An Evaluation of BLAST John Gallagher CS4117. Overview BLAST incorporates new, fascinating and complex technology. The engine and external components.

Slides:



Advertisements
Similar presentations
Design by Contract.
Advertisements

Copyright W. Howden1 Programming by Contract CSE 111 6/4/2014.
Modular and Verified Automatic Program Repair Francesco Logozzo, Thomas Ball RiSE - Microsoft Research Redmond.
SOFTWARE TESTING. Software Testing Principles Types of software tests Test planning Test Development Test Execution and Reporting Test tools and Methods.
Automated Evaluation of Runtime Object States Against Model-Level States for State-Based Test Execution Frank(Weifeng) Xu, Gannon University Dianxiang.
Delta Debugging and Model Checkers for fault localization
Introducing BLAST Software Verification John Gallagher CS4117.
T. E. Potok - University of Tennessee Software Engineering Dr. Thomas E. Potok Adjunct Professor UT Research Staff Member ORNL.
BLAST-A Model Checker for C Developed by Thomas A. Henzinger (EPFL) Rupak Majumdar (UC Los Angeles) Ranjit Jhala (UC San Diego) Dirk Beyer (Simon Fraser.
The Software Model Checker BLAST by Dirk Beyer, Thomas A. Henzinger, Ranjit Jhala and Rupak Majumdar Presented by Yunho Kim Provable Software Lab, KAIST.
Formal Methods in Software Engineering Credit Hours: 3+0 By: Qaisar Javaid Assistant Professor Formal Methods in Software Engineering1.
Lazy Predicate Abstraction in BLAST John Gallagher CS4117.
The IDE (Integrated Development Environment) provides a DEBUGGER for locating and correcting errors in program logic (logic errors not syntax errors) The.
Predicate Abstraction for Software and Hardware Verification Himanshu Jain Model checking seminar April 22, 2005.
Describing Syntax and Semantics
EE694v-Verification-Lect5-1- Lecture 5 - Verification Tools Automation improves the efficiency and reliability of the verification process Some tools,
C++ for Engineers and Scientists Third Edition
Chapter 1: Introduction To Computer | SCP1103 Programming Technique C | Jumail, FSKSM, UTM, 2005 | Last Updated: July 2005 Slide 1 Introduction To Computers.
By Ryan Mowry.  Graphical models of system  Entire system or just parts  Complex systems easier to understand  “Capture key requirements and demonstrate.
Automated Diagnosis of Software Configuration Errors
By D. Beyer et. al. Simon Fraser University (Spring 09) Presentation By: Pashootan Vaezipoor.
 ETL: Extract Transformation and Load  Term is used to describe data migration or data conversion process  ETL may be part of the business process repeated.
CASE Tools And Their Effect On Software Quality Peter Geddis – pxg07u.
CSC2108 Lazy Abstraction on Software Model Checking Wai Sum Mong.
CS527: (Advanced) Topics in Software Engineering Overview of Software Quality Assurance Tao Xie ©D. Marinov, T. Xie.
Computer Programming and Basic Software Engineering 4. Basic Software Engineering 1 Writing a Good Program 4. Basic Software Engineering.
Unit Testing & Defensive Programming. F-22 Raptor Fighter.
Introduction to Systems Analysis and Design Trisha Cummings.
Designing For Testability. Incorporate design features that facilitate testing Include features to: –Support test automation at all levels (unit, integration,
1 Debugging and Testing Overview Defensive Programming The goal is to prevent failures Debugging The goal is to find cause of failures and fix it Testing.
1 Chapter 4: Selection Structures. In this chapter, you will learn about: – Selection criteria – The if-else statement – Nested if statements – The switch.
B. Fernández, D. Darvas, E. Blanco Formal methods appliedto PLC code verification Automation seminar CERN – IFAC (CEA) 02/06/2014.
CSE 219 Computer Science III Program Design Principles.
Chapter 25 Formal Methods Formal methods Specify program using math Develop program using math Prove program matches specification using.
Testing. 2 Overview Testing and debugging are important activities in software development. Techniques and tools are introduced. Material borrowed here.
Functional Verification Figure 1.1 p 6 Detection of errors in the design Before fab for design errors, after fab for physical errors.
Static Program Analyses of DSP Software Systems Ramakrishnan Venkitaraman and Gopal Gupta.
CS551 - Lecture 5 1 CS551 Lecture 5: Quality Attributes Yugi Lee FH #555 (816)
Design - programming Cmpe 450 Fall Dynamic Analysis Software quality Design carefully from the start Simple and clean Fewer errors Finding errors.
Introduction of Geoprocessing Lecture 9. Geoprocessing  Geoprocessing is any GIS operation used to manipulate data. A typical geoprocessing operation.
Interoperability Testing. Work done so far WSDL subgroup Generated Web Service Description with aim for maximum interoperability between various SOAP.
CPSC 873 John D. McGregor Session 9 Testing Vocabulary.
CS 1120: Computer Science II Software Life Cycle Slides courtesy of: Prof. Ajay Gupta and Prof. James Yang (format and other minor modifications by by.
David Streader Computer Science Victoria University of Wellington Copyright: David Streader, Victoria University of Wellington Debugging COMP T1.
Software Engineering Saeed Akhtar The University of Lahore.
May08-21 Model-Based Software Development Kevin Korslund Daniel De Graaf Cory Kleinheksel Benjamin Miller Client – Rockwell Collins Faculty Advisor – Dr.
Aspect Oriented Security Tim Hollebeek, Ph.D.
Software Quality Assurance and Testing Fazal Rehman Shamil.
R-Verify: Deep Checking of Embedded Code James Ezick † Donald Nguyen † Richard Lethin † Rick Pancoast* (†) Reservoir Labs (*) Lockheed Martin The Eleventh.
Whole Test Suite Generation. Abstract Not all bugs lead to program crashes, and not always is there a formal specification to check the correctness of.
Testing Overview Software Reliability Techniques Testing Concepts CEN 4010 Class 24 – 11/17.
CS223: Software Engineering Lecture 21: Unit Testing Metric.
ECE 750 Topic 8 Meta-programming languages, systems, and applications Automatic Program Specialization for J ava – U. P. Schultz, J. L. Lawall, C. Consel.
Introduction to Computer Programming Concepts M. Uyguroğlu R. Uyguroğlu.
The software model checker BLAST Dirk Beyer, Thomas A. Henzinger, Ranjit Jhala, Rupak Majumdar Presented by Yunho Kim TexPoint fonts used in EMF. Read.
Unit Testing.
Data Collection and Analysis
John D. McGregor Session 9 Testing Vocabulary
Testing and Debugging.
runtime verification Brief Overview Grigore Rosu
John D. McGregor Session 9 Testing Vocabulary
John D. McGregor Session 9 Testing Vocabulary
Introduction to the C Language
BugHint: A Visual Debugger Based on Graph Mining
CS 240 – Advanced Programming Concepts
Abstractions from Proofs
The Zoo of Software Security Techniques
Software Development Chapter 1.
Overview Activities from additional UP disciplines are needed to bring a system into being Implementation Testing Deployment Configuration and change management.
BLAST: A Software Verification Tool for C programs
Presentation transcript:

An Evaluation of BLAST John Gallagher CS4117

Overview BLAST incorporates new, fascinating and complex technology. The engine and external components are evolving monthly. BLAST can be used successfully on carefully scoped (systems) programs. BLAST exists to serve software model checking research and make it tangible. It is not a good developer tool.

Criteria How easy is it to generate the input? How easy is it to generate the output? How accurate is the output? How precise is the output? How broad are the applications of the tool? What are the alternatives? How much time or process does the tool add or remove from software development? Opportunity Cost

The Good – BLAST Framework BLAST internals illustrate interesting working examples of compiler technology: int main() { int i, x, y, ctr; x = ctr; ctr = ctr + 1; y = ctr; if (x == i) { assert (y == i + 1); } } :-)

The Good – BLAST Framework Based on very recent research (earliest work cited in corresponding paper was from 2002). Given good input, correct use of BLAST’s myriad of runtime options, and good specification, BLAST performs well. Able to find real bugs that were fixed based on counterexample information that no other tools were providing.

The Good – BLAST Framework Running time figures and number of real counterexample traces make BLAST look good. They are the result of a solid framework. Favorable position of having little competition in terms of results achievable. ProgramLines pre- processed Time (mins) Predicates Total Average kbfiltr 12k floppy 17k diskprf 14k cdaudio 18k parport 61k parclss 138k

Future – BLAST Framework Using interpolation in predicate discovery was a step forward. This reduced the number of abstract predicates to track. Lazy Interpolation-Based model checking integrates interpolants further into the engine. It is being explored by BLAST Kenneth McMillan and BLASTer Ranjit Jhala. Expression abstraction may yet be able to represent more expressive C patterns. Basic user-mode program specifications cannot be verified.

The Bad – BLAST Usability Not easy to install (Specific path dependencies, purported Cygwin compatibility a fallacy) Not easy run BLAST Query Language pre-processor yields bad output, contains no usage information BLAST Query Language pre-processor yields bad output, contains no usage information BLAST main executable has 232 lines of usage information, some of which is completely broken, some of which has significant impact on results. BLAST main executable has 232 lines of usage information, some of which is completely broken, some of which has significant impact on results.

The Bad – BLAST Usability Output with debugging suppressed contains about.5% useful information. With debugging added, that number is significantly less. (Even a developer would be hard pressed to decipher over one-hundred consecutive lines of “: is the zero DD”). The tool’s specification weaver does not correctly remember source code lines, so useful output requires extensive corresponding grep into the source.

BLAST – Recommendations Integrate BLAST into development process early. Take advantage of BLAST’s typically fast run times to perform verification as a post- compile operation. Take note when BLAST output changes dramatically, and find the corresponding change in source.

BLAST – Recommendations BQL (BLAST Query Language) is a good way to separate specification from implementation and eliminate BLAST checks that could turn into useless runtime costs Build tools around BQL specification weaver or improve it (ahh, the gift and the curse of open source).

Questions?

References The information shown here is based by corresponding paper on the BLAST tool, “Software Verification with BLAST”. A good list of references can be found there.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.