This page contains information about the tools and software used in the course. See the Resources section of this site for additional information.
You can use those tools on your own computers or on the machines in the DIVMS labs. You can log in the lab machines either
You can download the Alloy Analyzer to your own computer or to those in the lab. The latest version, Version 5, is available here as a jar file (for Windows or Linux) and as a MacOS app.
The easiest way to install the tool in Linux or Windows is simply to download the latest jar file onto your Desktop and then launch it either by double clicking on its icon (Windows or Mac) or right-clicking the icon and then choosing "Open With java" (Linux).
Note 1: Mac users may want to install the Mac OS native version of the analyzer (alloy.dmg).
Note 2: On Linux, Java might complain about not having enough space for the object heap. In that case, you will need to launch the Alloy Analyzer from a terminal window.
Click on the Help menu in the Analyzer's top bar for a quick guide on how to use the tool.
Visual Studio Code is an open source modern IDE is available for all major operating systems. VS Code has an excellent Alloy extension that comes with its own copy of the Alloy Analyzer. The extension is a breeze to install and just as easy to use.
Note: VS Code is preinstalled on the FastX remote server. You can access it from the Applications | Computer Science menu of the desktop and install your own extensions.
Kind 2 is a model-checker developed at the University of Iowa, currently available natively for Unix-like systems only. It can be run on Windows as a Docker image.
The easiest way to use Kind 2 it to use its online version, as seen in class. The online interface should be mostly self-explanatory. For homework assignments and projects, however, using a local version of Kind 2 is recommended. If you use VS Code, you can use Kind 2 as a VS Code extension. Follow the installation and use instructions provided by the extension.
Kind 2 is a command-line tool. If you prefer, you can also install and run it on your own computer from the command line, as explained below. More information can be found Kind 2's GitHub page.
If you want to use Kind 2 on your own computer, you can get its latest release, in either executable or source form, from Kind 2's GitHub page. Kind 2 runs natively on Linux and on Mac OS. It can be run on Windows via Docker.
Kind 2 requires that you also install one of the three supported backend solvers. The default is Z3, which must be downloaded and installed separately. Z3 binaries can be found here. Both the Debian and the Ubuntu release of Z3 should work on our lab machines.
Note: Kind 2 does not have a GUI. It must be run in a terminal window in Linux/Mac OS. Also note that for Kind 2 to be able to use the Z3 executable, the directory where you put it must be in your execution path.
at the terminal's prompt, type:
To use Kind 2, you first need to prepare the Lustre file you want to check by specifying in the relevant node the properties you are interested in. To do that, add the following special comment in the body of the node:
--%MAIN;to tell Kind 2 which node you want to analyze. Then add below that one or more special comments of the form
--%PROPERTY name bool_term;or
check name bool_term;where name is a string literal and bool_term is any Boolean term over the variable declared in the observer node, and encoding a property of interest, as in
--%PROPERTY "Temperature is above minimum" temp > min ;or
check "Temperature is above minimum" temp > min ;
After that, you can call Kind 2 with that file.
For each property that it can solve within a given time limit or number of iterations, Kind 2 will tell you whether it is valid (i.e., invariant), invalid or unknown. For invalid ones it will provide a counter-example trace, with inputs leading to a state where the property is violated.
Note: If you want to focus only some properties,
an easy way to disable the checking of a property is to add a space
between the dash and the % symbol in --%PROPERTY.
You can do the same with --%MAIN if you have several
observer nodes to check in the same file.
A more sophisticated way to add specification can be achieved with the use of contracts. See the Kind 2 user documentation for more information.
The following is a selection of command-line options control Kind 2's behavior.
--help |
Prints list of all options and a brief description for them |
--timeout_wall s |
Run for s seconds of wall clock time |
--timeout_virtual s |
Run for s of CPU time |
--smtsolver sol |
Select SMT solver sol (default value: Z3; alternative: CVC4) |
--z3_bin file |
Path to executable for Z3 |
--cvc4_bin file |
Path to executable for CVC4 |
--modular b |
When b is true, analyze the input model monolithically but bottom up,
from leaf nodes to main node
|
--compositional b |
When b is true, analyze the (current) top node compositionally,
initially abstracting each of its subnodes by its contract,
if there is one
|
If a model is complex enough and some of its nodes have contracts, it is beneficial
to set both --modular and --compositional to true.
The Dafny verifier is available on-line. For faster responses and a smoother user experience, however, Dafny is best used as an extension of VS Code, which we highly recommend. See the extension's webpage for installation and usage instructions.
Note: VS Code is preinstalled
on the FastX remote server.
You can access it from the Applications | Computer Science menu of the desktop.
You can install Dafny yourself as in the instructions above but without having
to install .NET since it is already installed.
The path to the .NET executable is
/usr/bin.dotnet .