The Software Model Checker BLAST - Chair of Software Engineering
Recommend Documents
13 Sep 2007... model checker BLAST. Applications to software engineering ... Blast to
statically prove memory safety for C programs. We use CCured, a ...
to organize such a course, and we suggest best practices to achieve ... D.2.9 [Software Engineering]: Management â life cycle, ..... global studio pro ject. In ICSE ...
Statements about requirements: Boehm. Source: Boehm, Barry W. Software
Engineering Economics. Englewood Cliffs, NJ: Prentice-Hall, 1981. 0. 10. 20. 30.
40.
May 10, 2008 - Recently, automated solutions have become increas- ingly practical. ... tion of manual and automatic testing (Section 6). 2. OBJECT ... fixes this issue by taking into account the different values of the references in ... Object in Jav
today's systems have become distributed over networks, including ...... trivially open to that possibility. ... mechanis
Principles of. Software Testing. Bertrand Meyer, ETH Zürich and Eiffel Software.
While everyone knows the theoret- ical limitations of software testing, in practice ...
May 5, 2010 - disciplined, quantifiable approach to the development, operation, and maintenance ..... Tokyo Stock Exchan
May 5, 2010 - Lessons from experience: teaching software engineering. 4. General ... disciplined, quantifiable approach
to debug erroneous code. The results ... data collected from our own students over the past three years [5]. It includes common novice errors: unknown identifier, wrong number of ... Some compilers display a list of error messages if more than one er
Mar 9, 2010 ... Listening to Programmers. Taxonomies and Characteristics of. Comments in
Operating System Code written by Yoann Padioleau, Lin Tan and ...
big challenge is making software verification practical and usable. The Eve ... sources. The implementation of Eve, freely available for download [11], continues to evolve .... bug by adding an instruction create l v before the loop on line 47. ... s
Oct 17, 2009 - E. âthere exists a pathâ. G p. âp holds globally in the futureâ. pUq ... BLAST (Berkeley Lazy Abstraction Software Verification Tool) is a software ...
124. Computer. THE PROFESSION. The 2006 International Con- ference on
Software Engine- ering's call for papers lists more than 70 topics that excite.
Roger Osmond, which I will try to sum- marize here. ... âpersonalâ computers, the Internet, and the Web. ... Roger O
Jul 9, 2007 - Suggestions for testing practitioners and tool builders. Based on the results ... Random input generation for object-oriented applications can be performed in ..... performance of the random testing algorithm can vary widely with.
the presence of simple programmer-written contracts in the code to infer sophisticated assertions, involving for example implication and universal quantification.
Carlo A. Furia, Marco Piccioni, and Bertrand Meyer. Chair of Software
Engineering. With material from Christoph Angerer. C#: Graphical User.
Interfaces (GUI) ...
May 22, 2002 ... ISO 31:0-13: "Quantities and units of {field of use}" ... An Eiffel Library for Units of
Measurement — Markus Keller — ETH Zürich, 2002-05-22.
Iterators: mechanisms that will apply a routine call to all the elements of a .... which returns the result of calling f on the given target and arguments. ..... Director of Barr Rosenberg Research Center LLC, an investment research firm in Orinda,.
AutoTest is a testing tool that provides a âbest of ..... manual unit tests apply to the classes in the test ... To improve performance when computing Trecursive ,.
Classifying Green Software Engineering - The GREENSOFT Model ... Sustainable Software Blog ... top of that, moving to the ecological part of sustain- ability ...
Iterators: mechanisms that will apply a routine call to all the elements of a certain ... Offloading computation: we may pass an agent to another software element, ...
Rococo interior with fashionable pair dancing; engraving by Gravelol. ..... used at the implementation stage. ..... ments for which the value of/is max- imum; thus ...
The Software Model Checker BLAST - Chair of Software Engineering
17 Mar 2009 ... 1. The Software Model Checker. BLAST: Applications to Software. Engineering.
Dirk Beyer, Thomas A. Henzinger,. Ranjit Jhala, Rupak ...
The Software Model Checker BLAST: Applications to Software Engineering Dirk Beyer, Thomas A. Henzinger, Ranjit Jhala, Rupak Majumdar Int. Journal on Software Tools for Technology Transfer, 2007
Stefan Buchholz March 17, 2009
1
Model checking
Program source Property
software model checker
e.g. modified C-code (SLAM, BLAST) - Valid according to the specification - Error path 2
Model checking Goal Find a path from an initial state to an error state (reachability)
Problem State explosion ! Infeasible to check every state.
CEGAR Counterexample-guided abstraction refinement Start with a coarse abstraction Try to reach an error state in the abstract domain Success
Fail
Is the path feasible ?
No
Refine the abstraction
Program satisfies the specification Yes
Safety property violated (bug) 4
Optimizations
Lazy predicate abstraction don't refine error-free regions
Interpolation-based predicate discovery add predicates locally when refining
5
Applications Reduce runtime memory-checks Test their reachability and remove unnecessary ones
Automatic test generation For any counterexample found try to generate a test vector
BLASTing Linux Code
6
Demonstration Open source ! http://mtc.epfl.ch/software-tools/blast/
7
Limitations False alarms (can't show infeasability of a path) Mathematical integers (no overflows modeled) Decision functions only implement linear arithmetic Uninterpreted functions (e.g. bit-level manipulations) Simple pointer arithmetic and alias-handling
Weak predicate language No logical quantifiers No precise reasoning about recursive functions possible
8
Conclusion +
Good performance and scalability
-
Limitations make it impractical for a lot of real world applications (pointer arithmetic !)
-
Manually modifying the source code is always required
9
BACKUP
10
Data structures Control flow automaton (CFA) Internal representation of a program Nodes are control points, edges are operations
Abstract reachability tree (ART) Represents a portion of the reachable state space A path in the ART corresponds to a program execution Each node stores a link to a CFA-location, the current call stack and the state of variables
11
Automatic test generation Target Predicate Coverage Can a location be reached and the variables satisfy a predicate p ? e.g. p = true for location coverage
Coverage of a location L Test if L is reachable (dead code detection) When a feasible path is found generate a variable assignment that guides it to the location Embarrassingly parallel
