15-819 M: Program Analysis

Spring 2010
MW 1:30-2:50
GHC 4211
12 units
Jonathan Aldrich, Instructor

Course summary, textbook, grading, and policies


Assignment Due
Jan 11
Introduction to Program Analysis


Jan 13
Dataflow Analysis and Abstract Interpretation Frameworks
02-dataflow-analysis.pdf; CrystalTutorial.pdf
PPA ch. 1

Jan 15
Crystal demo in office hours

Jan 18
No class - MLK day

Jan 20
Dataflow Analysis Examples

PPA 2.1-2.3

Analysis warm-up (and Countdown.java)
Jan 25
Program Semantics and Abstract Interpretation Correctness
lec3-notes.txt PPA ch. 4

Jan 27 No class - instructor out of town

Feb 1
Abstract Interpretation - Examples

Dataflow analysis (and TestSign.java)
Feb 3
Interprocedural Analysis

Feb 8
snow day - no class

Abstract interpretation correctness
Feb 10
snow day - no class

Feb 15
Alias Analysis lec8-pointer.txt
Steensgaard, Andersen

Feb 17
Shape Analysis
Sagiv et al.

Feb 22
Shape Analysis (continued)

Feb 24
Hoare Logic 09-hoare.pdf
An Axiomatic Basis for Computer Programming;

Mar 1
Extended Static Checking notes
Weakest-Precondition of Unstructured Programs; Boogie

Alias or Interprocedural Analysis
Mar 3
The Boogie Modular Verification Methodology
Verification of Object-Oriented Programs with Invariants

Mar 8, 10
Spring break - no class

Mar 15
Boogie, continued; comparison to Typestate verification in Plural

Modular Typestate Checking of Aliased Objects
Project proposal
Mar 17
Analysing higher-order and OO programs

Mar 22
Constraint-Based Analysis

Introduction to Set Constraint-Based Program Analysis.

Mar 24
Constraints continued;
Type- and Effect Analysis

Andersen's algorthm from Kodumal & Aiken's Banshee paper;
PPA ch. 5

Mar 29
Type- and Effect Analysis continued

Mar 31
Symbolic Execution
PLDI '10 paper (preprint on Blackboard)

Apr 5
Concolic Execution Koushik Sen's lecture notes

Project milestone
Apr 7
Counterexample Guided Abstraction Refinement in Yogi

Apr 12
Advanced Program Representations
Global Value Numbers and Redundant Computations (the first to use SSA form); The Program Dependence Graph and Its Use in Optimization

Apr 14
Daikon: Dynamic Analysis; Test Prioritization
daikon.pdf; test-prioritization.pdf
Dynamically discovering likely program invariants to support program evolution; Effectively Prioritizing Tests in Development Environment

Apr 19
Concurrency Analysis; Engineering and Adoptability
Assuring and Evolving Concurrent Programs: Annotations and Policy

Project milestone
Apr 21
Analysis in Practice - Microsoft and EBay case studies static-analysis-at-microsoft.pdf
Understanding the value of program analysis tools

Apr 26
Declarative Program Analysis

Strictly Declarative Specification of Sophisticated Points-to Analyses

Apr 28
Final exam

May 4
8:30am Project Presentations

Final project

Course Summary

This course provides an overview of the state of the art in program analysis and recent research in the area.  Topics include program representations, abstract interpretation, type-based and constraint-based analysis, approaches to interprocedural analysis, counterexample-guided abstraction refinement, extended static checking, and combinations of testing and static analysis.  The course will mix theory and practice; students will formalize analyses and prove them correct, but also implement simple analyses and complete a capstone course research project.  One option for the course project will be to design and develop a verification tool to be used in a new undergraduate introductory course planned for Fall 2010.

This is a graduate-level course targeting Ph.D. students as well as masters and strong undergraduate students who are interested in program analysis.  There is no course prerequisite but students should be comfortable with formal definitions.

Recommended course textbook:

Grading (approximate)


Everyone in the class has 7 late days to use at any point during the semester.  After late days are used up, the late penalty is 10% per day.  I will consider granting additional late days in extenuating circumstances (e.g. illness) after your late days are used up.

Additional potential topics