Formal Program Analysis
FIT-FADAcad. year: 2020/2021
An overview of various methods of analysis and verification of programs with formal roots. Model checking: basic principles, specification of properties to be verified, temporal logics, the state explosion problem and existing approaches to solving it, binary decision diagrams, automated abstraction (with a stress on predicate abstraction that plays a key role in software model checking). Various approaches to static analysis: dataflow analysis, pointer analyses, constraint-based analysis, type analysis, abstract interpretation. Deductive verification, SAT solving, SMT solving, symbolic execution. Dynamic analysis with a formal basis, algorithms like FastTrack or dynamic partial order reduction.
Areas for the Doctoral State Exam:
1. Temporal logics LTL, CTL, and CTL*.
2. Büchi automata and LTL model checking based on them.
3. CTL model checking.
4. Binary decision diagrams.
5. Predicate abstraction.
6. Abstract interpretation.
7. Data-flow analysis.
8. SAT solving and SMT solving.
9. Symbolic execution.
10. Deductive verification.
Learning outcomes of the course unit
Acquaintance with possibilities, limitations, and principles of state-of-the-art methods of program analysis on a formal basis. Ability to apply them in advanced projects and overall knowledge of the way these techniques can evolve in the future.
A deeper ability to read and create formal texts.
Acquaintance with basics of logics, algebra, graph theory, theory of formal languages and automata, compilers, and computability and complexity.
Recommended optional programme components
Recommended or required reading
Aho, A.V., Lam, S., Sethi, R., Ullman, J.D.: Compilers: Principles, Techniques, and Tools. Addison Wesley, 2nd ed., 2006. The part devoted to static analysis.
Bradley, A.R., Manna, Z.: The Calculus of Computation: Decision Procedures with Applications to Verification, Springer, 2007.
Valmari, A.: The State Explosion Problem. In Reisig, W., Rozenberg, G.: Lectures on Petri Nets I: Basic Models, volume 1491 of Lecture Notes in Computer Science, pages 429-528. Springer-Verlag, 1998.
Chess, B., West,J.: Secure Programming with Static Analysis. Addison-Wesley Professional, 2007.
Kroening, D., Strichman, O.: Decision Procedures: An Algorithmic Point of View, Springer, 2008.
Holzmann, G.J.: The SPIN Model Checker: Primer and Reference Manual, Addison-Wesley Professional, 2003.
Ben-Ari, M.: Principles of the Spin Model Checker, Springer, 2008.
Bertot Y., Castéran, P.: Interactive Theorem Proving and Program Development: Coq'Art: The Calculus of Inductive Constructions, Springer, 2010.
Materials presented within the lectures and made accessible via the Internet.
Materials freely accessible on the Internet, especially papers and documentation related to the various computer-aided tools for formal analysis and verification.
Clarke, E.M., Henzinger, Th.A., Veith, H., Bloem, R. (Eds.): Handbook of Model Checking, Springer International Publishing, 2018.
Baier, C., Katoen, J.-P.: Principles of Model Checking. MIT Press, 2008.
Rival, X., Yi, K.: Introduction to Static Analysis. An Abstract Interpretation Perspective. MIT Press, 2020.
Moller, A., Schwartzbach, M.I.: Static Program Analysis, Department of Computer Science, Aarhus University, Denmark, 2018.
Nielson, F., Nielson, H.R., Hankin, C.: Principles of Program Analysis, Springer-Verlag, 2005.
Edmund, M.C., Grumberg, O., Peled, D.A.: Model Checking. MIT Press, 2000.
Khedker, U., Sanyal, A., Sathe, B.: Data Flow Analysis: Theory and Practice, CRC Press, 2009.
Planned learning activities and teaching methods
Assesment methods and criteria linked to learning outcomes
Discussions within the lectures, a check of the prepared report.
Language of instruction
The goal of the course is to acquaint the students with principles, possibilities, and restrictions of the currently most successful methods known, resp. being studied, in the area of applying formal methods for automated analysis and verification of programs.
Specification of controlled education, way of implementation and compensation for absences
Lectures and a preparation of a report.
Type of course unit
26 hours, optionally
Teacher / Lecturer
- An overview of existing methods of formal analysis and verification of programs, their capabilities, advantages and disadvantages.
- Model checking: basic principles, specification of properties to be checked, temporal logics.
- LTL model checking based on automata.
- The state explosion problem and possibilities of fighting it, efficient state space storage, binary decision diagrams.
- State space reductions, especially the partial-order reduction.
- Automated abstraction with a stress on predicate abstraction, Craig interpolants.
- Symbolic execution.
- Deductive verification.
- SAT solving, SMT solving.
- Static analysis based on dataflow analysis, pointer analyses.
- Constraint-based static analysis, type analysis.
- Abstract interpretation.
- Dynamic analysis on a formal basis, algorithms like FastTrack, dynamic partial-order reduction.
Guided consultation in combined form of studies
26 hours, optionally
Teacher / Lecturer