Blast Model Checker

BLAST MODEL CHECKER
COURSE NAME : FORMAL METHODS

COURSE CODE : SIM 5104
GIRUBALANI D/O GARNARAJAN (GS35502)
NURSAKINAH
(GS39392)
LECTURER : DR. PATHIAH ABDUL SAMAD
WHAT
IS MODEL CHECHER?
WHAT IS BLAST ?
CONSTRAINS
PROGRAM ANALYSIS WITH
BLAST
BLAST FEATURES
ISSUE WITH BLAST
WHAT IS MODEL CHECHER

Model checking is about testing
whether the given model of
hardware or software meets
specification
There are three essential steps in the
model checking process: Modeling
Specification
Verification
MODELING :
Design of a
system
translated into
a mathematical
form.
SPECIFICATION
: Properties of
the system that
we would like to
check
model checking process
VERIFICATION
: Checked for
the specified
properties
WHAT
IS MODEL CHECHER?
WHAT IS BLAST ?
CONSTRAINS
BLAST FEATURES
BLAST
ISSUE WITH BLAST
WHAT IS BLAST ?
The
Berkeley Lazy Abstraction Softwareverification Tool is a model checker that

checks the safety properties of C programs.
Automated,
precise and scalable (so,
usable).
The
first version of BLAST was developed at

UC Berkeley by Ranjit Jhala, Rupak
Majumdar, and Gregoire Sutre and was
supported by the US National Science
Foundation
WHAT IS BLAST ?
It
is an automatic verification tool for

checking temporal safety properties of C
programs.
Temporal
logics are an automatic

verification technique commonly employed
for finite state concurrent systems.
The
goal ofBLASTis to be able to check

that software satisfies behavioral
properties of the interfaces it uses.
WHAT IS BLAST ?
BLAST
uses counterexampledriven automatic abstraction

refinement to construct an
abstract model which is model
checked for safety properties.
BLAST
is written in OCaml and

uses CIL(C Intermediate
Language) library to parse and
preprocess the input source code.
WHAT
IS MODEL CHECHER?
WHAT IS BLAST ?
CONSTRAINS
BLAST FEATURES
BLAST
ISSUE WITH BLAST
CONSTRAINS
Only
tested it on Intel Pentium

processors under Linux and
Microsoft Windows with Cygwin
Installing and making it work
Predicate discovery not good
enough
Checking concurrent programs
Eclipse plugin
Checking recursive functions
WHAT
IS MODEL CHECHER?
WHAT IS BLAST ?
CONSTRAINS
BLAST FEATURES
BLAST
ISSUE WITH BLAST
BLAST Features
On the Fly Abstraction

Automatic Abstraction
Smarter predicate discovery
Verify safety properties, assertion
violations
Finding reachable program
location
Detecting dead code
Reuse saved abstraction
WHAT
IS MODEL CHECHER?
WHAT IS BLAST ?
CONSTRAINS
BLAST FEATURES
BLAST
ISSUE WITH BLAST

BLAST
Build
an abstract model using

predicate abstraction
Check for reachability of
specified label using the abstract
model
If no path to ERR node-system
safe
If path is feasible, output error
trace
Else use infeasibility of path to

BLAST
The
BLAST toolkit can be used for many

different analyses.
Blast
constructs, explores, and refines

abstractions of the program state space
based on lazy predicate abstraction and
interpolation-based predicate discovery.
The
most common are
Reachability Checking
Assertion Checking
Correct Locking
Reachability Checking
verifies
whether the special label

ERROR is reachable in the source
code
e.g.
Figure 1: Reachability Checking Example
Assertion Checking
Reachability
analysis can be used

for checking assertions statically
in the source code.
Can be verified with BLAST by
using assert.h header that comes
with the toolkit.
E.g.
Figure 2: Assertion Checking as Reachability
Correct Locking
For
concurrent programs it is important to

have shared resources protected from non
synchronized access.
That is, when the thread will access a shared
resource it must first acquire a lock.
After finishing with the resources the thread
must release the lock.
Thus locking and unlocking actions should be
done in an alternating sequence
FIGURE 3: Locking as Reachability
WHAT
IS MODEL CHECHER?
WHAT IS BLAST ?
CONSTRAINS
BLAST FEATURES
BLAST
ISSUE WITH BLAST
ISSUE WITH BLAST

Pointer
analysis capabilities are still not

sophisticated enough
Pointer analysis (alias analysis) is a
rather expensive component of static
analysis
Pointer analysis capabilities are lacking
for proving safety in many cases
cryptic uninformative error messages
required manual rewriting and
simplification of the input source code
until the tool accepted it
Conclusion
Thetechniquesofmodelcheckingare
cleverlyemployedintheBLASTprogram
analyzerwhichisascalableandefficient
modelcheckerforClanguageprograms.

Blast Model Checker

Caricato da

Informazioni sul documento

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

Blast Model Checker

Caricato da

Copyright:

Formati disponibili

BLAST MODEL CHECKER

COURSE NAME : FORMAL METHODS

WHAT IS MODEL CHECHER

model checking process

Berkeley Lazy Abstraction Softwareverification Tool is a model checker that

precise and scalable (so,

first version of BLAST was developed at

is an automatic verification tool for

logics are an automatic

goal ofBLASTis to be able to check

uses counterexampledriven automatic abstraction

is written in OCaml and

tested it on Intel Pentium

On the Fly Abstraction

PROGRAM ANALYSIS WITH

an abstract model using

PROGRAM ANALYSIS WITH

BLAST toolkit can be used for many

constructs, explores, and refines

most common are

whether the special label

Figure 1: Reachability Checking Example

analysis can be used

Figure 2: Assertion Checking as Reachability

concurrent programs it is important to

FIGURE 3: Locking as Reachability

ISSUE WITH BLAST

analysis capabilities are still not

Potrebbero piacerti anche