# SPIN
* https://spinroot.com/spin/whatispin.html
* [Spin Online References](https://spinroot.com/spin/Man/index.html)

## Books
* https://spinroot.com/spin/books.html

- Holzmann, Gerard J. **The SPIN Model Checker: Primer and Reference Manual**. 2003. Addison-Wesley Professional.
- Mordechai Ben-Ari. **Principles of the Spin Model Checker**. Springer-Verlag: 2008. http://www.weizmann.ac.il/sci-tea/benari/software
- SMC: Gerard J. Holzmann. **The Spin Model Checker: Primer and Reference Manual**. Addison-Wesley: 2004.
- PCDP: Mordechai Ben-Ari. **Principles of Concurrent and Distributed Programming**, Second Edition. Addison-Wesley: 2006.

## More 
* [Promela.ipynb](./Promela.ipynb)
* [TSMC: The SPIN Model Checker](./SPIN-The%20SPIN%20Model%20Checker.ipynb)
* [PSMC: Principles of the Spin Model Checker](./SPIN-Principles%20of%20the%20Spin%20Model%20Checker.ipynb)
* [PCDP: Principles of Concurrent and Distributed Programming](./SPIN-Principles%20of%20Concurrent%20and%20Distributed%20Programming.ipynb)

## Tools

* VSCode plugin: Promela for VS, SPIN Promela language

* JSPIN

jSpin, developed by Moti Ben-Ari, is an alternative to the iSpin GUI written in Java instead of Tcl/Tk. It is meant as a teaching aid.

https://github.com/motib/jspin

```shell
# D:\workspace\rtfsc\jspin
$ java -jar jspin.jar

# 配置文件: config.cfg
```

* SPINSPIDER

SPINSPIDER is a software tool for automatically generating the state transition diagram of a PROMELA program.

When SPIN performs a verification, it searches the full state space and sufficient information is available on the search to enable the construction of the state diagram.

SPINSPIDER works with four input files:

(1) the PROMELA source file, <br/>
(2) the debug file obtained by running a verification of the program with the `-DCHECK` option and with a never claim that prints out the program counters and variable values,<br/>
(3) the statement file obtained by running a verification with the `-d` option,<br/>
(4) the trail file of a computation.


* VN: Visualizing nondeterminism

# Installation

Windows: `~\bin\pc_spin651\spin.exe`

WSL:

```shell
$ mv spin651_linux64 spin
$ mv spin /usr/local/bin/
$ which spin
/usr/local/bin/spin
$ spin -V
Spin Version 6.5.1 -- 20 December 2019
```

# Help

## spin
* [Run-Time Options](https://spinroot.com/spin/Man/Spin.html)

In [None]:
# !spin --help

# use: spin [-option] ... [-option] file
# 	Note: file must always be the last argument
# 	-A apply slicing algorithm
# 	-a generate a verifier in pan.c                                                     生成验证器pan.c
# 	-B no final state details in simulations
# 	-b don't execute printfs in simulation
# 	-C print channel access info (combine with -g etc.)
# 	-c columnated -s -r simulation output                                                柱状的send, receive模拟输出: -s -r
# 	-d produce symbol-table information
# 	-Dyyy pass -Dyyy to the preprocessor                                                 预处理器参数: -D
# 	-Eyyy pass yyy to the preprocessor                                                   预处理器参数
# 	-e compute synchronous product of multiple never claims (modified by -L)
# 	-f "..formula.."  translate LTL into never claim                                     将LTL翻译为never声明
# 	-F file  like -f, but with the LTL formula stored in a 1-line file                   使用LTL公式文件
# 	-g print all global variables
# 	-h at end of run, print value of seed for random nr generator used
# 	-i interactive (random simulation)
# 	-I show result of inlining and preprocessing
# 	-J reverse eval order of nested unlesses
# 	-jN skip the first N steps in simulation trail
# 	-k fname use the trailfile stored in file fname, see also -t
# 	-L when using -e, use strict language intersection
# 	-l print all local variables
# 	-M generate msc-flow in tcl/tk format
# 	-m lose msgs sent to full queues
# 	-N fname use never claim stored in file fname
# 	-nN seed for random nr generator
# 	-O use old scope rules (pre 5.3.0)
# 	-o1 turn off dataflow-optimizations in verifier
# 	-o2 don't hide write-only variables in verifier
# 	-o3 turn off statement merging in verifier
# 	-o4 turn on rendezvous optiomizations in verifier
# 	-o5 turn on case caching (reduces size of pan.m, but affects reachability reports)  
# 	-o6 revert to the old rules for interpreting priority tags (pre version 6.2)
# 	-o7 revert to the old rules for semi-colon usage (pre version 6.3)
# 	-Pxxx use xxx for preprocessing
# 	-p print all statements                                                              输出所有语句
# 	-pp pretty-print (reformat) stdin, write stdout
# 	-qN suppress io for queue N in printouts
# 	-r print receive events                                                              输出receive事件
# 	-replay  replay an error trail-file found earlier
# 		if the model contains embedded c-code, the ./pan executable is used
# 		otherwise spin itself is used to replay the trailfile
# 		note that pan recognizes different runtime options than spin itself
# 	-run  (or -search) generate a verifier, and compile and run it                      生成, 编译和运行验证器
# 	      options before -search are interpreted by spin to parse the input             -run之前的选项: 解析输入
# 	      options following a -search are used to compile and run the verifier pan      -run之后的选项: 编译和运行验证器pan
# 		    valid options that can follow a -search argument include:                     -run之后可用的选项:
# 		    -bfs	perform a breadth-first search
# 		    -bfspar	perform a parallel breadth-first search
# 		    -dfspar	perform a parallel depth-first search, same as -DNCORE=4
# 		    -bcs	use the bounded-context-switching algorithm
# 		    -bitstate	or -bit, use bitstate storage
# 		    -biterateN,M use bitstate with iterative search refinement (-w18..-w35)
# 				perform N randomized runs and increment -w every M runs
# 				default value for N is 10, default for M is 1
# 				(use N,N to keep -w fixed for all runs)
# 				(add -w to see which commands will be executed)
# 				(add -W if ./pan exists and need not be recompiled)
# 		    -swarmN,M like -biterate, but running all iterations in parallel
# 		    -link file.c  link executable pan to file.c
# 		    -collapse	use collapse state compression
# 		    -noreduce	do not use partial order reduction
# 		    -hc  	use hash-compact storage
# 		    -noclaim	ignore all ltl and never claims
# 		    -p_permute	use process scheduling order random permutation
# 		    -p_rotateN	use process scheduling order rotation by N
# 		    -p_reverse	use process scheduling order reversal
# 		    -rhash      randomly pick one of the -p_... options
# 		    -ltl p	verify the ltl property named p
# 		    -safety	compile for safety properties only
# 		    -i	    	use the dfs iterative shortening algorithm                          使用DFS迭代缩减算法
# 		    -a	    	search for acceptance cycles                                        搜索接受周期
# 		    -l	    	search for non-progress cycles                                      搜索无进展周期
# 		similarly, a -D... parameter can be specified to modify the compilation
# 		and any valid runtime pan argument can be specified for the verification
# 	-S1 and -S2 separate pan source for claim and model
# 	-s print send events                                                                 输出send事件
# 	-T do not indent printf output
# 	-t[N] follow [Nth] simulation trail, see also -k                                    guided simulation: trail
# 	-Uyyy pass -Uyyy to the preprocessor
# 	-uN stop a simulation run after N steps                                             在N步后停止模拟
# 	-v verbose, more warnings
# 	-w very verbose (when combined with -l or -g)
# 	-[XYZ] reserved for use by xspin interface
# 	-V print version number and exit

## pan
* [Compile-Time Options](https://spinroot.com/spin/Man/Pan.html#B)
* [Run-Time Verification Options](https://spinroot.com/spin/Man/Pan.html#A)
* [Pan's Output Format](https://spinroot.com/spin/Man/Pan.html#C)

In [6]:
# -w: disable warnning message
# !gcc -w -o pan pan.c

# -DREACH 记录每个可达状态的深度
# -DBFS 使用宽度优先搜索替代默认的深度优先搜索

In [None]:
# 使用生成的验证器
# gcc 
# !./pan --help

# saw option --
# Spin Version 6.5.1 -- 20 December 2019
# Valid Options are:
# 	-a,-l,-f  -> are disabled by -DSAFETY
# 	-A  ignore assert() violations                                                                忽略assert断言失败
# 	-b  consider it an error to exceed the depth-limit
# 	-cN stop at Nth error (defaults to -c1)                                                       在第几个错误时结束, 默认为第1个
# 	-D  print state tables in dot-format and stop
# 	-d  print state tables and stop
# 	-e  create trails for all errors
# 	-E  ignore invalid end states                                                                 忽略无效的end状态
# 	-hN use different hash-seed N:0..499 (defaults to -h0)
# 	-hash generate a random hash-polynomial for -h0 (see also -rhash)
# 	      using a seed set with -RSn (default 12345)
# 	-i  search for shortest path to error                                                         搜索到错误的最短路径
# 	-I  like -i, but approximate and faster
# 	-J  reverse eval order of nested unlesses
# 	-mN max depth N steps (default=10k)                                                          最大深度
# 	-n  no listing of unreached states
# 	-QN set time-limit on execution of N minutes
# 	-q  require empty chans in valid end states                                                  要求在有效的end状态中通道是空的
# 	-r  read and execute trail - can add -v,-n,-PN,-g,-C
# 	-r trailfilename  read and execute trail in file
# 	-rN read and execute N-th error trail
# 	-C  read and execute trail - columnated output (can add -v,-n)
# 	-r -PN read and execute trail - restrict trail output to proc N
# 	-g  read and execute trail + msc gui support
# 	-S  silent replay: only user defined printfs show
# 	-RSn use randomization seed n
# 	-rhash use random hash-polynomial and randomly choose -p_rotateN, -p_permute, or p_reverse     x
# 	-T  create trail files in read-only mode
# 	-t_reverse  reverse order in which transitions are explored
# 	-tsuf replace .trail with .suf on trailfiles
# 	-V  print SPIN version number
# 	-v  verbose -- filenames in unreached state listing
# 	-wN hashtable of 2^N entries (defaults to -w24)
# 	-x  do not overwrite an existing trail file

# 	options -r, -C, -PN, -g, and -S can optionally be followed by
# 	a filename argument, as in '-r filename', naming the trailfile