Tools

Tools

This page contains information about the tools and software used in the course. [More information will be added later.] See the Resources section of this site for additional information.

You can use those tools on your own computers or on the machines in the DIVMS labs. You can log in the lab machines either


Alloy Analyzer 4

Installing the Analyzer

You can download the Alloy Analyzer 4 to your own computer or to those in the lab. The latest version is available here as a jar file and requires that Java 6 or later be installed on your machines (the lab machines do have Java already).

The easiest way to install the tool is simply to download the alloy4.2.jar file onto your Desktop and then launch it either by double clicking on its icon (Windows or Mac) or right-clicking the icon and then choosing "Open With java" (Linux).

Note 1: Mac users may want to install the Mac OS native version of the analyzer (alloy4.2.dmg).

Note 2: On Linux, Java might complain about not having enough space for the object heap. In that case, you will need to launch the Alloy Analyzer from a terminal window.

  1. Open a terminal and move to the subdirectory that contains the file alloy4.2.jar.
  2. At the terminal's prompt, type:
    java -Xms512m -Xmx1024m -jar alloy4.2.jar &

Using the Analyzer

Click on the Help menu in the Analyzer's top bar for a quick guide on how to use the tool.


Kind 2

Kind 2 is a model-checker developed at the University of Iowa, currently available natively for Unix-like systems only. It can be run on Windows as a Docker image. You can install and run Kind 2 on your own computer or you can use an online version. The online interface should be mostly self-explanatory. More instructions may be added later.
In the meantime, here are some quick instructions on how to install Kind 2 and how to use it. More information can be found Kind 2's GitHub page.

  • Installing Kind 2
  • Running Kind 2 on your machine
  • Using Kind 2
  • Kind 2 Command-line Options

    • Installing Kind 2

    If you want to use Kind 2 on your own computer, you can get its latest release, in either executable or source form, from Kind 2's main website. Kind 2 runs natively on Linux and on Mac OS. It can be run on Windows via Docker.

    Kind 2 requires that you also install one of the three supported backend solvers. The default is Z3, which must be downloaded and installed separately. Z3 binaries can be found here.

    Note: Kind 2 does not have a GUI. It must be run in a terminal window in Linux/Mac OS. Also note that for Kind 2 to be able to use the Z3 executable, the directory where you put it must be in your execution path.

    Running Kind 2 on your machine

    To use Kind it on a Linux/MaC OS machine
    1. open a terminal;

    2. at the terminal's prompt, type:

      filepath/kind2   options   file
      where filepath is the path to your executable of Kind 2, options in an optional argument discussed below, and file is the lustre file that you want to check.

    Using Kind 2

    To use Kind 2, you first need to prepare the Lustre file you want to check by specifying your observer node and the properties you are interested in. To do that, add the following special comment in the body of the observer node: 

    --%MAIN;
    Then add below that one or more special comments of the form 
    --%PROPERTY bool_var;
    where bool_var is any Boolean variable declared in the observer node, and encoding a property of interest, as in 
    --%PROPERTY R1;

    After that, you can call Kind 2 with that file.

    For each property that it can solve within a given time limit or number of iterations, Kind 2 will tell you whether it is valid (i.e., invariant), invalid or unknown. For invalid ones it will provide a counter-example trace, with inputs leading to a state where the property is violated.

    Note: If you want to focus only some properties, an easy way to disable the checking of a property is to add a space between the dash and the % symbol in --%PROPERTY. You can do the same with --%MAIN if you have several observer nodes to check in the same file.

    A more sophisticated way to add specification can be achieved with the use of contracts. See the Kind 2 user documentation for more information.

    Kind 2 Command-line Options

    The following is a selection of command-line options control Kind 2's behavior.

    --help Prints list of all options and a brief description for them
    --timeout_wall s Run for s seconds of wall clock time
    --timeout_virtual s Run for s of CPU time
    --smtsolver sol Select SMT solver sol (default value: Z3; alternative: CVC4)
    --z3_bin file Path to executable for Z3
    --cvc4_bin file Path to executable for CVC4
    --modular b When b is true, analyze the input model monolithically but bottom up, from leaf nodes to main node
    --compositional b When b is true, analyze the (current) top node compositionally, initially abstracting each of its subnodes by its contract, if there is one

    If a model is complex enough and some of its nodes have contracts, it is beneficial to set both --modular and --compositional to true.

    Dafny

    Installing Dafny

    The Dafny verifier is available on-line. For faster responses and a smoother user experience, however, Dafny is best used as an extension from for Visual Studio or for Visual Studio Code.

    To use Dafny on your own computer, you will need to have a Professional Version of Visual Studio 2012. Alternatively, you can install Visual Studio Code (recommended) which is available for all major operating systems.

    Visual Studio 2012

    To install Dafny in Visual Studio 2012 follow these instructions.

    Visual Studio Code

    To install Dafny in Visual Studio Code, you need first to download and install Visual Studio Code if you do not have it already. On Linux and Mac Os you will also need the latest version of Mono.

    Note: Visual Studio Code is preinstalled on the Linux machines in the CS lab and on the remote server. You can access it from the Applications | Computer Science menu of the desktop.

    `

    Once you have Visual Studio Code, you can install the Dafny extension for Visual Studio Code. This extension contains everything you need, including its own copy of Dafny. You can install it either by clicking here and following the instructions. If that link does not work for you, you can open Visual Studio Code and then do an installation from within as explained here.

    Using Dafny

    Opening a Dafny file (with a .dfy extension) with Visual Studio or Visual Studio Code will allow you to see syntax highlighting as well as any errors, as underlined text, in the code or specification. Dafny is reinvoked automatically as you edit the text.

    Here some sample screenshots from the developers of the VS Code extension.

    Installation

    On the first start the plugin asks you to install Dafny automatically.


    Simple Assert

    The code is type-checked and verified on the fly.


    Add null check

    Some diagnostics can be directly inserted with a quick fix at the beginning of a line.


    Compile and Run

    Pressing F5 compiles and runs the program


    CounterExample

    Pressing F7 shows counterexamples.




    Copyright: Cesare Tinelli, The University of Iowa, 2017