17-355/17-665/17-819: Program Analysis

Class Tu/Th 10:30 - 11:50 a.m. in GHC 4211
Recitation F 10:30 - 11:50 a.m. in GHC 4211
Spring 2019
12 units

Professor Jonathan Aldrich
aldrich at cs dot cmu dot edu
WEH 4216
Office hours: Monday 1:30-2:30pm, Tuesday 5-5:40pm, or by appointment
For appointments outside of office hours, email the instructor.

TA Jenna Wise
jlwise at andrew dot cmu dot edu
WEH 4123
Office hours: Thursday 1-3pm, or by appointment

Course Description

This course covers both foundations and practical aspects of the automated analysis of programs, which is becoming increasingly critical to find software errors and assure program correctness. The theory of abstract interpretation captures the essence of a broad range of program analyses and supports reasoning about their correctness. Building on this foundation, the course will describe program representations, data flow analysis, alias analysis, interprocedural analysis, dynamic analysis, and symbolic execution. Through assignments and projects, students will design and implement practical analysis tools that find bugs and verify properties of software.

This course fulfills the Logic and Languages constrained elective category for the Computer Science major.

New: For 2019, this course is preapproved for the Theoretical Foundations requirement of the Computer Science master's degree.

Why take this course?

Explore the meaning of programs. One of the most basic questions that programmers ask is "What does this program do?" Program analysis is all about understanding programs--automatically!
Learn deep theory. The theory of abstract interpretation stands with type theory as the most important and beautiful foundations of programming languages. Abstract interpretation is the fundamental theory of abstraction: how to precisely relate the concrete execution of a program to an abstraction of that execution. Naturally, this has many applications, which brings us to the third reason to take this course:
Build awesome tools. Using program analysis, you can build tools that find bugs, prove important security and correctness properties, automatically generate useful tests, and much more--and you'll have a chance to do all of this in course assignments and a project that you can design yourself (if you want).

Course Syllabus and Policies

The syllabus covers course learning objectives, supplemental textbooks, assessments, late work policy, and policies.

Schedule

Date	Topic and Notes	Additional Reading or Code	Assignments Due
Jan 15	Introduction, Program Representation, and Syntactic Analysis (notes, slides, in-class exercises)	PPA ch. 1 (optional)
Jan 17	Program Semantics (notes, in-class exercises)
Jan 18	RecitationSyntactic Analysis in Soot (notes, in-class exercises)
Jan 22	Dataflow Analysis and Abstract Interpretation (notes, in-class exercises)	PPA ch. 2 (optional)
Jan 24	Dataflow Analysis and Abstract Interpretation, continued (in-class exercises)	PPA ch. 6 (optional)	hw1 hw1.pdf, hw1.zip
Jan 25	RecitationProgram Semantics (notes, in-class exercises)
Jan 29	Dataflow Analysis examples (notes, in-class exercises)
Jan 31	SNOW DAY		hw2 hw2.pdf, mathpartir.zip
Feb 1	recitationSpecifying Dataflow Analysis (notes, in-class exercises)
Feb 5	Dataflow Analysis termination and complexity (notes, in-class-exercises)	PPA ch. 4 (optional)
Feb 7	Collecting semantics and interval analysis (notes, in-class-exercises)		hw3 hw3.pdf
Feb 8	RecitationImplementing Dataflow Analysis (notes, in-class-exercises)	recitation4.zip, recitation4-solution.zip
Feb 12	Live variables and widening (notes above, in-class exercises)
Feb 14	Interprocedural analysis (notes, simplified algorithm)		hw4 hw4.pdf, hw4.zip
Feb 15	RecitationProving Analyses Correct (notes, in-class-exercises)
Feb 19	Context-sensitive interprocedural analysis (notes continued, in-class-exercises)
Feb 21	Pointer analysis (notes, in-class exercises)		hw5 hw5.pdf
Feb 22	RecitationInterprocedural Analysis in Soot (notes, in-class-exercises)
Feb 26	Control Flow Analysis (notes, in-class exercises)
Feb 28	Hoare Logic (notes, in-class exercises)		hw6 checkpoint due hw6.pdf
Mar 1	RecitationMidterm Review (notes)
Mar 5	Hoare Logic (continued) (in-class exercises)		full hw6 due
Mar 7	Midterm Exam
Mar 8	no recitationMid-Semester Break
Mar 19	Satisfiability Modulo Theories (notes, in-class exercises)
Mar 21	Program synthesis (notes, slides)
Mar 22	recitation SMT Solvers: Z3 (notes, in-class-exercises)	CHALLENGE.md, SOLUTION.md
Mar 26	Program synthesis, continued (in-class exercises)		hw7 hw7.pdf
Mar 28	Symbolic execution (notes, slides on Prefix, in-class exercises)	Optional reading: Mixing Type Checking and Symbolic Execution
Mar 29	Recitation Static Verification Tools: Dafny (notes, in-class-exercises)	exercise-solution.txt
Apr 2	Concolic execution and test generation (notes, in-class exercises)		hw8 hw8.pdf, hw8.zip
Apr 4	Model Checking (notes by Clarke et al., slides, in-class exercises)
Apr 5	Recitation
Apr 9	Counterexample-Guided Abstraction Refinement in Blast (slides, in-class exercises)	Checking Memory Safety with Blast	hw9 hw9.pdf, hw9.zip or project proposal (Research option)
Apr 11	No lecture: Spring Carnival
Apr 12	no recitationSpring Carnival
Apr 16	Synthesis research - Ruben Martins (slides, in-class exercises)		project proposal due (Practice option)
Apr 18	Program Repair - Chris Timperley (slides)
Apr 19	Recitation Project Help (WEH 4123)
Apr 23	Efficient analysis for refactoring at scale - Hyrum Wright, Google
Apr 25	Gradual Typing (Abstracting Gradual Typing paper)		Project checkpoint due
Apr 26	Recitation Gradual Verification (slides)	Gradual Program Verification
April 30	Dynamic Analysis (Daikon invariant detection and race detection slides)
May 2	Program Synthesis: SPIRAL - Franz Franchetti (slides)
May 3	recitation Project Help (WEH 4123)
May 13, 5:30-8:30pm	Project presentations (GHC 4211)		Project presentations and final deliverables