Software Verification with BLAST
Blast (the Berkeley Lazy Abstraction Software verification Tool) is a verification system for checking safety properties of C programs using automatic property-driven construction and model checking of software abstractions. Blast implements an abstract-model check-refine loop to check for reachability of a specified label in the program. The abstract model is built on the fly using predicate abstraction. This model is then checked for reachability. If there is no (abstract) path to the specified error label, Blast reports that the system is safe and produces a succinct proof. Otherwise, it checks if the path is feasible using symbolic execution of the program. If the path is feasible, Blast outputs the path as an error trace, otherwise, it uses the infeasibility of the path to refine the abstract model. Blast short-circuits the loop from abstraction to verification to refinement, integrating the three steps tightly through “lazy abstraction” . This integration can offer significant advantages in performance by avoiding the repetition of work from one iteration of the loop to the next.
KeywordsModel Check Symbolic Execution Model Check Algorithm Abstraction Predicate Nondeterministic Choice
Unable to display preview. Download preview PDF.
- T. Ball, R. Majumdar, T. Millstein, and S. K. Rajamani. Automatic predicate abstraction of C programs. In PLDI 01: Programming Language Design and Implementation, pages 203–213. ACM, 2001.Google Scholar
- D. Detlefs, G. Nelson, and J. Saxe. Simplify theorem prover.Google Scholar
- T. A. Henzinger, R. Jhala, R. Majumdar, and G. Sutre. Lazy abstraction. In POPL 02: Principles of Programming Languages, pages 58–70. ACM, 2002.Google Scholar
- G. C. Necula. Proof-carrying code. In POPL 97: Principles of Programming Languages, pages 106–119. ACM, 1997.Google Scholar