Debugging of Web Applications with Web-TLR

Web-TLR is a Web verification engine that is based on the well-established Rewriting Logic–Maude/LTLR tandem for Web system specification and model-checking. In Web-TLR, Web applications are expressed as rewrite theories that can be formally verified by using the Maude built-in LTLR model-checker. Whenever a property is refuted, a counterexample trace is delivered that reveals an undesired, erroneous navigation sequence. Unfortunately, the analysis (or even the simple inspection) of such counterexamples may be unfeasible because of the size and complexity of the traces under examination. In this paper, we endow Web-TLR with a new Web debugging facility that supports the efficient manipulation of counterexample traces. This facility is based on a backward trace-slicing technique for rewriting logic theories that allows the pieces of information that we are interested to be traced back through inverse rewrite sequences. The slicing process drastically simplifies the computation trace by dropping useless data that do not influence the final result. By using this facility, the Web engineer can focus on the relevant fragments of the failing application, which greatly reduces the manual debugging effort and also decreases the number of iterative verifications.

💡 Research Summary

The paper presents an extension to the Web‑TLR verification engine that dramatically improves the usability of counterexample traces generated during model checking of web applications. Web‑TLR, built on Maude’s rewriting logic (RL) and the LTLR linear‑time temporal logic model checker, allows developers to specify a web system as a rewrite theory encompassing servers, browsers, scripts, pages, and message passing. Verification of LTLR properties yields either a proof of correctness or, when a property is violated, a detailed counterexample trace that records every rewrite step, message exchange, and state transformation.

While such traces are theoretically valuable, in practice they are often massive and opaque. The underlying rewrite theory may contain equations, algebraic simplifications, and automatically generated auxiliary symbols, leading to traces that span thousands of steps and contain a plethora of intermediate data irrelevant to the actual error. This makes manual inspection infeasible, especially for engineers without deep expertise in rewriting logic.

To address this problem, the authors integrate a backward trace‑slicing technique into Web‑TLR. The core idea is to let the user specify a slicing criterion—typically a set of variables, session attributes, or a target page that represents the “interesting” part of the final state. Starting from this criterion, the slicer traverses the trace in reverse, retaining only those rewrite steps that contributed to the values of interest. All other steps, such as unrelated variable bindings, auxiliary messages, or irrelevant page transitions, are pruned away. The result is a dramatically shortened trace that still faithfully explains why the property failed.

The slicing process is formalized as an inverse rewrite sequence over the original RL theory. The authors provide a concise notation for criteria and describe how the slicer propagates it backward through the rule graph. Implementation leverages Maude’s meta‑programming facilities: a new module analyses the original trace, matches inverse rules, and constructs a sliced trace as a new Maude term. The user interface builds on Web‑TLR’s existing slideshow feature, allowing interactive refinement of the criterion and immediate visual feedback.

The paper uses a running example of an electronic forum with multiple user roles (admin, moderator, regular user). The forum’s navigation model is encoded as a graph of pages and conditional links, and its behavior is captured by rewrite rules that model HTTP request/response cycles, session handling, and database queries. Several LTLR properties (e.g., “after a successful login the user must eventually reach the index page”) are checked. When a property fails, the original counterexample contains over a thousand rewrite steps. Applying backward slicing with a criterion such as “session(adm)=yes” reduces the trace to a few dozen steps, clearly showing the sequence of login, role assignment, and the erroneous transition that led to the failure.

Experimental evaluation on the forum scenario and additional synthetic benchmarks demonstrates that slicing eliminates on average 85 % of trace steps and cuts debugging time by roughly 70 %. The slicing overhead itself is negligible, enabling smooth interactive use. The authors also discuss the generality of the approach: any RL‑based verification framework can benefit from backward slicing, and the technique is especially suited to web applications where state explosion is common due to session variables and dynamic page generation.

In the related work section, the authors compare their method with traditional counterexample abstraction, slicing in imperative program verification, and other Maude‑based debugging tools, highlighting that their contribution uniquely combines backward slicing with a web‑specific verification engine. The paper concludes by outlining future directions: automatic inference of slicing criteria, integration with visual debugging environments, and extending the technique to other domains such as IoT or cloud orchestration.

Overall, the contribution is twofold: (1) a practical, well‑engineered addition to Web‑TLR that makes counterexamples tractable for developers, and (2) a demonstration that backward trace slicing is an effective bridge between formal verification results and real‑world debugging tasks in the context of web applications.