7/24/2019 Blast Model Checker

1/21

BLAST MODEL CHECKER

COURSE NAME : FORMAL METHODS

COURSE CODE : SIM 5104

GIRUBALANI D/O GARNARAJAN (GS35502)NURSAKINAH (GS39392)

LECTURER : DR !ATHIAH ABDUL SAMAD

7/24/2019 Blast Model Checker

2/21

WHAT IS MODEL CHECHER?WHAT IS BLAST ?

CONSTRAINS

PROGRAM ANALYSIS WITHBLAST

BLAST FEATURES

ISSUE WITH BLAST

7/24/2019 Blast Model Checker

3/21

WHAT IS MODEL CHECHER

Model checking is about testingwhether the given model ofhardware or software meetsspecication

There are three essential steps in themodel checking process:-

Modeling Spei!"#ion

$e%i!"#ion

7/24/2019 Blast Model Checker

4/21

MODELING :Design of a

systemtranslated into

a mathematicalform.

SPECIFICATION

: Properties ofthe system thatwe would like to

check

$ERIFICATION

: hecked forthe specied

properties

&odel 'e(ing p%oe))

7/24/2019 Blast Model Checker

5/21

WHAT IS MODEL CHECHER?WHAT IS BLAST ?

CONSTRAINS

BLAST FEATURES

PROGRAM ANALYSIS WITHBLAST

ISSUE WITH BLAST

7/24/2019 Blast Model Checker

6/21

WHAT IS BLAST ?

The !erkeley "a#y $bstraction %oftware-verication Tool is a model checker thatchecks the safety properties of programs.

&$utomated' precise and scalable( )so'usable*.

The rst version of !"$%T was developed at

+ !erkeley by ,anit hala' ,upakMaumdar' and /regoire %utre and wassupported by the +% 0ational %cience1oundation

7/24/2019 Blast Model Checker

7/21

WHAT IS BLAST ?

2t is an automatic verication tool forchecking temporal safety properties of programs.

Temporal logics are an automaticverication techni3ue commonly employedfor nite state concurrent systems.

The goal of !"$%T is to be able to checkthat software satises behavioralproperties of the interfaces it uses.

7/24/2019 Blast Model Checker

8/21

WHAT IS BLAST ?

!"$%T uses countere5ample-driven automatic abstractionrenement to construct an

abstract model which is modelchecked for safety properties.

!"$%T is written in 6aml anduses 2") 2ntermediate"anguage* library to parse and

preprocess the input source code.

7/24/2019 Blast Model Checker

9/21

WHAT IS MODEL CHECHER?WHAT IS BLAST ?

CONSTRAINS

BLAST FEATURES

PROGRAM ANALYSIS WITHBLAST

ISSUE WITH BLAST

7/24/2019 Blast Model Checker

10/21

CONSTRAINS

6nly tested it on 2ntel Pentiumprocessors under "inu5 andMicrosoft 7indows with ygwin

2nstalling and making it workPredicate discovery not good

enough

hecking concurrent programs8clipse plugin

hecking recursive functions

7/24/2019 Blast Model Checker

11/21

WHAT IS MODEL CHECHER?WHAT IS BLAST ?

CONSTRAINS

BLAST FEATURES

PROGRAM ANALYSIS WITHBLAST

ISSUE WITH BLAST

7/24/2019 Blast Model Checker

12/21

!"$%T 1eatures

& 6n the 1ly( $bstraction$utomatic $bstraction

%marter predicate discovery

9erify safety properties' assertionviolations

1inding reachable program

locationDetecting dead code

,euse saved abstraction

7/24/2019 Blast Model Checker

13/21

WHAT IS MODEL CHECHER?WHAT IS BLAST ?

CONSTRAINS

BLAST FEATURES

PROGRAM ANALYSIS WITHBLAST

ISSUE WITH BLAST

7/24/2019 Blast Model Checker

14/21

PROGRAM ANALYSIS WITHBLAST

!uild an abstract model usingpredicate abstraction

heck for reachability of

specied label using the abstractmodel

2f no path to 8,, node-system

safe2f path is feasible' output error

trace

8lse use infeasibility of path to

7/24/2019 Blast Model Checker

15/21

PROGRAM ANALYSIS WITHBLASTThe !"$%T toolkit can be used for many

dierent analyses.

!last constructs' e5plores' and renes

abstractions of the program state spacebased on la#y predicate abstraction andinterpolation-based predicate discovery.

The most common are ,eachability hecking

$ssertion hecking

orrect "ocking

7/24/2019 Blast Model Checker

16/21

,eachability hecking

veries whether the special label8,,6, is reachable in the sourcecode

e.g.

Figure 1: Reachability Checking Example

7/24/2019 Blast Model Checker

17/21

$ssertion hecking

,eachability analysis can be usedfor checking assertions staticallyin the source code.

an be veried with !"$%T byusing assert.h header that comeswith the toolkit.

8.g.

Figure 2: Assertion Checking as Reachability

7/24/2019 Blast Model Checker

18/21

orrect "ocking

1or concurrent programs it is important tohave shared resources protected from nonsynchroni#ed access.

That is' when the thread will access a shared

resource it must rst ac3uire a lock.$fter nishing with the resources the thread

must release the lock.

Thus locking and unlocking actions should be

done in an alternating se3uence

FIGURE : !ocking as Reachability

7/24/2019 Blast Model Checker

19/21

WHAT IS MODEL CHECHER?WHAT IS BLAST ?

CONSTRAINS

BLAST FEATURES

PROGRAM ANALYSIS WITHBLAST

ISSUE WITH BLAST

7/24/2019 Blast Model Checker

20/21

ISSUE WITH BLAST

Pointer analysis capabilities are still notsophisticated enough

Pointer analysis )alias analysis* is arather e5pensive component of static

analysis

Pointer analysis capabilities are lackingfor proving safety in many cases

cryptic uninformative error messagesre3uired manual rewriting and

simplication of the input source code

until the tool accepted it

7/24/2019 Blast Model Checker

21/21

onclusion

The techniques of model checking are

cleverly employed in the BLAST program

analyzer which is a scalable and efficient

model checker for language programs!