BLAST: A Software Verification Tool for C programs

Slides:



Advertisements
Similar presentations
Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
Advertisements

Greta YorshEran YahavMartin Vechev IBM Research. { ……………… …… …………………. ……………………. ………………………… } T1() Challenge: Correct and Efficient Synchronization { ……………………………
Verification of Evolving Software Natasha Sharygina Joint work with Sagar Chaki and Nishant Sinha Carnegie Mellon University.
Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.
Introducing BLAST Software Verification John Gallagher CS4117.
Software Verification with BLAST Tom Henzinger Ranjit Jhala Rupak Majumdar.
BLAST-A Model Checker for C Developed by Thomas A. Henzinger (EPFL) Rupak Majumdar (UC Los Angeles) Ranjit Jhala (UC San Diego) Dirk Beyer (Simon Fraser.
The Software Model Checker BLAST by Dirk Beyer, Thomas A. Henzinger, Ranjit Jhala and Rupak Majumdar Presented by Yunho Kim Provable Software Lab, KAIST.
Thread-modular Abstraction Refinement Tom Henzinger Ranjit Jhala Rupak Majumdar Shaz Qadeer.
Termination Proofs for Systems Code Andrey Rybalchenko, EPFL/MPI joint work with Byron Cook, MSR and Andreas Podelski, MPI PLDI’2006, Ottawa.
Using Statically Computed Invariants Inside the Predicate Abstraction and Refinement Loop Himanshu Jain Franjo Ivančić Aarti Gupta Ilya Shlyakhter Chao.
Permissive Interfaces Tom Henzinger Ranjit Jhala Rupak Majumdar.
Software Verification with Blast Thomas A. Henzinger, Ranjit Jhala, Rupak Majumdar, George Necula, Grégoire Sutre, Wes Weimer UC Berkeley.
Lazy Abstraction Thomas A. Henzinger Ranjit Jhala Rupak Majumdar Grégoire Sutre UC Berkeley.
Counterexample-Guided Focus TexPoint fonts used in EMF. Read the TexPoint manual before you delete this box.: AAA A A A AA A A Thomas Wies Institute of.
Thread-modular Abstraction Refinement Tom Henzinger Ranjit Jhala Rupak Majumdar [UC Berkeley] Shaz Qadeer [Microsoft Research]
Lazy Predicate Abstraction in BLAST John Gallagher CS4117.
Synergy: A New Algorithm for Property Checking
Ch. 1: Software Development (Read) 5 Phases of Software Life Cycle: Problem Analysis and Specification Design Implementation (Coding) Testing, Execution.
An Evaluation of BLAST John Gallagher CS4117. Overview BLAST incorporates new, fascinating and complex technology. The engine and external components.
Speeding Up Dataflow Analysis Using Flow- Insensitive Pointer Analysis Stephen Adams, Tom Ball, Manuvir Das Sorin Lerner, Mark Seigle Westley Weimer Microsoft.
Counter Example Guided Refinement CEGAR Mooly Sagiv.
Race Checking by Context Inference Tom Henzinger Ranjit Jhala Rupak Majumdar UC Berkeley.
Software Reliability Methods Sorin Lerner. Software reliability methods: issues What are the issues?
Predicate Abstraction for Software and Hardware Verification Himanshu Jain Model checking seminar April 22, 2005.
Temporal-Safety Proofs for Systems Code Thomas A. Henzinger Ranjit Jhala Rupak Majumdar George Necula Westley Weimer Grégoire Sutre UC Berkeley.
Software Verification with BLAST Tom Henzinger Ranjit Jhala Rupak Majumdar.
Lazy Abstraction Lecture 2: Modular Analyses Ranjit Jhala UC San Diego With: Tom Henzinger, Rupak Majumdar, Ken McMillan, Gregoire Sutre.
© 2006 Pearson Addison-Wesley. All rights reserved2-1 Chapter 2 Principles of Programming & Software Engineering.
1 Formal Engineering of Reliable Software LASER 2004 school Tutorial, Lecture1 Natasha Sharygina Carnegie Mellon University.
Lazy Abstraction Tom Henzinger Ranjit Jhala Rupak Majumdar Grégoire Sutre.
Formal verification Marco A. Peña Universitat Politècnica de Catalunya.
Lazy Abstraction Lecture 3 : Partial Analysis Ranjit Jhala UC San Diego With: Tom Henzinger, Rupak Majumdar, Ken McMillan, Gregoire Sutre.
By D. Beyer et. al. Simon Fraser University (Spring 09) Presentation By: Pashootan Vaezipoor.
CSC2108 Lazy Abstraction on Software Model Checking Wai Sum Mong.
JS Arrays, Functions, Events Week 5 INFM 603. Agenda Arrays Functions Event-Driven Programming.
Comp 245 Data Structures Software Engineering. What is Software Engineering? Most students obtain the problem and immediately start coding the solution.
Program Analysis with Dynamic Change of Precision Dirk Beyer Tom Henzinger Grégory Théoduloz Presented by: Pashootan Vaezipoor Directed Reading ASE 2008.
Race Checking by Context Inference Tom Henzinger Ranjit Jhala Rupak Majumdar UC Berkeley.
Lazy Abstraction Jinseong Jeon ARCS, KAIST CS750b, KAIST2/26 References Lazy Abstraction –Thomas A. Henzinger et al., POPL ’02 Software verification.
1 EMT 101 – Engineering Programming Dr. Farzad Ismail School of Aerospace Engineering Universiti Sains Malaysia Nibong Tebal Pulau Pinang Week 2.
Convergence of Model Checking & Program Analysis Philippe Giabbanelli CMPT 894 – Spring 2008.
Localization and Register Sharing for Predicate Abstraction Himanshu Jain Franjo Ivančić Aarti Gupta Malay Ganai.
© 2006 Pearson Addison-Wesley. All rights reserved 2-1 Chapter 2 Principles of Programming & Software Engineering.
VIS Technology Transfer Course Session 7 Fairness Constraints and Monitors Serdar Tasiran.
Data Structure Introduction Dr. Bernard Chen Ph.D. University of Central Arkansas Fall 2010.
Static Techniques for V&V. Hierarchy of V&V techniques Static Analysis V&V Dynamic Techniques Model Checking Simulation Symbolic Execution Testing Informal.
Synergy: A New Algorithm for Property Checking Bhargav S. Gulavani (IIT Bombay)‏ Yamini Kannan (Microsoft Research India)‏ Thomas A. Henzinger (EPFL)‏
Ranjit Jhala Rupak Majumdar Interprocedural Analysis of Asynchronous Programs.
CS357 Lecture 13: Symbolic model checking without BDDs Alex Aiken David Dill 1.
CMPSC 16 Problem Solving with Computers I Spring 2014 Instructor: Tevfik Bultan Lecture 4: Introduction to C: Control Flow.
CMSC 2021 Software Development. CMSC 2022 Software Development Life Cycle Five phases: –Analysis –Design –Implementation –Testing –Maintenance.
Counter Example Guided Refinement CEGAR Mooly Sagiv.
CSCI 161 Lecture 3 Martin van Bommel. Operating System Program that acts as interface to other software and the underlying hardware Operating System Utilities.
CS Class 04 Topics  Selection statement – IF  Expressions  More practice writing simple C++ programs Announcements  Read pages for next.
The software model checker BLAST Dirk Beyer, Thomas A. Henzinger, Ranjit Jhala, Rupak Majumdar Presented by Yunho Kim TexPoint fonts used in EMF. Read.
A Resource-based Logic for Termination and Non-Termination Proofs Ton Chanh Le Cristian Gherghina Aquinas Hobor Wei-Ngan Chin National University of Singapore.
Principles of Programming & Software Engineering
Presentation Title 2/4/2018 Software Verification using Predicate Abstraction and Iterative Refinement: Part Bug Catching: Automated Program Verification.
Input Space Partition Testing CS 4501 / 6501 Software Testing
Chapter 2- Visual Basic Schneider
The Software Development Cycle
Computer Programming.
Monitoring Programs using Rewriting
Chapter 2- Visual Basic Schneider
Chapter 2- Visual Basic Schneider
CSE S. Tanimoto Paradigms
Abstractions from Proofs
Software Verification with BLAST
Predicate Abstraction
Presentation transcript:

BLAST: A Software Verification Tool for C programs MTC Dirk Beyer 2005-06-23 BLAST: A Software Verification Tool for C programs Problem: Software errors Input: - C program p, and - Property e Output: - e holds in p + certificate - e is violated + example path Solution: Model checking Based on: - Predicate abstraction - Lazy abstraction - Craig interpolation Features: - Test case generation - Query language - Memory safety French Guyana, June 4, 1996 $600 million software failure Lazy Predicate Abstraction Example: Predicates abstr. concret 1 true 1==0, z>x, y!=x The procedure starts keeping track of no predicates at all. During a cycle in the model-check-refine loop, it checks the abstract program, and finds an abstract trace violating the property (if not, it terminates with SAFE). Then it concretizes that trace and finds out that the trace is infeasible (if not, it terminates with BUG). The infeasibility of the trace is due to missing predicates. Using Craig interpolation, new predicates are found and added to the abstraction, i.e., to refine the abstract program. int f (int x, int y, int z){ 1: int a = 1; 2: if (y == x) 3: y++; 4: if (z <= x) 5: y++; 6: if (a == 0) 7: LOC: // abort(); 8: return a; } a = 1; Code 2 true a==0, z>x, y!=x Predicate Abstraction [y!=x] New Predicates of Interest 4 true a==0, z>x [ z>x ] Concretize Trace Model Check Abstract Trace [ a==0 ] 6 true a==0 Concrete Trace BUG! Correctness Certificate SAFE! 7 true true LOC: 8 true true Analysis direction: forward backward The Blast Query Language - (Possibly Infinite-State) Monitor Automata for Reachability Queries over Program Locations - First-Order Imperative Scripting Language for Combining Relations over Program Locations Benefits of Two-Level Specifications 1. Separates properties from programs, while keeping a familiar syntax for writing properties 2. Treats a program as a database of facts that can be queried, and supports macros for traditional temporal-logic specifications 3. Supports the formulation of decomposition strategies for verification tasks 4. Supports the incremental maintenance of properties during program development Example: Impact Analysis Monitor: Query: GLOBAL int defined; INITIAL { defined = 0; } EVENT { PATTERN { j = $1; } ACTION { defined ++ ; } } FINAL { defined == 1 } else REJECT affected(l1,l2) := ACCEPT(LOC_LHS(l1,”j”),LOC_RHS(l2,”j”),monitor); PRINT affected(l1,l2); Blast Research Team http://www.eecs.berkeley.edu/~blast mailto:blast@eecs.berkeley.edu Dirk Beyer Tom Henzinger Ranjit Jhala Rupak Majumdar

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.