Periodic Reporting for period 1 - ReGraDe-CS (Reversible Gray Debugging of Concurrent Systems)
Période du rapport: 2023-12-01 au 2025-11-30
Modern software systems rarely run as a single, sequential program. They are /concurrent/: many activities run at the same time, often across several processors or machines in the cloud, and they communicate by exchanging messages. Concurrency is essential for performance and responsiveness, but it makes software failures harder to understand and reproduce. A bug may appear only under a particular “interleaving” of events, such as a rare ordering of message deliveries or scheduling decisions.
The ReGraDe-CS project (Reversible Gray Debugging of Concurrent Systems) tackles this challenge by establishing foundations for /reversible debugging/ of concurrent programs: the ability to inspect an execution, move backwards (rollback), and run forwards (replay). In concurrency, reversing an execution cannot be done naively, because actions in different components are linked by cause-and-effect relations (for example, receiving a message depends on a prior message being sent). A correct reversible debugger must respect these dependencies (causal consistency).
The project’s objective is to deliver a mathematically well-founded account of reversible debugging for concurrent systems, with a general, reusable semantic theory. The aim is to make “time-travel debugging” for concurrency precise and compositional, in order to be used for message-passing and actor-style languages (such as Erlang) that used in practice to implement large-scale distributed systems.
The ReGraDe-CS project (Reversible Gray Debugging of Concurrent Systems) tackles this challenge by establishing foundations for /reversible debugging/ of concurrent programs: the ability to inspect an execution, move backwards (rollback), and run forwards (replay). In concurrency, reversing an execution cannot be done naively, because actions in different components are linked by cause-and-effect relations (for example, receiving a message depends on a prior message being sent). A correct reversible debugger must respect these dependencies (causal consistency).
The project’s objective is to deliver a mathematically well-founded account of reversible debugging for concurrent systems, with a general, reusable semantic theory. The aim is to make “time-travel debugging” for concurrency precise and compositional, in order to be used for message-passing and actor-style languages (such as Erlang) that used in practice to implement large-scale distributed systems.
The project delivered a formal, compositional theory of causal-consistent reversibility for concurrent systems, which is language-independent. The core semantic framework is based on /event structures/, a mathematical model of “true concurrency”. Building on this framework, the project:
- defined a formal model of concurrent executions (asynchronous traces) and their causal structure;
- specified what an execution log must record to support reliable replay;
- defined configuration (state) models for snapshots of a computation; and
- characterised replay of logged computations forwards and backwards with causal consistency, so “undo” does not violate dependencies.
This establishes a high-level, denotational account of reversibility that scales across concurrent languages, including process calculi, such as CCS, and practical message-passing languages, such as Erlang.
To connect this theory to mainstream practice, the project initiated an instantiation for message-passing and actor languages, with ongoing work on modelling Erlang using event structures. The theory was also formalised in the Lean 4 proof assistant, producing a machine-checked artefact that can underpin high-assurance implementations of debugger cores. The formalisation is available as a public open-source artefact: https://github.com/vikraman/event-structures(s’ouvre dans une nouvelle fenêtre).
- defined a formal model of concurrent executions (asynchronous traces) and their causal structure;
- specified what an execution log must record to support reliable replay;
- defined configuration (state) models for snapshots of a computation; and
- characterised replay of logged computations forwards and backwards with causal consistency, so “undo” does not violate dependencies.
This establishes a high-level, denotational account of reversibility that scales across concurrent languages, including process calculi, such as CCS, and practical message-passing languages, such as Erlang.
To connect this theory to mainstream practice, the project initiated an instantiation for message-passing and actor languages, with ongoing work on modelling Erlang using event structures. The theory was also formalised in the Lean 4 proof assistant, producing a machine-checked artefact that can underpin high-assurance implementations of debugger cores. The formalisation is available as a public open-source artefact: https://github.com/vikraman/event-structures(s’ouvre dans une nouvelle fenêtre).
The main result is a unified, denotational and compositional semantics of reversible execution for concurrent systems, designed as a reusable foundation for reversible debuggers. Compared with many existing approaches that are tied to a particular operational semantics or a specific implementation strategy, this framework:
- generalises and abstracts over earlier models of reversible concurrency;
- makes causal consistency explicit and central, which is essential for sound “time travel” in concurrent programs;
- separates “what a debugger should be allowed to do” (the causal theory) from “how it is implemented” (logging and tooling choices); and
- offers machine-checked confidence via formalisation in a proof assistant.
The immediate impact is a sharpened correctness story for reversible debugging in concurrency: precise criteria for legal reversals, exact logging requirements, and causality-preserving replay. This supports future debugger designs for actor-style languages by providing a specification-level “contract” that implementations can follow and validate. For further impact, the key needs are: (i) extending the theory to cover “gray” debugging, where some history information is missing or imperfect; and (ii) engineering integration with existing language tooling (e.g. established debuggers and runtimes).
- generalises and abstracts over earlier models of reversible concurrency;
- makes causal consistency explicit and central, which is essential for sound “time travel” in concurrent programs;
- separates “what a debugger should be allowed to do” (the causal theory) from “how it is implemented” (logging and tooling choices); and
- offers machine-checked confidence via formalisation in a proof assistant.
The immediate impact is a sharpened correctness story for reversible debugging in concurrency: precise criteria for legal reversals, exact logging requirements, and causality-preserving replay. This supports future debugger designs for actor-style languages by providing a specification-level “contract” that implementations can follow and validate. For further impact, the key needs are: (i) extending the theory to cover “gray” debugging, where some history information is missing or imperfect; and (ii) engineering integration with existing language tooling (e.g. established debuggers and runtimes).