• Publications
  • Influence
The SLAM project: debugging system software via static analysis
The goal of the SLAM project is to check whether or not a program obeys "API usage rules" that specify what it means to be a good client of an API. The SLAM toolkit statically analyzes a C program toExpand
  • 938
  • 69
  • Open Access
Automatically validating temporal safety properties of interfaces
We present a process for validating temporal safety properties of software that uses a well-defined interface. The process requires only that the user state the property of interest. It thenExpand
  • 682
  • 53
  • Open Access
MOCHA: Modularity in Model Checking
R. Alur1, T.A. Henzinger2, F.Y.C. Mang2, S. Qadeer2, S.K. Rajamani2, and S. Tasiran2 1 Computer & Information Science Department, University of Pennsylvania, Philadelphia, PA 19104. Computing ScienceExpand
  • 425
  • 33
  • Open Access
Automatic predicate abstraction of C programs
Model checking has been widely successful in validating and debugging designs in the hardware and protocol domains. However, state-space explosion limits the applicability of model checking tools, soExpand
  • 428
  • 33
  • Open Access
Bebop: A Symbolic Model Checker for Boolean Programs
We present the design, implementation and empirical evaluation of Bebop—a symbolic model checker for boolean programs. Bebop represents control flow explicitly, and sets of states implicitly usingExpand
  • 423
  • 32
  • Open Access
Thorough static analysis of device drivers
Bugs in kernel-level device drivers cause 85% of the system crashes in the Windows XP operating system [44]. One of the sources of these errors is the complexity of the Windows driver API itself:Expand
  • 400
  • 31
  • Open Access
Boolean and Cartesian abstraction for model checking C programs
We show how to attack the problem of model checking a C program with recursive procedures using an abstraction that we formally define as the composition of the Boolean and the CartesianExpand
  • 309
  • 30
  • Open Access
The SLAM Toolkit
The SLAM toolkit checks safety properties of software without the need for user-supplied annotations or abstractions. Given a safety property to check on a C program P, the SLAM process [4]Expand
  • 330
  • 23
Probabilistic programming
Probabilistic programs are usual functional or imperative programs with two added constructs: (1) the ability to draw values at random from distributions, and (2) the ability to condition values ofExpand
  • 408
  • 22
  • Open Access
From symptom to cause: localizing errors in counterexample traces
There is significant room for improving users' experiences with model checking tools. An error trace produced by a model checker can be lengthy and is indicative of a symptom of an error. As aExpand
  • 306
  • 18
  • Open Access