Download FShell

FShell is provided as binary under the licensing terms described here.

FShell requires a C preprocessor to be installed on your system. On Unix-like systems such a preprocessor will usually be installed already, for Microsoft Windows systems use Visual Studio (the free Visual Studio Express suffices) or please get MinGW or cygwin gcc, which can be installed using MinGW’s installer.


If you experience problems running FShell on your platform or require binaries for a platform configuration not listed here, please contact Michael Tautschnig.



2014-08-13  Michael Tautschnig  <>

* Release 1.7
  * libedit on OS X makes test interactive - disabled
  * Update to support CBMC 4.9
  * Support (and require) automake 1.14
2014-04-04  Michael Tautschnig  <>

    * Release 1.6
    * Updated optionst interface
    * Make MiniSat compile using recent LLVM

2014-01-29  Michael Tautschnig  <>

    * Fixes to simple test harness generator

2014-01-27  Michael Tautschnig  <>

    * Cleaner encoding of argc/argv constraints (requires latest version of CBMC)

2014-01-13  Michael Tautschnig  <>

    * Use latest CBMC API

2014-01-06  Michael Tautschnig  <>

    * Update lists of required object files to follow recent changes in CBMC

2013-12-17  Michael Tautschnig  <>

    * Fixed bugs when using --use-instrumentation

2013-12-16  Michael Tautschnig  <>

    * Updated test data
    * Fixed wrong test goal construction for nested concatenation/alternative
      coverage patterns

2013-12-15  Michael Tautschnig  <>

    * Make --function/set entry work with goto binaries
    * test.dat in a version working on build server

2013-12-05  Michael Tautschnig  <>

    * Updated test data for latest CBMC trunk

2013-09-27  Michael Tautschnig  <>

    * Reverting test data to results on dkr-debian
    * friend declaration compatible with both GCC and Clang
    * Fixed code no longer accepted by XCode 5.0 Clang
    * Updated code to work with latest CBMC

2013-09-26  Michael Tautschnig  <>

    * Bugfix in call stack construction

2013-09-03  Michael Tautschnig  <>

    * Updated expected test results

2013-08-07  Michael Tautschnig  <>

    * Modified CNF encoding in CBMC causes different result values

2013-08-05  Michael Tautschnig  <>

    * Properly fix preprocessor choice

2013-08-05  Michael Tautschnig  <>

    * Updates to work with latest CBMC trunk

2013-07-26  Michael Tautschnig  <>

    * Added option --program-only

2013-07-22  Michael Tautschnig  <>

    * Ignore shared_read/shared_write while extracting test goals

2013-07-11  Michael Tautschnig  <>

    * Store an expression rather than the flattened string for test input value
    * Do not re-convert the same code

2013-07-09  Michael Tautschnig  <>

    * Make FShell compile with recent parsert API changes

2013-07-06  Michael Tautschnig  <>

    * Added option --max-argc and argv environment construction
    * When available, print detailed contents of argv
    * Output def-use analysis: fixed bugs and improved level of detail in tracking
    * Refactored remove_zero_init
    * Properly handle --no-assumptions

2013-07-03  Michael Tautschnig  <>

    * Updated test results (back to earlier version)

2013-06-24  Michael Tautschnig  <>

    * Optimisations in CBMC r2679 result in different test cases

2013-06-17  Michael Tautschnig  <>

    * Use big-int.a library file instead of object file

2013-06-14  Michael Tautschnig  <>

    * config/configt required for WIN32
    * zlib.h is only required by minisat, which may be patched

2013-06-14  Michael Tautschnig  <>

  * Release 1.5
  * Fix flex detection for OX X 10.8
  * Refactored def-use analysis
  * Use more elaborate slicing only if instrumentation is used
  * Refactoring test output code
  * Link CBMC's libraries
  * Respect --gcc for macro processing, don't use CPP environment variable
  * Fixed return type of transition functions
  * -I /util isn't necessary anymore
  * Auto-generate command help

2013-06-12  Michael Tautschnig  <>

  * Added --dump-c, -gcc options, cleanup of command line options and help

2013-06-10  Michael Tautschnig  <>

  * Make options available to CNF_Conversion
  * Use optionst to communicate command line options

2013-06-03  Michael Tautschnig  <>

  * Use target_os/target_cpu for output file names

2013-05-17  Michael Tautschnig  <>

  * Fixed and re-enabled --tco-called-functions
  * Fixed bugs in PATHS(...) evaluation
  * Proper audit logging instead of std::cerr hacks

2013-05-15  Michael Tautschnig  <>

  * Fixed $ escape in Makefile

2013-05-08  Michael Tautschnig  <>

  * Fix build for recent changes in CBMC

2013-04-11  Michael Tautschnig  <>

  * Redundant test case being generated (and removed)
  * Fix for new ::symex_targett::{GUARD,PHI} of r2324
  * Update to work with CBMC after changes in r2307

2013-03-19  Michael Tautschnig  <>

  * Updated linenoise from upstream git, merged some of the previous changes
  * Fixes to work with new expr2c output

2013-03-17  Michael Tautschnig  <>

  * Updated test output with recent expr2c changes

2013-02-16  Michael Tautschnig  <>

  * Update for new remove_function_pointers API

2013-02-10  Michael Tautschnig  <>

  * Update for context -> symbol_table change
  * Updated test results for new signed int (instead of "int") output

2013-02-03  Michael Tautschnig  <>

  * New CBMC directory structure (analyses moved)

2013-01-23  Michael Tautschnig  <>

  * Link to new assembler parser

2013-01-13  Michael Tautschnig  <>

  * Updated to match new CBMC interface for loop ids

2013-01-05  Michael Tautschnig  <>

  * Updated goto_convert interface
  * Updated test suite output

2012-12-16  Michael Tautschnig  <>

  * Pass shared-library mode to sub-builds

2012-12-12  Michael Tautschnig  <>

  * Disable tests for call tree output
  * Disable call tree construction as it is broken
  * noyywrap not supported by all versions of FlexLexer.h
  * Don't use as_string

2012-11-05  Michael Tautschnig  <>

  * Fixed undefined behaviour
  * Fixed bug in linenoise
  * Removed apparently invalid assertion
  * Don't pull in CBMC
  * Fix set-but-not-used variable
  * Proper cross-build support in add-on targets
  * Workaround Minisat bug (missing memUsedPeak in win32)

2012-11-04  Michael Tautschnig  <>

  * Proper quoting of CC variable
  * Portability and proper use of @MINISATDIR@
  * Fix isatty issue
  * Don't do minisat-2.2.0 dir by default
  * Mark FlexLexer.h non-essential to enable workarounds
  * GCC fixes
  * Updating to current CBMC SVN HEAD and use of proper CBMCDIR, MINISATDIR
  * Added support for out-of-tree builds of CBMC, MiniSat
  * Make ASTL work with recent GCC

2012-05-29  Michael Tautschnig  <>

  * Release 1.4.1
  * Updated to latest CBMC trunk
  * Re-enable constant propagation

2012-03-18 Michael Tautschnig <> * Release 1.4 * Updated CBMC license terms * Fixes for new variable renaming conventions in CBMC, added test case * Basic build fixes for new CBMC release * Moving towards CBMC SVN trunk (added as SVN external) 2011-10-24 Michael Tautschnig <> * Compile fixes for Linux and without diagnostics * Additional statistics for multiple coverage as requested by Sven * Added KLEE testing and more appropriate comparision code * Updated CBMC to latest CVS and restricted to minimal code base 2011-02-23 Michael Tautschnig <> * Release 1.3 * Updated to most recent CPROVER from CVS * Added command line options {fixed,float}bv * Properly deal with struct elements initialized via nondet symbols * Make CBMC floating point output valid ANSI C 2010-12-26 Michael Tautschnig <> * Fixed invalid character in help text 2010-12-05 Michael Tautschnig <> * Make SAT coverage analysis compatible with multiple_coverage 2010-11-26 Michael Tautschnig <> * Added --no-internal-coverage-check to disable built-in coverage check * Also use $CPP for internal macro processing * Install signal handler for SIGINT to cleanup files * Update all goto functions after insert for consistent location numbers * Added statistics about minimization overhead (memory+time) * Fix for 64bit architecture semantics, more architecture command line options 2010-11-15 Michael Tautschnig <> * Release 1.2 * Updated CBMC to current CVS HEAD + bugfixes * Fixed call stack analysis in presence of inlined functions * Added option --enable-assert * Performance improvements in internal coverage analysis * Make FShell work deterministically 2010-11-02 Michael Tautschnig <> * Close test suite output file at the end only 2010-11-01 Michael Tautschnig <> * Renamed --sat-subsumption to more appropriate --sat-coverage-check * Added command set multiple_coverage X 2010-10-17 Michael Tautschnig <> * Release 1.1.1 * Workarounds for cygwin compatibility, use $CPP if set in environment 2010-10-14 Michael Tautschnig <> * Release 1.1 * Fixed bug in CFG construction for return statements * Added output of total session time * Fixed bug in less-than comparision of predicates 2010-10-13 Michael Tautschnig <> * Ignore CBMC's C library implementations in filter evaluation 2010-10-12 Michael Tautschnig <> * Use linenoise instead of readline if the latter is not available * Fix paths in examples description 2010-09-29 Michael Tautschnig <> * Performance improvements in coverage check * Catch and report errors in typechecking new predicates * Default to brief test case output, changed command line options (removed --brief-test-inputs, added --tco-location, --tco-called-functions, --tco-assign-globals) * Added EXIT as alias to QUIT 2010-09-21 Michael Tautschnig <> * Alternative over quoted expression caused wrong states to be stored as test goal states * Properly deal with queries *without* coverage pattern concatenations * Build environment fixes 2010-09-20 Michael Tautschnig <> * First public release (1.0)

Latest News

Jens Pagel wins Bill McCune PhD Award

We congratulate Jens Pagel for receiving the 2021 Bill McCune PhD Award in Automated Reasoning! Jens graduated in 2020; his thesis on Decision procedures for separation logic: beyond symbolic heaps (supervised by Florian Zuleger) presents his substantial contributions to the theory of formal verification and automated reasoning, and to verifying heap-manipulating programs in particular.

Continue reading

Full news archive