17-654/17-754 Analysis of Software Artifacts Syllabus

Spring 2007
Tuesdays/Thursdays 10:30-11:50am
301 S. Craig, room 265
12 units
Professor Jonathan Aldrich
jonathan [dot] aldrich [at] cs.cmu.edu
Office Hours: Tuesday/Thursday 10-10:30am, SCRG 265
Also by appointment
TA Kevin Bierhoff
kevin [dot] bierhoff [at] cs.cmu.edu
Office Hours: Monday 1:30, Wean 8301
TA Nels Beckman
nbeckman [at] cs.cmu.edu
Office Hours:Friday 2:00, Wean 8102

Course Syllabus and Policies

Covers course overview and objectives, evaluation, time management, late work policy, and collaboration policy


These textbooks are all optional references.  They may be useful supplements to the lectures but are not required, nor are they strongly recommended.  My material on testing and reviewing generally follows the high points in those texts, which I believe are good "shelf references" for these areas.  I cover a subset of the material in the program analysis text (which is quite theoretical) but the notations and formalisms I use are slightly different.
The texts above have all been requested to be on reserve in the Engineering and Science Library.

Announcements: see Blackboard

(Tentative) Schedule of Topics, Readings, and Assignments

Assignment Due
Introduction, Testing and Inspection

Jan 16
Overview of Analysis Techniques and Applications; 

Jan 18 Program Representations; Crystal
Jan 23 Inspection 2-inspection.pdf (optional) Wiegers text asst1.pdf
Jan 25 Testing Overview (Functional & Unit testing, etc.) 3-testing.pdf
What is software testing? And why is it so hard?; Kaner text (optional)
Jan 30 Test Coverage Techniques

Feb 1 Testing Tools unit_testing_lecture.pdf

Program Semantics and Verification
Feb 6 Testing wrap-up

Assignment 2: Testing and Inspection
Feb 8 Hoare Logic: Reasoning about Correctness 7-hoare.pdf
3-hoare-notes.pdf; 3-hoare.tex; An Axiomatic Basis for Computer Programming
Feb 13 Boogie: Code Verification Slides from Wolfram Schulte; additional slides
Spec# examples: Contains.ssc; Program.ssc
Assignment 3: Unit Test Generation
Feb 15 Testing assignment debrief; More on Boogie

Static Analysis
Feb 20 Boogie wrap-up; Static Analysis Introduction

Feb 22 Static Analysis Principles; PreFast and SAL

Assignment 4: Boogie (on Blackboard)
Feb 27 Data Flow Analysis Introduction
dataflow-notation.pdf; dataflow-notation.tex Assignment 5 (short): SAL
Mar 1
Data Flow Analysis Frameworks

Mar 6
Data Flow Analysis Soundness

Assignment 6: Data Flow Analysis 1; ZATest.java; TestNull.java
Mar 8
Dynamic and Performance Analysis
16-profiling.pdf; 16-daikon.pdf
Dynamically Discovering Likely Program Invariants to Support Program Evolution
Mar 12, 16
No Class -- Spring Break
Mar 20 Analysis of Models
Alloy home page; Jonathan Bowen's slides on Alloy
Assignment 7: Data Flow Analysis 2
Mar 22
Design Analysis 18-dsms.pdf

Mar 27
Security: Background and Motivation
Why Cryptosystems Fail
Assignment 8: Profiling
Mar 29
Security Analysis

Apr 3
Security & Concurrency Analysis 21-concurrency.pdf
Assuring and Evolving Concurrent Programs: Annotations and Policy Assignment 9: Design Analysis
Analysis Across the Software Lifecycle

Apr 5
Concurrency Analysis

Apr 10 Real-Time Analysis

Apr 11

Mini-project bids due at 9pm
Apr 12 Type Systems/Memory Management

Assignment 10: Security Analysis
Apr 17
Typestate / Protocol Analysis

Mini-project Interim Report due, 10:30am
Apr 19
No class -- Spring Carnival

Apr 24 Tool Experience Presentations Last year: tools-day-1.pdf
project.pdf; Tool list; Powerpoint template
Apr 26 Tool Experience Presentations Last year: tools-day-2.pdf

May 1
Quality in the Organization: Microsoft and eBay

May 3
PREfix: Symoblic Execution
Reflexion Models for Reengineering
29-prefix.pdf; 29-reflexion-models.pdf

May 8
9-12AM: QA Plan Presentations and Review

QA review documents, QA plan presentations
May 15

Revised QA Plan

Additional Topics

Fluid: Incremental Concurrency Analysis

PREfix (Microsoft tool)
A Static Analyzer for Finding Dynamic Programming Errors

Interprocedural Analysis in PREfix; Crystal 
Checking System Rules Using System-Specific, Programmer-Written Compiler Extensions

Metal: User-defined property checking (Coverity tool); General Interprocedural Analysis

Fugue: Sound Checking of Component Protocols (Microsoft tool); Alias analysis
The Fugue Protocol Checker: Is Your Software Baroque?

Introduction to Model Checking
Clarke et al., Model Checking, ch. 1-4

Model Checking and Dataflow Analysis