The formal model can run in a non-symbolic mode, making real system calls via OCaml drivers.

The formal model uses small-step operational semantics and produce a trace of how the shell evaluated a given term.

The formal model can run in a purely symbolic mode, working with a model of a POSIX system.

Smoosh (the Symbolic, Mechanized, Observable, Operational SHell) is a formalization of the POSIX shell standard .

As a trial of Smoosh's capabilities, we've built a web-based shell stepper (a/k/a the 'shtepper') that can symbolically step shell code through the various phases of expansion and evaluation.

The implementation of commands is limited to the core builtin operations of the shell; the filesystem and unknown executables are treated symbolically.