| xlesar - graphical proof manager for lustre |
xlesar - graphical proof manager for lustre
xlesar
This tool is a graphical interface to the lustre verification tool ecverif.
More precisely, this tool allows the user to manage a set of properties for a given lustre program. Each property can be edited, annotated, completed with local assumptions. A window allows the user to select the desired options and to launch the prover ecexe.
The main window allows the user to select a main program and a main node within this program. Once selected, the lists of inputs and outputs are displayed and the user can define properties involving those variables.
The property manager is part of the main window: the user can create, delete and edit properties.
In the main window, one must select a property (by clicking in the properties list) and launch a property editor by clicking Edit. In the property editor window, the user can:
edit the property name
define the property, by typing a correct Lutre Boolean expression (see below for details).
declare a local input (menu Edit, field New input). A local input behaves as a "random" value in the proofs.
declare and define a local variable (menu Edit, field New variable).
define a local assertion (menu Edit, field New assertion). The assertion must be a correct Boolean lustre expression.
write a description of the property. The command Show description from the Edit menu opens a text editor where the user can type his description.
Each lustre expression entered in xlesar is checked for consistency before the prover is launched. Such an expression must be syntactically correct, but xlesar also checks type and the identifier consistency. Every identifier appearing in the expression must exists in the current context. A valid identifier is:
any global input or output (those from the main node, if it exists).
any local input or variable that is currently enabled.
The tool does not allow the user to define complex objects like nodes. In order to use a node call in the definition of a property (resp. assertion, local variable), the user must import its definition (main window menu Import, menu Files, command Load file). Once loaded, the imported file is parsed by xlesar to find and display all the nodes declaration. From this moment on, the user will be able to use those nodes in the property (resp. assertion or variable) definitions.
A prover launcher is displayed in the property editor window. This launcher allows the user to select the options and run the proof. It also display the current status of the property (checked, not checked or unknown). When the prover is running, all messages are "echoed" in the window, and the user may kill the proof process by pushing the Stop button.
A xlesar session is called a project (extension .lesar). The user may save, load or restart a project via the Files menu in the main window.
The environement variable LUSTRE_INSTALL must exist and hold the path of the lustre v4 distribution.
| xlesar - graphical proof manager for lustre |