The goal of the SLAM project is to check whether or not a program obeys "API usage rules" that specify what it means be good client an API. toolkit statically analyzes C determine violates given rules. has two unique aspects: does require programmer annotate source (invariants are inferred); minimizes noise (false error messages) through process known as "counterexample-driven refinement". exploits and extends results from analysis, model checking automated deduction. We have successfully...

Model checking has been widely successful in validating and debugging designs the hardware protocol domains. However, state-space explosion limits applicability of model tools, so checkers typically operate on abstractions systems. Recently, there significant interest applying to software. For infinite-state systems like software, abstraction is even more critical. Techniques for abstracting software are a prerequisite making reality. We present first algorithm automatically construct...

Model checking has been widely successful in validating and debugging designs the hardware protocol domains. However, state-space explosion limits applicability of model tools, so checkers typically operate on abstractions systems.

Bugs in kernel-level device drivers cause 85% of the system crashes Windows XP operating [44]. One sources these errors is complexity driver API itself: programmers must master a complex set rules about how to use order create that are good clients kernel. We have built static analysis engine finds usage C programs. The Static Driver Verifier tool (SDV) uses this find kernel driver. SDV includes models OS and environment driver, over sixty rules. intended be used by developers "out box."...

Probabilistic programs are usual functional or imperative with two added constructs: (1) the ability to draw values at random from distributions, and (2) condition of variables in a program via observations. Models diverse application areas such as computer vision, coding theory, cryptographic protocols, biology reliability analysis can be written probabilistic programs.

Large pre-trained language models such as GPT-3 [10], Codex [11], and Google's model [7] are now capable of generating code from natural specifications programmer intent. We view these developments with a mixture optimism caution. On the optimistic side, large have potential to improve productivity by providing an automated AI pair for every in world. cautionary since do not understand program semantics, they offer no guarantees about quality suggested code. In this paper, we present...

There is significant room for improving users' experiences with model checking tools. An error trace produced by a checker can be lengthy and indicative of symptom an error. As result, users spend considerable time examining in order to understand the cause Moreover, even state-of-the-art checkers provide experience akin that provided parsers before syntactic recovery was invented: they report single per run. The user has fix run again find more traces.We present algorithm exploits existence...

We consider the problem if a given program satisfies specified safety property. Interesting programs have infinite state spaces, with inputs ranging over domains, and for these property checking is undecidable. Two broad approaches to are testing verification. Testing tries find executions which demonstrate violations of Verification construct formal proof shows that all satisfy works best when errors easy find, but it often difficult achieve sufficient coverage correct programs. On other...

Program analysis tools typically compute two types of information: (1) may information that is true all program executions and used to prove the absence bugs in program, (2) must some existence program. In this paper, we propose a new algorithm, dubbed SMASH, which computes both compositionally . At each procedure boundary, represented stored as summaries, respectively. Those summaries are computed demand driven manner possibly using opposite type. We have implemented SMASH predicate...

SLAM is a program-analysis engine used to check if clients of an API follow the API's stateful usage rules.

The last several years have seen a proliferation of static and runtime analysis tools for finding security violations that are caused by explicit information flow in programs. Much this interest has been the increase number vulnerabilities such as cross-site scripting SQL injection. In fact, these commonly found Web applications now outnumber buffer overruns common type-unsafe languages C C++. Tools checking require specification to operate. most cases task providing is delegated user....

We describe the design and implementation of P, a domain-specific language to write asynchronous event driven code. P allows programmer specify system as collection interacting state machines, which communicate with each other using events. unifies modeling programming into one activity for programmer. Not only can program be compiled executable code, but it also tested model checking techniques. environment, used "close" during testing, nondeterministic ghost machines. Ghost machines are...

Security-critical applications constantly face threats from exploits in lower computing layers such as the operating system, virtual machine monitors, or even attacks malicious administrators. To help protect application secrets attacks, there is increasing interest hardware implementations of primitives for trusted computing, Intel's Software Guard Extensions (SGX) instructions. These enable protection memory regions containing code and data, provide a root trust measurement, remote...

We propose computer-assisted techniques for helping with pedagogy in Algebra. In particular, given a proof problem p (of the form “Left-hand-side-term = Right-hand-side-term”), we show how to automatically generate problems that are similar p. believe such tool can be used by teachers making examinations where they need test students on what taught class, and generating practice tailored their specific needs. Our first insight is generalize syntactically query Q implicitly represents set of...

Abstraction and composition are the fundamental issues in making model checking viable for software. This paper proposes new techniques automating abstraction decomposition using source level type information provided by programmer. Our system includes two novel components to achieve this end: (1) a behavioral type-and-effect π-calculus, which extracts sound models as types, (2) an assume-guarantee proof rule carrying out compositional on types. Open simulation between CCS processes is used...