Boogie is an intermediate verification language (IVL), intended as a layer on which to build program verifiers for other languages. Several program verifiers have been built in this way, including the VCC and HAVOC verifiers for C and the verifiers for Dafny, Chalice, and Spec#. For a sample verifier for a toy language built on top of Boogie, see Forro.
Boogie is also the name of a tool. The tool accepts the Boogie language as input, optionally infers some invariants in the given Boogie program, and then generates verification conditions that are passed to an SMT solver. The default SMT solver is Z3.
Here are some resources to learn more about Boogie. Be aware that some information might be incomplete or outdated.
- Documentation
- Language reference.
- This is Boogie 2 details many aspects of the Boogie IVL but is slightly out of date.
You can ask questions and report issues on our issue tracker.
We are happy to receive contributions via pull requests.
Boogie requires .NET Core and a supported SMT solver (see below).
Boogie releases are packaged as a .NET Core global tool available at nuget.org. To install Boogie simply run:
$ dotnet tool install --global boogie
To build Boogie run:
$ dotnet build Source/Boogie.sln
⚠️ There is currently a know build problem with .NET Core and GitVersionTask (see #213). The workaround is to set the environment variableMSBUILDSINGLELOADCONTEXT=1
and rundotnet build-server shutdown
.
The compiled Boogie binary is
Source/BoogieDriver/bin/${CONFIGURATION}/${FRAMEWORK}/BoogieDriver
. Also, a
NuGet package is placed in Source/BoogieDriver/bin/Debug/
which can be used
for a local installation.
The default SMT solver for Boogie is Z3. Support for CVC4 and Yices2 is experimental.
By default, Boogie looks for an executable called z3|cvc4|yices2[.exe]
in your
PATH
environment variable. If the solver executable is called differently on
your system, use /proverOpt:PROVER_NAME=<exeName>
. Alternatively, an explicit
path can be given using /proverOpt:PROVER_PATH=<path>
.
To learn how custom options can be supplied to the SMT solver (and more), call
Boogie with /proverHelp
.
The current test suite assumes version 4.8.8, but earlier and newer versions may also work.
Call Boogie with /proverOpt:SOLVER=CVC4
.
Call Boogie with /proverOpt:SOLVER=Yices2 /useArrayTheory
.
Works for unquantified fragments, e.g. arrays + arithmetic + bitvectors. Does not work for quantifiers, generalized arrays, datatypes.
Boogie has two forms of tests. Driver tests and unit tests
See the Driver test documentation
See the Unit test documentation
The Bump workflow will create and push a new tag
each time commits are pushed to the master branch (including PR merges). By
default, the created tag increments the patch version number from the previous
tag. For example, if the last tagged commit were v2.4.3
, then pushing to
master would tag the latest commit with v2.4.4
. If incrementing minor or major
number is desired instead of patch, simply add #minor
or #major
anywhere in
the commit message. For instance:
Adding the next greatest feature. #minor
If the last tagged commit were v2.4.3
, then pushing this commit would generate
the tag v2.5.0
.
For pull-request merges, if minor or major version increments are desired, the
first line of the merge commit message can be changed to include #minor
or
#major
.
Note that on each push to master
, the following will happen:
- A travis build for
master
is triggered. - The GitHub workflow is also triggered.
- Once the workflow pushes a new tag
vX.Y.Z
, another travis build forvX.Y.Z
is triggered. - The travis build for
vX.Y.Z
in Release configuration publishes releases to GitHub and NuGet.org.
Boogie is licensed under the MIT License (see LICENSE.txt).