Tools

This page contains information about the tools and software used in the course. See the Resources section of this site for additional information.

The Alloy Analyzer and Kind 2 are installed on the Linux machines of the DIVMS labs. To use those installations, you need first to log in to a lab machine. You can do that either

  • directly, by using one of the Linux desktops in 301MLH, or
  • remotely from any computer connected to the internet and running the NoMachine client to connect to the lab's Linux server; see the CLAS help pages for how to install and use those clients.
The Dafny tool is available on Windows machines and is best used as a plug-in for Visual Studio 2010 or later versions. Visual Studio is available on the CLAS Windows server. The easiest way to access it is through this link which makes the Window desktop available within a web brower. Alternatively, you can check these instructions on how to can access the the CLAS Windows server with the VMWare View client.
  1. Alloy Analyzer 4
  2. Kind 2
  3. Dafny

Alloy Analyzer 4

Installing the Alloy Analyzer

If you want to use the Alloy Analyzer 4 on your own computer, please refer to website for downloading and installations instructions.

Using the Alloy Analyzer on CS Lab machines

The Analyzer is installed on the CS Lab machines. To use it on a Linux machine in the lab or on the remote Linux server
  1. open a terminal;

  2. at the terminal's prompt, type:

    java -jar /group/class/cs_5810/tools/alloy4.jar
    If Java complains about not having enough space for the object heap, try the following:
    java -Xms512m -Xmx1024m -jar /group/class/cs_5810/tools/alloy4.jar

Using the Alloy Analyzer

Click on the Help menu in the Analyzer's top bar for a quick guide on how to use the tool.


Kind 2

Kind 2 is a model-checker developed at the University of Iowa, currently available for Unix-like systems only. You can install and run Kind 2 on your own computer or you can use the preinstalled version on the CS lab machines.

  • Installing Kind 2
  • Invoking Kind 2 on the CS Lab machines
  • Using Kind 2
  • Kind 2 Command-line Options

    • Installing Kind 2

    If you want to use Kind 2 on your own computer, you can get its latest release, in either executatble or source form, from GitHub. Kind 2 requires that you also install one of the three supported backend solvers. The default is Z3, which must be downloaded separately. For your convenience, you can download the executable of a recent version of Z3 for Linux here and for Mac here.

    Note: For Kind 2 to be able to use the Z3 executable, the directory where you put it must be in your execution path. Also note that Kind 2 does not have a GUI. It must be run in a terminal window in Linux/Mac OS.

    Running Kind 2 on CS Lab machines

    Kind 2 is installed on the CS Lab machines. To use it on a Linux machine in the lab or on the remote Linux server
    1. open a terminal;

    2. at the terminal's prompt, type:

      /group/class/cs_5810/tools/kind2   options   file
      where options in an optional argument discussed below and file is the lustre file that you want to check.

    Using Kind 2

    To use Kind 2, you first need to prepare the Lustre file you want to check by specifying your observer node and the properties you are interested in. To do that, add the following special comment in the body of the observer node: 

    --%MAIN;
    Then add below that one or more special comments of the form 
    --%PROPERTY bool_var;
    where bool_var is any Boolean variable declared in the observer node, and encoding a property of interest, as in 
    --%PROPERTY R1;

    After that, you can call Kind 2 with that file.

    For each property that it can solve within a given time limit or number of iterations, Kind 2 will tell you whether it is valid (i.e., invariant), invalid or unknown. For invalid ones it will provide a counter-example trace, with inputs leading to a state where the property is violated.

    Note: If you want to focus only some properties, an easy way to disable the checking of a property is to add a space between the dash and the % symbol in --%PROPERTY. You can do the same with --%MAIN if you have several observer nodes to check in the same file.

    Kind 2 Command-line Options

    The following command-line options control its operation (run kind2 --help for a full list).

    --enable {BMC|IND|PDR}   Select model checking engines
    By default, all three model checking engines are run in parallel. Give any combination of --enable BMC, --enable IND and --enable PDR to select which engines to run. The option --enable BMC alone will not be able to prove properties valid, choosing --enable IND only will not produce any results. Any other combination is sound (properties claimed to be invariant are indeed invariant) and counterexample-complete (a counterexample will be produced for each property that is not invariant, given enough time and resources).
    --timeout_wall secs   Run for secs seconds of wall clock time
    --timeout_virtual secs   Run for secs of CPU time
    --smtsolver {Z3|CVC4|mathsat5}   Select SMT solver (the default is Z3)
    --z3_bin file   Path to executable for Z3
    --cvc4_bin file   Path to executable for CVC4
    --mathsat5_bin file   Path to executable for MathSat5
    --bmc_max k   Run bounded model checking for up to k steps
    -v   Output informational messages

    Dafny

    Installing Dafny

    Dafny is designed to be used with Microsoft Visual Studio. If you want to use Dafny on your own computer, you will need to have a Professional Version of either 2010 or 2012 Visual Studio installed . Visual Studio 2010 is installed on the Windows machines in the 301 lab in MLH.

    To configure Visual Studio 2010 for using Dafny, on your machine or on the lab computers, you will need to follow the instructions listed below. (the procedure for Visual Studio 2012 should be similar.)
    1. Ensure that the Dafny Language Extension is not already installed on your current machine.

      Open the Extension Manager as shown below.

      If you see Dafny Extension as shown below, un-install it.

      Then close Visual Studio 2010.

    2. Download the Dafny Language Extension and double click on it (download this extension instead if you are using Visual Studio 2012). Then click on Install in the Visual Studio Extension Installer.
    3. Open Visual Studio.

    Using Dafny

    Opening a Dafny file (.dfy) with Visual Studio will allow you to see syntax highlighting as well as some warnings when your specification does not hold.


    In this picture you can see that the condition ensures 1 > 2 might not hold. As such it is highlighted with purple.



    Copyright: Cesare Tinelli, The University of Iowa, 2014   Credits