SYNERGY: a new algorithm for property checking
Proceedings of the 14th ACM SIGSOFT international symposium on Foundations of software engineering
ISSTA '08 Proceedings of the 2008 international symposium on Software testing and analysis
The Yogi Project: Software Property Checking via Static Analysis and Testing
TACAS '09 Proceedings of the 15th International Conference on Tools and Algorithms for the Construction and Analysis of Systems: Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2009,
Merlin: specification inference for explicit information flow problems
Proceedings of the 2009 ACM SIGPLAN conference on Programming language design and implementation
| Hi-index | 0.00 |
Formal verification is the holy grail of software validation. Practical applications of verification run into two major challenges. The first challenge is in writing detailed specifications, and the second challenge is in scaling verification algorithms to large software. In this talk, we present possible approaches to address these problems: We propose using statistical techniques to raise the level of abstraction, and automate the tedium in writing detailed specifications. We present our experience with the Merlin project [4], where we have used probabilistic inference to infer specifications for secure information flow, and discovered several vulnerabilities in web applications. We propose combining testing with verification to help scalability, an reducing false errors. We present our experience with the Yogi project [1,2,3,5], where we have built a verifier that combines static analysis with testing to find bugs and verify properties of low-level systems code.