source: vis_dev/vis-2.3/NEWS @ 101

Last change on this file since 101 was 14, checked in by cecile, 13 years ago

vis2.3

File size: 66.9 KB
RevLine 
[14]1VIS NEWS                                        -*-indented-text-*-
2  History of user-visible changes.
3
4Please sent bug reports to vis-users@colorado.edu.  Please let us know what
5version of VIS you are running and what architecture you are running it on.
6
7======================================================================
8Version 2.3
9
10Release 2.3 of VIS improves VIS 2.2 in the following areas:
11
12* Builds with bison 2.4.1 and gcc 4.4.1
13
14* Supports cusp-1.1 as external SAT solver for bounded model checking
15  instead of zchaff
16
17* Bug fixes
18
19======================================================================
20
21Version 2.2
22
23Release 2.2 of VIS improves VIS 2.1 in the following areas:
24
25* Compiles with gcc 4.3 and bison 2.3
26* Supports both 64-bit and 32-bit compilation on x86_64 machines
27* Allows the use of up to 4 GB of memory with 32-bit pointers
28  (previously 2 GB)
29* improved vl2mv produces smaller blif-MV files
30* vl2mv 2.2 drops support of obsolete output formats (e.g., Shift)
31* Support for weak until operator in both CTL and LTL
32* Improved node matching for combinational equivalence (comb_verify)
33* Fixed bug in the translation of LTL properties to Buechi automata
34* New command write_network_blif_mv
35* faster flatten_hierarchy
36* new functions mdd_array_dump_dot mdd_array_print_cover make
37  debugging easier
38* CUDD 2.4.2
39* vis-verilog-models-1.2
40
41======================================================================
42
43Version 2.1
44
45Release 2.1 of VIS improves VIS 2.0 in the following areas:
46
471. Revamped Bounded Model Checker with efficient termination criteria
482. Grab and Puresat algorithms for invariant checking based on
49   abstraction refinement
503. DnC algorithm for language emptiness check based on abstraction
51   refinement
524. CirCUs SAT solver.
535. Fate and Free Will algorithm for the analysis of counterexamples
546. Vacuity detection for CTL
557. Coverage estimation for CTL
568. Far Side algorithm for image computation
579. CUDD 2.4.1
5810. Miscellaneous
59
60
61Bounded Model Checking
62----------------------
63
64BMC in VIS 2.1 is much faster than it was in VIS 2.0.  The
65construction of the circuit data structure, the encoding of the
66property, the use of a faster SAT solver all have contributed to this
67improvement.
68
69BMC in VIS 2.1 can prove properties rather than just falsifying them.
70The following sequence of commands is used to perform bounded model
71checking with termination check:
72
73  read_blif_mv model.mv
74  flatten_hierarchy
75  build_partition_maigs
76  bounded_model_check -k 10 -r 2 model.ltl
77
78The termination check will be performed every other step.  The
79construction of the MDDs is not needed if termination check is needed
80for invariant properties only.  For details on the stopping criteria,
81see
82
83M. Awedh and F. Somenzi, "Proving More Properties with Bounded Model
84Checking," CAV 2004, pp. 96-108, LNCS 3114.
85
86Other new options to the bounded_model_check command allow one to
87control the formula encoding, the solver to be applied (CirCUs or
88zChaff) and, for the former, the incremental solving algorithm.
89
90A new command ltl2snf allows one to translate an LTL formula to
91separation normal form.
92
93
94Abstraction Refinement for Invariants
95-------------------------------------
96
97The check_invariant command allows the user the choice of one of two
98abstraction refinement algorithms for invariants.  The Grab algorithm
99uses BDD-based model checking on the abstract model and SAT for
100counterexample concretization check.  Its refinement strategy is
101game-theoretic.  It is run as follows:
102
103  read_blif_mv model.mv
104  flatten_hierarchy
105  build_partition_maigs
106  check_invariant -A3 model.inv
107
108By default, grab enables dynamic variable reordering for the abstract
109model.  One can override this behavior by explicitly building
110partition MDDs.  For details of the algorithm, see
111
112C. Wang, B. Li, H. Jin, G. D. Hachtel, and F. Somenzi, "Improving
113Ariadne's Bundle by Following Multiple Threads in Abstraction
114Refinement," ICCAD 2003, pp. 408-415.
115
116The puresat algorithm uses SAT as the only decision procedure for both
117abstract and concrete model.  It analyzes the proofs of
118unsatisfiability to produce refinements.  It is invoked as follows:
119
120  read_blif_mv model.mv
121  flatten_hierarchy
122  build_partition_maigs
123  check_invariant -A4 model.inv
124
125The algorithm is described in
126
127B. Li, C. Wang, and F. Somenzi, "Abstraction Refinement in Symbolic
128Model Checking Using Satisfiability as the Only Decision Procedure,"
129STTT, vol.7, n. 2, pp. 143-155.
130
131
132Abstraction Refinement for Language Emptiness
133--------------------------------------------
134
135The lang_empty command has a new option that runs the "Divide and
136Compose" (DnC) algorithm described in
137
138C. Wang, R. Bloem, G. D. Hachtel, K. Ravi, and F. Somenzi, "Divide and
139Compose: SCC Refinement for Language Emptiness", CONCUR 2001,
140pp. 456-471, LNCS 2154.
141
142The algorithm, which is based on refinement of the strongly connected
143components of the model, is invoked as follows:
144
145  read_blif_mv model.mv
146  init_verify
147  lang_empty -A 1
148
149
150CirCUs SAT solver
151-----------------
152
153VIS 2.1 includes the SAT solver CirCUs, a short description of which
154can be found in
155
156H. Jin, M. Awedh, and F. Somenzi, "CirCUs: A Satisfiability Solver
157Geared Towards Bounded Model Checking," CAV 2004, pp. 519-522, LNCS
1583114.
159
160CirCUs is an incremental SAT solver that accepts input in either
161circuit or CNF form.  It is the default solver for bounded model
162checking and abstraction refinement algorithms.  It can also be
163invoked from the VIS prompt as a stand-alone CNF SAT solver on a set
164of clauses described in DIMACS format:
165
166  cnf_sat input.cnf
167
168
169Fate and Free Will Algorithm
170----------------------------
171
172The counterexamples produced by model_check and check_invariant can be
173optionally generated with the Fate and Free Will algorithm of
174
175H. Jin, K. Ravi, and F. Somenzi, "Fate and Free Will in Error Traces,"
176STTT, vol. 6, n. 2, pp. 102-116.
177
178This algorithm is only available when vis is linked with the cu BDD
179package.  It assumes a partition of the inputs into variables
180controlled by the environment and variables controlled by the system,
181and divides a counterexample into fated and free segments.  In a fated
182segment, the values of the variables controlled by the environment
183suffice to impose progress toward violation of the property.  In a
184free segment, the other variables are also required.
185
186To run the Fate and Free Will algorithm, one prepares a file with the
187inputs that the system controls.  For a failing invariant, the
188invocation is like this:
189
190  read_blif_mv model.mv
191  init_verify
192  check_invariant -d1 -i -w system_inputs
193
194The last command is replaced by
195
196  model_check -d2 -i -w system_inputs
197
198for a CTL property.  The -W option can be used to assign all inputs to
199the system, while the -G option invokes a variant of the algorithm.
200
201
202Vacuity Detection for CTL
203-------------------------
204
205VIS 2.1 implements two algorithms for the detection of vacuity in CTL
206model checking.  A formula passes vacuously if it can be strengthened
207by replacement of one of its subformulae with "bottom" and still pass.
208Likewise, a formula fails vacuously if it can be weakened by
209replacement of one of its subformulae with "top" and still fail.
210
211The algorithm of Beer et al. (CAV 97) is invoked with the -B option as
212follows:
213
214  read_blif_mv model.mv
215  init_verify
216  model_check -B model.ctl
217
218This algorithm applies to a subset of ACTL and considers only passing
219properties.  If an error trace is requested with -d, in case of
220vacuous pass, an interesting witness is produced.
221
222The second algorithm for vacuity detection is an extension of the one
223describe in
224
225M. Purandare and F. Somenzi, "Vacuum Cleaning CTL Formulae," CAV 2002,
226pp. 485-499, LNCS 2404.
227
228This algorithm applies a thorough vacuity detection to all of CTL and
229to both passing and failing properties.  With -d, it produces
230interesting witnesses for passing properties and interesting
231counterexamples for failing ones.
232
233The current implementation is limited in its treatment of the
234operators <-> (equivalence) and ^ (exclusive or).
235
236
237Coverage Estimation for CTL
238---------------------------
239
240VIS 2.1 provides two algorithms for coverage estimation in CTL model
241checking.  Both are invoked with options passed to the model_check
242command.
243
244The first algorithm is the one of Hoskote et al. (DAC 1999).  It
245applies to a subset of ACTL.  The option is -C.  The second algorithm
246is an improved version of the same described in
247
248N. Jayakumar, M. Purandare, and F. Somenzi, "Dos and Don'ts of CTL
249State Coverage Estimation," DAC 2003, pp. 292-295.
250
251To invoke the improved coverage estimation algorithm one writes:
252
253  read_blif_mv model.mv
254  init_verify
255  model_check -I model.ctl
256
257
258Far Side Algorithm for Image Computation
259----------------------------------------
260
261By setting image_farside_method to 1, a user of VIS 2.1 can invoke the
262Far Side approach to image computation which applies a compositional
263method based on don't cares to speed up reachability analysis.  The
264algorithm is described in
265
266C. Wang, G. D. Hachtel, and F. Somenzi, "The Compositional Far Side of
267Image Computation," ICCAD 2003, pp. 334-340.
268
269See the documentation of the "set" command for the details.
270
271
272CUDD 2.4.1
273----------
274
275VIS-2.0 includes CUDD 2.4.1.  Compared to the version that was
276included in VIS-2.0, the new version has faster grabage collection,
277provides improved support for C++ compilation, contains a number of
278bug fixes and several new functions, including functions for the
279manipulation of prime implicants of a function.
280
281
282Miscellaneous
283-------------
284
285* Glu and vis can be built using g++ as compiler by configuring as
286  follows:
287
288  ./configure --enable-gcc=g++
289
290* The code in glu has gone through another round of rejuvenation.
291  This process allows vis to be built with recent versions of gcc (3.3
292  and later) without producing any type-punning warning.
293
294* Two bugs have been fixed in early termination detection in CTL model
295  checking.
296
297* A bug has been fixed in the treatment of multi-valued inputs.
298
299* Vis no longer crashes when compute_reach is invoked with the -i
300  option.
301
302* Timeout values for model_check, check_invariant, and lang_empty are
303  now in CPU time instead of elapsed time.  This is beneficial when
304  running regression tests in the presence of other processes.
305
306* The ctime command is no longer supported.
307
308
309======================================================================
310
311Version 2.0
312
313Release 2.0 of VIS improves VIS 1.4 in the following areas:
314
3151. LTL model checking
3162. SAT-based Bounded Model Checking (BMC)
3173. Minimum Lifetime Permutation (MLP) algorithm for conjuction scheduling
3184. Generalized SCC Hull (GSH) algorithm for greatest fixpoint
319   computation
3205. Lockstep algorithm for language emptiness
3216. Built-in regression test facility
3227. CUDD 2.3.2
3238. Miscellaneous
324
325
326LTL model checking
327------------------
328
329VIS-2.0 has a new command ltl_model_check that model checks LTL
330formulae.  The syntax for LTL is quite similar to that used for CTL.
331Another new command, ltl_to_aut, translates LTL formulae into Buechi
332automata.
333
334
335SAT-Based Bounded Model Checking
336--------------------------------
337
338VIS-2.0 has a new command bounded_model_check for bounded LTL model
339checking.  The SAT solver zchaff (http://www.ee.princeton.edu/~chaff/)
340must be in the executable path for this command to work.  The following
341sequence of commands is used to perform bounded model checking:
342
343  read_blif_mv model.mv
344  flatten_hierarchy
345  build_partition_maigs
346  bounded_model_check -k 10 model.ltl
347
348where "-k 10" specifies the bound on the length of the counterexample.
349
350
351Minimum Lifetime Permutation (MLP) Algorithm for Conjuction Scheduling
352----------------------------------------------------------------------
353
354The MLP algorithm can considerably speed up image computations.  It is
355selected by typing
356
357  set image_method mlp
358
359For details on the algorithm, see
360
361I-H. Moon, G. D. Hachtel, and F. Somenzi, "Border-Block Triangular
362Form and Conjunction Schedule in Image Computation," FMCAD 2000,
363pp. 73-90, LNCS 1954.
364
365
366Generalized SCC Hull (GSH) Algorithm for Greatest Fixpoint Computation
367----------------------------------------------------------------------
368
369The commands model_check, ltl_model_check, and lang_empty use a new
370algorithm for greatest fixpoint computations.  This algorithm has
371different "schedules" that can be controlled with the -S option.  For
372details on the algorithm, see
373
374K. Ravi, R. Bloem, and F. Somenzi, "A Comparative Study of Symbolic
375Algorithms for the Computation of Fair Cycles," FMCAD 2000,
376pp. 143-160, LNCS 1954.
377
378F. Somenzi, K. Ravi, and R. Bloem, "Analysis of Symbolic {SCC} Hull
379Algorithms," FMCAD 2002, To appear.
380
381
382Lockstep Algorithm for Language Emptiness
383-----------------------------------------
384
385In VIS-2.0, the commands ltl_model_check and lang_empty can use the
386lockstep algorithm to perform the language emptiness check.  The use
387of the lockstep algorithm as an alternative to the GSH algorithm is
388controlled by the -L option.  For details of Lockstep, see
389
390R. Bloem, H. N. Gabow, and F. Somenzi, "An Algorithm for Strongly
391Connected Component Analysis in n log n Symbolic Steps," FMCAD 2000,
392pp. 37-54, LNCS 1954.
393
394
395Built-in Regression Test Facility
396---------------------------------
397
398VIS-2.0 has a new command regression_test which allows users to
399compare runs of two different versions of vis, or runs with different
400options.
401
402
403CUDD 2.3.2
404----------
405
406VIS-2.0 includes CUDD 2.3.2.  Compared to the version that was
407included in VIS-1.4, the new version contains a number of bug fixes
408and several new functions.
409
410In particular, there is a new function that will compute the AND of
411two BDDs only if the result does not require the creation of too many
412nodes.  This function is used by VIS-2.0 to make clustering of the
413transition relation more robust.
414
415
416Miscellaneous
417-------------
418
419* Improved counterexample generation in model_check with -d3 and -d4.
420
421* Changes in verbosity level (-v option) of model_check.  The new
422  verbosity levels are:
423  -v0: unchanged (minimum verbosity)
424  -v1: essential statistics (new)
425  -v2: equivalent to the old -v1
426  -v3: equivalent to the old -v2
427
428* Fixed bug and extended early termination detection in CTL model
429  checking.
430
431* Fixed bug in guided search for CTL model checking which affected
432  counterexample generation with global hints.
433
434* Vis no longer crashes when a directory name is specified in a
435  command line instead of a regular file name.
436
437* Fixed several bugs in approximate_model_check,
438  incremental_ctl_verification, and iterative_model_check.
439
440* The code in glu has been substantially rejuvenated.
441
442======================================================================
443
444Version 1.4
445
446Release 1.4 of VIS improves VIS 1.3 in the following areas:
447
448 1. Hybrid Image Computation
449 2. Guided Search for Reachability Analysis and Invariant Checking
450 3. Guided Search for CTL Model Checking
451 4. Least Fix-point Machine-By-Machine Approximate FSM Traversal (LMBM)
452 5. Iterative Abstraction-based Model Checking (IMC)
453 6. Lazy Sifting
454 7. SPFD-based Placement and Logic Optimization
455 8. Truesim
456 9. Arithmetic Functions with Extended Double Precision (EPD)
45710. CUDD 2.3.1
45811. Miscellaneous
459
460
4611. Hybrid Image Computation
462---------------------------
463Image computation is the key step in fix-point computation.
464Traditionally two techniques have been used: The transition relation
465method is based on conjunction of a partitioned transition relation,
466whereas the transition function method is based on splitting on an
467input or output variable recursively.
468
469The hybrid method chooses either splitting or conjunction at each
470recursion dynamically using the dependence matrix.  This hybrid
471approach combines, in a unified framework, conjunction, input and
472output splitting, and a host of auxiliary techniques that can
473significantly speed up the computation. See: I.-H. Moon, J.H. Kukula,
474K. Ravi, F. Somenzi, "To Split or to Conjoin: The Question in Image
475Computation", Proceedings of the Design Automation Conference (DAC),
476pages 73-90, 2000.
477
478Also, the transition function method is implemented as a part of the
479hybrid computation.  The transition function method itself can be used
480as an independent image method.  However, we do not recommend to use
481this method in general cases, even though it may work well for
482approximate reachability analysis.  The implementation of the
483transition function method is basically for experimental purposes.
484
485** Usage:
486    set image_method hybrid
487    set image_method tfm
488
489Also refer to: print_hybrid_options and print_tfm_options
490
491
4922. Guided Search for Reachability Analysis
493------------------------------------------
494VIS-1.4 introduces the use of hints to guide the exploration of the
495state space.  This may result in orders-of-magnitude reductions in
496time and space requirements.  Good hints can often be found with the
497help of simple heuristics by someone who understands the circuit well
498enough to devise simulation stimuli or verification properties for it.
499Hints are applied by constraining the transition relation of the
500system to be verified.  They specify possible values for (subsets of)
501the primary inputs and state variables.  The constrained traversal of
502the state space may proceed much faster than the standard
503breadth-first search, because the traversal with hints is designed to
504produce smaller BDDs.  Once all states reachable following the hints
505have been visited, the system is unconstrained and reachability
506analysis proceeds on the original system.  Given enough resources, the
507algorithm will therefore search all reachable states, unless a state
508that violates the invariant is found.  See: K. Ravi, F. Somenzi,
509"Hints to accelerate Symbolic Traversal", Correct Hardware Design and
510Verification Methods (CHARME), pages 250-264, 1999.
511
512** Usage:
513    compute_reach -g <HintsFileName> : guided symbolic state space
514                                       traverse
515    check_invariant -g <HintsFileName> : guided search for invariant
516                                         checking
517
518The file HintsFileName contains a series of hints.  A hint is a
519formula that does not contain any temporal operators, so hints_file
520has the same syntax as a file of invariants used for check_invariant.
521
522Also refer to: model_check -g <HintsFileName>
523
524
5253. Guided Search for CTL Model Checking
526---------------------------------------
527Guided Search for CTL is an extension of Guided Search for
528reachability.  It works much along the same lines, and has the same
529benefits.  There are a few differences.  First, for greatest fixpoints
530(EG, AU, and AF), it uses overapproximations of the transition
531relation, instead of underapproximations.  Second, there is a
532distinction between local and global hints.  Local hints are the
533default.  They can be used for any kind of CTL formula, and will apply
534all hints to a subformula before moving up in the parse tree.  Global
535hints are only applicable to ACTL and ECTL formulae, and evaluate the
536entire formula once for every hint.  See: R. Bloem, K. Ravi, and
537F. Somenzi, "Symbolic Guided Search for CTL Model Checking",
538Proceedings of the Design Automation Conference (DAC), pages 29-34,
5392000.
540
541** usage:
542    model_check -g HintsFileName : perform model check guided by the
543                                   hints specified in HintsFileName
544 
545Also refer to: compute_reach -g <HintsFileName>
546               check_invariant -g <HintsFileName>
547
548
5494. Least Fix-point Machine-By-Machine Approximate FSM Traversal (LMBM)
550----------------------------------------------------------------------
551The knowledge of the reachable states of a sequential circuit can
552dramatically speed up optimization and model checking.  Since exact
553reachability may be intractable, approximate techniques are often
554preferable.  Least Fix-point MBM (LMBM) method is such a technique.
555It is as efficient as MBM, but provably more accurate.  LMBM can
556compute RFBF-quality approximations for all the large ISCAS-89
557benchmark circuit in a total of less than 9000 seconds.  For more
558information, see: I.-H. Moon, J. Kukula, T. Shiple, F. Somenzi, "Least
559Fixpoint Approximation for Reachability Analysis," International
560Conference on Computer-Aided Design (ICCAD), pages 41-44, 1999.
561
562** Usage:
563    set ardc_traversal_method 4: LMBM(least fix-point MBM, default)
564                                 is selected for ARDC
565    set ardc_traversal_method 5: TLMBM(combination of LMBM and TFBF)
566                                 is selected for ARDC
567    model_check -D 3           : model checking with ARDCs
568    compute_reach -A 2         : compute over-approximate reachable
569                                 states
570    compute_reach -D           : compute exact reachable states with
571                                 the help of ARDCs
572    check_invariant -D         : check invariants with the help of
573                                 ARDCs
574    synthesize_network -r 3    : synthesize sequential network
575                                 with ARDCs
576             
577Also refer to:  print_ardc_options
578
579
5805. Iterative Abstraction-Based Model Checking (IMC)
581---------------------------------------------------
582VIS-1.4 introduces an automatic abstraction/refinement algorithm for
583symbolic CTL model checking.  This algorithm supports full CTL
584language without fairness constraints.  The algorithm begins with
585initial upper- and/or lower-bound approximations that include some
586exact sub-transition relations of a determined set of latches for a
587given CTL formula.  As long as a conclusive verification decision
588can't be reached due to potentially false positives and negatives, the
589system is refined.  Two refinement methods are implemented: Latch Name
590Sorting and Latch Affinity Scheduling.  For more information, See:
591J.-Y. Jang, I.-H. Moon, G.D. Hachtel, "Iterative Abstraction-based CTL
592Model Checking," Design Automation and Test in Europe (DATE), pages
593502-507, 2000.  IMC supersedes the AMC package, which may disappear in
594future releases.
595
596** Usage:
597    iterative_model_check -i 8 : iterative model checking with
598                                 incremental refinement step set
599                                 to 8 latches
600    iterative_model_check -r 0 : iterative model checking using
601                                 Latch Name Sorting refinement
602                                 scheduling     
603    iterative_model_check -g 1 : iterative model checking using
604                                 Positive Operational Graph only
605
606Also refer to: model_check, approximate_model_check,
607incremental_ctl_verification
608
609
6106. Lazy Sifting
611---------------
612Lazy sifting is a new variable reordering option that is specifically
613designed for sequential verification with the transition relation
614method (i.e., IWLS95 in VIS).  Lazy sifting groups together
615corresponding present state and next state variables only when it
616expects the grouping to be beneficial.  See: H. Higuchi and
617F. Somenzi, "Lazy Group Sifting for Efficient Symbolic State Traversal
618of FSMs," Proceedings of the International Conference on
619Computer-Aided Design (ICCAD), pages 45-49, 1999.
620
621** Usage:
622   dynamic_var_ordering -e lazy_sift
623
624
6257. SPFD-based placement and logic optimization
626----------------------------------------------
627This is an algorithm based on Sets of Pairs of Functions to be
628Distinguished (SPFDs) that combines logic and placement optimization
629of combinational circuits mapped to LUT-based Field-Programmable Gate
630Arrays to improve circuit area and speed.  The flexibilities in the
631circuit are represented by SPFDs.  The package contains two commands:
632spfd_pilo - perform SPFD-based placement-independent logic optimization;
633and spfd_pdlo - simultaneous placement and logic optimization.
634
635spfd_pilo performs SPFD-based wire and node removal/replacement and
636reprogramming of combinational circuits mapped to LUT-based FPGAs to
637reduce the number of wires and nodes in the circuit.  Instead of
638computing the flexibilities for every node in the network at once, the
639algorithm computes the flexibilities for one `cluster' at a time.
640Working with clusters allows us to avoid the BDD explosion problem and
641hence handle large circuits.  The SPFDs are computed for the cluster
642and the cluster nodes are reprogrammed based on the flexibility
643derived.  Switching activity (computed via simulation of user specified bit
644vectors or randomly generated bit vectors) is used to drive the choice
645of alternate function to be implemented at the node, in such a way that
646the total switching activity in the circuit is minimized. In the absence
647of bit vectors, an arbitrary implementation for a node is chosen from
648the bounds represented by SPFDs.
649
650The command spfd_pdlo implements a technique that tightly links the
651logic and placement optimization steps.  The algorithm is based on
652simulated annealing.  Two types of moves (directed towards global
653reduction in the cost function of total wire length), are performed:
654(1) wire removal/replacement, and (2) swapping of a pair of blocks in
655the FPGA.  Feedback from placement is valuable in making informed
656choice of a target wire during logic optimization moves.  This command
657produces a placement file which is used by VPR for routing. spfd_pdlo
658can be used only if VIS is linked with VPR 4.22, an
659FPGA place and route tool from the University of Toronto
660(http://www.eecg.toronto.edu/~vaughn/vpr/vpr.html). VPack, a tool to
661convert circuits (mapped to FPGA blocks) in .BLIF format to the .net
662format (used by VPR), is also needed.
663
664Please contact Balakrishna Kumthekar (kumtheka@avanticorp.com) for details
665on integrating VPR with VIS.
666
667See: B. Kumthekar and F. Somenzi, "Power and Delay Reduction via
668Simultaneous Logic and Placement Optimization in FPGAs," Design
669Automation and Test in Europe (DATE), pages 202-207, 2000.
670
671** usage:
672     spfd_pilo -D <depth> : sets the cluster depth for SPFD
673                            computation.
674     spfd_pilo -f <file>  : use simulation vectors from specified
675                            file. These vectors are used to compute
676                            switching activity of nodes in the circuit.
677     spfd_pilo -S <method-number> : selects one of several methods to
678                            choose the node to be optimized.
679     spfd_pilo -m <method-number> : selects the heuristic to use in
680                            optimizing a selected node.
681
682     See 'help spfd_pilo' and 'help spfd_pdlo' for various options.
683
6848. Truesim
685----------
686Simulates a network with a set of input vectors. Before calling this
687command, the user should create a partition (using the command
688build_partition_mdds). The simulation vectors can be provided by the
689user (using -f vectors_file), or generated randomly. When -d option is
690used, it performs event-driven true delay simulation. The fanout count
691of the nodes is used as an estimate for the node delay. Primary inputs
692are assumed to have arrival times of zero.
693
6949. Arithmetic Functions with extended double precision (EPD)
695------------------------------------------------------------
696This is an arithmetic function package for extended double precision
697format floating-point numbers.  It supports the IEEE-754 double
698(64-bit) precision floating-point number format: both the big_endian
699and the little_endian.  The range is from 2.2631E-4932 to
7001.1897E+4932.  This package is used internally to provide fast and
701accurate counting of the states in large FSMs like those encountered
702in approximate reachability analysis.
703
70410. New version of the CUDD package.
705-----------------------------------
706VIS-1.4 includes CUDD 2.3.1.  Compared to the version that was
707included in VIS-1.3, the new version contains a number of bug fixes
708and several new functions.
709
710* Miscellaneous
711---------------
712
713** One bug in the CAL package has been fixed.  It affected platforms without
714the valloc function.
715
716** Changes in supported platforms.  Support for SunOS 5.8 (Solaris
7172.8) on the Intel x86 platform has been added.  Ultrix and SunOs 4 are
718no longer supported.
719
720** Change of Verbosity level for debugging in model_check
721Debugging refers to the printing of an error-trace when a formula
722fails.  The new debug levels are:
723-d0: no debugging (the old -d0)
724-d1: minimal debugging, with less verbosity than the old -d1 had
725-d2: minimal debugging with more verbosity (the old -d1)
726-d3: recursive debugging (the old -d2)
727-d4: interactive debugging (the old -d3)
728
729** Early termination in Model Checking.  In limited cases, VIS will
730terminate a model checking run before reaching a fixpoint.  This may
731lead to a speedup.
732
733** The set of fair states is not computed of there are no fairness
734constraints.  This may lead to a speedup of the model_check command.
735
736** Perl Script for pretty printing counter-examples.  The Perl script
737visdbgpp, contributed by Toshi Isogai, can be run on counterexamples
738produced by vis to improve their readability.  In particular, the
739script collects the bits of vectors and displays them on a single
740line.
741
742** Counterexample generation.  The states on an error trace now lie
743closer together, which means that, on average, fewer signal
744transitions will occur.
745
746** Variable reordering.  In flatten_hierarchy In VIS-1.4, variable
747reordering is invoked automatically during flatten_hierarchy.
748
749** Changes of passing BDD cube arguments in VIS to CUDD.  Some
750arguments in the CUDD functions are BDD cubes that are generated by
751the conjunctions of BDD variables on demand.  VIS-1.4 pre-builds some
752BDD cubes that do not change, such as for present state variables,
753next state variables, and primary input variables.  This speeds up
754significantly large runs, especially for approximate reachability
755analysis.
756
757
758============================================================
759
760Version 1.3
761
762* Introduction
763
764Release 1.3 of VIS improves VIS 1.2 in the following areas:
765
766** Approximate Reachability Don't Cares (ARDCs)
767** High Density Reachability Analysis.
768** On-the-Fly Invariant Checking.
769** Seeding Reachability Analysis via Simulation
770** Forward Model Checking
771** Abstraction-refinement based Incremental CTL Verification
772** Synthesis
773** State Transition Graph Restructuring for Low Power
774** Miscellaneous
775
776* Approximate Reachability Don't Cares (ARDCs)
777
778VIS-1.3 includes the use of ARDCs in model checking and reachability
779analysis. The power of using reachable states as a care set (RDCs) is
780well known; however, computing reachable states exactly is intractable
781in many large designs.  ARDCs are an overapproximation of the
782reachable states, which are then used as the care set.  Computing
783ARDCs is much cheaper than computing RDCs while their effectiveness in
784speeding up model checking is comparable to that of RDCs.  Therefore,
785ARDCs are good for large designs, especially those in which exact
786reachability analysis is intractable.  See: I.-H. Moon, J.-Y. Jang,
787G. D. Hachtel, F. Somenzi, "Approximate reachability don't cares for
788CTL model checking", ICCAD'98.
789
790** Usage:
791           model_check -D 3    : model checking with ARDCs
792           compute_reach -A 2  : compute over-approximate reachable
793                                 states
794           compute_reach -D    : compute exact reachable states with
795                                 the help of ARDCs
796           check_invariant -D  : check invariants with the help of
797                                 ARDCs
798           synthesize_network -r 3 : synthesize sequential network
799                                     with ARDCs
800
801Also refer to: print_ardc_options
802
803
804* High Density Reachability Analysis (HD)
805
806HD is an alternate approach to performing exact reachability
807analysis.  Using BDD subsetting techniques, the HD method tries to keep
808the sizes of the BDDs small during the traversal.  This is intended to
809keep the memory occupation under control as well as make the traversal
810more efficient by manipulating smaller BDDs.
811
812On large circuits, for which the default (breadth-first search) method
813does not complete, HD is likely to find many more reachable states.
814This is useful in invariant checking.
815For mid-size circuits, HD is sometimes faster in completing
816reachability analysis, but for smaller circuits, HD may result in too
817much overhead.  It is recommended to use this option when the default
818method for reachability analysis fails (runs out of memory or takes
819very long).  Refer to Ravi and Somenzi, "High-density reachability
820analysis", ICCAD'95.
821
822HD analysis only works with the CUDD package.
823 
824** Usage:
825           compute_reach -A 1: reachability analysis with HD approach.
826
827Also refer to: print_hd_options
828
829
830* On-the-Fly Invariant Checking
831
832Checking invariants is done by performing reachability analysis and
833checking if all invariants hold in the reachable states.  VIS-1.3
834does invariant checking during reachability computation (on-the-fly
835verification).  Invariants that fail are reported early, along with the
836counter examples if requested.
837
838Since reachability analysis can be expensive, one may use HD in
839invariant checking.  For circuits on which the default reachability
840analysis runs out of resources, HD will typically explore more
841reachable states, and more invariants may prove false.  However, the
842counter examples provided by using HD may not be of shortest length.
843
844HD invariant checking only works with the CUDD package.
845
846** Usage:
847           check_invariant -A 1 : check_invariant where HD is used for
848                                  reachability analysis
849
850One may also start with an overapproximation of the reachable
851states.  In this case, if all invariants hold on the overapproximation,
852verification is successfully completed.  If not, the algorithm will
853compute the exact reachable states as before, and check the
854invariants that failed with the overapproximation.
855
856** Usage:
857           check_invariant -A 2 : check_invariant where over
858                                  approximation is used for reachability
859                                  analysis.
860
861* Seeding Reachability Analysis via Simulation
862
863A new option rch_simulate can be used to use simulation to augment the
864set of initial states for reachability analysis. The value of the
865variable is the number of random input vectors that are simulated. The
866states reached in this way are considered as initial
867states. Augmenting the set of initial states may sometimes lead to
868faster reachability analysis, or may sometimes lead to better
869underapproximations, when reachability analysis is not carried out to
870completion. The commands affected by this option are compute_reach and
871check_invariant.
872
873** Usage:
874           set rch_simulate n : simulate n vectors prior to
875                                reachability analysis
876
877
878* Forward Model Checking
879
880VIS-1.3 includes the capability of forward model checking based on
881H. Iwashita, T. Nakata, F. Hirose, "CTL model checking based on
882forward state traversal", ICCAD'96.  Standard "backward" CTL model
883checking uses only preimage computations.  Forward model checking tries
884to use image computations in place of preimage computations as much as
885possible, because they are typically faster.
886According to our experiments, forward model checking gives drastic
887performance improvement in many designs, but we have also seen many
888cases in which forward model checking does much worse.  Performance
889depends on the design.
890
891** Usage:
892           model_check -F  : model checking based on forward traversal
893
894
895* Incremental CTL Verification
896
897The command "incremental_ctl_verification" (aliased to "icv")
898performs verification of CTL formulas following the incremental
899paradigm described in A. Pardo, G. Hachtel, "Incremental CTL model
900checking using BDD subsetting", DAC'98.  The algorithm starts with an
901initial simple approximation of the verification and then proceeds at
902refining the different evaluations until the formula can be proved
903conclusively.  The approximation technique currently adopted makes use
904of BDD approximation techniques.  As implemented in release 1.3,
905incremental_ctl_verification supports fairness constraints, but tends
906to be less efficient than model_check when they are specified.
907
908Incremental verification works only with the CUDD package.
909
910** Usage:
911           incremental_ctl_verification [options] ctl_file
912
913
914* Synthesis
915
916VIS 1.3 includes a new command "synthesize_network" (aliased to
917"synth") to transform both combinational and sequential circuits into
918multi-level boolean networks using symbolic factorization based on
919Zero-suppressed BDDs (ZDDs).  In the case of sequential circuits, only
920the combinational part of the circuit is synthesized: state encoding
921is not altered.  The emphasis of this algorithm is on the reduction of
922the number of literals in the factored form of the network.  The final
923multi-level circuit can be obtained in either the BLIF format or the
924equation format.  Designs described in BLIF or BLIF-MV format can be
925used as an input to this command.  However, multiple valued variables
926are not supported.  Hence, signals in the designs described in BLIF-MV
927need to be restricted to binary values.
928
929Synthesis can be used only when VIS is linked with the CUDD package.
930
931** Usage:
932           synthesize_network [options]
933
934* STG Restructuring for Low Power
935
936VIS-1.3 includes a new command "restruct_fsm".  This command
937implements a State Transition Graph (STG) restructuring algorithm
938that exploits the existence of equivalent states to decrease power
939dissipation, not necessarily by collapsing the equivalence states, but
940by redirecting transitions in the graph.  This algorithm is based on
941the monolithic transition relation.  The complexity of the algorithm
942in general increases with an increase in the size of the state
943transition graph, which depends on the number of state variables and
944primary inputs.  The algorithm can handle circuits described in both
945BLIF and BLIF-MV formats.  However, multi-valued variables are not
946supported.  Also, the final synthesized circuit (network implementation
947of the restructured STG) is available only in BLIF format.  The
948sequential circuit should have a single initial state.  For more
949details see, B. Kumthekar, I.-H. Moon, F. Somenzi, "A Symbolic
950Algorithm for Low-Power Sequential Synthesis", ISLPED 97.
951
952STG restructuring works only with the CUDD package.
953
954** Usage:
955           restruct_fsm [options]
956
957* Miscellaneous
958
959** New versions of CUDD and CAL packages.
960VIS-1.3 includes CUDD 2.3.0 and CAL 2.0.1.  Compared to the versions
961that were included in VIS-1.2, the new packages have better
962performance and improved statistics reporting.
963
964** Changes in configure
965Configure now defaults to using 32-bit pointers on DEC Alpha machines. 
966To use 64-bit pointers, invoke "configure" with "--enable-64."
967
968** gmake check
969"gmake check" now consistently runs the local executable using the
970examples in the master source directory.  Previously, there were
971different versions for local-area and central-area checks.
972
973** Native Compiler.
974The configuration scripts now try to use the native C compiler (cc) by
975default.  The use of gcc can be forced by running configure with the
976option --enable-gcc.  On AIX and SunOS, however, only gcc is
977supported.
978
979As a result, the following configuration options have been removed
980
981    --with-comp-mode=solaris
982    --with-comp-mode=mips
983    --with-comp-mode=alpha32
984    --with-comp-mode=alpha64
985
986Configure now defaults to using 32-bit pointers on DEC Alpha machines. 
987To use 64-bit pointers, invoke "configure" with "--enable-64."
988
989** Changes in supported platforms.
990VIS-1.3 has been tested under IRIX 5.3 with both cc and gcc.
991VIS-1.3 has been tested under HP-UX with cc. (Previously only gcc was
992supported.)
993VIS-1.3 linked with the CAL BDD package currently does not work under
994CYGWIN32.  When the problems are fixed, we shall issue a patch.
995
996** Uniformity across platforms.
997VIS-1.3 provides enhanced architecture independence.  For the commands
998model_check, approximate_model_check, compute_reach,
999incremental_ctl_verification, check_invariant, and lang_empty, the runs
1000will be exactly the same on every platform with the same memory limits.
1001Previously, invocations of reordering, and hence BDD sizes could differ
1002from platform to platform.
1003
1004** Changes to static_order.
1005The static_order command has changed substantially.  For combinational
1006circuits, VIS-1.2 and earlier releases effectively generated random
1007orders regardless of the method specified by the user.  (Sequential
1008circuits did not have this problem.) The randomness of the orders was
1009due to a bug that has been fixed in VIS-1.3.  For all
1010circuits---combinational and sequential---the default ordering method
1011is a new algorithm called "interleave."  The new default method is
1012substantially more memory efficient than the previous default method
1013(merge_left).  The quality of the resulting orders is comparable.
1014
1015** New -v option for dynamic_var_ordering.
1016The option -v 1 can be specified to cause VIS to write a one-line
1017message whenever dynamic reordering is executed.  The message reports
1018the reduction in BDD or ZDD size, and on the time taken by reordering.
1019This option is only effective with CUDD.
1020
1021** New -i option for comb_verify and seq_verify.
1022It is now possible to print statistics on BDD usage and performance
1023when running combinational or sequential verification.  This is done
1024by specifying the -i option for comb_verify and seq_verify.  It is
1025important to notice that these two commands use a local BDD manager,
1026which is destroyed before control is returned to the user.  It is not
1027therefore possible to use print_bdd_stats to inspect the statistics of
1028the BDD package when invoking either of the two commands.
1029
1030** Default method for build_partition_mdds changed to inout.
1031The default method has been changed to inout, because this has been
1032found to produce better results than frontier in many cases.  The
1033frontier method can build the partition MDDs in more cases than the
1034inout method; the latter, however, tends to give better performance
1035during model checking.
1036
1037** set ctl_change_bracket [yes/no]
1038VIS-1.3 includes this set command option for the CTL parser.  VL2MV
1039automatically converts "[]" to "<>" in node names, therefore the CTL
1040parser does the same thing.  However, in some cases a user does not
1041want to change bracket type in the CTL formulas.  This can be
1042accomplished by setting this set command option to "no."  The default
1043is "yes". The commands affected are check_invariant, model_check,
1044approximate_model_check, and incremental_ctl_verification.
1045
1046** Printing time for model checking
1047VIS-1.3 includes printing time for model checking.  If verbosity is set on,
1048then the model checking time for both each formula and total will be printed
1049out.
1050
1051** Incremental reachability analysis and invariant checking.
1052In VIS-1.3 it is possible to perform reachability analysis
1053incrementally.  The -d option of compute_reach specifies how many
1054steps (image computations) should be performed at most before
1055returning control to the user.  If compute_reach is invoked more than
1056once with the -d option, each time reachability analysis starts from
1057the previous result.  If check_invariant is invoked after
1058compute_reach has been invoked with the -d option, the partial
1059reachability results are used to speed up verification.
1060
1061** Completeness and determinism check in flatten_hierarchy
1062The check for completeness and determinism performed by
1063flatten_hierarchy that was previously optional is now always
1064performed. The -b option to flatten_hierarchy and init_verify has no
1065effect in VIS-1.3 and is retained for compatibility with existing
1066scripts. It may disappear in future releases. Users of VIS-1.3 will
1067observe modest increases in the time taken to flatten the
1068hierarchy.
1069
1070
1071Version 1.2
1072
1073* Introduction
1074
1075** Improvements
1076
1077*** Over 10x performance improvement in model checking for many  examples
1078*** extended CTL syntax
1079*** better access to the BDD parameters and statistics
1080*** enhanced user interface
1081*** improved portability and flexibility of configuration
1082
1083** New verification algorithms
1084
1085*** approximate_model_check: model checking of ACTL formulae for systems
1086    that are too large for model_check
1087*** res_verify: residue based verification of arithmetic circuits
1088
1089* Performance improvement in model checking
1090
1091** We have changed image computation (the underlying operation of
1092   model checking) to make the best use of don't care sets. The don't
1093   cares arise from unreachable states, and using them appropriately
1094   reduces the BDD sizes significantly, leading to improved
1095   performance of model checking. In addition, we have fixed a
1096   performance bug that caused repeated computation of simplified
1097   transition relations. We performed a performance comparison with
1098   VIS 1.1 on a set of examples, and on some cases we observed more
1099   than 30x performance improvement. In fact, on some examples VIS 1.2
1100   could finish model checking in about 26 secs whereas VIS 1.1 took
1101   about 2400 secs.
1102
1103** The model checking runs that use don't cares (-D option different
1104   from 0) are those that benefit the most from the changes in VIS
1105   1.2. In general it is not trivial to tell whether -D 1 or -D 0 will
1106   produce the faster CPU time. An empirical approach consists of
1107   running "compute_reach -t 300" (reachability for 5
1108   minutes). Depending upon the progress in reachable state
1109   computation, one can then invoke model checking with -D 0 or -D 1.
1110
1111* Approximate Model Checking
1112
1113** VIS 1.2 includes a new command approximate_model_check, a model
1114   checker that performs ACTL model checking on an abstracted and
1115   flattened network.  The command is designed to tackle the state
1116   explosion problem we encounter when dealing with large and complex
1117   circuits. Based on the initial size of the group (of latches), the
1118   command constructs an over- or under-approximation of the
1119   transition relation of the system. These approximations may not
1120   contain every detail of the exact system. However they may contain
1121   enough information to determine whether the formula is positive or
1122   negative.  Starting from an initial coarse approximation, the
1123   command makes its effort to prove whether the given ACTL formula is
1124   true or false. When the procedure fails to prove correctness of the
1125   formula with initial approximations, it automatically refines the
1126   approximations. It repeats the process until the algorithm produces
1127   a reliable result or the available resources are exhausted.  For
1128   detailed description, refer to the relevant manual page ("help
1129   approximate_model_check from" the VIS shell).
1130
1131** approximate_model_check is faster than model_check for some of the
1132   VIS 1.2 distribution examples. However, significant improvements
1133   over the exact computation can be seen for even larger examples
1134   such as s15850. The current version of the code does not perform
1135   any refinements.  The refinement techniques similar to the "machine
1136   by machine" and "frame by frame" may be implemented in future
1137   version. Furthermore, more aggressive reduction of the initial
1138   states can be performed while proving whether the ACTL formula is
1139   positive. The reduction of the initial states are made for each
1140   level of the lattice of approximations in this version.
1141
1142** The current version includes two distinct "grouping method". More
1143   experiments are required to determine better grouping method(s).
1144
1145** The current version only supports ACTL formulae.
1146
1147* Residue Based Verification
1148
1149** VIS 1.2 includes a new command "res_verify" for combinational
1150   verification based on residue arithmetic. Residue-based
1151   verification is especially suited to multipliers and other
1152   arithmetic circuits. See below, however, for a discussion of the
1153   application of "res_verify" to other circuits. This command is only
1154   available if VIS has been linked with the cu library (default).
1155
1156** The command res_verify takes two circuits (specification and
1157   implementation) whose equivalence is to be established, and an
1158   order for the outputs. The order for the outputs allows res_verify
1159   to interpret the output vectors as integers. Based on this
1160   interpretation, res_verify applies the Chinese remainder theorem to
1161   the equivalence verification: the specification and the
1162   implementation are equivalent if, for a suitable set of relatively
1163   prime numbers, the residues of their outputs are equivalent. The
1164   residues are computed by composing the two circuits into a function
1165   representing the residue computation.
1166
1167** res_verify allows the user to specify what pairs of outputs of the
1168   circuits should be compared directly by building their BDDs,
1169   instead of computing residues for them. The -d <n> option controls
1170   this feature; n pairs of outputs, starting from the least
1171   significant bits of the output vectors, are verified directly if -d
1172   n is specified.
1173
1174** As a special case, the user can specify -d all. This causes
1175   res_verify to directly verify all the output pairs, effectively
1176   foregoing residue verification. This can be useful for
1177   non-arithmetic circuits that are not suited to residue
1178   verification. In this case res_verify works similarly to
1179   comb_verify, with a significant exception: res_verify verifies one
1180   output at the time. This often translates into reduced memory
1181   requirements and CPU times.
1182
1183** res_verify can be applied to pairs of sequential circuits with the
1184   same state encoding. Several options and VIS variables control the
1185   detailed behavior of the command. Refer to the on-line
1186   documentation for the details (help res_verify).
1187
1188
1189* Extended CTL Syntax
1190
1191** Users can now write CTL fomulae using vector notation. Vector
1192   variables have the form of var[i:j] and each bit can be written as
1193   either var<i> or var[i]. For instance, the following formulae are
1194   valid.
1195
1196   counter[3:0] = 10       
1197   counter[3:0] = b1010
1198   counter[3:0] = {1,2,10}
1199
1200   The formula in the last line is true if counter has one of the listed
1201   values.
1202
1203** Macros can be defined and used in CTL formulae to stand for subformulae.
1204   For instance:
1205
1206     \define VALID_INPUT (a[3:0]=0 -> b=1)
1207
1208   defines the macro VALID_INPUT, which can be later used in a formula
1209   like this:
1210
1211     AG(start=1 * \VALID_INPUT -> AF(res[7:0]=b10101010));
1212
1213** The CTL parser allows users to write the following formulae:
1214
1215     var1 == var2
1216     var1[i:j] == var2[k:l]
1217
1218   The first formula is equivalent to (var1=1) * (var2=1) + (var1=0) *
1219   (var2=0) and currently is allowed only in the boolean domain.  (It
1220   cannot be used for variables of enumerated types.)  The second formula
1221   can be used if the lengths of two vectors match.
1222
1223** AX:n(f) is allowed as a shorthand for AX(AX(...AX(f)...)), where n
1224   is the number of invocations of AX. EX:n(f) is defined similarly.
1225
1226
1227* BDD manipulation
1228
1229** VIS 1.2 incorporates Release 2.1.1 of CUDD and an improved version of
1230   CAL. Improvements specific to CUDD and relevant to VIS are:
1231
1232** All reordering methods preserve variable groups. Variable groups are
1233   created by VIS to keep corresponding present and next state variables
1234   adjacent. In VIS 1.1 only method "sift" retained the variable groups.
1235
1236** CUDD determines the maximum size of the computed table based on the
1237   amount of main memory available. On systems where getrlimit is
1238   available, the datasize limit is used to determine how much memory
1239   is available. CUDD allows the computed table to grow up to one
1240   fourth of that amount. This feature allows VIS to self-calibrate
1241   for optimum performance. The computed table will not necessarily
1242   grow to its maximum value, and VIS is not guaranteed to stay within
1243   the memory bound returned by getrlimit. If the datasize limit is
1244   not set, if getrlimit is not available, or if it is available but
1245   does not know about datasize, then a suitable default value is used
1246   instead. The default value is normally 16MB. This value can be
1247   changed at configuration time. Even a value as low as 16MB gives a
1248   reasonably sized computed table for small-medium runs. However, for
1249   large runs--hundreds of MB--the ability to set the memory limit may
1250   produce much faster execution. The maximum computed table size can
1251   be set also from within VIS with set_bdd_parameters.
1252
1253** CUDD now provides access to the package parameters and statistics
1254   via the commands bdd_print_stats and set_bdd_parameters. The
1255   parameters that can be set control the sizing of CUDD's main data
1256   structures (unique table and computed table) and many aspects of
1257   the variable reordering algorithms. The parameters reported refer
1258   to memory occupation, computed table (cache) performance, and
1259   variable reordering.
1260
1261** It is now possible to impose a limit on the number of variable
1262   swaps performed during reordering.
1263
1264
1265* User Interface
1266
1267** New VIS command "set_bdd_parameters". 
1268
1269   The command "print_bdd_stats" prints two sets of data from the
1270   underlying BDD package, parameters and statistics. The parameters
1271   can be modified as follows. By using the "set" command, set the
1272   value of a variable whose prefix is "BDD." and whose suffix is
1273   exactly the name seen in the output of the command
1274   "print_bdd_stats", for example:
1275
1276     vis> set "BDD.Garbage collection enabled" no
1277
1278   Then, the command "set_bdd_parameters" reprograms the underlying BDD
1279   core based on the values of the variables of this type.
1280
1281** Readline Library.
1282
1283   The Readline library is a GNU package that provides command line
1284   editing, command history, and file name completion capabilities. If
1285   the system where VIS is built has this library and it is installed
1286   so that the linker can use it, the configure script will detect
1287   this situation and the executable will be linked with
1288   libreadline.a.
1289
1290** Variable Interpolation.
1291
1292   The VIS shell now allows variable interpolation. For instance, typing
1293
1294    vis> echo $open_path
1295
1296   causes vis to echo the current value of open_path. Typing
1297
1298    vis> set open_path $open_path:/some/path
1299
1300   will append /some/path to open_path. Variable interpolation can be
1301   used also to exchange parameters with scripts. This allows reliable
1302   parameter passing even when "source" is called with options.
1303
1304** PAGER
1305
1306   If the PAGER environment variable is set, VIS uses it to choose the
1307   program used to display the help pages. If PAGER is not set, VIS
1308   uses 'more.'
1309
1310** File Buffering.
1311
1312   The output of VIS when run in batch mode is now line buffered on
1313   systems that provide setvbuf. This makes it more convenient to
1314   observe the evolution of long-running jobs.
1315
1316* Portability and Configuration
1317
1318** VIS 1.2 runs on two new platforms: IBM RS6000 running AIX and Intel
1319   Pentium running Windows95 with Gnu-Win32. The Gnu-Win32 environment
1320   (http://www.cygnus.com/misc/gnu-win32/) is a freely available GNU
1321   environment for Windows 95 and Windows NT.
1322
1323** This release of VIS has been tested with some native compilers
1324   (Ultrix, Solaris, Digital Unix). In particular, when building with
1325   the native compiler on a DEC Alpha running Digital Unix, the option
1326   is provided to compile with 32 bit pointers. Please see the README
1327   file for specific instructions on how to compile with the different
1328   native compilers.
1329
1330** The GLU library now provides portable functions for random number
1331   generation and sorting that help make results reproducible across
1332   different platforms.
1333
1334** The GLU library now provides a function to read the available
1335   memory (based on getrlimit). This function is currently used by the
1336   CUDD package to choose the optimal size of data structures. For
1337   systems without getrlimit a suitable default is provided and can be
1338   changed at configuration time.
1339
1340
1341Version 1.1
1342
1343* Introduction
1344
1345** Improvements over 1.0
1346
1347*** multiple BDD packages
1348*** more synthesis capability
1349*** hierarchy restructuring
1350*** new methods for partitioning
1351*** automatic reduction during model checking
1352*** support for multi-phase clocking and transparent latches
1353*** support for invoking standard scripts
1354*** support for graphically viewing simulation output
1355
1356  These significantly improve VIS's performance in terms of computer
1357  time, memory usage, and ability to complete on larger designs.
1358  Further, additional capability for synthesis is provided.
1359
1360  One particular example of the improved performance of VIS 1.1 is the
1361  first (to our knowledge) reported exact state space traversal of
1362  benchmark s5378. It was run with the cu BDD package on an Alpha
1363  300MHz (using 32 bit pointers). The datasize limit was set at
1364  1GB. The process grew to about 440MB. Dynamic reordering was enabled
1365  all the time and occurred more than 50 times. The orginal ISCAS89
1366  circuit was used, which has 179 latches.
1367
1368*** Multiple BDD packages
1369
1370    We have added the capability to run VIS with three different BDD
1371    packages, cu - from University of Colorado, cal - from UC Berkeley
1372    and cmu - from Carnegie Mellon University. Further details are in
1373    the section "BDD Packages" below.
1374
1375*** Synthesis
1376
1377    VIS synthesis is represented by a number of commands, write_blif,
1378    read_blif, collapse_child, and decompose_child. These allow the
1379    user to manipulate the hierarchy and to write blif files to SIS
1380    and then later read in an optimized file. Each of these commands
1381    can be executed on sub-nodes or sub-trees of the
1382    hierarchy. Details about these commands are in the section
1383    "Collapsing and decomposing a hierarchy" and "Reading and writing
1384    blif files" below.
1385
1386*** Partitioning
1387
1388    Partitioning in VIS is used in a number of places: simulation,
1389    model checking, computing the set of reached states, etc.  Recall
1390    that the VIS data structure is simply a set of tables with outputs
1391    (signals) which can be inputs to other tables. There are also
1392    primary input signals and inputs from latches. Some signals are
1393    primary outputs and/or inputs to latches. A partition is simply a
1394    subset of nodes (signals) which are to be preserved, the remaining
1395    are to be eliminated. Of course, primary outputs and inputs to
1396    latches cannot be eliminated. We provide some new partitioning
1397    methods as described below (in the section "Creating partitions of
1398    the network").
1399
1400    In many cases, a formula to be model checked does not depend on
1401    all of the signals in the design. In such cases, the design can be
1402    reduced to include only signals in the transitive fan-in of the
1403    latches mentioned in the CTL formula plus the fairness
1404    constraints. This reduction can result in vastly more efficient
1405    model checking.
1406
1407*** Multi-phase clocking
1408
1409    One question that is asked frequently is how does VIS support
1410    multi-phase clocking and transparent latches in Verilog. We
1411    provide this capability in our Verilog compiler "vl2mv" and detail
1412    this in a document that describes exactly the steps to be
1413    taken. This document is in the vis-1.1/doc directory and is called
1414    two_phase.ps.
1415
1416*** Standard scripts
1417
1418    Standard scripts have been provided which should help the new user
1419    select certain options that we have determined to be good choices
1420    on a variety of examples. The scripts are divided into two
1421    categories: simple - which are recommended for small/medium
1422    examples, and robust - recommended for large examples where
1423    completion rather than compute time is the most important
1424    concern. The 10 scripts provided are summarized below in the
1425    section "Standard scripts".
1426
1427*** xsimv
1428
1429    Finally, we have included "xsimv", which provides a graphical
1430    method for viewing simulation output. This is detailed in the
1431    section "Using Xsimv".
1432
1433* Multiple BDD packages
1434
1435  We have added the capability to run VIS with three different BDD
1436  packages, cu - from University of Colorado, cal - from UC Berkeley
1437  and cmu - from Carnegie Mellon University. The commands for these
1438  respectively are vis-cu, vis-cal, and vis-cmu. The cmu package is
1439  the same as in VIS 1.0. The cu package is very strong in having a
1440  fast dynamic variable reordering capability. In addition, cu has
1441  been upgraded for the DEC alpha machines so that it uses 32 bit
1442  pointers, instead of 64 bit pointers; hence it realizes a factor of
1443  2 in memory savings on such machines. The other two packages remain
1444  to be upgraded for 32 bit pointers on the DEC alphas.  The cal
1445  package uses the BFS BDD technique and is particularly good at
1446  avoiding paging on large designs. For most problems, we recommend
1447  the cu package.
1448
1449* Reading and writing BLIF files
1450
1451  The "write_blif" command in vis-1.0 only wrote out the combinational
1452  part of an hnode (a node of the hierarchy).  Now this functionality
1453  is performed by the "write_blif -c" command. Other options have been
1454  added as well. The options are:
1455
1456  (1) write_blif -l
1457
1458      writes out the latches of the hnode as well.  Additionally, all
1459      latch IOs are made into POs in the blif file that is
1460      created. This ensures that the these nodes do not get optimized
1461      away by SIS, so that mv-latches can be re-inserted by the
1462      read_blif command in VIS.
1463
1464  (2) write_blif -c
1465
1466      same as "write_blif" of vis-1.0
1467
1468  (3) write_blif
1469
1470      writes out latches of the hnode, but does not make latch IOs
1471      into POs in the blif file. The .blif and .enc files that are
1472      generated by this command currently cannot be guaranteed to read
1473      back into VIS correctly using the read_blif command.
1474
1475  (4) write_blif -R
1476
1477      recursively writes out the entire hnode hierarchy rooted at the
1478      current hnode, to a blif file. This command opens up a direct
1479      path from Verilog to pure blif files and hence to synthesis in
1480      the SIS framework.  For this command to work, 1) all variables
1481      in the hnode hierarchy rooted at the current hnode must be
1482      binary, 2) all tables should be deterministic, and 3) there must
1483      be a unique initial state.
1484
1485* Collapsing and decomposing a hierarchy
1486
1487  If the user travels (via "cd" commands) to a particular node in the
1488  hierarchy and does a "write_blif", only the logic in the *current*
1489  node gets written out. The user might want to collapse some of the
1490  child nodes together and do synthesis in the "collapsed" node. The
1491  "collapse_child" command does just that. The usage is:
1492
1493      collapse_child <child_name>
1494
1495  and the effect is that the child node is absorbed by the parent. By
1496  successive invocations of this command, multiple nodes can be
1497  collapsed into a single node.
1498
1499  "decompose_child" is a command that effects the inverse operation of
1500  collapse_child. The user can specify components of the current node
1501  to be grouped as a separate newly created child node. The user must
1502  also specify the name of the new child. Successive invocations of
1503  "decompose_child" can be used to effect multiple
1504  decompositions. "decompose_child" provides the infra-structure for
1505  implementing and testing FSM decomposition algorithms (to appear
1506  later).
1507
1508  Together, collapse_child and decompose_child provide powerful
1509  primitives that can be used to restructure the design hierarchy.
1510
1511* Creating a flattened network for verification
1512
1513  The important change to note is the "-b" option in the
1514  "flatten_hierarchy" command.  By default this option is off,
1515  implying that the system is not checked for complete and
1516  deterministic specification. However, if the given design does not
1517  meet this criteria, model checking may produce wrong results. (Note:
1518  In VIS nondeterminism is handled by providing pseudo-inputs.
1519  Internally all the tables are deterministic and completely
1520  specified.)  Invoking this "-b" option forces the necessary
1521  checking. However this can be computationally expensive.  The best
1522  strategy is to invoke "flatten_hierarchy" with "-b" option the first
1523  time and if the check passes, use it without "-b" option in
1524  subsequent runs.
1525
1526* Creating partitions of the network
1527
1528  Three new methods for creating partitions for the "build_partition_mdds"
1529  command have been added.
1530
1531      - partial
1532
1533        This can be used to perform partitioning while forcing a
1534        user-specified set of signals (nodes) in the partition. The
1535        set of nodes to be included can either be supplied in a file,
1536        or on the command line.
1537
1538      - boundary
1539
1540        In this method, all nodes that are sub-circuit IOs are
1541        included in the partition.
1542
1543      - frontier
1544
1545        In this method (the default method), the user specifies a
1546        parameter "partition_threshold" which is used to include an
1547        intermediate variable whenever the BDD size for a node in the
1548        network increases beyond the threshold value. This method is
1549        very useful when it is not possible to create the next state
1550        functions in terms of primary inputs because of large BDD
1551        sizes. This method encompasses both "in_out" and "total"
1552        partitioning methods (corresponds to very large and 0 value of
1553        "partition_threshold", respectively). The parameter can be set
1554        by invoking the following from the VIS commandline: "set
1555        partition_threshold <integer>".
1556
1557* Reachability computation
1558
1559  A few new options to reachability computation have been added
1560  (command: compute_reach).
1561
1562
1563        -d depthValue
1564
1565           Used to perform reachability up to a certain number of
1566           steps.
1567
1568        -r threshold_value
1569
1570           Invokes dynamic reordering of variables ONCE, after the
1571           size of the reached state set crosses the threshold_value.
1572
1573* CTL Syntax
1574
1575  For Verilog compatibility, && and || are supported in addition to *
1576  (Boolean AND) and + (Boolean OR) respectively.
1577
1578* Model checking
1579
1580  The mc command, by default, now reduces the model FSM with respect
1581  to the union of all the formulas in the CTL file and uses the
1582  reachability don't cares (thus reachablilty is done first before any
1583  model checking). Also, -d 0 is the default now, i.e. no error trace
1584  is computed. The -r option has been modified and a new capability
1585  for sharing sub-formulas has been added.
1586
1587  -r
1588
1589    (This option has been modified). If this option is used, each
1590    formula is model checked individually on an FSM reduced with
1591    respect to the formula.
1592
1593  -c
1594
1595    This disables the default that sub-formulas of the formulas given
1596    in the CTL file are shared. The sharing of sub-formulas makes sure
1597    that a sub-formula in the set of all sub-formulas of the formulas
1598    in the CTL file is evaluated only once. If both -r (formula
1599    dependent FSM reduction) or "-D 1" (use reachability don't cares)
1600    are enabled, this facility is automatically disabled.  (Note that
1601    currently if the same sub-formula occurs more than once within a
1602    single formula, it may be checked twice.)
1603
1604* Standard scripts
1605
1606  There are 10 standard scripts provided (in the "share" directory),
1607  divided into two categories, simple and robust. The simple scripts
1608  work best on small/medium size examples. The robust scripts are
1609  recommended for large problems where the objective is to complete
1610  the computation without too much concern for computation time. Below
1611  are the scripts with their required arguments.  All scripts assume
1612  that a BLIV-MV file has already been read in.
1613
1614        script_generic.simple
1615        script_compute_reach.simple     
1616        script_model_check.simple foo.ctl
1617        script_fair_model_check.simple foo.fair foo.ctl
1618        script_lang_empty_check.simple foo.fair
1619
1620        script_generic.robust
1621        script_compute_reach.robust
1622        script_model_check.robust foo.ctl
1623        script_fair_model_check.robust foo.fair foo.ctl
1624        script_lang_empty_check.robust foo.fair
1625
1626  In all cases, "script_generic" is a preample to the other scripts.
1627  Generally, we recommend trying a "simple" script first, since it
1628  should be the fastest.
1629
1630* Using "xsimv"
1631
1632  Before invoking xsimv, please modify the first line of the file
1633  "xsimv" and put the complete path name for "expectk".
1634
1635  xsimv is invoked by the command
1636
1637        xsimv <sim-file>
1638
1639  where <sim-file> is a file produced by the vis command
1640
1641        simulate -n <num> -o <sim-file>
1642
1643  When xsimv executes, it comes up with a window with 4 buttons in it,
1644  GO, ReDraw, Save and Quit. At the same time it produces a file,
1645  "strk.simv", with the signal names in it. For example
1646
1647    sensor.rand_choice
1648    timer.rand_choice
1649    car_present
1650    farm_light
1651    hwy_light
1652    timer.state
1653
1654  If only a subset of these names are required the user can edit this
1655  file and comment out a line using "#". For example,
1656
1657    #sensor.rand_choice
1658    #timer.rand_choice
1659    car_present
1660    farm_light
1661    hwy_light
1662    timer.state
1663
1664  will cause the first two signals' simulation to be not displayed.
1665
1666  Pushing GO or ReDraw then produces a new window with the simulation
1667  results shown where time increases from left to right.  The signal
1668  value names not commented out are shown vertically, one for each
1669  row. The "edit strk.simv" and REDRAW sequence can be iterated.
1670
1671Version 1.0
1672
1673* Initial release
Note: See TracBrowser for help on using the repository browser.