Premium
Code‐level model checking in the software development workflow at Amazon Web Services
Author(s) -
Chong Nathan,
Cook Byron,
Eidelman Jonathan,
Kallas Konstantinos,
Khazem Kareem,
Monteiro Felipe R.,
SchwartzNarbonne Daniel,
Tasiran Serdar,
Tautschnig Michael,
Tuttle Mark R.
Publication year - 2021
Publication title -
software: practice and experience
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.437
H-Index - 70
eISSN - 1097-024X
pISSN - 0038-0644
DOI - 10.1002/spe.2949
Subject(s) - computer science , correctness , mathematical proof , model checking , workflow , software engineering , web service , programming language , executable , code (set theory) , hypervisor , database , operating system , cloud computing , geometry , mathematics , set (abstract data type) , virtualization
Abstract This article describes a style of applying symbolic model checking developed over the course of four years at Amazon Web Services (AWS). Lessons learned are drawn from proving properties of numerous C‐based systems, for example, custom hypervisors, encryption code, boot loaders, and an IoT operating system. Using our methodology, we find that we can prove the correctness of industrial low‐level C‐based systems with reasonable effort and predictability. Furthermore, AWS developers are increasingly writing their own formal specifications. As part of this effort, we have developed a CI system that allows integration of the proofs into standard development workflows and extended the proof tools to provide better feedback to users. All proofs discussed in this article are publicly available on GitHub.