Software Verification with BLAST

  • Thomas A. Henzinger
  • Ranjit Jhala
  • Rupak Majumdar
  • Grégoire Sutre
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2648)


Blast (the Berkeley Lazy Abstraction Software verification Tool) is a verification system for checking safety properties of C programs using automatic property-driven construction and model checking of software abstractions. Blast implements an abstract-model check-refine loop to check for reachability of a specified label in the program. The abstract model is built on the fly using predicate abstraction. This model is then checked for reachability. If there is no (abstract) path to the specified error label, Blast reports that the system is safe and produces a succinct proof. Otherwise, it checks if the path is feasible using symbolic execution of the program. If the path is feasible, Blast outputs the path as an error trace, otherwise, it uses the infeasibility of the path to refine the abstract model. Blast short-circuits the loop from abstraction to verification to refinement, integrating the three steps tightly through “lazy abstraction” [5]. This integration can offer significant advantages in performance by avoiding the repetition of work from one iteration of the loop to the next.


Model Check Symbolic Execution Model Check Algorithm Abstraction Predicate Nondeterministic Choice 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [1]
    T. Ball, R. Majumdar, T. Millstein, and S. K. Rajamani. Automatic predicate abstraction of C programs. In PLDI 01: Programming Language Design and Implementation, pages 203–213. ACM, 2001.Google Scholar
  2. [2]
    S. Das, D. L. Dill, and S. Park. Experience with predicate abstraction. In CAV 99: Computer-Aided Verification, LNCS 1633, pages 160–171. Springer-Verlag, 1999.CrossRefGoogle Scholar
  3. [3]
    D. Detlefs, G. Nelson, and J. Saxe. Simplify theorem prover.Google Scholar
  4. [4]
    T. A. Henzinger, R. Jhala, R. Majumdar, G. C. Necula, G. Sutre, and W. Weimer. Temporal-safety proofs for systems code. In CAV 02: Computer-Aided Verification, LNCS 2404, pages 526–538. Springer-Verlag, 2002.CrossRefGoogle Scholar
  5. [5]
    T. A. Henzinger, R. Jhala, R. Majumdar, and G. Sutre. Lazy abstraction. In POPL 02: Principles of Programming Languages, pages 58–70. ACM, 2002.Google Scholar
  6. [6]
    G. C. Necula. Proof-carrying code. In POPL 97: Principles of Programming Languages, pages 106–119. ACM, 1997.Google Scholar
  7. [7]
    G. C. Necula, S. McPeak, S. P. Rahul, and W. Weimer. CIL: Intermediate language and tools for analysis and transformation of C programs. In CC 02: Compiler Construction, LNCS 2304, pages 213–228. Springer-Verlag, 2002.CrossRefGoogle Scholar
  8. [8]
    A. Stump, C. Barrett, and D. L. Dill. CVC: A cooperating validity checker. In CAV 02: Computer-Aided Verification, LNCS 2404, pages 500–504. Springer-Verlag, 2002.CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • Thomas A. Henzinger
    • 1
  • Ranjit Jhala
    • 1
  • Rupak Majumdar
    • 1
  • Grégoire Sutre
    • 2
  1. 1.EECS DepartmentUniversity of CaliforniaBerkeley
  2. 2.LaBRIUniversité de BordeauxFrance

Personalised recommendations