1728 lines
No EOL
66 KiB
Text
1728 lines
No EOL
66 KiB
Text
********************** NuSMV 2.6.0 (2015/10/14) **********************
|
|
|
|
This is a major release that comes after four years passed working
|
|
under the surface. The release provides some new features, many bug
|
|
fixes and optimizations, and substantial differences in the software
|
|
architecture and building system.
|
|
|
|
The main changes are:
|
|
|
|
o Splitting source code in two main components: the Core NuSMV library
|
|
and the NuSMV Shell. This split enables for a much easier
|
|
integration with other tools, and for a possible reorganization of
|
|
the shell in the future. This change breaks backward compatibility
|
|
of APIs and source code integration.
|
|
|
|
o Switch to cmake (http://cmake.org) for building source code. This
|
|
allows for a much faster build wrt previously used GNU Autotools,
|
|
higher portability, and lower maintenance costs.
|
|
|
|
The bug fixes and new features are described below.
|
|
|
|
Please consider switching to nuXmv (https://nuxmv.fbk.eu). nuXmv
|
|
extends NuSMV along two directions. For the verification of
|
|
finite-state synchronous designs, nuXmv features strong engines based
|
|
on state-of-the-art SAT-based algorithms (see the final results at the
|
|
Hardware Model Checking Competition 2015 at
|
|
http://fmv.jku.at/hwmcc15/). For the verification of infinite-state
|
|
synchronous designs, nuXmv features state-of-the-art SMT-based
|
|
verification techniques, implemented through a tight integration with
|
|
the MathSAT5 SMT solver (http://mathsat.fbk.eu). For details about
|
|
license terms see nuxmv's web pages.
|
|
|
|
----------------------------------------------------------------------
|
|
* New features
|
|
----------------------------------------------------------------------
|
|
o Language
|
|
|
|
- NuSMV language was extended to support the 'min', 'max', and 'abs'
|
|
operators.
|
|
|
|
o System commands
|
|
|
|
- Added four new commands 'check_pslspec_bmc',
|
|
'check_pslspec_bmc_inc', 'check_pslspec_sbmc',
|
|
'check_pslspec_sbmc_inc'. They handle the options -b (use bmc),
|
|
-s (use sbmc), -i (use incremental algorithms), -c and -N
|
|
previously handled by the single command 'check_pslspec', that
|
|
now is specific for bdd-based model checking.
|
|
|
|
- Added command 'convert_property_to_invar' which converts LTL
|
|
(CTL) properties in the form "G (AG) next-expr" to INVARSPEC.
|
|
|
|
- Command 'print_fair_transitions' now provides exact information
|
|
about the fair-transitions, and not about state-input pairs. The
|
|
command provides support also for dumping information in DOT and
|
|
CSV formats, which is useful to visually "inspect" the FSM.
|
|
|
|
o Command line options and system variables
|
|
|
|
- New variable 'boolean_conversion_uses_predicate_normalization':
|
|
When set to true, performs predicate normalization of any
|
|
expression before performing the booleanization. There are cases
|
|
where enabling this option pays off dramatically, however it
|
|
might be expensive on other cases since the normalization of the
|
|
predicates may blow up the formula. Set to false by default.
|
|
|
|
- New variable 'ltl2smv_single_justice': When set to true, the
|
|
tableau construction builds a degeneralized (single fairness)
|
|
symbolic encoding of the Buchi automaton within ltl2smv instead
|
|
of the default generalized (multiple fairness) one. Added
|
|
command line option -s to ltl2smv, to enable the emit of a
|
|
single justice tableau.
|
|
|
|
- New variables 'pp_cpp_path' and 'pp_m4_path' to allow users to
|
|
explicitly set the paths on the file system of 'cpp' and 'm4'
|
|
preprocessors.
|
|
|
|
o Improvements (internal)
|
|
|
|
- Introduced infinite-width words. In previous versione, maximum
|
|
width was limited to 64.
|
|
|
|
- RBC inlining now uses a LRU cache which always improves BMC
|
|
performances (up to 30% according to our experiments).
|
|
|
|
- Many functions were rewritten to avoid recursion. This allows
|
|
for a faster executions with more limited use of stack.
|
|
|
|
- Command 'help' no longer relies on external files for accessing
|
|
the commands' documentation. This simplify the usage.
|
|
|
|
----------------------------------------------------------------------
|
|
* Bug fixes
|
|
----------------------------------------------------------------------
|
|
|
|
There were about 270 bug fixes, most of them were minor, but some were
|
|
major issues. Here is the list of the most critical bug fixed:
|
|
|
|
* Fixes in type checker.
|
|
|
|
* Fixed some problems related to array handling appearing in some
|
|
corner case use.
|
|
|
|
* Fixed several issues with portability, in particular to allow
|
|
compilation of core libraray with msvc-2010.
|
|
|
|
----------------------------------------------------------------------
|
|
* Documentation
|
|
----------------------------------------------------------------------
|
|
|
|
Programmer's manual is now generated with doxygen
|
|
(http://www.doxygen.org). For this reason documentation of all
|
|
functions has been moved to the place of declaration (i.e. to header
|
|
files). Previous documentation system has been dropped.
|
|
|
|
----------------------------------------------------------------------
|
|
* Source Code
|
|
----------------------------------------------------------------------
|
|
Top level directory has been renamed from 'nusmv' to "NuSMV". Source
|
|
code is now located in "NuSMV/code/nusmv" with "NuSMV/code" in the
|
|
inclusion path to allow for explicit inclusion of header files in the
|
|
form "nusmv/..." which makes explicit where each header files is
|
|
imported from.
|
|
|
|
Core library and shell have been clearly split into
|
|
"NuSMV/code/nusmv/{core,shell}", and it is now possible to compile the
|
|
library standalone (option ENABLE_SHELL=OFF at configuration time).
|
|
|
|
|
|
|
|
********************** NuSMV 2.5.4 (2011/10/31) **********************
|
|
This is a minor release that provides some new features, some internal
|
|
improvements, and many bug fixes.
|
|
|
|
----------------------------------------------------------------------
|
|
* New features
|
|
----------------------------------------------------------------------
|
|
|
|
o System commands
|
|
|
|
- Added two new commands 'bmc_pick_state' and 'bmc_inc_simulate'
|
|
for interactive simulations using SAT;
|
|
|
|
- Added option "-n "name"" to command add_property to specify the name
|
|
|
|
- Removed unsupported options "-o" and "-1" from the documentation
|
|
command 'check_ltlspec_sbmc_inc';
|
|
|
|
o Command line options and system variables
|
|
|
|
- Added a new system boolean variable 'daggifier_enabled'
|
|
(Default set to 1), and a new relative command line option
|
|
"-disable_daggifier" to enable/disable the daggifier while
|
|
dumping SMV models.
|
|
|
|
o Improvements (internal)
|
|
|
|
- Performed several refactorings: added wff package and a few
|
|
basic data structures (e.g. utils/Pair.c, utils/Triple.c);
|
|
|
|
- The simplification of the expressions has been improved using
|
|
additional simplification rules, the local symbol tables and
|
|
pointers sorting;
|
|
|
|
- Improved iteration over the hash tables elements;
|
|
|
|
- Improved construction of static BDD var order.
|
|
|
|
----------------------------------------------------------------------
|
|
* Bug fixes
|
|
----------------------------------------------------------------------
|
|
|
|
We fixed about 15 bugs in this version. Many thanks to those users who
|
|
reported issues, and helped improving NuSMV.
|
|
|
|
Here is the list of the most critical bug fixed:
|
|
|
|
- Fixed a wrong simplification rule within the rbc package;
|
|
|
|
- Fixed a bug in condition simplification, which was not taking
|
|
into account context;
|
|
|
|
- Fixed a bug in prompt printing that was creating some syncronization
|
|
problem with external tools (thanks to Sylvain Soliman from INRIA for
|
|
the accurate bug report);
|
|
|
|
- Fixed a bug in the trace reader that caused seg-faults;
|
|
|
|
- Fixed an overflow in the operator swconst;
|
|
|
|
- Fixed a bug in the command add_property that was wrongly adding a
|
|
property P even if P was already used;
|
|
|
|
- Added some additional checks to trap uncorrect PSL formulae;
|
|
|
|
- Fixed a linking dependence about the library librbcdag.la in the
|
|
Makefile that prevented the creation of linkable library.
|
|
|
|
----------------------------------------------------------------------
|
|
* Documentation
|
|
----------------------------------------------------------------------
|
|
|
|
- The output of -h option for 'check_ltlspec_sbmc_inc',
|
|
'bmc_pick_state', 'bmc_inc_simulate', 'add_property',
|
|
'daggifier_enabled' commands, and the command line option
|
|
'-disable_daggifier' have been updated according to the recent
|
|
changes. The User Manual has been updated as well.
|
|
|
|
|
|
|
|
********************** NuSMV 2.5.3 (2011/06/16) **********************
|
|
This is a minor release that provides many bug fixes, some
|
|
internals improvement, and a few new features.
|
|
|
|
|
|
|
|
----------------------------------------------------------------------
|
|
* New features
|
|
----------------------------------------------------------------------
|
|
|
|
o System commands
|
|
|
|
- Command 'compute' has been renamed 'check_compute'. Old
|
|
command 'compute' is deprecated.
|
|
|
|
- Command 'clean_bdd_cache' has been renamed 'clean_sexp2bdd_cache'
|
|
|
|
- Added option -F <format> to command 'show_property', to print in
|
|
tabular or xml formats.
|
|
|
|
- Added options -t and -V to command 'show_vars', to print selected
|
|
information about the variables in the model.
|
|
|
|
- Added option -k <length> to command 'simulate', to make
|
|
uniform all simulation commands.
|
|
Old syntax 'simulate <length>' is now deprecated.
|
|
|
|
- Added options -r, -c <simp_constr> and -t <next_constr> to
|
|
SAT-based simulation commands, both incremental and non
|
|
incremental, in order to be more uniform with regard to the
|
|
BDD-based ones.
|
|
|
|
o Command line options and system variables
|
|
|
|
- Command line option and system variable 'disable_bdd_cache'
|
|
have been renamed to 'disable_sexp2bdd_caching'
|
|
|
|
- New command line option and system variable
|
|
'disable_syntactic_checks' which can improve performances by
|
|
skipping checks on input files which are assumed to be
|
|
syntactically correct by construction.
|
|
|
|
- New command line option and system variable
|
|
'keep_single_value_vars' to disable an optimization which by
|
|
default converts enumerative variables to constants when
|
|
their domain contains only a single element.
|
|
|
|
- New system variable 'default_simulation_steps' is used by
|
|
simulation commands. Command 'simulate' now considers it if
|
|
simulation steps are not specified; command 'bmc_simulate'
|
|
considers it instead of variable 'bmc_length'.
|
|
|
|
- New system variable 'parser_is_lax' can be used to force the
|
|
parser to try completing parsing even with syntactic errors,
|
|
reporting all found errors at the end.
|
|
|
|
- New system variable 'prop_print_method' can be used to select
|
|
how properties are printed out.
|
|
|
|
|
|
o Improvements (internals)
|
|
|
|
- New algorithms to compute COI (Cone of Influence) have been
|
|
implemented.
|
|
|
|
- Encoding of scalar variables have been improved to fit with
|
|
the BDD variable ordering. The new encoding proved to improve
|
|
performances in many general cases.
|
|
|
|
- Fixed BDD encoding of variables to trigger less re-orderings.
|
|
|
|
- Some RBC operations now use much less stack space.
|
|
|
|
- New Symbol Table implementation, with huge performances and
|
|
memory improvements.
|
|
|
|
- New system-widely-used NodeList implementation, which reduces
|
|
global NuSMV memory usage.
|
|
|
|
|
|
----------------------------------------------------------------------
|
|
* Bug fixes
|
|
----------------------------------------------------------------------
|
|
|
|
About 30 bugs were fixed in this version. Many thanks to those
|
|
users who reported issues, and helped improving NuSMV.
|
|
|
|
Here the most critical bug fixes are listed:
|
|
|
|
- Fixed a bug in CTL counter example generation, which was
|
|
surfacing in some cases.
|
|
|
|
- Fixed a bug which was triggered when adding incorrect properties
|
|
to the properties database.
|
|
|
|
- Fixed bug in command 'bmc_pick_state' when used with COI.
|
|
|
|
- Fixed compilation errors on recent GNU/Linux distributions
|
|
|
|
- Fixed compilation errors under Darwin.
|
|
|
|
- Fixed many memory leaks.
|
|
|
|
|
|
|
|
----------------------------------------------------------------------
|
|
* Documentation
|
|
----------------------------------------------------------------------
|
|
|
|
- Added a FAQ containing a set of most frequently asked questions
|
|
about NuSMV, and the SMV language.
|
|
|
|
- Added to the User Manual the description of some missing
|
|
operators like 'sizeof'
|
|
|
|
|
|
|
|
|
|
|
|
********************** NuSMV 2.5.2 (2010/10/29) **********************
|
|
This is a minor release that provides a few new features, and several
|
|
bug fixes.
|
|
|
|
----------------------------------------------------------------------
|
|
* New minor features
|
|
----------------------------------------------------------------------
|
|
|
|
o SMV grammar
|
|
|
|
- Array indices in PSL expressions can now be generic expressions,
|
|
like in normal SMV grammar. Previously, only constant numbers
|
|
were supported.
|
|
|
|
o Environment variables
|
|
|
|
- Some traces related environment variables have been renamed to
|
|
improve usability:
|
|
|
|
* counter_examples_hiding_prefix -> traces_hiding_prefix
|
|
* counter_examples_show_re -> traces_regexp
|
|
* show_defines_in_traces -> traces_show_defines
|
|
* trace_show_defines_with_next -> traces_show_defines_with_next
|
|
|
|
----------------------------------------------------------------------
|
|
* Bug fixes
|
|
----------------------------------------------------------------------
|
|
|
|
- Fixed a problem, causing segfault, in the way the COUNT operator
|
|
was handled. Thanks to Alexandre Arnold <a.arnold.fr AT gmail.com>
|
|
for reporing the issue.
|
|
|
|
- Fixed an assertion violation occuring in interactive simulation
|
|
when an incorrect constraint was given to restrict the number of
|
|
possible next states to be shown to the user.
|
|
|
|
- Fixed three problems in the trace visualization:
|
|
* Word constants in decimal format were not properly printed
|
|
under windows 32bit machines.
|
|
* In some cases the option specifiying the format for printing
|
|
word constants was ignored.
|
|
* In some cases the options specifying the filters over signals
|
|
were ignored.
|
|
|
|
- Fixed a problem of command execute_partial_traces that was not
|
|
reporting any message to the user for non re-executable traces.
|
|
|
|
- Fixed a bug in command write_coi_model which was generating
|
|
an incorrect model for properties with an empty coi.
|
|
|
|
- Fixed a problem of the "echo" command that was no longer
|
|
expanding references to environment variables.
|
|
|
|
- Fixed a problem that was causing NuSMV to crash when handling
|
|
command line options related to BMC and no SAT solver was
|
|
linked/detected at compile time.
|
|
|
|
- Fixed several other small bugs on internals not affecting the the
|
|
normal user interacting with NuSMV via the shell or in batch mode.
|
|
|
|
|
|
********************** NuSMV 2.5.1 (2010/10/01) **********************
|
|
|
|
This is a minor release that provides most notably a major change in
|
|
the language. It features also several bug fixes (more than 30), a few
|
|
new operators in the SMV language, some new command line options, a
|
|
few optimizations, and some fixes in the documentation.
|
|
|
|
The main changes are listed below. For details please refer to the
|
|
ChangeLog.
|
|
|
|
|
|
----------------------------------------------------------------------
|
|
* New features
|
|
----------------------------------------------------------------------
|
|
|
|
o SMV grammar
|
|
|
|
- The new version 2.5.1 makes a strong distinction between
|
|
integers and boolean types. This breaks backward compatibility,
|
|
since integers values cannot be used anymore where booleans are
|
|
used, and vice-versa.
|
|
|
|
To mitigate the problems that may arise from this change, new
|
|
operators have been introduced (e.g., the "count" operator), and
|
|
the signature of existing ones have been extended (e.g., the
|
|
"toint" operator) to allow to cope with no longer supported
|
|
expressions.
|
|
|
|
Thus, the following typical snipped of code are no longer
|
|
accepted:
|
|
|
|
1. Given N boolean expressions b1, ..., bN, to specify that at most
|
|
M out of N must be TRUE, before it was possible to write
|
|
|
|
(b1 + b2 + ... + bN) <= M.
|
|
|
|
From 2.5.1 on this condition has to be specified as
|
|
|
|
count(b1,b2,...,bN) <= M.
|
|
|
|
2. Constant "1" cannot be used anymore as default condition into
|
|
a "case" statement. Thus the following code snipped
|
|
|
|
case
|
|
b1 : e1;
|
|
...
|
|
bN : eN;
|
|
1 : eD; -- expression for default condition
|
|
esac
|
|
|
|
has to be rewritten as
|
|
|
|
case
|
|
b1 : e1;
|
|
...
|
|
bN : eN;
|
|
TRUE : eD; -- expression for default condition
|
|
esac
|
|
|
|
In this snippet b1, ..., bN are boolean expressions
|
|
representing the conditions, and e1, ..., eN, eD are the
|
|
expressions the case construct evaluates to when the
|
|
corresponding condition evaluates to TRUE.
|
|
|
|
- Added the count() operator, which takes a list of boolean
|
|
expressions and returns the number of expressions that evaluates
|
|
to TRUE.
|
|
|
|
- Operator toint() now supports word type expressions.
|
|
|
|
o System commands
|
|
|
|
- Command "show_vars" no longer prints by default all the
|
|
values of an enumerative variable, and truncates it if too
|
|
long to be printed, and reports the number of the remaining
|
|
elements. The new command line option "-v" for this command
|
|
enables the previous behavior.
|
|
|
|
- Command "set" now accepts "0" and "1" when setting values of
|
|
boolean system variables. Now "set <var> 0" has the same
|
|
effect as "unset <var>", and "set <var> 1" has the same
|
|
effect as "set <var>".
|
|
|
|
o Command line options
|
|
|
|
- The backward-compatibility option "-old" has been extended to
|
|
make NuSMV accept syntactical construct "1" in "case" conditions
|
|
to specify the default condition. This is intended to mitigate
|
|
the impact of the strong type distinction between integer and
|
|
boolean types, in existing SMV models. This feature will be
|
|
removed in future releases.
|
|
|
|
----------------------------------------------------------------------
|
|
* Bug fixes
|
|
----------------------------------------------------------------------
|
|
|
|
- Garbage in dimacs file under Windows platforms. Thanks to Luca
|
|
Zanetti <luzanetti AT fbk.eu> for repoting it.
|
|
|
|
- Standard output and error, and the shell's prompt are now in
|
|
sync under Windows. Thanks to Aleksey Nogin <anogin AT hrl.com>
|
|
for the report and for providing a patch.
|
|
|
|
- The parser can handle now comments with length greater than
|
|
16381 characters.
|
|
|
|
- The type checker can now successfully detect ambiguities in
|
|
identifiers which refer to both enumerative literals and
|
|
variable names.
|
|
|
|
- Fixed a crash which was in some cases occurring when extracting
|
|
the counter-example of a false property, with cone of influence
|
|
was enabled.
|
|
|
|
- Fixed some memory leaks.
|
|
|
|
- Fixed several portability issues.
|
|
|
|
|
|
|
|
********************** NuSMV 2.5.0 (2010/05/17) **********************
|
|
Version 2.5.0 is a major release which provides new features, many
|
|
optimizations and bug fixes, and an extensive reorganization of the
|
|
source code and API.
|
|
|
|
Many changes were driven by projects which involved
|
|
FBK, like:
|
|
|
|
- COCONUT, COrrect-by-CONstrUcTion Workbench for Design and
|
|
Verification of Embedded Systems
|
|
(http://www.coconut-project.eu/).
|
|
COCONUT was founded by EU FP7-2007-IST-1-217069.
|
|
|
|
- COMPASS, COrrectness, Modeling and Performance of
|
|
Aerospace SystemS (http://compass.informatik.rwth-aachen.de)
|
|
|
|
- EuRailCheck, European Railways Verification and Validation Tool
|
|
(http://es.fbk.eu/projects/eurailcheck).
|
|
|
|
In all these projects, the core of NuSMV has been improved to deal
|
|
with large scalability issues. Several bottlenecks were identified,
|
|
and fixed, with particular care about the memory usage.
|
|
|
|
The main changes are listed below. For details please refer to the
|
|
ChangeLog.
|
|
|
|
|
|
----------------------------------------------------------------------
|
|
* New features
|
|
----------------------------------------------------------------------
|
|
|
|
o Improvements
|
|
|
|
- New type "signed word" is introduced
|
|
|
|
- New type is added to allow signed arithmetic.
|
|
Also a few operations related to signed words are
|
|
introduced. They are "extend" and two casts - "signed" and
|
|
"unsigned". See user manual for more details.
|
|
|
|
- Added traces re-execution engine. Traces can now be executed
|
|
within the model, to check whether or not the trace contains
|
|
onlu valid assingments that are feasible in the model.
|
|
|
|
o SMV grammar
|
|
|
|
- Properties can now be named in the SMV model.
|
|
The syntax for property naming is "NAME pname := expr"
|
|
|
|
o PSL grammar
|
|
|
|
- The PSL grammar now supports word operations. All SMV word
|
|
operators are supported, made exception for the bit-selection
|
|
operator, which has a different syntax in PSL [select(w, h, l)].
|
|
See user manual for more details
|
|
|
|
o System commands
|
|
|
|
- Added the "bmc_pick_state" command. Similary to "pick_state",
|
|
chooses an element from the set of initial states, and makes it
|
|
the current state. This must be done in order to proceed with
|
|
BMC simulation
|
|
|
|
- Added the "bmc_inc_simulate" command. Does the same as
|
|
"bmc_simulate", but using incremental algorithms.
|
|
|
|
- Added the "bmc_simulate_check_feasible_constraints" command,
|
|
used to check whether or not a given constraint is feasible and
|
|
can thus be used as BMC simulation constraint.
|
|
|
|
- Added the "check_invar_bmc_inc" command, used for checking
|
|
invariant specifications using BMC incremental algorithms.
|
|
|
|
- Added the "check_ltlspec_bmc_inc" command, used for checking
|
|
LTL specifications using BMC incremental algorithms.
|
|
|
|
- Added the "clean_bdd_cache" command. Cleans the cached results
|
|
of evaluations of symbolic expressions to ADD and BDD
|
|
representations.
|
|
|
|
- Added the "execute_partial_traces" command, used for incomplete
|
|
trace execution
|
|
|
|
- Added the "execute_traces" command, used for complete trace
|
|
execution
|
|
|
|
- Added the "print_formula" command, which prints a formula in
|
|
canonical format.
|
|
|
|
- Added the "show_dependencies" command, which shows the
|
|
dependencies for the given expression
|
|
|
|
- Added the "write_coi_model" command, which reduces a model using
|
|
the Cone Of Influence over a given property and dumps it on a
|
|
file.
|
|
|
|
- Added the "write_flat_model_udg" command, which writes the input
|
|
given SMV model in the specified uDraw file
|
|
|
|
- Added the "write_pred_clusters_model" command, which writes flat
|
|
models corresponding to clusters of predicates to file.
|
|
|
|
- Added the "-P name" command option to all property-checking
|
|
commands (check_ctlspec, check_ltlspec, ...). When using this
|
|
option, only the property named "name" is checked.
|
|
|
|
- Added some new command options to the "check_invar" command:
|
|
|
|
* -s strategy : Force the analysis strategy (Overrides the
|
|
"check_invar_strategy" environment
|
|
variable). Possible values are {'forward',
|
|
'backward', 'forward-backward', 'bdd-bmc'}
|
|
|
|
* -e heuristic : Force the heuristic in case of
|
|
forward-backward strategy (Overrides the
|
|
"check_invar_forward_backward_heuristic"
|
|
environment variable). Possible values are
|
|
{'zigzag', 'smallest'}
|
|
|
|
* -t number : When using the mixed BDD and BMC approach
|
|
specify the heuristic threshold. Overrides
|
|
the "check_invar_bddbmc_threshold"
|
|
environment variable.
|
|
|
|
* -k number : When using the mixed BDD and BMC approach
|
|
specify the BMC max k. Overrides the
|
|
"bmc_length" environment variable
|
|
|
|
* -j heuristic : Specify the heuristic used to switch from BDD
|
|
to BMC (Overrides the
|
|
"check_invar_bddbmc_heuristic" environment
|
|
variable). Possible values are {'steps',
|
|
'size'}
|
|
|
|
- Added "-k number" options and "-t time" option to the
|
|
"compute_reachable" command, which respectively limit the
|
|
forward search in number of steps or in execution time.
|
|
|
|
- Added "-2" and "-n" options to the "echo" command. "-2" prints
|
|
the given string to stderr instead of stdout. "-n" does not add
|
|
a trailing newline to the printed string.
|
|
|
|
- Added the "-d" option to the "flatten_hierarchy" command. This
|
|
option delays the construction of vars constraints until needed
|
|
|
|
- Added the "-p" option to the "print_fsm_stats" command, which
|
|
prints out the normalized predicates the FSM consists of.
|
|
|
|
- Added a few command options to the "print_reachable_states"
|
|
command:
|
|
|
|
* -d : Prints the list of reachable states with defines
|
|
(Requires -v)
|
|
|
|
* -f : Prints the formula representing the reachable
|
|
states.
|
|
|
|
* -o filename : Prints the result on the specified filename
|
|
instead of on standard output
|
|
|
|
o Command line options
|
|
|
|
- Added option "-source sc_file": Executes NuSMV commands from
|
|
file sc_file
|
|
|
|
- Added option "-disable_bdd_cache" to disable bdd reachable
|
|
states caching.
|
|
|
|
- Added option "-bdd_soh heuristics" to set the heuristics to be
|
|
used to compute BDD ordering statically by analyzing the input
|
|
model.
|
|
|
|
- Added option "-ojeba alg" to set the algorthim used for
|
|
BDD-based language emptiness of Buchi fair transition systems.
|
|
|
|
o System variables
|
|
|
|
- System variables are now printed in a lexicographic order when
|
|
calling command "set"
|
|
|
|
- Added system variable "bdd_static_order_heuristics", which sets
|
|
the heuristics for guessing a good ordering by analyzing the
|
|
input model.
|
|
|
|
- Added system variable "bmc_inc_invar_alg", which sets the
|
|
default algorthim for BMC incremental invariants checking.
|
|
|
|
- Added system variable "check_invar_bddbmc_heuristic", which sets
|
|
the bdd-bmc heuristics to be used when using bdd-bmc BDD
|
|
invariants checking strategy
|
|
|
|
- Added system variable "check_invar_bddbmc_threshold", which sets
|
|
the threshold to be used when using bdd-bmc BDD invariants
|
|
checking strategy
|
|
|
|
- Added system variable "check_invar_forward_backward_heuristic",
|
|
which sets the heuristics used for forward-backward strategy
|
|
when checking invariants using BDD.
|
|
|
|
- Added system variable "check_invar_strategy", which sets the
|
|
strategy to be used for BDD based invariants specifications
|
|
checking.
|
|
|
|
- Added system variable "counter_examples_hiding_prefix". Symbols
|
|
names that match this string prefix will be not printed out when
|
|
showing a trace
|
|
|
|
- Addes system variable "counter_examples_show_re". Only symbols
|
|
whose names match this regular expression will be printed out
|
|
when showing a trace.
|
|
|
|
- Added system variable "daggifier_counter_threshold",
|
|
"daggifier_depth_threshold" and "daggifier_statistics", which
|
|
control the model dumper behavior.
|
|
|
|
- Added system variable "enable_bdd_cache", which determines if
|
|
during evaluation of symbolic expression to ADD and BDD
|
|
representations the obtained results are cached or not.
|
|
|
|
- Added system variable "oreg_justice_emptiness_bdd_algorithm",
|
|
which sets the algorithm used to determine language emptiness of
|
|
a Buchi fair transition system.
|
|
|
|
- Added system variable "rbc_rbc2cnf_algorithm", which defines the
|
|
algorithm used for conversion from RBC to CNF format.
|
|
|
|
- Added system variable "show_defines_in_traces", which controls
|
|
whether defines should be printed as part of a trace or be
|
|
skipped
|
|
|
|
- Added system variable "trace_show_defines_with_next", which
|
|
controls wheter defines containing next operator should be
|
|
printed as part of a trace or be skipped
|
|
|
|
- Added system variable "use_coi_size_sorting", which
|
|
enables/disables the use of the cone of influence variables set
|
|
size for properties sorting, before the verification step.
|
|
|
|
|
|
----------------------------------------------------------------------
|
|
* Bug fixes
|
|
----------------------------------------------------------------------
|
|
|
|
- Fixed the precedence of "mod" operator. Now it has the same
|
|
precedence as division instead of having precedence
|
|
between +/- and shift.
|
|
|
|
|
|
|
|
********************** NuSMV 2.4.3 (2007/05/22) **********************
|
|
|
|
This is a minor release that provides several bug fixes and
|
|
commands completion when interactive shell is used.
|
|
|
|
----------------------------------------------------------------------
|
|
* New features
|
|
----------------------------------------------------------------------
|
|
|
|
o User interaction
|
|
|
|
- Added commands completion functionality to the interactive shell
|
|
(requires readline library to be enabled and to be available at
|
|
compile time). Thanks to Tivadar Szemethy <tivadar.szemethy AT
|
|
vanderbilt.edu> who contributed the code for this feature.
|
|
|
|
----------------------------------------------------------------------
|
|
* Bug fixes
|
|
----------------------------------------------------------------------
|
|
|
|
- Fixed a failure that may occur when model checking LTL formulae
|
|
with defines referring directly or indirectly to input variables.
|
|
|
|
- Fixed a critical bug that made formula (AF p | AF q) being
|
|
rewritten as AF (p | q).
|
|
|
|
- Fixed a critical bug that made NuSMV fail when allocating more
|
|
than 4096 BDD variables.
|
|
|
|
- SBMC was not handling correctly past temporal operators.
|
|
|
|
- Operator unary minus (-) was not fully handled by type checker
|
|
and other components.
|
|
|
|
- Fixed a bug that allowed the properties database to contain
|
|
properties with problems (undefined symbols, type errors, ...).
|
|
|
|
- Use of keyword "self" as module's actual parameter has been
|
|
re-enabled.
|
|
|
|
- Fixed some memory leaks.
|
|
|
|
|
|
********************** NuSMV 2.4.2 (2007/04/06) **********************
|
|
|
|
This is a minor release that provides compatibility with 64-bit
|
|
architectures, speed improvements, a few extensions to the user
|
|
interface and many bug fixes. Latest versions of CUDD, Minisat and
|
|
Zchaff are also now used. Overall this release results on average
|
|
faster than previous ones.
|
|
|
|
----------------------------------------------------------------------
|
|
* New features
|
|
----------------------------------------------------------------------
|
|
|
|
o Improvements
|
|
|
|
- Specifications using words are bit-blasted using the circuits
|
|
corresponding to the functions occurring in the specification
|
|
when SAT based BMC is selected for verification. This enabled
|
|
the verification of models out of the scope of previous versions
|
|
of NuSMV.
|
|
|
|
- SAT based BMC encoding now features RBC inlining [ABE04] to
|
|
reduce problem size. With RBC inlining enabled, our experiments
|
|
showed on average a reduction of total model checking time.
|
|
|
|
RBC inlining has also been extended to symbolic SEXP encoding
|
|
to possibly benefit from its use in BDD based searches.
|
|
|
|
This inlining is not enabled by default since it does not
|
|
provide significant improvements on average, and in some cases
|
|
it results in degraded performance.
|
|
|
|
We remark that inlining might result in a dramatic degrade of
|
|
performances in some cases, depending on the nature and structure
|
|
of the problem.
|
|
|
|
[ABE04] P. A. Abdulla, P. Bjesse and N. Eén: Symbolic
|
|
Reachability Analysis Based on SAT-Solvers. In Proceedings of
|
|
Tools and Algorithms for Construction and Analysis of
|
|
Systems, 6th International Conference, TACAS 2000. Pages
|
|
411-425. Lecture Notes in Computer Science 1785. Springer.
|
|
|
|
- SAT based BMC uses an extended version of the efficient RBC to
|
|
CNF conversion described in [She04]. The new CNF conversion
|
|
leads to smaller CNF than previous one, and to an average
|
|
improvement in verification. Thanks to Daniel Sheridan for the
|
|
preliminary version of the CNF conversion, and to Gavin Keighren
|
|
for the preliminary porting to the new version of NuSMV.
|
|
|
|
[She04] D. Sheridan. The Optimality of a Fast CNF conversion and
|
|
its use with SAT. In Proceedings of the 7th International
|
|
Conference on Theory and Applications of Satisfiability
|
|
Testing (SAT'2004), 10-13 May 2004, Vancouver, BC, Canada.
|
|
|
|
- A patched version of CUDD-2.4.1 is now linked to NuSMV. Previous
|
|
version was a patched version of CUDD-2.3.0.
|
|
|
|
- Minisat2-061208 is now linked to NuSMV. Previous version was
|
|
Minisat-1.14. By default NuSMV now uses the MiniSAT extended
|
|
solver with simplification capabilities enabled.
|
|
|
|
- New version of Zchaff-2007.3.12 can now be optionally linked to
|
|
NuSMV. Previous version was zchaff-2003.12.04.
|
|
|
|
- NuSMV has been ported to 64-bit architectures. It can run and
|
|
compile smoothly on Intel Xeon(TM), AMD Opteron(TM), and Intel
|
|
IA64(TM) architectures.
|
|
|
|
We would like to thank Moshe Vardi, Kim Andrews, Franco M. Bladilo,
|
|
and Jan E. Odegard from Rice University for providing us with
|
|
cray facilities for testing the porting. The Cray computing
|
|
facility at Rice substantially contributed to the completion of
|
|
the 64-bit porting of NuSMV.
|
|
|
|
o User interaction
|
|
|
|
- Variable 'sexp_inlining' is used to enable/disable inlining
|
|
at sexp level. Sexp inlining at the moment is applied only
|
|
when BMC is performed. By default Sexp inlining is disabled.
|
|
|
|
- Option -sin on|off to control new system variable sexp_inlining.
|
|
|
|
- Variable 'rbc_inlining' is used to enable/disable RBC
|
|
inlining before committing a problem to any SAT solver. By
|
|
default RBC inlining is enabled.
|
|
|
|
- Option -rin on|off to control new system variable rbc_inlining.
|
|
|
|
|
|
----------------------------------------------------------------------
|
|
* Bug fixes:
|
|
----------------------------------------------------------------------
|
|
|
|
- Fixed a bug that led to cyclic assignments not being correctly
|
|
detected. Thanks to Michael Whalen <mwwhalen AT
|
|
rockwellcollins com> and Li Zhong <gravityzhong AT gmail
|
|
com> for reporting the bug.
|
|
|
|
- Fixed a critical bug that made the booleanizer cache not take
|
|
into account the contexts of booleanized formulae. Thanks
|
|
to Jori Dubrovin <jdubrovi AT circuit tcs hut fi>, Tommi
|
|
Junttila <Tommi.Junttila AT tkk fi> and Vesa Ojala <vojala
|
|
AT circuit tcs hut fi> for reporting the bug.
|
|
|
|
- Fixed a bug that made ltl2smv fail when expanding DEFINEs
|
|
containing input variables.
|
|
|
|
- Fixed a bug in Incremental SBMC that resulted in false
|
|
counterexamples in some cases if the property involved input
|
|
variables. Thanks to Tommi Junttila <Tommi.Junttila AT tkk fi>
|
|
for reporting the bug and also for providing a fix.
|
|
|
|
- Fixed associativity of some PSL operators that were not
|
|
consistent with the PSL LRM and with the core NuSMV
|
|
grammar. Thanks to Andrea Fedeli <andrea.fedeli AT st com> for
|
|
notifying us of the problem.
|
|
|
|
- Applied bug fixes and cleanups suggested by Felix Rauch Valenti
|
|
<frauch AT cse unsw edu au>. Valenti and others are working on a
|
|
research project in the area of static analysis, i.e. finding
|
|
problems (bugs) in C/C++ source code automatically. The research
|
|
project is called "Goanna" and uses NuSMV as backend. See
|
|
<http://www.ertos.nicta.com.au/research/goanna/>
|
|
|
|
- Fixed trace plugins that were not correctly working
|
|
when words variables were used. Thanks to Vincent Gourcuff
|
|
<vincent.gourcuff AT lurpa ens-cachan fr> for reporting the bug.
|
|
|
|
- Fixed a typo in configure.ac. Thanks to Mark Tuttle
|
|
<mark.r.tuttle AT intel com> for reporting the bug.
|
|
|
|
- Many other bug fixes (see Change Log)
|
|
|
|
|
|
********************** NuSMV 2.4.1 (2006/12/06) **********************
|
|
|
|
This is a minor release that provides to external contributions and
|
|
some extensions to the user interface. Moreover, it fixes many bugs.
|
|
|
|
----------------------------------------------------------------------
|
|
* New features
|
|
----------------------------------------------------------------------
|
|
|
|
o Improvements
|
|
|
|
- Optimized LTL tableau construction (contributed by Stefano
|
|
Tonetta's <tonettas_AT_lu.unisi.ch>) for LTL model checking via
|
|
BDDs. The optimization leads to an improvement of performance of
|
|
about 30% on average. Moreover, minor low-level optimizations
|
|
have been also integrated to the BDD-based LTL model checking,
|
|
e.g., it is now possible to reuse (default) previously
|
|
computated reachable states while combining the model and the
|
|
tableau FSMs.
|
|
|
|
- When building the scalar fsm, variable ordering is now taken
|
|
into account. This is an extension of the contribution by Wendy
|
|
Johnston <wendy_AT_itee.uq.edu.au> that initially extended NuSMV
|
|
to allow the user to specify a "transition relation ordering"
|
|
showing positive effects on the BDD conjunctive partioning. The
|
|
ordering is taken from the BDD variable ordering by default, or
|
|
it is taken from a specific "transition relation ordering"
|
|
provided explicitly by the user through an option.
|
|
|
|
|
|
o System commands
|
|
|
|
- Added options "-f" (force) to the commands
|
|
"build_boolean_model", "bmc_setup", "go", "go_bmc" and
|
|
"process_model". When specified, the new option forces the
|
|
corresponding model construction, even when COI is enabled.
|
|
|
|
- Command 'write_boolean_model' now dumps the "current variable"
|
|
ordering when the dynamic reordering had triggered.
|
|
|
|
- Added command 'check_ctlspec' as an alias of 'check_spec' (that
|
|
becomes deprecated)
|
|
|
|
- Command 'check_pslspec' supports SBMC through new options '-s',
|
|
'-c' and '-N'. See the user manual for further information.
|
|
|
|
|
|
o System variables
|
|
|
|
- Added system variable 'ltl_tableau_forward_search' to enable
|
|
calculation of reachable states set for the LTL tableau FSM.
|
|
|
|
- Added system variable 'trans_order_file' to specify an
|
|
alternative variable ordering to be used for the transition
|
|
relation clusterization.
|
|
|
|
- Renamed system variable 'program_name' to 'program_path' to hold
|
|
the complete path of the executable file that is being
|
|
executed when NuSMV is running.
|
|
|
|
- Added new system variable 'program_name' to hold the system
|
|
("NuSMV") name. The new variable may be used to create new
|
|
interactive programs derived from NuSMV.
|
|
|
|
|
|
o Command line options
|
|
|
|
- Added option '-flt' to enable calculation of reachable states
|
|
set for the LTL tableau FSM (see system variable
|
|
ltl_tableau_forward_search).
|
|
|
|
- Added option "-t <tv_file>" to specify an alternative variable
|
|
ordering to be used for the transition relation clusterization.
|
|
|
|
|
|
o SMV grammar
|
|
|
|
- Added new keyword CTLSPEC as an alias of SPEC (that become
|
|
deprecated).
|
|
|
|
|
|
----------------------------------------------------------------------
|
|
* Bug fixes:
|
|
----------------------------------------------------------------------
|
|
|
|
- Fixed a critical bug in CUDDs that made BDD variable groups
|
|
inconsistent after a reordering.
|
|
|
|
- Fixed a critical bug that affected groups creation in CUDDs
|
|
|
|
- Fixed a critical bug that made booleanization being performed
|
|
even when not needed, both in batch and interactive mode. Notice
|
|
that the interactive mode of version 2.3.1 was also affected.
|
|
|
|
- Assignment of bit selections is explicitly not handled, but
|
|
trapped.
|
|
|
|
- Fixed order of bits in words, that was reversed as the MSB was
|
|
stored at the lowest position.
|
|
|
|
- Bits of scalar variables were not grouped by default.
|
|
|
|
- Operator "mod" may have boolean operands but a warning is emitted.
|
|
|
|
- Dynamic reordering was erroneously disabled and got locked during
|
|
encoding of input variables.
|
|
|
|
- ITE (if-then-else) are now handles natively into PSL.
|
|
|
|
- The command "process_model" no longer creates the boolean model.
|
|
|
|
- Several fixes to the interactive shell when COI is enabled.
|
|
|
|
- Fixed simulation starting from states into traces generated by
|
|
BDD-based LTL model checking. The trace is stripped of the tableau
|
|
variables. Warning: this fix may lead to more fake loops printed
|
|
out when the trace is printed, as states that were different when
|
|
tableau vars were in the trace now may become the same state after
|
|
tableau vars are abstracted.
|
|
|
|
- Disabling re-ordering during some specific actions (commonly
|
|
executed by BMC) to prevent problems when reordering is
|
|
called during the printing of a counterexample.
|
|
|
|
- Fixed distributed examples there were no longer compilable due to
|
|
stronger type checking rules.
|
|
|
|
- Fixed some memory leaks.
|
|
|
|
- Fixed implicit ordering of scalar input variables. Thanks to
|
|
Andrew Miner <asminer_AT_cs.iastate.edu> for reporting this bug.
|
|
|
|
- Fixed type checking of repeated Sere like {id [*N]}
|
|
|
|
- Fixed Unary Minus operator to work on words and general
|
|
expressions.
|
|
|
|
- Many other minor bug fixes (see Change Log)
|
|
|
|
|
|
|
|
|
|
********************** NuSMV 2.4.0 (2006/07/31) **********************
|
|
|
|
This is a major release of NuSMV. Several improvements have been made
|
|
with respect to NuSMV 2.3. The most relevant are:
|
|
|
|
* Major changes
|
|
|
|
- The NuSMV input language has been extended to support the type
|
|
Word to model array of bits, and to allow bitwise logical and
|
|
arithmetic operations over variables of type Word.
|
|
|
|
- Introduced strong typing in order to improve the quality of the
|
|
NuSMV file by eliminating subtle implicit cast that were causing
|
|
problems. A backward compatibility switch disable such checks.
|
|
|
|
- Integrated the Simple Bounded Model Checking [1] and its
|
|
incremental and complete variant [2]. Thanks to Timo Latvala and
|
|
Tommi Junttila.
|
|
|
|
- Deeply restructured the NuSMV internals to provide support for the
|
|
the dynamic creation and removal of new symbols (variables,
|
|
constants, defines) to eliminate critical code within the LTL BDD
|
|
based model checking algorithms, and to facilitate the integration
|
|
of the family of the Simple Bounded Model Checking algorithms
|
|
above.
|
|
|
|
|
|
* User interaction
|
|
|
|
* General improvements
|
|
- Improved the error messages reporting. Line numbers now
|
|
corresponds to the real line number within the input file.
|
|
- Improved the writing of the BDD order file: now it is possible to
|
|
print the bit level order file.
|
|
|
|
* New commands
|
|
- check_ltlspec_sbmc : uses non-incremental algorithm to perform SBMC
|
|
- check_ltlspec_sbmc_inc : uses incremental algorithm to perform SBMC
|
|
- gen_ltlspec_sbmc : generates DIMACS file for SBMC problems
|
|
- print_fsm_stats : substitutes the deprecated command print_clusterinfo
|
|
|
|
* New system variables
|
|
- output_word_format : controls in which base Words constants are
|
|
outputted (during traces, counterexamples, etc, printing).
|
|
- backward_compatibility : disables some new features to garantee
|
|
a better backward compatibility.
|
|
- type_checking_warning_on : controls the notification of warning
|
|
messages generated by the type checker.
|
|
- bmc_sbmc_gf_fg_opt : controls whether the system exploits an
|
|
optimization when performing SBMC on formulae in the form "F G p" or
|
|
"G F p".
|
|
|
|
* New command line options
|
|
- old : disables some new features to garantee a better backward
|
|
compatibility.
|
|
- old_div_op : enables the old semantics of "/" and "mod"
|
|
operations (from version 2.3.0) instead of ANSI C semantics.
|
|
- df : disables the computation of reachable states that is
|
|
enabled by default in version 2.4.0.
|
|
|
|
* Deprecated and no longer supported features
|
|
- The command 'print_clusterinfo' is deprecated (see 'print_fsm_stats')
|
|
- The system variable 'enable_reorder' is no longer available
|
|
|
|
|
|
* Other features
|
|
- A windows installer is provided for Microsoft Windows (TM) users.
|
|
|
|
|
|
* Bug fixes
|
|
- Type checking prevents many bugs there were afflicting previous
|
|
versions to occur.
|
|
- Support of dynamic symbols declaration fixes most of bugs that
|
|
afflicted LTL BDD-based model checking.
|
|
- Determinization variables are now dynamically declared as state
|
|
variables instead of input variables.
|
|
- "G Sequence" is no longer a parsable PSL property.
|
|
- Several bug fixes have been applied to the printers of PSL formulae
|
|
- Fixed re-entrancy of command 'flatten_hierarchy'
|
|
- Fainess condition are now printed correctly
|
|
- Many memory leaks were fixed and numeric overflows.
|
|
- Many other bug fixes (see details in ChangeLog)
|
|
|
|
|
|
|
|
********************** NuSMV 2.3.1 (2005/11/22) **********************
|
|
This is a minor release to fix a critical bug and a bunch of other
|
|
minor bugs. A new command line option "-sat_solver" has been added.
|
|
|
|
* New features
|
|
- NuSMV is now linked to the latest version of MiniSat and zChaff
|
|
Sat solvers:
|
|
- MiniSat version 1.14
|
|
- zChaff version 2004.11.15
|
|
- When available, the MiniSat solver is used by default.
|
|
- Sat solvers like MiniSat and zChaff can be now integrated more
|
|
easily when compiling from sources.
|
|
- The command line option '-sat_solver' allows the user to set
|
|
the default Sat solver to be used by BMC. Many thanks to
|
|
Guido Wimmel <wimmel_AT_in.tum.de> for providing the code to
|
|
handle the new command.
|
|
|
|
* Bug fixes:
|
|
- Fixed a problem with COI when only LTL properties are present
|
|
in the SMV file: the COI structure were wrongly initialized.
|
|
Thanks to Kevin Xuke <xk02_AT_mails.tsinghua.edu.cn> for reporting
|
|
this bug.
|
|
- Fixes on the PSL support:
|
|
- Removed a bug that caused wrong handling for some LTL and SERE
|
|
PSL expressions.
|
|
- Fixed expansion of 'forall' expression.
|
|
- The command 'reset' does not modify input_order and output_order
|
|
variables anymore.
|
|
- The XML trace dumper plugin dumps loops information now.
|
|
- Fixed bug in BddFsm_get_strong_backward_image: the method
|
|
bdd_fsm_get_backward_si_projection computed legal states/input
|
|
without caring for invariants.
|
|
- Other minor bug fixes (see ChangeLog)
|
|
|
|
|
|
********************** NuSMV 2.3.0 (2005/07/15) **********************
|
|
|
|
This is a major release of NuSMV aiming to enable users to specify and
|
|
check properties expressed in PSL -- the Accellera (and upcoming IEEE)
|
|
standard Property Specification Language.
|
|
|
|
PSL is becoming one of the most popular property specification
|
|
languages across the EDA community, both in simulation and in formal
|
|
verification. It is intuitive, and easy to learn, read, and write. In
|
|
a nutshell, PSL extends linear temporal logics with the power of
|
|
regular expressions, and it is thus able to capture all omega-regular
|
|
properties. PSL is defined in four layers:
|
|
|
|
* the Boolean layer allows to write expressions over states.
|
|
|
|
* the Temporal layer uses Boolean expressions to specify behavior over
|
|
time.
|
|
|
|
* the Verification layer consists of directives that specify how tools
|
|
should use temporal layer specifications to verify functionality of
|
|
a design.
|
|
|
|
* the Modeling layer defines the environment within which verification
|
|
is to occur.
|
|
|
|
PSL is defined in various flavors, each corresponding to a particular
|
|
underlying hardware description language. The flavor determines the
|
|
syntax of the Boolean and modeling layers, and allows easy,
|
|
interoperable use of PSL across languages and design flows.
|
|
|
|
This version of NuSMV supports PSL with a new NuSMV flavor, and is
|
|
currently restricted to a subset of the Boolean and Temporal
|
|
layers. More comprehensive support will be implemented in the
|
|
forthcoming releases.
|
|
|
|
This release was developed as part of the activity within the PROSYD
|
|
project (http://www.prosyd.org -- Property-Based System Design), a
|
|
STREP project funded under the VI framework of the IST EU program.
|
|
|
|
* Minor changes
|
|
|
|
- Fixed a bug in the interactive shell that inhibited the possibility
|
|
to introduce and verify new properties to be interpreted and thus
|
|
instantiated within a module declared in the input file.
|
|
|
|
- Fixed a bug in the system interactive command 'check_fsm'.
|
|
|
|
|
|
|
|
********************** NuSMV 2.2.5 (2005/05/05) **********************
|
|
|
|
This is a minor release to fix a critial bug and a bunch of other
|
|
minor bugs. Also, the usability of command line option "-load" has
|
|
been improved.
|
|
|
|
* Commands and options:
|
|
- The command line option '-load' now forces the interactive mode,
|
|
even if option '-int' is not specified.
|
|
|
|
|
|
* Bug fixes:
|
|
- Fixed a critical bug that prevented the model from being built
|
|
correctly when the interactive mode was used. This bug did not
|
|
affect the batch mode at any rate.
|
|
- Fixed an overflow error in the interactive simulator.
|
|
Thanks to Alessandro Saiani for reporting the the bug.
|
|
- Fixed the setting of system variables for reachable states
|
|
computation in interactive mode, during system initialization.
|
|
- Fixed several memory leaks and wrong string manipolations.
|
|
- Fixed parsing of end-of-line under Windows within ltl2smv.
|
|
Thanks to H. Peter Gumm for the bug report.
|
|
- Other minor bug fixes (see ChangeLog for details)
|
|
|
|
|
|
|
|
********************** NuSMV 2.2.4 (2005/03/17) **********************
|
|
|
|
This is a minor release. One critical bug has been fixed, as well as a
|
|
few other minor bugs. Furthermore, some commands have been enriched
|
|
with new options, and a few new system variables have been added.
|
|
|
|
* Commands and system variables:
|
|
- Enriched commands:
|
|
* write_order supports dumping of bits (option -b).
|
|
* echo supports file redirection (options -o and -a).
|
|
|
|
- Added new system variables:
|
|
* write_order_dumps_bits: to globally control the way the
|
|
command write_order dumps encoded variables.
|
|
|
|
* on_failure_script_quits: to control the behaviour of the command
|
|
interpreter when a non-fatal error occurs.
|
|
|
|
* Bug fixes:
|
|
- Fixed a critical bug in the simulator that was affecting both
|
|
the random and deterministic modalities, not the interactive
|
|
mode.
|
|
- In commands pick_state and simulate the option -a had a wrong
|
|
semantics.
|
|
- The command check_fsm wrongly printed out inputs instead of only
|
|
state variables while printing deadlock states.
|
|
- Other non-user side fixes and improvements. See ChangeLog for
|
|
further details.
|
|
|
|
|
|
|
|
********************** NuSMV 2.2.3 (2004/12/29) **********************
|
|
|
|
This is a minor release. A few bug fixes have been made, and some new
|
|
features have been implemented.
|
|
|
|
* Improvements
|
|
- ltl2smv is now invoked internally instead of as an external program.
|
|
As result, it is not necessary to specify path to ltl2smv anymore.
|
|
- Improved performances of boolean and BE conversions by caching results.
|
|
- Improved performances of CNF conversion.
|
|
- Fixed syntactical errors within a few distributed SMV files.
|
|
|
|
* Bug fixes:
|
|
- Fixed bugs in memoizing of formulas during conversion of SEXP to BEXP.
|
|
- Fixed several bugs concerned with memory leaks and incorrent
|
|
memory access.
|
|
- Fixed bugs in DIMACS dumping.
|
|
- Scalar variables with range 0..1 are now considered as boolean
|
|
variables.
|
|
- Relaxed a few too strong assertions that prevented NuSMV to
|
|
compile some correct SMV files.
|
|
|
|
|
|
|
|
********************** NuSMV 2.2.2 (2004/08/06) **********************
|
|
|
|
This is a minor release.
|
|
Incremental algorithms for Bounded Model Checking have been
|
|
integrated, and a new generic interface to Sat solvers (incremental
|
|
and non-incremental) has been implemented.
|
|
Furthermore, a few bugs that afflicted previous versions have been
|
|
fixed.
|
|
|
|
* Features:
|
|
- Added support for MiniSat solver.
|
|
- New generic interface for incremental and non-incremental sat
|
|
solvers. Interfaces for Sim, ZChaff and Minisat have been
|
|
implemented.
|
|
- New algorithms for checking of invariants and LTL properties via
|
|
Bounded Model Checking:
|
|
* for checking of LTL properties via incremental sat.
|
|
* "een-sorensson" for invariants via non-incremental sat.
|
|
* "dual" and "zigzag" for invariants via incremental sat. See
|
|
the paper "Temporal induction by incremental SAT solving" by
|
|
Niklas Een and Niklas Sorensson for further information.
|
|
|
|
Many thanks to Tommi Junttila <junttila_AT_fbk.eu> for having
|
|
provided the first working prototype.
|
|
|
|
* Commands and system variables:
|
|
- Implemented new commands:
|
|
* check_ltlspec_bmc_inc
|
|
* check_invar_bmc_inc
|
|
|
|
- Added option -a to the command check_invar_bmc (to specify
|
|
algorithm to be used)
|
|
|
|
- Added new system variables:
|
|
* bmc_invar_alg: used to choose algorithm for non-incremental
|
|
invariant checking.
|
|
* bmc_inc_invar_alg: used to choose algorithm for incremental
|
|
invariant checking.
|
|
|
|
- Removed file extension ".dimacs" from default values assigned to
|
|
system variables:
|
|
* bmc_dimacs_filename
|
|
* bmc_invar_dimacs_filename
|
|
|
|
* Improvements
|
|
- Improved booleanization of scalar expressions in bmc. Thanks to
|
|
Angela Pappagallo <angela_pappagallo_AT_yahoo.it>.
|
|
- Improved usability of commands in bmc interactive mode.
|
|
|
|
* Bug fixes:
|
|
- Fixed several bugs of user commands for bmc.
|
|
- Fixed a bug that occurred when instantiating more than once
|
|
a variable whose range was containing one value only. Thanks to
|
|
Charles Pecheur <pecheur_AT_email.arc.nasa.gov>.
|
|
- Fixed a bug in the model checking code that caused assertion
|
|
violation due to a missing intersection with fair states while
|
|
starting computing counter-examples. Thanks to Charles Pecheur
|
|
<pecheur_AT_email.arc.nasa.gov>.
|
|
- Fixed wrong behavior of option -r in batch mode: only the number
|
|
of reachable states is printed out now.
|
|
- Fixed wrong allocation when sat solvers but SIM were called
|
|
internally.
|
|
- Other minor bug fixes (see ChangeLog for details)
|
|
|
|
********************** NuSMV 2.2.1 (2004/06/23) **********************
|
|
|
|
This is a minor release. A few bug fixes have been made.
|
|
|
|
* Bug fixes
|
|
- Preprocessors invocation under Windows
|
|
- Dynamic reordering works now properly.
|
|
- Fixed a missing check of assignment of input variables, when
|
|
arrays were used.
|
|
- Variables are currently declared with the same order as 2.1.x
|
|
series.
|
|
- Fixed behavior of cmd line option '-o filename'.
|
|
|
|
* Contributions
|
|
- Added examples/m4 directory containing a bunch of m4 examples,
|
|
kindly provided by Roger Villemaire <villemaire.roger_AT_uqam.ca>.
|
|
- Added contrib/nusmv-mode.el an (X)Emacs major-mode for editing and
|
|
running NuSMV sources, kindly provided by Roger Villemaire
|
|
<villemaire.roger_AT_uqam.ca>.
|
|
|
|
* Known bugs/problems
|
|
- NuSMV launched with -cpp option and no input file falls into
|
|
segfault.
|
|
- Under Windows, the usage of multiple preprocessors will make
|
|
NuSMV hang.
|
|
|
|
********************** NuSMV 2.2.0 (2004/06/10) **********************
|
|
|
|
This is a major release of NuSMV. Several improvements have been made
|
|
with respect to NuSMV 2.1. The most relevant are:
|
|
|
|
* Major changes
|
|
|
|
- Input variables are now interpreted as labels over transitions in
|
|
the Kripke structure. This solves several problems, including
|
|
incorrect behaviors with processes.
|
|
|
|
- Improved multiple FSM management, with APIs to enable
|
|
composition. Improved management of encodings from scalar
|
|
variables to the boolean space, with API to enable merging of
|
|
encodings and other functionalities.
|
|
|
|
- Packages and sub-packages have been introduced to represent the
|
|
most significant data structures. Each package comes with a
|
|
library, that can be linked separately from the rest of the
|
|
system. New packages include different representations of FSM
|
|
(i.e. Sexp, BDD, RBC), and Encodings.
|
|
|
|
- Traces can be exported in different formats: textual (original),
|
|
TAB separated list (to simplify import in spreadsheets), XML (for
|
|
web browsing). Traces in XML format can also be imported and
|
|
validated.
|
|
|
|
- Improved BDD variable ordering. The reordering process can now
|
|
work at the level of the boolean variables used to encode scalar
|
|
variables, and the ordering file can directly refer to boolean
|
|
variables. This may result in more compact BDDs (e.g. for
|
|
formulae like x = y). Thanks to Dan Sheridan
|
|
<dan.sheridan_AT_contact.org.uk> for the contribution.
|
|
|
|
|
|
* User Interaction
|
|
|
|
- Input files can now be preprocessed with multiple preprocessors
|
|
(e.g. cpp, m4); the invocation order can be defined by the
|
|
user. Thanks to Roger Villemaire <villemaire.roger_AT_uqam.ca> for
|
|
the interface with m4.
|
|
|
|
- Trans type "Conjunctive" has been replaced by "Threshold" and is
|
|
no longer supported.
|
|
|
|
- Improved interactive simulator. In the choice of next states,
|
|
duplicated entries are no longer present, and a distinction
|
|
between state variables and input variables is enforced. Thanks to
|
|
Anthony Wilder <anthony.wilder_AT_roke.co.uk> for the contribution.
|
|
|
|
- Added some command line options: "-dcx", to disable
|
|
counter-example generation for false properties; "-pre", to
|
|
specify a list of pre-processors to be applied to the input file.
|
|
|
|
|
|
* Bounded Model Checking
|
|
|
|
- Improved the RBC package by introducing some new simplifications.
|
|
Improved the algorithm for the generation of the CNF. Thanks to
|
|
T. Junttila <Tommi.Junttila_AT_hut.fi> for the contribution.
|
|
|
|
|
|
* Porting and Other
|
|
|
|
- Porting under Mac OS X (see section 3 - Mac OS X in the file
|
|
README_PLATFORMS for details).
|
|
|
|
- Native compilation under windows using MinGW
|
|
(http://www.mingw.org/). This eliminates the requirement for
|
|
cygwin (http://www.cygwin.com) (see section 4 - Microsoft Windows
|
|
in the file README_PLATFORMS for details).
|
|
|
|
- Integration with the new version of zchaff 2003.12.04
|
|
(http://www.princeton.edu/~chaff/zchaff.html);
|
|
|
|
- Removed dependency on the tokens generated by yacc.
|
|
|
|
|
|
* Documentation
|
|
|
|
- The user manual of version 2.1 has been split in two parts: a user
|
|
manual and a tutorial.
|
|
|
|
- The user manual has been updated to describe new commands and
|
|
functionalities.
|
|
|
|
|
|
* New restrictions
|
|
|
|
- Input variables can occur in LTL formulae and in fairness
|
|
conditions. However, they are no longer allowed within CTL and
|
|
invariant properties.
|
|
|
|
- The body of DEFINEd symbols can no longer refer to next value of
|
|
any variable.
|
|
|
|
|
|
* Bug fixes
|
|
|
|
- Fixed problems related to wrong results in presence of processes.
|
|
|
|
- Fixed problems in the check for recursive definitions.
|
|
|
|
- Removed BDD memory leaks in the code for dealing with LTL under
|
|
full fairness.
|
|
|
|
|
|
* Performance
|
|
|
|
- The regression test w.r.t. version 2.1.2 pointed out an
|
|
improvement in the performances of the model checking algorithms
|
|
(BDD and SAT) in the majority of the considered cases.
|
|
|
|
|
|
* Known bugs/problems
|
|
|
|
- Some temporal formulae containing a "liberal" interpretation of
|
|
truth values (e.g. "(AX p) = (AX q)") are correctly parsed, but
|
|
may cause an internal error. A restriction will be enforced in the
|
|
next releases.
|
|
|
|
- In some cases, a significant degradation in performance of the SIM
|
|
sat solver was noticed as a consequence of the new RBC package and
|
|
the CNFization algorithm. The precise cause of the degradation is
|
|
being investigated (notice that zchaff benefits from the changes).
|
|
|
|
- Pressing Ctrl-C under Microsoft Windows Operating Systems within
|
|
the interactive shell will cause unpredictable behavior.
|
|
|
|
|
|
********************** NuSMV 2.1.2 (2002/11/22) **********************
|
|
|
|
This is a bug fix release that solves a problem occurring on NuSMV
|
|
release 2.1.1 while checking for recursive definitions. Many thanks to
|
|
Yunja Choi for the bug report.
|
|
|
|
********************** NuSMV 2.1.1 (2002/11/08) **********************
|
|
|
|
This is a bug fix release that solves some problems showed by previous
|
|
releases.
|
|
|
|
* Generic
|
|
- fixed a problem in the checking for recursive definitions that
|
|
allowed to parse assignments with dependencies not broken by a
|
|
time delay. (affected file nusmv/src/compile/compileCheck.c)
|
|
|
|
- fixed a problem in the encoding that caused NuSMV to exit with an
|
|
error when the BDD dynamic variable ordering was enabled. Many
|
|
thanks to Yunja Choi for the bug report. (affected file
|
|
nusmv/src/compile/compileEncode.c)
|
|
|
|
* BMC tableau generator
|
|
- fixed a bug in the tableau generator that erroneously ignored
|
|
NuSMV invariants in path of length 0. (affected file
|
|
nusmv/src/bmc/bmcModel.c)
|
|
|
|
- improved the performances of the Past LTL tableau generator.
|
|
(affected file nusmv/src/bmc/bmcTableauPLTLformula.c)
|
|
|
|
* Documentation
|
|
- improved the user manual. Thanks to Thomas Wahl for signaling us
|
|
the ambiguities. (affected file nusmv/doc/user-man/nusmv.texi)
|
|
|
|
- fixed a problem in the on-line documentation of the
|
|
write_boolean_model command. Many thanks to Andrea Fedeli for the
|
|
bug report. (affected file nusmv/src/compile/compileCmd.c)
|
|
|
|
* Parsing
|
|
- fixed a problem in the lexical analyzer in the parsing of very
|
|
long comments. (affected file src/parser/input.l)
|
|
|
|
- not recognized preprocessor macros now cause a parsing error.
|
|
(affected file src/parser/input.l)
|
|
|
|
********************** NuSMV 2.1.0 (2002/07/03) **********************
|
|
|
|
This is a major release of NuSMV. Several improvements have been done
|
|
with respect to NuSMV 2.0. The most relevant are:
|
|
|
|
* New functionalities
|
|
|
|
- Past LTL
|
|
|
|
Now LTL properties can also include *past* temporal operators.
|
|
Differently from standard temporal operators, that allow to
|
|
express properties over the future evolution of the FSM, past
|
|
temporal operators allow to characterize properties of the path
|
|
that lead to the current situation.
|
|
|
|
Past LTL temporal operators are supported both in BDD-based Model
|
|
Checking and in Bounded Model Checking of LTL specifications. The
|
|
extended LTL to SMV tableau translator for the past fragment of LTL
|
|
has been contributed by Ariel Fuxman <afuxman_AT_cs.toronto.edu>.
|
|
|
|
- Full Fairness
|
|
|
|
Now NuSMV supports two types of fairness constraints, namely the
|
|
weak fairness, or "justice", constraints and the strong fairness,
|
|
or "compassion", constraints.
|
|
|
|
A justice constraint consists of a formula f which is assumed to
|
|
be true infinitely often in all the fair paths. A compassion
|
|
constraint consists of a pair of formulas (p,q); if property p is
|
|
true infinitely often in a fair path, then also formula q has to
|
|
be true infinitely often in the fair path.
|
|
|
|
Old versions of NuSMV supports only weak fairness. In the current
|
|
version of NuSMV, compassion constraints are supported only for
|
|
BDD-based LTL model checking. The strong fairness model checking
|
|
algorithm for LTL specifications has been contributed by
|
|
Rik Eshuis <eshuis_AT_cs.utwente.nl>.
|
|
|
|
We plan to add support for compassion constraints also for CTL
|
|
specifications and in Bounded Model Checking in the next releases
|
|
of NuSMV.
|
|
|
|
- ZCHAFF SAT solver
|
|
|
|
The new version of NuSMV allows for the usage of the ZCHAFF
|
|
library as the SAT solver in Bounded Model Checking.
|
|
|
|
ZCHAFF is a very strong state-of-the-art SAT solver developed by
|
|
the Princeton University. ZCHAFF won the SAT 2002 Competition as
|
|
the Best Complete Solver in both industrial and handmade
|
|
benchmarks categories. ZCHAFF has also shown a consistent speed-up
|
|
in the solution of Bounded Model Checking problems.
|
|
|
|
* Architecture
|
|
|
|
Several aspects of the NuSMV architecture have been improved.
|
|
|
|
- We have improved the management of the Conjunctive Partitioning
|
|
management of transition relations. With respect to old versions
|
|
of NuSMV, the new code is more modular and easier to extend.
|
|
|
|
- The Bounded Model Checking code has undergone a general revision.
|
|
In particular:
|
|
- the file organization of the bmc package has been improved
|
|
in order to enhance readability and extensibility;
|
|
- a generic interface to Boolean Expression Managers has been
|
|
added; it is now possible to replace the current manager of
|
|
boolean expressions (RBC) with more advance managers (e.g., BED);
|
|
- a generic interface to SAT solvers gas been defined; this
|
|
makes it easier to add support for new SAT solvers in NuSMV.
|
|
|
|
* Documentation
|
|
|
|
- We have updated the user manual with the new features of NuSMV 2.
|
|
Moreover, we have added to the manual a tutorial that covers
|
|
the basic functionalities on NuSMV.
|
|
|
|
* Bug fixes
|
|
|
|
Several bug fixes and minor enhancements have been done.
|
|
|
|
|
|
********************** NuSMV 2.0.3 (2002/03/27) **********************
|
|
|
|
- Fixed important bug in the management of the BDD-based
|
|
representation of the Finite State Machines. This bug
|
|
lead to an assertion failure in the case properties were
|
|
checked using the cone-of-influence reduction.
|
|
|
|
Many thanks to Yunja Choi for the bug report.
|
|
|
|
(Affected files: nusmv/src/compile/compile.h,compileCmd.c,
|
|
compileStruct.c,compileUtil.c, nusmv/src/prop/propProc.c,
|
|
nusmv/src/sm/smMisc.c)
|
|
|
|
- Fixed bug in the "reset: routine of the interactive shell.
|
|
The reachable states were not freed during the reset, thus
|
|
leaving garbage information that lead to failures in
|
|
the following commands.
|
|
(Affected files: nusmv/src/sm/smCmd.c)
|
|
|
|
- Fixed a memory leak in some routines added to the CUDDs to fulfill
|
|
the needs of NuSMV. (Affected files: cudd-2.3.0.1/cudd/cuddAddOp.c,
|
|
cuddBddOp.c)
|
|
|
|
- Extended printing routines to new operators XOR and XNOR.
|
|
(Affected files: nusmv/src/node/nodePrint.c,nodeWffPrint.c)
|
|
|
|
- Enhanced CUDD routine that extracts the symbolic representation of BDDs.
|
|
(Affected files: cudd-2.3.0.1/cudd/cuddBddOp.c)
|
|
|
|
********************** NuSMV 2.0.2 (2002/01/30) **********************
|
|
|
|
- Fixed important bug in the optimized tableau construction of
|
|
SAT-based Bounded Model Checking engine. This bug lead to an
|
|
"assertion fail" in the verification of formulas "p U q".
|
|
(Affected files: nusmv/bmc/bmcModel.c)
|
|
|
|
- Fixed minor bug in main routine of the batch verification: now the
|
|
BDD master FSM is not built in the case of SAT-based Bounded Model
|
|
Checking. This fix permits a substantial gain in performance in the
|
|
case of Bounded Model Checking. (Affected files: nusmv/sm/smMisc.c)
|
|
|
|
- Disabled printing of memory/cpu statistics under cygwin. This
|
|
fix allows for a clean compilation of NuSMV also on windows
|
|
platforms. (Affected files: cudd-2.3.0.1/util/cpu_stats.c)
|
|
|
|
- Minor upgrades in the documentation and in the Makefile.
|
|
|
|
********************** NuSMV 2.0.1 (2001/11/14) **********************
|
|
|
|
This is a bug fix release that solves a problem occurring on SunOS systems.
|
|
Nothing relevant changes in the Linux version.
|
|
|
|
Many thanks to Rik Eshuis for the bug report.
|
|
|
|
********************************************************************** |