Presentation is loading. Please wait.

Presentation is loading. Please wait.

BLAST: A Software Verification Tool for C programs

Published byMina Therese Thorsen Modified over 5 years ago

Similar presentations

Presentation on theme: "BLAST: A Software Verification Tool for C programs"— Presentation transcript:

1 BLAST: A Software Verification Tool for C programs
MTC Dirk Beyer BLAST: A Software Verification Tool for C programs Problem: Software errors Input: - C program p, and - Property e Output: - e holds in p + certificate - e is violated + example path Solution: Model checking Based on: - Predicate abstraction - Lazy abstraction - Craig interpolation Features: - Test case generation - Query language - Memory safety French Guyana, June 4, 1996 $600 million software failure Lazy Predicate Abstraction Example: Predicates abstr. concret 1 true 1==0, z>x, y!=x The procedure starts keeping track of no predicates at all. During a cycle in the model-check-refine loop, it checks the abstract program, and finds an abstract trace violating the property (if not, it terminates with SAFE). Then it concretizes that trace and finds out that the trace is infeasible (if not, it terminates with BUG). The infeasibility of the trace is due to missing predicates. Using Craig interpolation, new predicates are found and added to the abstraction, i.e., to refine the abstract program. int f (int x, int y, int z){ 1: int a = 1; 2: if (y == x) 3: y++; 4: if (z <= x) 5: y++; 6: if (a == 0) 7: LOC: // abort(); 8: return a; } a = 1; Code 2 true a==0, z>x, y!=x Predicate Abstraction [y!=x] New Predicates of Interest 4 true a==0, z>x [ z>x ] Concretize Trace Model Check Abstract Trace [ a==0 ] 6 true a==0 Concrete Trace BUG! Correctness Certificate SAFE! 7 true true LOC: 8 true true Analysis direction: forward backward The Blast Query Language - (Possibly Infinite-State) Monitor Automata for Reachability Queries over Program Locations - First-Order Imperative Scripting Language for Combining Relations over Program Locations Benefits of Two-Level Specifications 1. Separates properties from programs, while keeping a familiar syntax for writing properties 2. Treats a program as a database of facts that can be queried, and supports macros for traditional temporal-logic specifications 3. Supports the formulation of decomposition strategies for verification tasks 4. Supports the incremental maintenance of properties during program development Example: Impact Analysis Monitor: Query: GLOBAL int defined; INITIAL { defined = 0; } EVENT { PATTERN { j = $1; } ACTION { defined ++ ; } } FINAL { defined == 1 } else REJECT affected(l1,l2) := ACCEPT(LOC_LHS(l1,”j”),LOC_RHS(l2,”j”),monitor); PRINT affected(l1,l2); Blast Research Team Dirk Beyer Tom Henzinger Ranjit Jhala Rupak Majumdar

Download ppt "BLAST: A Software Verification Tool for C programs"

Similar presentations

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
Greta YorshEran YahavMartin Vechev IBM Research. { ……………… …… …………………. ……………………. ………………………… } T1() Challenge: Correct and Efficient Synchronization { ……………………………

Greta YorshEran YahavMartin Vechev IBM Research. { ……………… …… …………………. ……………………. ………………………… } T1() Challenge: Correct and Efficient Synchronization { ……………………………
Verification of Evolving Software Natasha Sharygina Joint work with Sagar Chaki and Nishant Sinha Carnegie Mellon University.

Verification of Evolving Software Natasha Sharygina Joint work with Sagar Chaki and Nishant Sinha Carnegie Mellon University.
Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.

Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.
Introducing BLAST Software Verification John Gallagher CS4117.

Introducing BLAST Software Verification John Gallagher CS4117.
Software Verification with BLAST Tom Henzinger Ranjit Jhala Rupak Majumdar.

Software Verification with BLAST Tom Henzinger Ranjit Jhala Rupak Majumdar.
BLAST-A Model Checker for C Developed by Thomas A. Henzinger (EPFL) Rupak Majumdar (UC Los Angeles) Ranjit Jhala (UC San Diego) Dirk Beyer (Simon Fraser.

BLAST-A Model Checker for C Developed by Thomas A. Henzinger (EPFL) Rupak Majumdar (UC Los Angeles) Ranjit Jhala (UC San Diego) Dirk Beyer (Simon Fraser.
The Software Model Checker BLAST by Dirk Beyer, Thomas A. Henzinger, Ranjit Jhala and Rupak Majumdar Presented by Yunho Kim Provable Software Lab, KAIST.

The Software Model Checker BLAST by Dirk Beyer, Thomas A. Henzinger, Ranjit Jhala and Rupak Majumdar Presented by Yunho Kim Provable Software Lab, KAIST.
Thread-modular Abstraction Refinement Tom Henzinger Ranjit Jhala Rupak Majumdar Shaz Qadeer.

Thread-modular Abstraction Refinement Tom Henzinger Ranjit Jhala Rupak Majumdar Shaz Qadeer.
Termination Proofs for Systems Code Andrey Rybalchenko, EPFL/MPI joint work with Byron Cook, MSR and Andreas Podelski, MPI PLDI’2006, Ottawa.

Termination Proofs for Systems Code Andrey Rybalchenko, EPFL/MPI joint work with Byron Cook, MSR and Andreas Podelski, MPI PLDI’2006, Ottawa.
Using Statically Computed Invariants Inside the Predicate Abstraction and Refinement Loop Himanshu Jain Franjo Ivančić Aarti Gupta Ilya Shlyakhter Chao.

Using Statically Computed Invariants Inside the Predicate Abstraction and Refinement Loop Himanshu Jain Franjo Ivančić Aarti Gupta Ilya Shlyakhter Chao.
Permissive Interfaces Tom Henzinger Ranjit Jhala Rupak Majumdar.

Permissive Interfaces Tom Henzinger Ranjit Jhala Rupak Majumdar.
Software Verification with Blast Thomas A. Henzinger, Ranjit Jhala, Rupak Majumdar, George Necula, Grégoire Sutre, Wes Weimer UC Berkeley.

Software Verification with Blast Thomas A. Henzinger, Ranjit Jhala, Rupak Majumdar, George Necula, Grégoire Sutre, Wes Weimer UC Berkeley.
Lazy Abstraction Thomas A. Henzinger Ranjit Jhala Rupak Majumdar Grégoire Sutre UC Berkeley.

Lazy Abstraction Thomas A. Henzinger Ranjit Jhala Rupak Majumdar Grégoire Sutre UC Berkeley.
Counterexample-Guided Focus TexPoint fonts used in EMF. Read the TexPoint manual before you delete this box.: AAA A A A AA A A Thomas Wies Institute of.

Counterexample-Guided Focus TexPoint fonts used in EMF. Read the TexPoint manual before you delete this box.: AAA A A A AA A A Thomas Wies Institute of.
Thread-modular Abstraction Refinement Tom Henzinger Ranjit Jhala Rupak Majumdar [UC Berkeley] Shaz Qadeer [Microsoft Research]

Thread-modular Abstraction Refinement Tom Henzinger Ranjit Jhala Rupak Majumdar [UC Berkeley] Shaz Qadeer [Microsoft Research]
Lazy Predicate Abstraction in BLAST John Gallagher CS4117.

Lazy Predicate Abstraction in BLAST John Gallagher CS4117.
Synergy: A New Algorithm for Property Checking

Synergy: A New Algorithm for Property Checking
Ch. 1: Software Development (Read) 5 Phases of Software Life Cycle: Problem Analysis and Specification Design Implementation (Coding) Testing, Execution.

Ch. 1: Software Development (Read) 5 Phases of Software Life Cycle: Problem Analysis and Specification Design Implementation (Coding) Testing, Execution.
An Evaluation of BLAST John Gallagher CS4117. Overview BLAST incorporates new, fascinating and complex technology. The engine and external components.

An Evaluation of BLAST John Gallagher CS4117. Overview BLAST incorporates new, fascinating and complex technology. The engine and external components.

Similar presentations

Ads by Google