Overview
This course covers both foundations and practical aspects of the automated analysis of programs, which is becoming increasingly critical to find software errors and assure program correctness. The theory of abstract interpretation captures the essence of a broad range of program analyses and supports reasoning about their correctness. Building on this foundation, the course will describe program representations, data flow analysis, alias analysis, interprocedural analysis, dynamic analysis, and symbolic execution. Through assignments and projects, students will design and implement practical analysis tools that find bugs and verify properties of software.
Why take this course?
- Explore the meaning of programs. One of the most basic questions that programmers ask is "What does this program do?" Program analysis is all about understanding programs--automatically!
- Learn deep theory. The theory of abstract interpretation stands with type theory as the most important and beautiful foundations of programming languages. Abstract interpretation is the fundamental theory of abstraction: how to precisely relate the concrete execution of a program to an abstraction of that execution. Naturally, this has many applications, which brings us to the third reason to take this course:
- Build awesome tools. Using program analysis, you can build tools that find bugs, prove important security and correctness properties, automatically generate useful tests, and much more--and you'll have a chance to do all of this in course assignments and a project that you can design yourself (if you want).
Coordinates
Lecture:Tu/Th 10:30 - 11:50 a.m. in GHC 4102
Recitation:Fri 9:30 - 10:20 a.m. in GHC 4211
For appointments, email the instructor.
Course Syllabus and Policies
The syllabus covers course overview and objectives, learning goals, evaluation, supplemental books, late work policy, and collaboration policy.Schedule
| Date | Topic and Notes | Additional Reading or Code | Assignments Due |
|---|---|---|---|
| Jan 17 | Introduction to Program Analysis | PPA ch. 1 (optional) | |
| Jan 19 | Program representation | ||
| Jan 20 | RecitationIntroduction to Soot | 17-355.zip | |
| Jan 24 | Dataflow Analysis and Abstract Interpretation | PPA ch. 2 (optional) LaTeX sources for notes |
|
| Jan 26 | The Worklist Algorithm (notes continued) | PPA ch. 6 (optional) | |
| Jan 27 | RecitationDefining Constant Propagation | ||
| Jan 31 | Dataflow Analysis examples | hw1 hw1.pdf, hw1.zip | |
| Feb 2 | Dataflow Analysis termination and complexity | PPA ch. 4 (optional) | |
| Feb 3 | no recitation today | ||
| Feb 7 | Dataflow Analysis in Soot | hw2 hw2.pdf, hw2-latex.zip | |
| Feb 9 | Dataflow Analysis Correctness | ||
| Feb 10 | RecitationCommon analysis definition mistakes | ||
| Feb 14 | Collecting semantics | ||
| Feb 16 | Widening (notes continued) | hw3 hw3.pdf, hw3.zip | |
| Feb 17 | RecitationExploring Interprocedural Analysis | ||
| Feb 21 | Context-sensitive interprocedural analysis | ||
| Feb 23 | Interprocedural analysis, continued | ||
| Feb 24 | RecitationInterprocedural analysis in Soot | lab6.zip | hw4 hw4.pdf |
| Feb 28 | Pointer analysis | ||
| Mar 2 | Object-oriented call graph construction | ||
| Mar 3 | RecitationMidterm review | hw5 checkpoint due hw5.pdf | |
| Mar 7 | Midterm Exam | ||
| Mar 9 | Functional control flow analysis | full hw5 due hw5.pdf | |
| Mar 10 | no recitationMid-Semester Break | ||
| Mar 21 | Symbolic execution | Mixing Type Checking and Symbolic Execution | |
| Mar 23 | No class | ||
| Mar 24 | no recitation | ||
| Mar 28 | Concolic execution | ||
| 2pm Mar 29 (different room, time, and day) | Program synthesis (Nadia Polikarpova talk in GHC 6115) | ||
| Mar 31 | RecitationSatisfiability modulo theories | recitation7.pdf | |
| Apr 4 | TBA | ||
| Apr 6 | Hoare Logic and verification condition generation | Project proposal | |
| Apr 7 | RecitationVerification with implicit dynamic frames / Dafny | Mini assignment 1 (docx) | |
| Apr 11 | Dynamic analysis | ||
| Apr 13 | Program repair (Guest lecturer: Claire Le Goues) | ||
| Apr 14 | no recitation | ||
| Apr 18 | Gradual verification | ||
| Apr 20 | No lecture: Spring Carnival | ||
| Apr 21 | no recitationSpring Carnival | ||
| Apr 25 | Static Concurrency Analysis | ||
| Apr 27 | Race condition analysis - dynamic | ||
| Apr 28 | RecitationChalice | list.chalice | |
| May 2 | Counterexample-guided abstraction refinement in Blast | ||
| May 4 | Satisfiability modulo theories | ||
| May 5 | No Recitation | ||
| May 8 | 10AM - Project presentations in GHC 4101 | Projectdeliverables.pdf | |
| May 15 | Projectdeliverables.pdf |