ANN: GNU Nana 2.1 released
Phil Maker
Phil Maker
<mailto:p...@gnu.org>
The GNU Nana 2.1 library is now available from:
<ftp://ftp.cs.ntu.edu.au/pub/nana/nana-2.1.tar.gz>
But what is it?
A library and tools for programmers using GNU C/C++ which provides
support for assertion checking, real time behaviour and program
logging.
Who might be interested?
Programmers who are interested in improving the reliability
of their programs. See:
<http://www.cs.ntu.edu.au/homepages/pjm/nana-home/>
for more details and a summary of recent changes.
Request to users:
If you do install nana could you please do a "make check-mail"
which sends off a porting report to the author. I'm testing a
tool which generates lists of tools, machines, operating systems
etc for inclusion in a WEB page and would like to get a bit of
test data. (The eventual idea is to provide a WWW service listing
software packages and the results for various host configurations).
Finally:
Here is the top of the homepage describing the library in a little
more detail.
*****
GNU Nana: improved support for assertions and logging in C and C++
P.J.Maker
GNU Nana is a free library providing improved support for assertion
checking and logging in C and C++. It also provides some support for
``Design by Contract''. The library, source code, and documentation are
available under a Free license. It also provides some support for
statement/function call tracing, performance measurement and shortform
generation.
Why bother?
* The sooner an error is detected, the cheaper it is to fix. Error
correction is a (the) major cost in software development. Therefore
improving the time to fix a problem is important.
* Recording what the system is doing before it goes off into ``never
never land'' is vital. You mean you ask the user what the system was
doing before it exploded, how quaint.
* ``I believe that the use of Eiffel-like module contracts is the most
important non-practice in software today'' - Tom Demarco.
* ``This style (Design by Contract) of analysis avoids a classic dilemma
of analysis and specification: either you use a programming notation
and run the risk of making premature implementation commitments; or you
stick with a higher level notation (``bubbles and arrows'') and you
must remain vague, forsaking one of the major benefits of the analysis
process, the ability to state and clarify delicate properties of the
system'' - ISE Inc.
* Even Java was going to have assertions so they must be good.
``For the technical historians in the crowd, here's a copy of the Oak
0.2 manual. It dates from a while after the completion of Green, but
it's the oldest manual I've found. It's the last manual I wrote
(mostly). My major regret about that spec is that the section on
assertions didn't survive: I had a partial implementation, but I ripped
it out to meet a deadline.'' - James Gossling.
Who might be interested?
* Programmers: particularly humble ones. Nana lets you find errors
quickly by speeding detection and post-mortem debugging.
* Software Engineers: particularly for embedded or hard real-time systems
which are safety critical.
* Academics teaching Formal Methods - of course you also need to be using
C or C++ so this might be the empty set.
* Test Engineers - the logging facilities can be used to produce
interesting automatic test systems, particularly for non-deterministic
systems for which plain replay regression testing is inadequate.
What does it do?
* Most of the features of the library are implemented using either
in-line C macros or by generating commands for the gdb(1) debugger. The
debugger macros are particularly useful where space and time efficency
is important, since they only use up code space and time if your
running under the debugger.
* Features can be enabled and disabled at both compile and run-time via a
standard mechanism. This can be used to implement different checking or
logging levels in your system.
* Logging messages can be sent to the terminal, files, programs or a
circular buffer in core. The last option lets you answer the dreaded
``I wonder what it was doing before it went ballistic'' question
without a large performance hit since you are not doing any output
operations.
* Forall, Exists, Exists1, etc of predicate calculus are provided.
Support is also provided for C++ iterators as provided by the STL
library. For example:
/* All elements in a[][] are +ve and there exists a single */
/* object in the STL container object m which has a +ve key */
A(int i = 0, i != XMAX, i++,
A(int j = 0, j != YMAX, j++, a[i][j] >= 0))
&&
E1O(i, m, (*i).first >= 0) /* iterating over an STL container */
* Before/After state: you can save the state of variables away and refer
to the before state in the postcondition for an operation.
* Messages can be automatically time stamped and assertions can be made
about the real time behaviour of you system using system clocks or an
instruction level simulator such as PSIM.
* A short form generator is provided (what is a short form, well the
program minus its implementation which leaves the types of functions
and their pre/post conditions).
But what does it look like?
The following example covers some of the facilities of the library.
void qsort(int v[], int n) { /* sort v[0..n-1] */
DI(v != NULL && n >= 0); /* check arguments under gdb(1) only */
L("qsort(%p, %d)\n", v, n); /* log messages to a circular buffer */
...; /* the sorting code */
I(A(int i = 1, i < n, i++, /* verify v[] sorted (Forall) */
v[i-1] <= v[i])); /* forall i in 1..n-1 @ v[i-1] <= v[i] */
}
void intsqrt(int &r) { /* r' = floor(sqrt(r)) */
DS($r = r); /* save r away into $r for later use under gdb(1) */
DS($start = $cycles); /* real time constraints */
...; /* code which changes r */
DI($start - $cycles < 1000); /* code must take less than 1000 cycles */
DI(((r * r) <= $r) && ($r <= (r + 1) * (r + 1))); /* use $r in postcondition */
}
Why use it?
* Efficient: at least compared to assert.h. For example assert(i >= 0)
uses 53 bytes on an i386 whilst Nana uses 10 or 1 bytes depending on
whether you use inline C code or the debugger.
* Programming by Contract: the use of pre/post conditions makes the
debugging of programs much much much faster. The sooner the error is
detected the sooner you'll be able to find the error.
* For automated testing: if you can't measure it it doesn't exist!.
You can feed the logging output of nana to programs which automatically
verify that the system is meeting its specification. This is
particularly useful for non-determistic systems. If anyone is
interested in this particular application please e-mail me. I've used
the method in the past and its been fairly successful, particularly
compared to other approaches. I'm also doing some playing around with a
separate tool set for this which isn't ready for release yet.
Why was it written?
The author has grown tired of writing systems like this for each new
project. Nana is an attempt to solve the problem once and for all (hope
springs eternal). Earlier systems on which Nana is based have been used for
experiment control and embedded (inside people) systems with some success.
What other software is required to use it?
Ideally you should be using recent versions of GNU C/C++ and GDB. The
library is a normal GNU package with automatic configuration using an
autoconf generated configure script.
But will it work with Language L on Compiler X using Debugger Y?
Currently the library only supports GNU C/C++ and GDB on *IX type platforms.
If you are using pure ANSI C then some of the libraries will not work, e.g.
support for Forall, Exists, etc requires the statement value extension and
logging code uses the varargs mechanism. On the other hand every that can be
has been written in pure ANSI C.
--
Phil Maker <p...@gnu.org> If NT is the answer,
<http://www.cs.ntu.edu.au/homepages/pjm> you didn't understand the
NTU, Darwin, Northern Territory, Australia. question -- Peter Blake