Course details
Formal Program Analysis
FAD Acad. year 2024/2025 Winter semester
An overview of various methods of analysis and verification of programs with formal roots. Model checking: basic principles, specification of properties to be verified, temporal logics, the state explosion problem and existing approaches to solving it, binary decision diagrams, automated abstraction (with a stress on predicate abstraction that plays a key role in software model checking). Various approaches to static analysis: dataflow analysis, pointer analyses, constraint-based analysis, type analysis, abstract interpretation. Deductive verification, SAT solving, SMT solving, symbolic execution. Dynamic analysis with a formal basis, algorithms like FastTrack or dynamic partial order reduction.
Areas for the Doctoral State Exam:
1. Temporal logics LTL, CTL, and CTL*.
2. Büchi automata and LTL model checking based on them.
3. CTL model checking.
4. Binary decision diagrams.
5. Predicate abstraction.
6. Abstract interpretation.
7. Data-flow analysis.
8. SAT solving and SMT solving.
9. Symbolic execution.
10. Deductive verification.
Guarantor
Language of instruction
Completion
Time span
- 26 hrs lectures
Assessment points
- 100 pts final exam
Department
Lecturer
Learning objectives
The goal of the course is to acquaint the students with principles, possibilities, and restrictions of the currently most successful methods known, resp. being studied, in the area of applying formal methods for automated analysis and verification of programs.
Acquaintance with possibilities, limitations, and principles of state-of-the-art methods of program analysis on a formal basis. Ability to apply them in advanced projects and overall knowledge of the way these techniques can evolve in the future.
A deeper ability to read and create formal texts.
Prerequisite knowledge and skills
Acquaintance with basics of logics, algebra, graph theory, theory of formal languages and automata, compilers, and computability and complexity.
Study literature
- Aho, A.V., Lam, S., Sethi, R., Ullman, J.D.: Compilers: Principles, Techniques, and Tools. Addison Wesley, 2nd ed., 2006. (Část věnovaná statické analýze.)
- Bradley, A.R., Manna, Z.: The Calculus of Computation: Decision Procedures with Applications to Verification, Springer, 2007.
- Kroening, D., Strichman, O.: Decision Procedures: An Algorithmic Point of View, Springer, 2008.
- Holzmann, G.J.: The SPIN Model Checker: Primer and Reference Manual, Addison-Wesley Professional, 2003.
- Ben-Ari, M.: Principles of the Spin Model Checker, Springer, 2008.
- Soubor materiálů prezentovaných na přednáškách a zveřejněných přes WWW.
- Materiály aktuálně volně dostupné na Internetu, a to zejména články a dokumentace týkající se počítačových nástrojů pro formální analýzu a verifikaci.
- Moller, A., Schwartzbach, M.I.: Static Program Analysis, Department of Computer Science, Aarhus University, Denmark, 2018.
- Nielson, F., Nielson, H.R., Hankin, C.: Principles of Program Analysis, Springer-Verlag, 2005.
Fundamental literature
-
Clarke, E.M., Grumberg, O., Peled, D.A.: Model Checking, MIT Press, 2000. ISBN 0-262-03270-8
-
Berard, B., Bidoit, M., Finkel, A., Laroussinie, F., Petit, A., Petrucci, L., Schnoebelen, P., McKenzie, P.: Systems and Software Verification: Model-Checking Techniques and Tools, Springer-Verlag, 2001. ISBN 3-540-41523-8
-
Monin, J.F., Hinchey, M.G.: Understanding Formal Methods, Springer-Verlag, 2003. ISBN 1-852-33247-6
-
Valmari, A.: The State Explosion Problem. In Reisig, W., Rozenberg, G.: Lectures on Petri Nets I: Basic Models, Lecture Notes in Computer Science, č.1491, s. 429-528. Springer-Verlag, 1998. ISBN 3-540-65306-6
-
Nielson, F., Nielson, H.R., Hankin, C.: Principles of Program Analysis, Springer-Verlag, 2005. ISBN 3-540-65410-0
-
Schwartzbach, M.I.: Lecture Notes on Static Analysis, BRICS, Department of Computer Science, University of Aarhus, Denmark, 2006.
Syllabus of lectures
- An overview of existing methods of formal analysis and verification of programs, their capabilities, advantages and disadvantages.
- Model checking: basic principles, specification of properties to be checked, temporal logics.
- LTL model checking based on automata.
- The state explosion problem and possibilities of fighting it, efficient state space storage, binary decision diagrams.
- State space reductions, especially the partial-order reduction.
- Automated abstraction with a stress on predicate abstraction, Craig interpolants.
- Symbolic execution.
- Deductive verification.
- SAT solving, SMT solving.
- Static analysis based on dataflow analysis, pointer analyses.
- Constraint-based static analysis, type analysis.
- Abstract interpretation.
- Dynamic analysis on a formal basis, algorithms like FastTrack, dynamic partial-order reduction.
Progress assessment
Discussions within the lectures, a check of the prepared report.
Lectures and a preparation of a report.
Course inclusion in study plans
- Programme DIT, any year of study, Compulsory-Elective group O
- Programme DIT, any year of study, Compulsory-Elective group O
- Programme DIT-EN (in English), any year of study, Compulsory-Elective group O
- Programme DIT-EN (in English), any year of study, Compulsory-Elective group O
- Programme VTI-DR-4, field DVI4, any year of study, Elective
- Programme VTI-DR-4, field DVI4, any year of study, Elective
- Programme VTI-DR-4 (in English), field DVI4, any year of study, Elective