We describe a methodology for reasoning about realistic concurrent programs. Our methodology allows two-state invariants that span multiple objects without sacrificing thread- or data-modularity, as well as the derived construction of first-class objects that capture knowledge about the system state. The methodology has been implemented in an automatic sound verifier for concurrent C programs being used to verify the code of the Microsoft Hypervisor, the virtualization kernel of Hyper-V.

PDF file

Publisher: Microsoft
© 2008 Microsoft Corporation. All rights reserved.

Details