SpecialFacility instead

  • f an OrdinaryFacility

Match0 Apply1 Daughter2 Woman Family3 Child daughters family District SpecialFacility goesTo Match10 Apply11 Neighborhood2 District Neighborhood Family14 schools registeredIn facilities Match19 Apply20 d...SpecFacPerson School Service special students

Better visualization required! What elements make the contract succeed? If the contract fails, what changes would make the contract succeed?

Oakes, Verbrugge. L´ ucio, Vangheluwe Debugging in SyVOLT 17 / 19

slide-18
SLIDE 18

Outline

1 Verification Activity 2 Debugging Stage 1: Analysis 3 Debugging Stage 2: Monitoring 4 Debugging Stage 3: Reporting 5 Conclusion

Oakes, Verbrugge. L´ ucio, Vangheluwe Debugging in SyVOLT 18 / 19

slide-19
SLIDE 19

Conclusion

SyVOLT verification tool performs debugging of transformation and contracts in three stages: Stage 1: Analysis - dependency information Stage 2: Monitoring - ensure correct symbolic execution Stage 3: Reporting - relate contract failure to involved elements Discussion Questions: Line between verification and debugging? Is debugging = observation of behaviour? How does prevention of errors relate to debugging? Improvements for debugging visualization?

For verification itself, and development of the verification tool

Thank you! Debugging of Model Transformations and Contracts in SyVOLT Bentley James Oakes, Clark Verbrugge, Levi L´ ucio, Hans Vangheluwe

Oakes, Verbrugge. L´ ucio, Vangheluwe Debugging in SyVOLT 19 / 19