The following schedule lists the topics we will cover and approximately the number of meetings we will spend on each topic. The schedule is tentative. Most likely, some things will change during the semester, and I will revise the schedule as necessary.
The Reading column lists the assigned reading for the meeting. You should view the readings as an introduction to spark discussion in class.
The Assignment column lists the due date for each assignment.
| Date | Part | Topic | Reading | Assignment | |
|---|---|---|---|---|---|
| M | 8/23 | Welcome and Course Overview [slides] | Sign-up on the course moodle and introduce yourself on the blog. | ||
| W | 8/25 | Research |
The Astrée Static Analyzer
[slides,
slides from PL seminar talk]
Guest lecture by
Xavier Rival
|
Blanchet et al. A Static
Analyzer for Large Safety-Critical Software. PLDI, 2003.
Skip or skim Sections 6-9.
Kästner et al.
Astrée: Proving the Absence of Runtime Errors.
Embedded Real Time Software and Systems, 2010.
This paper describes some of the industrial experience with Astrée.
(Optional)
|
|
| M | 8/30 | Research | Predicate Abstraction and CEGAR [slides] |
Thomas Ball and Sriram K. Rajamani.
The
SLAM Project: Debugging System Software via Static
Analysis. POPL, 2002.
Thomas A. Henzinger, Ranjit Jhala, Rupak Majumdar, and
Gregoire Sutre. Lazy Abstraction. POPL, 2002. Skim Section 7.
|
|
| W | 9/1 | Research | Predicate Abstraction and CEGAR | ||
| M | 9/6 | No Class: Labor Day | |||
| W | 9/8 | Foundations | Operational Semantics [slides] | ||
| M | 9/13 | Foundations | No Class |
NNH, Ch. 1 up through 1.2 and 2.2.1.
Harper, Part I. This part provides a foundation for
inductively-defined judgments. (Optional but recommended for those
who have never seen PL semantics)
Winskel, Ch. 2. This chapter defines essentially the same
simple imperative language in a bit more detail, though leaves the
small-step operational semantics as an exercise. (Optional)
|
|
| W | 9/15 | Foundations |
Operational Semantics and Transition Systems
Guest lecture by
Sriram Sankaranarayanan
|
Rival, Ch. 3 up through 3.2. (Optional)
|
|
| M | 9/20 | Foundations |
Collecting Semantics and Dataflow Equations
Guest lecture by
Sriram Sankaranarayanan
|
||
| W | 9/22 | Foundations |
Collecting Semantics and Dataflow Equations
Guest lecture by
Sriram Sankaranarayanan
|
NNH, Ch. 1.3 up through 1.4
Rival, Ch. 3.4 (Optional)
|
|
| M | 9/27 | Foundations | Abstraction |
NNH, Ch. 1.5
|
|
| W | 9/29 | Foundations | Abstraction |
NNH, Ch. 4.3
Rival, Ch. 4 up through 4.2. (Optional)
|
|
| M | 10/4 | Foundations | Abstraction | ||
| W | 10/6 | Foundations | Abstraction | ||
| M | 10/11 | Foundations | Abstract Interpretation | ||
| W | 10/13 | Foundations | Abstract Interpretation |
NNH, Ch. 4.2
|
|
| M | 10/18 | Foundations | Abstract Interpretation. Project 2 Lab Session. | ||
| W | 10/20 | Foundations | Abstract Interpretation. Project 2 Lab Session. | ||
| M | 10/25 | Foundations | Abstract Interpretation. Project 2 Discussion. | ||
| W | 10/27 | Foundations |
Interprocedural Analysis and CFL-Reachability
Guest lecture by
Manu Sridharan
|
Thomas Reps. Program
Analysis via Graph Reachability. (Read up through Section
4.1, though the whole paper is recommended)
|
|
| M | 11/1 | Research | Abstract Interpretation: Precision and Widening. Symbolic Execution. |
Khoo Yit Phang, Bor-Yuh Evan Chang, and Jeffrey S. Foster.
Mixing Type Checking and Symbolic Execution. PLDI, 2010.
|
|
| W | 11/3 | Research | Symbolic Execution |
Choose at least one of the following papers on using
symbolic execution for automated testing:
Classic paper (optional). The following is
the classic paper on symbolic execution:
|
|
| M | 11/8 | Research | Symbolic Execution | ||
| W | 11/10 | Research | Symbolic Execution | ||
| M | 11/15 | Research | Heap Reasoning Introduction | ||
| W | 11/17 | Research | Separation Logic |
John C. Reynolds.
Separation
Logic: A Logic for Shared Mutable Data Structures. LICS, 2002.
John C. Reynolds.
Introduction
to Separation Logic. An additional resource are the course
notes for this class. (Optional)
|
|
| M | 11/22 | No Class: Fall Break | |||
| W | 11/24 | No Class: Fall Break | |||
| M | 11/29 | Research | Separation Logic | ||
| W | 12/1 | Research | Separation Logic and Shape Analysis |
Dino Distefano, Peter O'Hearn, and Hongseok Yang.
A
local shape analysis based on separation logic, TACAS 2006.
|
|
| M | 12/6 |
Project Presentations Sam Blackshear: Code-Implied Beliefs and Symbolic Execution
for Bug-Finding in Javascript
Devin Coughlin and Jonathan Turner: Exploring Heap Abstractions in Javascript
Jon Walz
|
|||
| W | 12/8 |
Project Presentations Aleks Chakarov
Sid Gracias and Jason Robison: Javascript Array Bounds Checking
Hanchao Wu: Type Analysis for Javascript
|
|
||