Patrice Godefroid

Welcome to my web-page! I am a Distinguished Engineer at Lacework .

My area of expertise includes program analysis, testing, verification, security, and software engineering.

Before joining Lacework in 2022, I was a Partner Researcher at Microsoft Research from 2006 to 2021, and before that, I was a Distinguished Member of the Technical Staff at AT&T/Lucent Bell Laboratories from 1994 to 2006.

Here is a very brief bio, a less brief bio, and a recent CV. This recent research overview summarizes most of my work during the last 30+ years. My h-index is growing faster than my age (but for how long?).

I am probably best known for my early work on partial-order reduction for model checking concurrent systems (my PhD thesis is published as LNCS volume 1032 by Springer), for my work on VeriSoft, the first software model checker for mainstream programming languages such as C and C++, for my work on 3-valued model checking with may/must abstractions for sound program verification and falsification, and for my work on automatic test generation with DART. More recently, I co-developed SAGE, the first whitebox fuzzer for security testing, which was credited to have found roughly one third of all the security vulnerabilities discovered by file fuzzing during the development of Microsoft's Windows 7. In 2015, I co-founded Project Springfield, the first commercial cloud fuzzing service. In 2017, I co-created RESTler, the first stateful REST API fuzzing tool for automatically testing cloud services through their APIs and finding security and reliability bugs in these services. In 2022, I joined Lacework, a fast-growing cloud security start-up, with the mission to revolutionize software engineering for the cloud.

Research. My main research topic during the last 30+ years has been software model checking in a broad sense. Specifically, my main broad research contribution has been the development of dynamic software model checking, a new approach to software model checking via systematic testing that combines program analysis, testing, model checking, and theorem proving. This approach is implemented in Microsoft tools like SAGE, PEX, and YOGI, and in many other tools outside Microsoft.

After 12 years at Bell Labs, I joined Microsoft Research in 2006, and for several years, my main project was SAGE, the first whitebox fuzzer for security testing. SAGE extends systematic dynamic test generation (introduced in DART) to handle large applications and is optimized for long symbolic executions at the x86 binary level. Since 2008, SAGE has found many new expensive security bugs in many Windows applications. More information on the research behind SAGE can be found in the papers below. See also SAGE in one slide (old version) and SAGE for dummies (10min video). Our work on whitebox fuzzing and SAGE (first published in 2008) was credited to introducing the "fuzzing" problem to the program analysis, software engineering, and security academic-research communities. SAGE also pioneered the use of search heuristics based on code coverage for fuzzing purposes.

For a quick introduction to fuzzing, see Fuzzing: Hack, Art, and Science (CACM'2020) and this (3min) video:

In 2015, I co-founded Project Springfield and served as its CTO. Springfield is the first commercial cloud fuzzing service. It was renamed Microsoft Security Risk Detection in May 2017, and helped companies like OSIsoft and Deschutes Brewery (video) and DocuSign (video). It then evolved into an open-source fuzzing platform called OneFuzz in 2020.

My next main project was RESTler, the first stateful REST API fuzzer. Given a REST API specification of a cloud service, RESTler automatically generates and executes tests that exercise the service through its REST API, with the goal of finding security and reliability bugs in the service. RESTler is now open-source on GitHub (press release).

In 2022, I joined Lacework to co-found its Code Security team. Our team launched several new static-analysis products for Software Composition Analysis (i.e., identify all third-party vulnerable packages in code repos) and for finding security-related bugs in first-party code. I also co-developed Code-Aware Agents (CAA), a new runtime-monitoring tech to determine what code is executed (and not executed) in the cloud, with very low cost so that this monitoring can run everywhere, all the time, in production, and at cloud scale. CAA can detect whether vulnerable packages in cloud workloads are ever being executed or not. And it turns out that most open-source packages dragged into cloud workloads through dependencies are actually never executed anytime anywhere. This is a game changer for anyone who has ever had to prioritize what vulnerable packages to fix next. Overall, our combined static and dynamic analyses extend the Lacework platform to cover the entire development cycle of cloud services, from code to production.

Here is my old Bell Labs web-page and my academic genealogy.

Over the last 30+ years, I have been fortunate to work with great collaborators, including the co-authors of the papers listed below. I learned something from each of them and I thank them all.

Some On-line Talks:

• Vulnerability Management 2.0, PNW-PLSE'2024 (video).
• Peter, the May and the Must, and Lacework, O'HearnFest'2024 (video).
• Fuzzing @ Microsoft - A Research Perspective, HCSS'2019 (Invited Talk; abstract).
• Dynamic Software Model Checking for Security, Invited Talk at EPFL, October 2018 (abstract; video).
• Automated Software Testing for the 21st Century, TCE'2015 (Invited Talk; abstract; video).
• Dynamic Software Model Checking, Ed Clarke Symposium 2014.
• 500 Machine-Years of Software Model Checking and SMT Solving, SEFM'2014 (Invited Talk; abstract ).
• Micro Execution, ICSE'2014.
• Analysis of Boolean Programs, TACAS'2013.
• Automated Synthesis of Symbolic Instruction Encodings from I/O Samples, PLDI'2012.
• Tests from Proofs, TAP'2011 & TOOLS'2011 (Invited talk; abstract ).
• Higher-Order Test Generation, PLDI'2011.
• From Blackbox Fuzzing to Whitebox Fuzzing towards Verification, ISSTA'2010 (Invited talk; abstract ).
• Software Model Checking Improving Security of a Billion Computers, SPIN'2009 (Invited talk; abstract ).
• 20 Years of Research on Software Model Checking, 2008 Médaille d'or du mérite scientifique Gustave Trasenster de l'AILg (University of Liège Alumni Award), March 2009.
• LTL Generalized Model Checking Revisited, VMCAI'2009.
• An Abort-Aware Model of Transactional Programming, VMCAI'2009.
• Automatic Code-Driven Test Generation, SBMF'2008 (Invited talk).
• Software Model Checking 2.0, Distinguished Lecture Series, Max Planck Institute for Software Systems, April 2008 ( abstract ).
• Random Testing for Security: Blackbox vs. Whitebox Fuzzing, RT'2007 (Invited talk; abstract ).
• Compositional Dynamic Test Generation, POPL'2007.
• Software Model Checking via Static and Dynamic Program Analysis, MOVEP'2006
  (Invited tutorial; abstract ; auxilliary file slides.pdf to be included in slide 27).
• Software Model Checking: Searching for Computations in the Abstract or the Concrete, IFM'2005 (Invited talk; abstract ).
• Model Checking Vs. Generalized Model Checking: Semantic Minimizations for Temporal Logics, LICS'2005.
• Generalized Model Checking, TIME'2005 (Invited talk; abstract ).
• DART: Directed Automated Random Testing, PLDI'2005.
• Model Checking with Multi-Valued Logics, ICALP'2004.
• "Model Checking" Software with VeriSoft, PASTE'2004 (Invited talk; abstract ).
• Model Checking of Software, SpecNCheck'2001 workshop (Invited talk; abstract ).

Some Professional Activities: Member of the program committee for the conferences

• Past: ICSE-SEIP'2022, SAS'2021, SPIN'2021, VSTTE'2020, PLDI'2020, SPIN'2019, CAV'2019, SPIN'2018, VSTTE'2018, RV'2017, SPIN'2017, NFM'2017, RV'2016, PLDI'2016, ICSE'2016 V2025, CAV'2015, PLDI'2015 (ERC), TACAS'2015, HVC'2014, ATVA'2014, ISSTA'2014, TACAS'2014, RV'2013, SPIN'2013, ICALP'2013, FM'2012, PLDI'2012, TAP'2012, TACAS'2012, POPL'2012 (ERC), ATVA'2011, RV'2011, NFM'2011, SPIN'2010, ATVA'2010, RV'2010,TAP'2010, MoChArt'2010, MBT'2010, PLDI'2010 (ERC), VMCAI'2010, HVC'2009, ISSTA'2009, TACAS'2009, FMICS'2008, ASE'2008, LICS'2008, TACAS'2008, RT'2007, FMICS'2007, SPIN'2007, CAV'2007, ISSTA'2007, VMCAI'2007, CAV'2006, LICS'2006, VMCAI'2006, SPIN'2005 (PC chair), CAV'2005, TACAS'2005, ISSTA'2004, SPIN'2004, CONCUR'2003, TACAS'2003, ICSE'2003, SPIN'2003, POPL'2002, TACAS'2002, FMICS'2002, CAV'2001, CAV'2000, FMSP'2000, CAV'98, etc.

Some Software:

• RESTler, the first stateful REST API fuzzer, is now open-source on GitHub
• VeriSoft is a tool for systematically testing concurrent reactive software written in any language (C, C++, etc.).
  • VeriSoft is the first software model checker, born around 1996 - see this old picture (remember Netscape?).
• Partial-Order Package for SPIN (Part of my PhD work done at the University of Liege; README file for this tool)

Some Publications: in reverse chronological order; see also my Publications by Themes

• What are Weak Links in the npm Supply Chain? (joint work Nusrat Zahan, Tom Zimmermann, Brendan Murphy, Chandra Maddila, and Laurie Williams) Proceedings of ICSE'2022 (International Conference on Software Engineering), Software-Engineering-in-Practice Track, Pittsburgh/virtual, May 2022.

• HyperFuzzer: An Efficient Hybrid Fuzzer for Virtual CPUs (joint work with Xinyang Ge, Ben Niu, Robert Brotzman, Yaohui Chen, HyungSeok Han, and Weidong Cui) Proceedings of CCS'2021 (ACM Conference on Computer and Communications Security), November 2021.

• Anomalicious: Automated Detection of Anomalous and Potentially Malicious Commits on GitHub (joint work with Danielle Gonzalez, Tom Zimmermann, and Max Schafer) Proceedings of ICSE'2021 (International Conference on Software Engineering), Software-Engineering-in-Practice Track, Madrid/virtual, May 2021.

• Intelligent REST API Data Fuzzing (joint work with Bo-Yuan Huang and Marina Polishchuk) Proceedings of ESEC/FSE'2020 (ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering), Sacramento/virtual, November 2020.

• Differential Regression Testing for REST APIs (joint work with Daniel Lehmann and Marina Polishchuk) Proceedings of ISSTA'2020 (International Symposium on Software Testing and Analysis), Los Angeles/virtual, July 2020.

• Checking Security Properties of Cloud Service REST APIs (joint work with Vaggelis Atlidakis and Marina Polishchuk) Proceedings of ICST'2020 (IEEE International Conference on Software Testing, Verification and Validation), Porto, March 2020.

• Fuzzing: Hack, Art, and Science Communications of the ACM, Volume 63, Number 2, pages 70-76, February 2020. Links to CACM on-line article and video.

• Root Causing Flaky Tests in a Large-scale Industrial Setting (joint work with Wing Lam, Suman Nath, Anirudh Santhiar and Suresh Thummalapenta) Proceedings of ISSTA'2019 (International Symposium on Software Testing and Analysis), pages 101-111, Beijing, July 2019.

• RESTler: Stateful REST API Fuzzing (joint work with Vaggelis Atlidakis and Marina Polishchuk) Proceedings of ICSE'2019 (41st International Conference on Software Engineering), pages 748-758, Montreal, May 2019. (Earlier version in MSR-TR-2018-11 , April 2018.)

• Automated Software Test Generation: Some Challenges, Solutions, and Recent Advances (joint work with George Candea) Special Issue LNCS 10000 (Computing and Software Science: State of the Art and Perspectives), Lecture Notes in Computer Science, vol. 10000, pages 505-531, Springer, 2018.

• Combining Model Checking and Testing (joint work with Koushik Sen) Chapter 19 of the Handbook of Model Checking , pages 613-649, Springer, 2018.

• Deep Reinforcement Fuzzing (joint work with Konstantin Bottinger and Rishabh Singh) Proceedings of DLS'2018 (1st Deep Learning and Security Workshop), San Francisco, May 2018.

• Learn&Fuzz: Machine Learning for Input Fuzzing (joint work with Hila Peleg and Rishabh Singh) Proceedings of ASE'2017 (32nd International Conference on Automated Software Engineering), pages 50-59, Urbana-Champaign, October 2017.

• A General Framework for Dynamic Stub Injection (joint work with Maria Christakis, Patrick Emmisberger, and Peter Muller) Proceedings of ICSE'2017 (39th International Conference on Software Engineering), pages 586-596, Buenos Aires, May 2017.

• Between Testing and Verification: Dynamic Software Model Checking Proceedings of Marktoberdorf'2015 (Dependable Software Systems Engineering, NATO Science for Peace and Security Series, IOS Press 2016), pages 99-116, Marktoberdorf, August 2015.

• IC-Cut: A Compositional Search Strategy for Dynamic Test Generation (joint work with Maria Christakis) Proceedings of SPIN'2015 (22nd International SPIN Symposium on Model Checking of Software), Stellenbosch, August 2015. Lecture Notes in Computer Science, vol. 9232, pages 300-318, Springer-Verlag.

• Checking Beliefs in Dynamic Networks (joint work with Nuno Lopes, Nikolaj Bjorner, Karthick Jayaraman, and George Varghese) Proceedings of NSDI'2015 (12th USENIX Symposium on Networked Systems Design and Implementation), Oakland, May 2015.

• Proving Memory Safety of the ANI Windows Image Parser using Compositional Exhaustive Testing (joint work with Maria Christakis) Proceedings of VMCAI'2015 (16th International Conference on Verification, Model Checking, and Abstract Interpretation), Mumbai, January 2015. Lecture Notes in Computer Science, vol. 8931, pages 370-389, Springer-Verlag.

• Micro Execution Proceedings of ICSE'2014 (International Conference on Software Engineering), pages 539-549, Hyderabad, June 2014.

• May/Must Abstraction-Based Software Model Checking for Sound Verification and Falsification Proceedings of Marktoberdorf'2013 (NATO Advanced Study Institute on Software Systems Safety), pages 1-16, Marktoberdorf, August 2013.

• Billions and Billions of Constraints: Whitebox Fuzz Testing in Production (joint work with Ella Bounimova and David Molnar) Proceedings of ICSE'2013 (International Conference on Software Engineering), pages 122-131, San Francisco, May 2013.

• Analysis of Boolean Programs (joint work with Mihalis Yannakakis) Proceedings of TACAS'2013 (Tools and Algorithms for the Construction and Analysis of Systems), Rome, March 2013. Lecture Notes in Computer Science, vol. 7795, pages 214-229, Springer-Verlag. (Full version with proofs)

• Test Generation Using Symbolic Execution (Invited paper) Proceedings of FSTTCS'2012 (IARCS Annual Conference on Foundations of Software Technology and Theoretical Computer Science), pages 24-33, Hyderabad, December 2012.

• From Program to Logic: An Introduction (joint work with Shuvendu K. Lahiri) Proceedings of LASER'2011 (LASER'2011 Summer School), December 2012. Lecture Notes in Computer Science, vol. 7682, pages 31-44, Springer-Verlag.

• Automated Synthesis of Symbolic Instruction Encodings from I/O Samples (joint work with Ankur Taly) Proceedings of PLDI'2012 (33rd ACM SIGPLAN conference on Programming Language Design and Implementation), pages 441-452, Beijing, June 2012.

• SAGE: Whitebox Fuzzing for Security Testing (joint work with Michael Y. Levin and David Molnar) Communications of the ACM, Volume 55, Number 3, pages 40-44, March 2012. On-line version in ACM Queue 10(1):20, January 2012.

• An Abort-Aware Model of Transactional Programming (joint work with Kousha Etessami) Software Tools for Technology Transfer, 13(6):537-551, September 2011. (Journal version of VMCAI'2009 paper.)

• LTL Generalized Model Checking Revisited (joint work with Nir Piterman) Software Tools for Technology Transfer, 13(6):571-584, September 2011. (Journal version of VMCAI'2009 paper.)

• Statically Validating Must Summaries for Incremental Compositional Dynamic Test Generation (joint work with Shuvendu K. Lahiri and Cindy Rubio-Gonzalez) Proceedings of SAS'2011 (18th International Static Analysis Symposium), Venice, September 2011. Lecture Notes in Computer Science, vol. 6887, pages 112-128, Springer-Verlag. (A preliminary version titled "Incremental Compositional Dynamic Test Generation" appeared as MSR Technical Report MSR-TR-2010-11, February 2010.)

• Automatic Partial Loop Summarization in Dynamic Test Generation (joint work with Daniel Luchaup) Proceedings of ISSTA'2011 (International Symposium on Software Testing and Analysis), pages 23-33, Toronto, July 2011. (Distinguished paper award)

• Higher-Order Test Generation Proceedings of PLDI'2011 (32nd ACM SIGPLAN conference on Programming Language Design and Implementation), pages 258-269, San Jose, June 2011.

• Symbolic Execution for Software Testing in Practice - Preliminary Assessment (joint work with Cristian Cadar, Sarfraz Khurshid, Corina Pasareanu, Koushik Sen, Nikolai Tillmann and Willem Visser) Proceedings of ICSE'2011 (International Conference on Software Engineering), Impact Track, pages 1066-1071, Honolulu, May 2011.

• Proving Memory Safety of Floating-Point Computations by Combining Static and Dynamic Program Analysis (joint work with Johannes Kinder) Proceedings of ISSTA'2010 (International Symposium on Software Testing and Analysis), pages 1-11, Trento, July 2010.

• Fuzzing in The Cloud (Position Statement) (joint work with David Molnar) MSR Technical Report MSR-TR-2010-29, March 2010.

• Compositional May-Must Program Analysis: Unleashing The Power of Alternation (joint work with Aditya Nori, Sriram Rajamani and Sai Deep Tetali) Proceedings of POPL'2010 (37th Annual ACM Symposium on Principles of Programming Languages), pages 43-55, Madrid, January 2010.

• Precise Pointer Reasoning for Dynamic Test Generation (joint work with Bassem Elkarablieh and Michael Y. Levin) Proceedings of ISSTA'2009 (International Symposium on Software Testing and Analysis), pages 129-139, Chicago, July 2009.

• LTL Generalized Model Checking Revisited (joint work with Nir Piterman) Proceedings of VMCAI'2009 (10th Conference on Verification, Model Checking and Abstract Interpretation), Savannah, January 2009. Lecture Notes in Computer Science, vol. 5403, pages 89-104, Springer-Verlag.

• An Abort-Aware Model of Transactional Programming (joint work with Kousha Etessami) Proceedings of VMCAI'2009 (10th Conference on Verification, Model Checking and Abstract Interpretation), Savannah, January 2009. Lecture Notes in Computer Science, vol. 5403, pages 59-73, Springer-Verlag. (Full version as MSR Technical Report MSR-TR-2008-159.)

• Automating Software Testing Using Program Analysis (joint work with Peli de Halleux, Michael Y. Levin, Aditya V. Nori, Sriram K. Rajamani, Wolfram Schulte and Nikolai Tillmann) IEEE Software, Volume 25, Number 5, pages 30-37, September/October 2008.

• Active Property Checking (joint work with Michael Y. Levin and David Molnar) Proceedings of EMSOFT'2008 (8th Annual ACM & IEEE International Conference on Embedded Software), ACM Press, pages 207-216, Atlanta, October 2008. (Extended version with "active type checking" as MSR Technical Report MSR-TR-2007-91.)

• Testing for Buffer Overflows with Length Abstraction (joint work with Ru-Gang Xu and Rupak Majumdar) Proceedings of ISSTA'2008 (International Symposium on Software Testing and Analysis), pages 27-38, Seattle, July 2008.

• Concurrency at Microsoft - An Exploratory Survey (joint work with Nachi Nagappan) Proceedings of (EC)^2 (CAV 2008 Workshop on "Exploiting Concurrency Efficiently and Correctly"), Princeton, July 2008.

• Grammar-based Whitebox Fuzzing (joint work with Adam Kiezun and Michael Y. Levin) Proceedings of PLDI'2008 (ACM SIGPLAN 2008 Conference on Programming Language Design and Implementation), pages 206-215, Tucson, June 2008.

• Demand-Driven Compositional Symbolic Execution (joint work with Saswat Anand and Nikolai Tillmann) Proceedings of TACAS'2008 (Tools and Algorithms for the Construction and Analysis of Systems), Budapest, April 2008. Lecture Notes in Computer Science, vol. 4963, pages 367-381, Springer-Verlag.

• Automated Whitebox Fuzz Testing (joint work with Michael Y. Levin and David Molnar) Proceedings of NDSS'2008 (Network and Distributed Systems Security), pages 151-166, San Diego, February 2008. (NDSS 2022 Test-of-Time Award)

• Compositional Dynamic Test Generation Proceedings of POPL'2007 (34th Annual ACM Symposium on Principles of Programming Languages), pages 47-54, Nice, January 2007.

• Software Partitioning for Effective Automated Unit Testing (joint work with Arindam Chakrabarti) Proceedings of EMSOFT'2006 (6th Annual ACM & IEEE International Conference on Embedded Software), ACM Press, pages 262-171, Seoul, October 2006.

• Software Model Checking: Searching for Computations in the Abstract or the Concrete (joint work with Nils Klarlund) Invited paper. Proceedings of IFM'2005 (Fifth International Conference on Integrated Formal Methods), Eindhoven, November 2005. Lecture Notes in Computer Science, vol. 3771, pages 20-32, Springer-Verlag. (Older IFM'2005 proceedings version written in August 2005.)

• Analysis of Recursive State Machines (joint work with Rajeev Alur, Michael Benedikt, Kousha Etessami, Thomas Reps and Mihalis Yannakakis) ACM Transactions on Programming Languages and Systems (TOPLAS), Volume 27, Number 4, pages 786-818, July 2005, ACM Press. (Journal version of ICALP'2001 paper.)

• The Soundness of Bugs is What Matters (Position Statement) Proceedings of BUGS'2005 (PLDI'2005 Workshop on the Evaluation of Software Defect Detection Tools), Chicago, June 2005.

• DART: Directed Automated Random Testing (joint work with Nils Klarlund and Koushik Sen) Proceedings of PLDI'2005 (ACM SIGPLAN 2005 Conference on Programming Language Design and Implementation), pages 213-223, Chicago, June 2005. (HVC'2009 award for "the most promising contribution to fields of software and hardware verification and test in the last five years")

• Model Checking Vs. Generalized Model Checking: Semantic Minimizations for Temporal Logics (joint work with Michael Huth) Proceedings of LICS'2005 (20th IEEE Symposium on Logic in Computer Science), pages 158-167, Chicago, June 2005.

• Software Model Checking: The VeriSoft Approach Formal Methods in System Design, Kluwer Academic Publishers, volume 26, number 2, pages 77-101, March 2005. Also available as Bell Labs Technical Memorandum ITD-03-44189G, March 2003.

• Dynamic Partial-Order Reduction for Model Checking Software (joint work with Cormac Flanagan) Proceedings of POPL'2005 (32nd ACM Symposium on Principles of Programming Languages), pages 110-121, Long Beach, January 2005. (Addendum)

• Exploring Very Large State Spaces Using Genetic Algorithms (joint work with Sarfraz Khurshid) International Journal on Software Tools for Technology Transfer (STTT), Volume 6, Number 2, pages 117-127, August 2004, Springer-Verlag. (Journal version of TACAS'2002 paper.)

• Symmetry and Reduced Symmetry in Model Checking (joint work with Prasad Sistla) ACM Transactions on Programming Languages and Systems (TOPLAS), Volume 26, Number 4, pages 702-734, July 2004, ACM Press. (Journal version of CAV'2001 paper.)

• Three-Valued Abstractions of Games: Uncertainty, but with Precision (joint work with Luca de Alfaro and Radha Jagadeesan) Proceedings of LICS'2004 (19th IEEE Symposium on Logic in Computer Science), pages 170-179, Turku, July 2004.

• Model Checking with Multi-Valued Logics (joint work with Glenn Bruns) Proceedings of ICALP'2004 (31st International Colloquium on Automata, Languages and Programming), Turku, July 2004. Lecture Notes in Computer Science, vol. 3142, pages 281-293, Springer-Verlag. (Previous version in Bell Labs Technical Memorandum ITD-03-44535H, May 2003.)

• Reasoning about Abstract Open Systems with Generalized Module Checking Proceedings of EMSOFT'2003 (3rd ACM & IEEE International Conference on Embedded Software), Philadelphia, October 2003. Lecture Notes in Computer Science, vol. 2855, pages 223-240, Springer-Verlag.

• On The Expressiveness of 3-Valued Models (joint work with Radha Jagadeesan) Proceedings of VMCAI'2003 (4th Conference on Verification, Model Checking and Abstract Interpretation), New York, January 2003. Lecture Notes in Computer Science, vol. 2575, pages 206-222, Springer-Verlag.

• Automatic Abstraction Using Generalized Model Checking (joint work with Radha Jagadeesan) Proceedings of CAV'2002 (14th Conference on Computer Aided Verification), Copenhagen, July 2002. Lecture Notes in Computer Science, vol. 2404, pages 137-150, Springer-Verlag.

• VeriWeb: Automatically Testing Dynamic Web Sites (joint work with Michael Benedikt and Juliana Freire) Proceedings of WWW'2002 (11th International World Wide Web Conference), Honolulu, May 2002.

• Software Model Checking in Practice: An Industrial Case Study (joint work with Satish Chandra and Chris Palm) Proceedings of ICSE'2002 (International Conference on Software Engineering), pages 431-441, Orlando, May 2002.

• Exploring Very Large State Spaces Using Genetic Algorithms (joint work with Sarfraz Khurshid) Proceedings of TACAS'2002 (Tools and Algorithms for the Construction and Analysis of Systems), Grenoble, April 2002.

• Abstraction-based Model Checking using Modal Transition Systems (joint work with Michael Huth and Radha Jagadeesan) Proceedings of CONCUR'2001 (12th International Conference on Concurrency Theory), Aalborg, August 2001. Lecture Notes in Computer Science, vol. 2154, pages 426-440, Springer-Verlag.

• Symmetry and Reduced Symmetry in Model Checking (joint work with Prasad Sistla) Proceedings of CAV'2001 (13th Conference on Computer Aided Verification), Paris, July 2001. Lecture Notes in Computer Science, vol. 2102, pages 91-103, Springer-Verlag.

• Model Checking of Unrestricted Hierarchical State Machines (joint work with Michael Benedikt and Tom Reps) Proceedings of ICALP'2001 (28th International Colloquium on Automata, Languages and Programming), Crete, Greece, July 2001. Lecture Notes in Computer Science, vol. 2076, pages 652-666, Springer-Verlag.

• Temporal Logic Query Checking (joint work with Glenn Bruns) Proceedings of LICS'2001 (16th IEEE Symposium on Logic in Computer Science), pages 409-417, Boston, June 2001.

• Ensuring Privacy in Presence Awareness Systems: An Automated Verification Approach (joint work with Jim Herbsleb, Lalita Jagadeesan, and Du Li) Proceedings of CSCW'2000 (ACM 2000 Conference on Computer Supported Cooperative Work), Philadelphia, December 2000.

• Automated Systematic Testing for Constraint-Based Interactive Services (joint work with Lalita Jagadeesan, Radha Jagadeesan and Konstantin Laufer) Proceedings of FSE'2000 (8th International Symposium on the Foundations of Software Engineering), pages 40-49, San Diego, November 2000.

• Generalized Model Checking: Reasoning about Partial State Spaces (joint work with Glenn Bruns) Proceedings of CONCUR'2000 (11th International Conference on Concurrency Theory), University Park, August 2000. Lecture Notes in Computer Science, vol. 1877, pages 168-182, Springer-Verlag.

• In the fall of 1999, I have given a course entitled Design and Analysis of Communication Software at Stanford University, in collaboration with David L. Dill.

• Exploiting Symmetry when Model-Checking Software Proceedings of FORTE/PSTV'99 (Formal Methods for Protocol Engineering and Distributed Systems), pages 257-275, Beijing, October 1999.

• Model Checking Partial State Spaces with 3-Valued Temporal Logics (joint work with Glenn Bruns) Proceedings of CAV'99 (11th Conference on Computer Aided Verification), Trento, July 1999. Lecture Notes in Computer Science, vol. 1633, pages 274-287, Springer-Verlag.

• Automatically Closing Open Reactive Programs (joint work with Christopher Colby and Lalita Jagadeesan) Proceedings of PLDI'98 (1998 ACM SIGPLAN Conference on Programming Language Design and Implementation), pages 345-357, Montreal, June 1998.

• Systematic Software Testing using VeriSoft: An Analysis of the 4ESS Heart-Beat Monitor (joint work with Bob Hanmer and Lalita Jagadeesan) Bell Labs Technical Journal, Volume 3, Number 2, April-June 1998.

• Model Checking Without a Model: An Analysis of the Heart-Beat Monitor of a Telephone Switch using VeriSoft (joint work with Bob Hanmer and Lalita Jagadeesan) Proceedings of ISSTA'98 (1998 ACM SIGSOFT International Symposium on Software Testing and Analysis), pages 124-133, Clearwater Beach, March 1998.

• The Power of QDDs (joint work with Bernard Boigelot, Bernard Willems and Pierre Wolper) Proceedings of SAS'97 (Fourth International Static Analysis Symposium), Paris, September 1997. Lecture Notes in Computer Science, vol. 1302, pages 172-186, Springer-Verlag.

• VeriSoft: A Tool for the Automatic Analysis of Concurrent Reactive Software (short paper) Proceedings of CAV'97 (9th Conference on Computer Aided Verification), Haifa, June 1997. Lecture Notes in Computer Science, vol. 1254, pages 476-479, Springer-Verlag.

• Automatic Synthesis of Specifications from the Dynamic Observation of Reactive Programs (joint work with Bernard Boigelot) Proceedings of TACAS'97 (Third International Workshop on Tools and Algorithms for the Construction and Analysis of Systems), Twente, April 1997. Lecture Notes in Computer Science, vol. 1217, pages 321-333, Springer-Verlag.

• Model Checking for Programming Languages using VeriSoft Proceedings of POPL'97 (24th ACM Symposium on Principles of Programming Languages), pages 174-186, Paris, January 1997.

• On the Costs and Benefits of using Partial-Order Methods for the Verification of Concurrent Systems (Invited Paper) Proceedings of DIMACS Workshop on Partial-Order Methods in Verification, AMS, Princeton, July 1996.

• Symbolic Protocol Verification with Queue BDDs (joint work with David Long) Formal Methods in System Design, Kluwer Academic Publishers, volume 14, number 3, pages 257-271, May 1999. Preliminary version in Proceedings of LICS'96 (11th IEEE Symposium on Logic in Computer Science), pages 198-206, New Brunswick, July 1996.

• Symbolic Verification of Communication Protocols with Infinite State Spaces using QDDs (joint work with Bernard Boigelot) Formal Methods in System Design, Kluwer Academic Publishers, volume 14, number 3, pages 237-255, May 1999. Preliminary version in Proceedings of CAV'96 (8th Conference on Computer Aided Verification), New Brunswick, August 1996. Lecture Notes in Computer Science, vol. 1102, pages 1-12, Springer-Verlag.

• Using Partial-Order Methods in the Formal Validation of Industrial Concurrent Programs (joint work with Doron Peled and Mark Staskauskas) IEEE Transactions on Software Engineering, volume 22, number 7, pages 496-507, July 1996. Preliminary version in Proceedings of ISSTA'96 (1996 ACM SIGSOFT International Symposium on Software Testing and Analysis), pages 261-269, San Diego, January 1996.

• Model Checking in Practice: An Analysis of the ACCESS.bus Protocol using SPIN (joint work with Bernard Boigelot) Proceedings of FME'96 (Formal Methods Europe'96), Oxford, March 1996. Lecture Notes in Computer Science, vol. 1051, pages 465-478, Springer-Verlag.

• A revised version of my PhD thesis, "Partial-Order Methods for the Verification of Concurrent Systems -- An Approach to the State-Explosion Problem", is published by Springer-Verlag, as volume 1032 of Lecture Notes in Computer Science, January 1996. (ISBN 3-540-60761-7)

  

• The ULg Partial-Order Package for SPIN (short paper) Presented at the first SPIN workshop, Montreal, October 1995. This short document presents an overview of the Partial-Order Package for SPIN developed at the University of Liege (ULg) in 1992 -- 1994, by Didier Pirottin and me, under the supervision of Pierre Wolper, and with the collaboration of Gerard Holzmann.

• State-Space Caching Revisited (joint work with Gerard Holzmann and Didier Pirottin) Formal Methods in System Design, Kluwer Academic Publishers, volume 7, number 3, pages 1-15, November 1995. (Journal version of CAV'92 paper.)

• On the Verification of Temporal Properties (joint work with Gerard Holzmann) Proceedings of PSTV'93 (13th IFIP WG 6.1 International Symposium on Protocol Specification, Testing, and Verification), pages 109-124, Liege, May 1993. North-Holland.

Previous Publications (1990-1994)

Copyright Notice: The above material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. In most cases, these works may not be reposted without the explicit permission of the copyright holder.

Some Words of Wisdom (Quotes)

• Never make small plans. (Burnham)
• Where there is a will, there is a way. (Mom?)
• Just do it. (Nike?)
• Imagination is more important than knowledge. (Albert Einstein)
• Imitation is the most sincere form of flattery. (Unknown)
• Don't worry about things you have no control over. (Unknown)
• Be the change you want to see in the world. (Mahatma Gandhi)
• Change your thoughts and you change your world. (Norman Vincent Peale)
• Life is hard. Science is harder. (Anne-Christine Poncelet)