A decade of software model checking with SLAM

Thomas Ball, Vladimir Levin, Sriram K. Rajamani
2011 Communications of the ACM  
L ArGe-s CALe s O Ft WAr e De V eL Op m e n t is a notoriously difficult problem. Software is built in layers, and APIs are exposed by each layer to its clients. APIs come with usage rules, and clients must satisfy them while using the APIs. Violations of API rules can cause runtime errors. Thus, it is useful to consider whether API rules can be formally documented so programs using the APIs can be checked at compile time for compliance against the rules. Some API rules (such as agreement on
more » ... number of parameters and data types of each parameter) can be checked by compilers. However, certain rules involve hidden state; for example, consider the rule that the acquire method and release method of a Even though programs have many states, it is possible to construct an abstraction of a program fine enough to represent parts of a program relevant to an API usage rule and coarse enough for a model checker to explore all the states. SLAM synthesizes and extends diverse ideas from model checking, theorem proving, and data-flow analysis to automate construction, checking, and refinement of abstractions. SLAM showed that such abstractions can be constructed automatically for real-world programs, becoming the basis of Microsoft's Static Driver Verifier tool.
doi:10.1145/1965724.1965743 fatcat:3ohzjerxgbbo3kafgxr42kcveq