Software Verification with BLAST

1
Software Verification withBLAST

• Zach vanSchouwen
• Huabiao Xu

2
Berkeley Lazy Abstraction Software Verification
Tool

• Goal Check whether software satisfies behavioral
  properties of the interfaces it uses
• Programmers give partial specifications
• Code checked for consistency with BLAST

3
Process

• Blast creates an abstract reachability tree
• Search for error nodes
• Re-search the same area, analyzing
  counter-examples more deeply
• Cut edge if found to be a false positive
• Trace the remaining counter-examples

4
Example

• do
• lock()
• old new
• q q.next
• if (q ! NULL)
• q-gtdata new
• unlock()
• new
• while(new ! old)
• unlock()
• return

5
Example

• States sharing some predicates are similar, and
  are merged into one abstraction state
• new old
• Can be merged into one abstract state
• while(new ! old) will not loop
• unlock () happens on unlocked state
• Refine counter-example, cut edge if spurious
• while (new! old) will loop

6
Abstraction is Expensive

• 2(of predicates) abstract states
• Reachable states could be far fewer
• Solution Build and Search as we go along

7
Questions

• Additional Reading
• http//mtc.epfl.ch/software-tools/blast/
• http//www.eecs.berkeley.edu/blast