blast model checker
TRANSCRIPT
-
7/24/2019 Blast Model Checker
1/21
BLAST MODEL CHECKER
COURSE NAME : FORMAL METHODS
COURSE CODE : SIM 5104
GIRUBALANI D/O GARNARAJAN (GS35502)NURSAKINAH (GS39392)
LECTURER : DR !ATHIAH ABDUL SAMAD
-
7/24/2019 Blast Model Checker
2/21
WHAT IS MODEL CHECHER?WHAT IS BLAST ?
CONSTRAINS
PROGRAM ANALYSIS WITHBLAST
BLAST FEATURES
ISSUE WITH BLAST
-
7/24/2019 Blast Model Checker
3/21
WHAT IS MODEL CHECHER
Model checking is about testingwhether the given model ofhardware or software meetsspecication
There are three essential steps in themodel checking process:-
Modeling Spei!"#ion
$e%i!"#ion
-
7/24/2019 Blast Model Checker
4/21
MODELING :Design of a
systemtranslated into
a mathematicalform.
SPECIFICATION
: Properties ofthe system thatwe would like to
check
$ERIFICATION
: hecked forthe specied
properties
&odel 'e(ing p%oe))
-
7/24/2019 Blast Model Checker
5/21
WHAT IS MODEL CHECHER?WHAT IS BLAST ?
CONSTRAINS
BLAST FEATURES
PROGRAM ANALYSIS WITHBLAST
ISSUE WITH BLAST
-
7/24/2019 Blast Model Checker
6/21
WHAT IS BLAST ?
The !erkeley "a#y $bstraction %oftware-verication Tool is a model checker thatchecks the safety properties of programs.
&$utomated' precise and scalable( )so'usable*.
The rst version of !"$%T was developed at
+ !erkeley by ,anit hala' ,upakMaumdar' and /regoire %utre and wassupported by the +% 0ational %cience1oundation
-
7/24/2019 Blast Model Checker
7/21
WHAT IS BLAST ?
2t is an automatic verication tool forchecking temporal safety properties of programs.
Temporal logics are an automaticverication techni3ue commonly employedfor nite state concurrent systems.
The goal of !"$%T is to be able to checkthat software satises behavioralproperties of the interfaces it uses.
-
7/24/2019 Blast Model Checker
8/21
WHAT IS BLAST ?
!"$%T uses countere5ample-driven automatic abstractionrenement to construct an
abstract model which is modelchecked for safety properties.
!"$%T is written in 6aml anduses 2") 2ntermediate"anguage* library to parse and
preprocess the input source code.
-
7/24/2019 Blast Model Checker
9/21
WHAT IS MODEL CHECHER?WHAT IS BLAST ?
CONSTRAINS
BLAST FEATURES
PROGRAM ANALYSIS WITHBLAST
ISSUE WITH BLAST
-
7/24/2019 Blast Model Checker
10/21
CONSTRAINS
6nly tested it on 2ntel Pentiumprocessors under "inu5 andMicrosoft 7indows with ygwin
2nstalling and making it workPredicate discovery not good
enough
hecking concurrent programs8clipse plugin
hecking recursive functions
-
7/24/2019 Blast Model Checker
11/21
WHAT IS MODEL CHECHER?WHAT IS BLAST ?
CONSTRAINS
BLAST FEATURES
PROGRAM ANALYSIS WITHBLAST
ISSUE WITH BLAST
-
7/24/2019 Blast Model Checker
12/21
!"$%T 1eatures
& 6n the 1ly( $bstraction$utomatic $bstraction
%marter predicate discovery
9erify safety properties' assertionviolations
1inding reachable program
locationDetecting dead code
,euse saved abstraction
-
7/24/2019 Blast Model Checker
13/21
WHAT IS MODEL CHECHER?WHAT IS BLAST ?
CONSTRAINS
BLAST FEATURES
PROGRAM ANALYSIS WITHBLAST
ISSUE WITH BLAST
-
7/24/2019 Blast Model Checker
14/21
PROGRAM ANALYSIS WITHBLAST
!uild an abstract model usingpredicate abstraction
heck for reachability of
specied label using the abstractmodel
2f no path to 8,, node-system
safe2f path is feasible' output error
trace
8lse use infeasibility of path to
-
7/24/2019 Blast Model Checker
15/21
PROGRAM ANALYSIS WITHBLASTThe !"$%T toolkit can be used for many
dierent analyses.
!last constructs' e5plores' and renes
abstractions of the program state spacebased on la#y predicate abstraction andinterpolation-based predicate discovery.
The most common are ,eachability hecking
$ssertion hecking
orrect "ocking
-
7/24/2019 Blast Model Checker
16/21
,eachability hecking
veries whether the special label8,,6, is reachable in the sourcecode
e.g.
Figure 1: Reachability Checking Example
-
7/24/2019 Blast Model Checker
17/21
$ssertion hecking
,eachability analysis can be usedfor checking assertions staticallyin the source code.
an be veried with !"$%T byusing assert.h header that comeswith the toolkit.
8.g.
Figure 2: Assertion Checking as Reachability
-
7/24/2019 Blast Model Checker
18/21
orrect "ocking
1or concurrent programs it is important tohave shared resources protected from nonsynchroni#ed access.
That is' when the thread will access a shared
resource it must rst ac3uire a lock.$fter nishing with the resources the thread
must release the lock.
Thus locking and unlocking actions should be
done in an alternating se3uence
FIGURE : !ocking as Reachability
-
7/24/2019 Blast Model Checker
19/21
WHAT IS MODEL CHECHER?WHAT IS BLAST ?
CONSTRAINS
BLAST FEATURES
PROGRAM ANALYSIS WITHBLAST
ISSUE WITH BLAST
-
7/24/2019 Blast Model Checker
20/21
ISSUE WITH BLAST
Pointer analysis capabilities are still notsophisticated enough
Pointer analysis )alias analysis* is arather e5pensive component of static
analysis
Pointer analysis capabilities are lackingfor proving safety in many cases
cryptic uninformative error messagesre3uired manual rewriting and
simplication of the input source code
until the tool accepted it
-
7/24/2019 Blast Model Checker
21/21
onclusion
The techniques of model checking are
cleverly employed in the BLAST program
analyzer which is a scalable and efficient
model checker for language programs!