17-355/17-665/17-819 Program Analysis

Class Tu/Th 10:30 - 11:50 a.m. in GHC 4211
Recitation F 10:30 - 11:50 a.m. in GHC 4211
Spring 2019
12 units

Professor Jonathan Aldrich
aldrich at cs dot cmu dot edu
WEH 4216
Office hours: Monday 1:30-2:30pm, Tuesday 5-5:40pm, or by appointment
For appointments outside of office hours, email the instructor.

TA Jenna Wise
jlwise at andrew dot cmu dot edu
WEH 4123
Office hours: Thursday 1-3pm, or by appointment

Course Description

This course covers both foundations and practical aspects of the automated analysis of programs, which is becoming increasingly critical to find software errors and assure program correctness. The theory of abstract interpretation captures the essence of a broad range of program analyses and supports reasoning about their correctness. Building on this foundation, the course will describe program representations, data flow analysis, alias analysis, interprocedural analysis, dynamic analysis, and symbolic execution. Through assignments and projects, students will design and implement practical analysis tools that find bugs and verify properties of software.

This course fulfills the Logic and Languages constrained elective category for the Computer Science major.

New: For 2019, this course is preapproved for the Theoretical Foundations requirement of the Computer Science master's degree.

Why take this course?

Course Syllabus and Policies

The syllabus covers course learning objectives, supplemental textbooks, assessments, late work policy, and policies.

Schedule

Date Topic and Notes Additional Reading or Code Assignments Due
Jan 15 Introduction, Program Representation, and Syntactic Analysis
(notes, slides, in-class exercises)
PPA ch. 1 (optional)
Jan 17 Program Semantics
(notes, in-class exercises)
Jan 18 RecitationSyntactic Analysis in Soot
(notes, in-class exercises)
Jan 22 Dataflow Analysis and Abstract Interpretation
(notes, in-class exercises)
PPA ch. 2 (optional)
Jan 24 Dataflow Analysis and Abstract Interpretation, continued (in-class exercises) PPA ch. 6 (optional) hw1 hw1.pdf, hw1.zip
Jan 25 RecitationProgram Semantics
(notes, in-class exercises)
Jan 29 Dataflow Analysis examples (notes, in-class exercises)
Jan 31 SNOW DAY hw2 hw2.pdf, mathpartir.zip
Feb 1 recitationSpecifying Dataflow Analysis
(notes, in-class exercises)
Feb 5 Dataflow Analysis termination and complexity (notes, in-class-exercises) PPA ch. 4 (optional)
Feb 7 Collecting semantics and interval analysis (notes, in-class-exercises) hw3 hw3.pdf
Feb 8 RecitationImplementing Dataflow Analysis
(notes, in-class-exercises)
recitation4.zip, recitation4-solution.zip
Feb 12 Live variables and widening (notes above, in-class exercises)
Feb 14 Interprocedural analysis (notes, simplified algorithm) hw4 hw4.pdf, hw4.zip
Feb 15 RecitationProving Analyses Correct
(notes, in-class-exercises)
Feb 19 Context-sensitive interprocedural analysis (notes continued, in-class-exercises)
Feb 21 Pointer analysis (notes, in-class exercises) hw5 hw5.pdf
Feb 22 RecitationInterprocedural Analysis in Soot
(notes, in-class-exercises)
Feb 26 Control Flow Analysis (notes, in-class exercises)
Feb 28 Hoare Logic (notes, in-class exercises) hw6 checkpoint due hw6.pdf
Mar 1 RecitationMidterm Review
(notes)
Mar 5 Hoare Logic (continued) (in-class exercises) full hw6 due
Mar 7 Midterm Exam
Mar 8 no recitationMid-Semester Break
Mar 19 Satisfiability Modulo Theories (notes, in-class exercises)
Mar 21 Program synthesis (notes, slides)
Mar 22 recitation SMT Solvers: Z3
(notes, in-class-exercises)
CHALLENGE.md, SOLUTION.md
Mar 26 Program synthesis, continued (in-class exercises) hw7 hw7.pdf
Mar 28 Symbolic execution (notes, slides on Prefix, in-class exercises) Optional reading: Mixing Type Checking and Symbolic Execution
Mar 29 Recitation Static Verification Tools: Dafny
(notes, in-class-exercises)
exercise-solution.txt
Apr 2 Concolic execution and test generation (notes, in-class exercises) hw8 hw8.pdf, hw8.zip
Apr 4 Model Checking (notes by Clarke et al., slides, in-class exercises)
Apr 5 Recitation
Apr 9 Counterexample-Guided Abstraction Refinement in Blast (slides, in-class exercises) Checking Memory Safety with Blast hw9 hw9.pdf, hw9.zip
or project proposal (Research option)
Apr 11 No lecture: Spring Carnival
Apr 12 no recitationSpring Carnival
Apr 16 Synthesis research - Ruben Martins (slides, in-class exercises) project proposal due (Practice option)
Apr 18 Program Repair - Chris Timperley (slides)
Apr 19 Recitation Project Help (WEH 4123)
Apr 23 Efficient analysis for refactoring at scale - Hyrum Wright, Google
Apr 25 Gradual Typing (Abstracting Gradual Typing paper) Project checkpoint due
Apr 26 Recitation Gradual Verification (slides) Gradual Program Verification
April 30 Dynamic Analysis (Daikon invariant detection and race detection slides)
May 2 Program Synthesis: SPIRAL - Franz Franchetti (slides)
May 3 recitation Project Help (WEH 4123)
May 13, 5:30-8:30pm Project presentations (GHC 4211) Project presentations and final deliverables