|Developer(s)||FBK-irst (Trento, Italy), CMU (Pittsburgh, PA), The University of Genova (Italy), The University of Trento (Italy)|
2.6.0 / October 14, 2015
|Written in||ANSI C|
|Operating system||Linux, Mac OS X, Microsoft Windows|
NuSMV is a reimplementation and extension of SMV symbolic model checker, the first model checking tool based on Binary Decision Diagrams (BDDs). The tool has been designed as an open architecture for model checking. It is aimed at reliable verification of industrially sized designs, for use as a backend for other verification tools and as a research tool for formal verification techniques.
NuSMV 2, version 2 of NuSMV, inherits all the functionalities of NuSMV. Furthermore, it combines BDD-based model checking with SAT-based model checking. It is maintained by Fondazione Bruno Kessler, the successor organization of ITC-IRST.
Running NuSMV Interactively
The interaction shell of NuSMV is activated from the system prompt as follows:
system_prompt> NuSMV -int <RET> NuSMV> go NuSMV>
NuSMV first tries to read and execute commands from an initialization file if such file exists and is readable unless -s is passed on the command line. File master.nusmvrc is looked for in directory defined in environment variable NUSMV _LIBRARY_PATH or in default library path if no such variable is defined. If no such file exists, user's home directory and current directory will also be checked. Commands in the initialization file are executed consecutively. When initialization phase is completed the NuSMV shell is displayed and the system is now ready to execute user commands.
A NuSMV command usually consists of a command name and arguments to the invoked command. It is possible to make NuSMV read and execute a sequence of commands from a file, through the command line option -source:
system_prompt> NuSMV -source cmd_file <RET>
Running NuSMV batch
When the -int option is not specified, NuSMV runs as a batch program, which is with the form as follows:
system_prompt> NuSMV [command line options] input_file <RET>
Checking for LTL specification or CTL specification
CTLSPEC EF(proc5.state = critical);
This specification checks if there exists an execution path such that the state of process 5 is critical at some point. User can check to see if their model holds for this specification using the following commands.
system_prompt> NuSMV [command line options] input_file <RET> NuSMV> go NuSMV> check_ctlspec
If the specification is true, NuSMV will inform you with
-- specification EF proc5.state = critical is true >NuSMV
However, if the specification fails at some state, NuSMV will return a full trace of execution showing how it fails.
- Spin Model Checker a general model checker for asynchronous software systems
- CADP (Construction and Analysis of Distributed Processes), a toolbox for the formal design of asynchronous concurrent systems
- K.L. McMillan. Symbolic model checking. In Kluwer Academic Publ.,1993.
- A. Biere, A. Cimatti, E. Clarke, and Y. Zhu. Symbolic model checking without bdds. In Tools and Algorithms for Construction and Analysis of Systems, In TACAS’99, March 1999.