2 User Interface

In the following we explain the main points of interaction with the user interface of the RISC ProgramExplorer. We assume that the system is appropriately , that the current working directory is the subdirectory examples-ProgramExplorer-CVC3 of the installation directory with write permission enabled (respectively that the current working directory is a writable copy of that directory), and that the task directory has been restored from file PETASKS.tgz (see the README file in the directory). After typing on the command line

ProgramExplorer &

first a splash screen with a copyright message appears. After a few seconds, a window pops up that displays the actual startup screen shown below:

Figure 2.1.:

Startup Window (click to enlarge)

This window initially displays the “Analysis” view of the RISC ProgramExplorer, which is one of the three main views:

Analysis: This view is mainly used to display/edit the source code of a program and theory file, to select symbols for the investigation of their semantics and to start the execution of verification tasks.
Semantics: This view is used to display the semantics of a program method; it is shown, when in the menu associated to a method symbol (right-click the symbol) the entry “Show Semantics” is selected.
Verification: This view is used to show a proof resulting from a task; it is displayed, when in the menu associated to a task (right-click the task), one selects the entry “Execute Task” (if the proof is not yet completed) respectively “Show Proof” (if the proof is completed).

One may switch to another view by clicking on the corresponding tab on the top-right of the window (provided the view is currently applicable).

In the following, we only describe the “Analysis” view; the other views are explained in Chapter 4. As already stated, the main purpose of this view is to edit a program or theory file; when saving the file, it is automatically type-checked and semantically processed. As a consequence, in the tab “Symbols”, the resulting semantic symbols (e.g. program methods) are displayed; in the tab “All Tasks”, the generated (e.g. verification) tasks are shown. Source code, symbols, and tasks are interlinked; by double-clicking a symbol/task, the corresponding line in the source code is highlighted; by double-clicking on the defining occurrence of a symbol name in the source code, the corresponding symbol is high lighted; by double-clicking any other occurrence is definition is printed.

The view has three menus at the top:

File

The menu entry “New File” creates a new file; files with extension .java are considered as program files, files with extension .theory are considered as specification files. The menu entry “Open File” opens such a file. The menu entry “Close File” closes the currently selected open file. The menu entry “Close All Files” closes all open files. The menu entry “Save File” saves the currently selected open file to disk.

The menu entry “Workspace...” displays the window shown below:

Figure 2.2.:

Workspace Configuration (click to enlarge)

This window displays those directories that together represent the root of the package hierarchy for the RISC ProgramExplorer. The default is the list of those directories set in the respectively, if the variable is not set, the current working directory. The buttons “Add Directory” and “Remove Directory” modify the list, the button “Restore Directories” restores the original setting. The button “Okay” activates the current selection, the button “Cancel” discards it.

The entry “Properties...” displays the window shown below:

Figure 2.3.:

Properties Configuration (click to enlarge)

This window allows to configure various properties related to the installation of the software: in the first tab “File Paths”, one can set the path to the Java compiler, the path to the Java application launcher, the path of the working directory (used e.g. for creating new files), the path for the main class of the program (the class containing method main), and the paths to the various versions of the Cooperating Validity Checker (CVC) that the RISC ProgramExplorer may use. The values of these variables can be configured by various .

In the second tab “Checker Settings”, one may control which version of CVC to use (currently CVCL or CVC3, support for the forthcoming CVC4 is pending), and depending on the choice, some other settings. If the older CVCL is used, one may choose whether the underlying logic is higher order (functions and predicates are plain values) or first order (functions and predicates cannot be passed as values to other functions or predicates, also no quantification over functions and values is allowed); for the newer CVC3 (the default), only the selection “first order” is possible. If the logic is first order, then one may furthermore select, whether the result type of predicates is type LOGICAL (the type BOOLEAN with constants TRUE and FALSE then stands for plain values, this is the default) or type BOOLEAN (the type BIT with constants BITTRUE and BITFALSE then stands for plain values).

The button “Okay” confirms all modifications, the button “Cancel” discards them.

The menu entry “Quit” terminates the program.

Edit

The menu entry “Undo” undoes the last change in the file currently being edited, the menu entry “Bigger/Smaller Font” allows to change the size of the font of the editor and of the console.

Help

The entry “Online Manual” displays the hypertext version of this document; the entry “About RISC ProgramExplorer” displays a copyright message.

Below the menu, a row of buttons is displayed as shown below:

Figure 2.4.:

Analyze Buttons (click to enlarge)

New File: Like the menu option “New File”, this button creates a new file and opens it in the editing area.
Open File: Like the menu option “Open File”, this button opens an already existing file.
Save File: Like the menu option “Save File”, this button saves an open file that was modified in the editing area.
Refresh View: This button removes from the view all information (symbols and tasks) that was created by processing a class or theory.
Run Program: This button calls the Java compiler to compile the “Main” class indicated in the “Properties” configuration and calls the Java application launcher to execute it; the output is displayed in the console window (currently no input is possible).

The main area of the view is split into four areas (whose borders may be dragged by the mouse pointer). The central area (which is initially empty) is the “editing” area where program and specification files may be displayed and edited. The other three areas are:

Console

This area displays textual output of the RISC ProgramExplorer, initially a copyright message. When program/specification files are processed, this area displays the success status respectively error messages, if something went wrong.

Files/Symbols

In this area, the tabs “Files” and “Symbols” display the directory respectively symbol structure of the workspace as shown below:

Figure 2.5.:

Workspace Files/Symbols (click to enlarge)

By moving the mouse pointer over a directory/file, a yellow “tip” window pops up that displays the path of the corresponding directory/file respectively information on the corresponding symbol.

Double-clicking on a file opens the corresponding file in the central editing area. Right-clicking on a directory opens a pop-up menu with an option “Refresh” to refresh the display of the directory content and an option “Delete” to delete the directory (after a confirmation). Right-clicking on a file opens a pop-up menu with an option “Open” to open the file in the editing area and an option “Delete” to delete the file (after a confirmation).

Double-clicking on a symbol (e.g. a class symbol or a theory symbol) also opens the corresponding source file (a .java file or a .theory file) in the editor but also immediately processes it; the success of the operation is displayed in the “Console” area. There are the following kinds of symbols:

Package: A symbol denoted by a package declaration.
Class: A symbol introduced by a class declaration.
Class Variable: A symbol introduced by the declaration of a static variable in a class.
Object Variable: A symbol introduced by the declaration of a non-static variable in a class.
Class Method: A symbol introduced by the declaration of a static method in a class.
Object Method: A symbol introduced by the declaration of a non-static method in a class.
Constructor: A symbol introduced by the declaration of a constructor in a class.
Method Parameter: A symbol introduced by the declaration of a parameter in a method header in a class.
Theory: A symbol introduced by a theory declaration.
Type: A symbol introduced by a TYPE declaration in a theory.
Value: A symbol introduced by a value declaration in a theory.
Formula/Axiom: A symbol introduced by a FORMULA/AXIOM declaration in a theory.

All Tasks/Open Tasks

In this area, the tabs “All Tasks” and “Open Tasks” display the tree of all tasks organized in task folders respectively the list of all open tasks as shown below:

Figure 2.6.:

All/Open Tasks (click to enlarge)

The status of the task is indicated by in icon and the color of the description:

New Task: This task (described in red color) is new i.e. it has not yet been attempted to solve it.
Open/Almost Completed Task: If described in red color, this task is open i.e. it has been already attempted but not yet solved. If described in violet color, this task is almost completed, i.e. the task was solved by a proof in a previous invocation of the RISC ProgramExplorer. The corresponding proof may be replayed in the current invocation to become fully closed.
Closed Task: This task (described in blue clor) is closed, i.e. it has been successfully solved.
Failed Task: This task (described in red) is failed, i.e. the task is impossible to solve (which indicates a program/specification error).

By default all task folders are open and display their contents (an exception are those folders that are marked as “optional”). By right-clicking one of the tabs “All Tasks” or “Open Tasks” a menu pops up whose entry “Hide Completed Tasks” closes all folders that do not contain open tasks; the entry “Show All Tasks” opens all folders again. The entry “Execute All Tasks” attempts all open tasks that have automatic solution strategies associated.

By moving the mouse pointer over a task, a yellow “tip” window pops up that displays information on the task such as the kind of task and its status. By double-clicking on the task, the position in the source code of the program or theory is displayed that triggered the creation of the task.

The solution of presumably simple tasks (such as type checking) is immediately attempted by an automatic strategy when the task is created; if this fails, the user may attempt an interactive proof to solve the task. Other presumably complex tasks (such as the proof of the correctness of loop invariants) are not automatically attempted; their solution must be explicitly triggered by the user.

By right-clicking on the task a pop-up menu shows various options depending on the kind of task: “Execute Task” attempts to solve the task e.g. by an automatic proof or, if that fails, by a computer-assisted interactive proof; “Print Task” prints information on the task (the content of the “tip” window) in the “Console” area. “Print State Proving Problem” prints a translation of the task into a proving problem in an extended logic that involves reasoning about program states. “Print Classical Proving Problem” prints a translation of the problem into a classical predicate logic proving problem. “Print Status Evidence (Proof)” shows an associated proof; “Reset Task” resets the task into the “new” state (and deletes any associated proof).

By right-clicking on a task folder, a pop-up menu shows up whose option “Execute Task” attempts to solve all tasks that have an automatic solution strategy associated (interactive proofs have to be individually triggered as shown above).

[next] [prev] [prev-tail] [front] [up]