Learn More
One approach to model checking software is based on the <i>abstract-check-refine</i> paradigm: build an abstract model, then check the desired property, and if the check fails, refine the model and start over. We introduce the concept of <i>lazy abstraction</i> to integrate and optimize the three phases of the abstract-check-refine loop. Lazy abstraction(More)
Persistent, user-defined objects present an attractive abstraction for working with non-volatile program state. However, the slow speed of persistent storage (i.e., disk) has restricted their design and limited their performance. Fast, byte-addressable, non-volatile technologies, such as phase change memory, will remove this constraint and allow programmers(More)
ion of C programs. In PLDI 01: Programming Language Design and Implementation, pages 203–213. ACM, 2001. 2. S. Das, D. L. Dill, and S. Park. Experience with predicate abstraction. In CAV 99: Computer-Aided Verification, LNCS 1633, pages 160–171. Springer-Verlag, 1999. 3. D. Detlefs, G. Nelson, and J. Saxe. Simplify theorem prover. 4. T.A. Henzinger, R.(More)
Blast is an automatic verification tool for checking temporal safety properties of C programs. Given a C program and a temporal safety property, Blast either statically proves that the program satisfies the safety property, or provides an execution path that exhibits a violation of the property (or, since the problem is undecidable, does not terminate).(More)
Building distributed systems is particularly difficult because of the asynchronous, heterogeneous, and failure-prone environment where these systemsmust run. Tools for building distributed systems must strike a compromise between reducing programmer effort and increasing system efficiency. We present <i>Mace</i>, a C++ language extension and(More)
Data races occur when multiple threads are about to access the same piece of memory, and at least one of those accesses is a write. Such races can lead to hard-to-reproduce bugs that are time consuming to debug and fix. We present R<sc>ELAY</sc>, a static and scalable race detection analysis in which unsoundness is modularized to a few sources. We describe(More)
Modern software model checkers find safety violations: breaches where the system enters some bad state. However, we argue that checking liveness properties offers both a richer and more natural way to search for errors, particularly in complex concurrent and distributed systems. Liveness properties specify desirable system behaviors which must be satisfied(More)
We present <i>Logically Qualified Data Types</i>, abbreviated to <i>Liquid Types</i>, a system that combines <i>Hindley-Milner</i> type inference with <i>Predicate Abstraction</i> to automatically infer dependent types precise enough to prove a variety of safety properties. Liquid types allow programmers to reap many of the benefits of dependent types,(More)