Proceedings of the 13th ACM conference on Computer and communications security
Formal Verification by Reverse Synthesis
SAFECOMP '08 Proceedings of the 27th international conference on Computer Safety, Reliability, and Security
Specification Mining with Few False Positives
TACAS '09 Proceedings of the 15th International Conference on Tools and Algorithms for the Construction and Analysis of Systems: Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2009,
Automatic Generation of Runtime Failure Detectors from Property Templates
Software Engineering for Self-Adaptive Systems
On the Role of Formal Methods in Software Certification: An Experience Report
Electronic Notes in Theoretical Computer Science (ENTCS)
Debugging in the (very) large: ten years of implementation and experience
Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles
HOL-Boogie--An Interactive Prover-Backend for the Verifying C Compiler
Journal of Automated Reasoning
Proceedings of the 2010 ACM Symposium on Applied Computing
CSR'07 Proceedings of the Second international conference on Computer Science: theory and applications
Hi-index | 0.00 |
The research community has long understood the value of formal specifications in building robust software. However, the adoption of any specifications beyond run-time assertions in industrial software has been limited. All of this has changed at Microsoft in the last few years. Today, formal specifications are a mandated part of the software development process in the largest Microsoft product groups. Millions of specifications have been added, and tens of thousands of bugs have been exposed and fixed in future versions of products under development. In addition, Windows public interfaces are formally specified and the Visual Studio compiler understands and enforces these specifications, meaning that programmers anywhere can now use formal specifications to make their software more robust. How did this happen? The key ingredients of success were picking a critical programming error that costs software companies real money (buffer overruns), and building an incremental solution in which programmers obtain value proportional to their specification effort. The key technical aspects of this incremental approach include SAL, a lightweight specification language for describing memory access behaviour of C/C++ programs; espX, a heavyweight modular checker that enforces consistency between the code and the specification and validates memory accesses; and SALinfer, a lightweight global analysis that infers and inserts a large fraction of the memory specifications automatically. The goal of this talk is to share the technical story of the insights that enabled SAL, espX and SALinfer, as well as the social and practical story of how we were able to move organizations with thousands of programmers to an environment where the use of specifications is routine.