The command-line version of ProB offers many of the feature of the standalone Tcl/Tk Version via the command-line. As such, you can run ProB from your shell scripts or in your Makefiles.
The following conventions are used in this guide:
| <replaceme> | All values that should be replaced with some value are shown withing < > | 
| line breaks | Command synopsis for command may be broken up on several lines. When typing commands enter all option on the same line. | 
probcli [--help] <filename> [ <options> ]
Note that the stand-alone Tcl/Tk version also supports a limited form of command-line preferences:
However, the comand-line version of ProB, called probcli, provides more features. It also does not depend on Tcl/Tk and can therefore be run on systems without Tcl/Tk.
Description
| model check; checking at most <nr> states | 
Example
probcli my.mch ...
Description
| restrict errors reported by model checking with <x>=dead,inv,goal,ass -nodead : do not report deadlocks -noinv : do not report invariant violations -nogoal : do not stop if a state satisfying the GOAL predicate has been found -noass : do not report assertion violations | 
Example
probcli my.mch -mc 1000 -nodead -nogoal
Description
| proceed breadth-first | 
Example
probcli my.mch -bf -mc 1000
Description
| proceed depth-first | 
Example
probcli my.mch -df -mc 1000
Description
| Global imeout in ms for model checking and refinement checking. This does not influence the timeout used for computing individual transitions/operations. This has to be set with the -p TIME_OUT <N>. See the description of the -p option. | 
Example
probcli my.mch -timeout 10000
Description
| trace check (associated .trace file must exist) | 
Example
probcli my.mch -t
Description
| initialise specification | 
Example
probcli my.mch -init nr_of_components(1) % checking_component_properties(1,[]) % enumerating_constants_without_constraints([typedval(fd(_24428,ID),global(ID),iv)]) % grounding_wait_flags grounding_component(1) grounding_component(2) % found_enumeration_of_constants(0,2) % backtrack(found_enumeration_of_constants(0,2)) % found_enumeration_of_constants(0,1) % backtrack(found_enumeration_of_constants(0,1)) <- 0: SETUP_CONSTANTS :: root % Could not set up constants with parameters from trace file. % Will attempt any possible initialisation of constants. | 0: SETUP_CONSTANTS success -->0 - <- 1: INITIALISATION :: 0 % Could not initialise with parameters from trace file. % Will attempt any possible initialisation. ALL OPERATIONS COVERED - | 1: INITIALISATION success -->2 - - SUCCESS
Description
| constraint-based invariant checking for an operation (also use <OPNAME>=all) | 
Example
probcli my.mch -cbc all
Description
| constraint-based deadlock checking (also use -cbc_deadlock_pred PRED) | 
Description
Example
probcli my.mch -cbc_deadlock_pred "n=15"
Description
| raise error if mc finds counter example or trace checking fails | 
Example
probcli my.mch -t -strict
Description
| expect error to occur (<ERR>=cbc,mc,ltl,...) Tell ProB that you expect a certain error to occur. Mainly useful for regression tests (in conjunction with the -strict option). | 
Example
probcli examples/B/Benchmarks/CarlaTravelAgencyErr.mch -mc 1000 -expcterr invariant_violation -strict
Description
| random animation (max Nr steps) | 
Animates the machine randomly, maximally Nr of steps. It will stop if a deadlock is reached.
Example
probcli my.mch -animate 100
Description
| check if animation steps are deterministic | 
Checks if every step of the animation is deterministic (i.e., only one operation is possible, and it can only be executed in one possible way as far as parameters and result is concerned). Currently this option has only an effect for the -animate <Nr> and the -init commands.
Example
probcli my.mch -animate 100 -det_check
Description
| check if animation steps are deterministic | 
Checks if the SETUP_CONSTANTS step is deterministic (i.e., only one way to set up the constants is possible). Currently this option has only an effect for the -animate <Nr> and the -init commands.
Example
probcli my.mch -init -det_constants
Description
| save animation history to a file | 
Save the animation (or model checking) history to a text file. Operations are separated by semicolons. The output can be adapted using the -his_option command. See also the -sptxt command.
Example
probcli -animate 5 -his history.txt supersimple.mch
Additionally we can have the initialised variables and constants:
probcli -animate 5 -his history.txt -his_option show_init supersimple.mch
And we can have the values of the variables in between:
./probcli -animate 5 -his history.txt -his_option show_init -his_option show_states supersimple.mch
Description
| interactive animation | 
After performing the other commands, ProB stays in interactive mode and allows the user to manually animate the loaded specification.
Example
probcli my.mch -i
Description
| start interactive read-eval-loop | 
Example
probcli my.mch -p CLPFD TRUE -eval
Description
| print coverage statistics | 
Example
probcli my.mch -mc 1000 -c
Description
| print and check coverage statistics Print coverage statistics and check that the given number of nodes and transitions have been computed. | 
Example
probcli my.mch -mc 1000 -cc 10 25
Description
| Set <PREFERENCE> to <VALUE>. For more information about preferences please have a look at Preferences | 
You can also use --pref instead of -p. Example
probcli my.mch -p TIME_OUT 8000 -p CLPFD TRUE -mc 10000
Description
| Set preferences from preference file <FILE>. The file should be created by the Tcl/Tk version of ProB; this version automatically creates a file called ProB_Preferences.pl. For more information about preferences please have a look at Preferences | 
Example
probcli my.mch -prefs ProB_Preferences.pl
Description
| set scope of B deferred set | 
Example
probcli my.mch ...
Description
| set GOAL predicate for model checker | 
Example
probcli my.mch -mc 10000000 -goal "n=18" -strict -expcterr goal_found
Description
| start socket server on given port | 
Example
probcli my.mch ...
Description
| start socket server on port 9000 | 
Example
probcli my.mch ...
Description
| start socket server on some free port | 
Example
probcli my.mch ...
Description
| save constants and variables to a file | 
Save the values of constants and variables to a text file. See also the -his command.
Example
probcli -animate 5 -sptxt state.txt supersimple.mch
Description
| log activities in <LogFile> | 
Example
probcli my.mch -mc 1000 -l my.log
Description
| log activities in /tmp/prob_cli_debug.log | 
Example
probcli my.mch -mc 1000 -ll
Description
| analyse <LogFile> using gnuplot | 
Example
probcli my.mch ...
Description
| pretty-print internal representation to <FILE> | 
Example
probcli my.mch -pp my_pp.mch
Description
| pretty-print internal representation to <FILE>, force printing of all type infos | 
Example
probcli my.mch -ppf my_ppf.mch
Description
| set ProB into verbose mode | 
Example
probcli my.mch -mc 1000 -v
Description
| print version information | 
There is also an alternate command called -svers which just prints the version number of ProB. Example
probcli -version ProB Command Line Interface VERSION 1.3.4-beta9 (8475:8485M) $LastChangedDate: 2011-07-18 17:41:16 +0200 (Mon, 18 Jul 2011) $ Prolog: SICStus 4.2.0 (x86_64-darwin-10.6.0): Mon Mar 7 20:03:36 CET 2011 Application Path: /Users/leuschel/svn_root/NewProB
probcli -svers VERSION 1.3.4-beta9 (8475:8485M)
Description
| check ASSERTIONS ProB will automatically initialize the machine if you have not provide the -init or -t switch. You can also use -main_assertions to check only the ASSERTIONS found in the main file. If your ASSERTIONS are all static (i.e., make no reference to variables), then ProB will remove all CONSTANTS and PROPERTIES from your machine which are not linked (directly or indirectly) to the ASSERTIONS. This optimization will only be made if you provide no other switch, such as -mc or -animate which may require the computation of the variables. | 
Example
probcli my.mch -init -assertions
Description
| check PROPERTIES Note: you should probably first initialise the machine (e.g., with -init). If the constants have not yet been set up, probcli will debug the properties. | 
Example
probcli my.mch -init -properties
Description
| define path for generation of dot files for false properties or assertions | 
This option is applicable to -properties and -assertions. It will result in individual dot files being generated for every false or unknown property or assertion. Assertions are numbered A0,A1,... and properties P0,P1,... You can also force to generate dot files for all properties (i.e., also the true ones) using the -dot_all command-line flag.
Example
probcli my.mch -init -properties -dot_output somewhere/
This will generate files somewhere/my_P0_false.dot, somewhere/my_P1_false.dot, ...
Description
| runtime checking of types/pre-/post-conditions | 
Example
probcli my.mch ...
Description
| check LTL formulas in file <FILE> | 
Example
probcli my.mch ...
Description
| check LTL assertions (in DEFINITIONS) | 
Example
probcli my.mch ...
Description
| explore at most <LIMIT> states when model-checking LTL | 
Example
probcli my.mch ...
Description
| save state space for later refinement check | 
Example
probcli my.mch ...
Description
| refinement check against previous saved state space | 
Example
probcli my.mch ...
Generate test cases for the given specification. Each test case consists of a sequence of operations resp. events (a so-called trace) that
The user can specify what requested operations/events are with the option -mcm_cover.
ProB uses a "breadth-first" approach to search for test cases. When all requested operations/events are covered by test cases within maximum length M, the algorithm will explore the complete state space with that maximum distance M from the initialisation. It outputs all found traces that satisfy the requirements above.
The algorithm stops if either
The required parameters are:
Example
probcli my.mch -mcm_tests 10 2000 "EndStateVar=TRUE" testcases.xml -mcm_cover op1,op2
generates test cases for the operations op1 and op2 of the specification my.mch. The maximum length of traces is 10, at most 2000 states are explored. Each test case ends in a state where the predicate EndStateVar=TRUE holds. The found test cases are written to a file testcases.xml.
Specify an operation or event that should be covered when generating test cases with the -mcm_test option. Multiple operations/events can be specified by seperating them by comma or by using -mcm_cover several times.
See -mcm-tests for further details.
Description
| Write graph of the state space to a dot <FILE> | 
Example
probcli my.mch ...
Generate test cases by constraint solving with maximum length Depth, the last state satisfies EndPredicate and the test cases are written to File.
When generating CB test cases, Operation should be covered. The option can be given multiple times to specify several operations. Alternatively, multiple operations can be separated by a comma.
Read the options for constraint based test case generation from File.
You can use these preferences within the command:
-p <PREFERENCE> <VALUE>
| <PREFERENCE> | <VALUE> | 
|---|---|
| MAXINT | nat ==> MaxInt, used for expressions such as xx::NAT (2147483647 for 4 byte ints) | 
| MININT | neg ==> MinInt, used for expressions such as xx::INT (-2147483648 for 4 byte ints) | 
| DEFAULT_SETSIZE | nat ==> Size of unspecified deferred sets in SETS section | 
| MAX_INITIALISATIONS | nat ==> Max Number of Initialisations Computed | 
| MAX_OPERATIONS | nat ==> Max Number of Enablings per Operation Computed | 
| ANIMATE_SKIP_OPERATIONS | bool ==> Animate operations which are skip or PRE C THEN skip | 
| EXPAND_CLOSURES_FOR_STATE | bool ==> Convert lazy form back into explicit form for Variables, Constants, Operation Arguments | 
| SYMBOLIC | bool ==> Lazy expansion of lambdas and set comprehensions | 
| CLPFD | bool ==> Use CLP(FD) solver for B integers (restricts range to -2^28..2^28-1 on 32 bit computers) | 
| SMT | bool ==> Enable SMT-Mode (aggressive treatment of : and /: inside predicates) | 
| STATIC_ORDERING | bool ==> Use static ordering to enumerate constants which occur in most PROPERTIES first | 
| SYMMETRY_MODE | [off,flood,nauty,hash] ==> Symmetry Mode: off,flood,canon,nauty,hash | 
| TIME_OUT | nat1 ==> Time out for computing enabled transitions (in ms) | 
| USE_PO | bool ==> Restrict invariant checking to affected clauses. Also remove clauses that are proven (EventB) | 
| TRY_FIND_ABORT | bool ==> Try more aggressively to detect ill-defined expressions (e.g. applying function outside of domain), may slow down animator | 
| NUMBER_OF_ANIMATED_ABSTRACTIONS | nat ==> How many levels of refined models are animated by default | 
| ALLOW_INCOMPLETE_SETUP_CONSTANTS | bool ==> Allow ProB to proceed even if only part of the CONSTANTS have been found. | 
| PARTITION_PROPERTIES | bool ==> Partition predicates (PROPERTIES) into components | 
| USE_RECORD_CONSTRUCTION | bool ==> Records: Check if axioms/properties describe a record pattern | 
| OPERATION_REUSE | bool ==> Try and reuse previously computed operation effects in B/Event-B | 
| SHOW_EVENTB_ANY_VALUES | bool ==> Show top-level ANY variable values of B Operations without parameters as parameters | 
| RANDOMISE_OPERATION_ORDER | bool ==> Randomise order of operations when computing successor states | 
| EXPAND_FORALL_UPTO | nat ==> When analysing predicates: max. domain size for expansion of foral | 
| MAX_DISPLAY_SET | int ==> Max size for pretty-printing sets (-1 means no limit) | 
| ABSTRACT_DOMAIN_MODULE | string ==> Module name with abstract domain and operations | 
| USE_WIDENING | bool ==> Use widening for abstract interpretation | 
| SOFT_WIDENING | bool ==> Use soft widening for every transition | 
| HOW_MANY_STATES_FOR_WIDEN | nat1 ==> Extrapolation threshold (Number of loop iterations until widening will be used) | 
| WARN_WHEN_EXPANDING_INFINITE_CLOSURES | int ==> Warn when expanding infinite closures if MAXINT larger than: | 
| TRACE_INFO | bool ==> Provide various tracing information on the terminal/console. | 
| DOUBLE_EVALUATION | bool ==> Evaluate PREDICATES positively and negatively when analysing: | 
| RECURSIVE | bool ==> Lazy expansion of *Recursive* set Comprehensions and lambdas | 
| IGNORE_HASH_COLLISIONS | bool ==> Ignore Hash Collisions (if true not all states may be computed, visited states are not memorised !) | 
| FORGET_STATE_SPACE | bool ==> Do not remember state space (mainly useful in conjunction with Ignore Hash Collisions) | 
Example
probcli my.mch -p TIME_OUT 5000 -p CLPFD TRUE -p SYMMETRY_MODE hash -mc 1000
To load a file My.mch, setup the constants and initialize it do:
probcli -init My.mch
To load a file M.mch, setup the constants, initialize and then check all assertions with Atelier-B's default values for MININT and MAXINT and an increased timeout of 5 seconds do:
probcli -init -assertions -p MAXINT 2147483647 -p MININT -2147483647 -p TIME_OUT 5000 M.mch
To model check a specification M.mch while trying to minimize memory consumption and using symmtery reduction (and accepting hash collisions) do:
probcli -p IGNORE_HASH_COLLISIONS TRUE -p FORGET_STATE_SPACE TRUE -p SYMMETRY_MODE hash -mc 999999 M.mch