Name:

Hamza Zulfiqar
Roll No:
18390
Class:
BSSE 5th D
Subject:
Formal Method of Software Engineering
Assignment:
1
Professor:
Muhammad Farooq
Write a note on SAL SLAM and BLAST model checkers in formal
method of software engineering.
Model Checking:
Model checking is the process of checking whether a given structure is a
model of a given logical formula. The concept is general and applies to all kinds of logics and
suitable structures. A simple model-checking problem is testing whether a given formula in the
propositional logic is satisfied by a given structure. There are three types of model checkers
which are as follows.

SAL:
SAL stands for Symbolic Analysis Laboratory. It is an integrated formal verification
environment developed by SRI.  It is a framework for combining different tools to calculate
properties of concurrent systems. In SAL model Checking tool we describe transition system
models, simulates and explore paths in them and describe desirable properties of system in
temporal logic. We also check that system satisfies properties and produces counter-examples.
SAL is a framework for combining different tools for abstraction, program analysis, theorem
proving, and model checking toward the calculation of properties (symbolic analysis) of
concurrent systems ex- pressed as transition systems. The heart of SAL is an intermediate
language, developed in collaboration with Stanford, Berkeley, and Verimag for specifying
concurrent systems in a compositional way. SAL models are finite-state system. SAL can prove
for properties of dynamic system behaviors.

SLAM:
SLAM stands for "Social Location Annotation Mobile”. The SLAM project, was started
in 1999 by Thomas Ball and Sriram Rajamani of Microsoft Research, aimed at verifying software
safety properties using model checking techniques. It was implemented in OCaml, and has been
used to find many bugs in Windows Device Drivers. SALM is a software tool that automatically
check that a C program correctly uses the interface to an external library. The outcome of the
SLAM analysis engine, which forms the core of a soon-to-be-released tool called Static Driver
Verifier (SDV). SDV systematically analyzes the source code of Windows device drivers against a
set of rules that define what it means for a device driver to properly interact with the Windows
kernel, the heart of the Windows operating system. SDV tests all possible execution paths
through the C code. we have used SDV internally to find defects in Microsoft-developed device
drivers, as well as in the sample device drivers that Microsoft provides in the Windows Driver
Development Kit (DDK).
BLAST:
BLAST stands for “Berkeley Lazy Abstraction Software verification Tool”. It is an
automatic verification tool for checking temporal safety properties of C programs. Given a C
program and a temporal safety property, BLAST either statically proves that the program
satisfies the safety property, or provides an execution path that exhibits a violation of the
property. BLAST constructs, explores, and refines abstractions of the program state space based
on lazy predicate abstraction and interpolation-based predicate discovery. we use BLAST to
remove as many of the run-time checks as possible and to generate execution scenarios that
violate the assertions for the remaining run-time checks. BLAST automatically generate test
suites that guarantee full coverage with respect to a given predicate. BLAST can provide
automated, precise, and scalable analysis for C programs. BLAST may be able to generate a
feasible path to an invalid pointer dereference at the considered program location.