1 Introduction
Blast (Berkeley Lazy Abstraction Software
Verification Tool) is a verification system for checking safety properties
of C programs.
Blast implements an abstract--model check--refine loop to check for reachability
of a specified label in the program. The abstract model is built on the fly using
predicate abstraction. This is model checked. If there is no path to the specified
error label, Blast reports that the system is safe. Otherwise, it checks if the
path is feasible using symbolic execution of the program. If the path is feasible,
Blast outputs the path as an error trace, otherwise, it uses the infeasibility
of the path to refine the abstract model. The algorithm of Blast is described in
the paper ``Lazy Abstraction'' (by Thomas A. Henzinger, Ranjit Jhala, Rupak Majumdar,
and Gregoire Sutre, in Proceedings of the ACM SIGPLAN-SIGACT
Conference on Principles of Programming Languages, pages 58-70, 2002).
Blast is relatively independent on the underlying machine and compiler.
However, Blast has only been tested on Intel x86 using the Ocaml (Version 3.04)
compiler on Linux and Microsoft Windows under cygwin.
A Postscript version of this document is also available here.