Course Description
This course covers both foundations and practical aspects of the automated analysis of programs, which is becoming increasingly critical to find software errors and assure program correctness. The theory of abstract interpretation captures the essence of a broad range of program analyses and supports reasoning about their correctness. Building on this foundation, the course will describe program representations, data flow analysis, alias analysis, interprocedural analysis, dynamic analysis, and symbolic execution. Through assignments and projects, students will design and implement practical analysis tools that find bugs and verify properties of software.
This course fulfills the Logic and Languages constrained elective category for the Computer Science major as well as the Theoretical Foundations requirement of the Computer Science master's degree.
Why take this course?
- Explore the meaning of programs. One of the most basic questions that programmers ask is "What does this program do?" Program analysis is all about understanding programs--automatically!
- Learn deep theory. The theory of abstract interpretation stands with type theory as the most important and beautiful foundations of programming languages. Abstract interpretation is the fundamental theory of abstraction: how to precisely relate the concrete execution of a program to an abstraction of that execution. Naturally, this has many applications, which brings us to the third reason to take this course:
- Build awesome tools. Using program analysis, you can build tools that find bugs, prove important security and correctness properties, automatically generate useful tests, and much more--and you'll have a chance to do all of this in course assignments and a project that you can design yourself (if you want).
Logistics and People
Class: Tue/Thu 2:00 — 3:20 p.m. in GHC 4102
Recitation: Fri 10:00 a.m. — 10:50 a.m. in WEH 5320
Spring 2025
12 units
Course Syllabus and Policies
The syllabus covers course learning objectives, supplemental textbooks, assessments, late work policy, and policies. Consult Canvas and especially Piazza for up-to-date announcements and discussion (links in header).
Schedule
As of July 2025, we have endeavored to make this schedule, including assignment due dates, as accurate as possible. However, it is subject to change as the semester advances.
| Date | Topic | Reading/Material | HW Due | Optional Reading | |
|---|---|---|---|---|---|
| Aug 26 | Introduction | Text ch. 1 slides | PPA ch. 1 | ||
| Aug 28 | Program Representations: Abstract Syntax and Operational Semantics | Text ch. 2 & 3 slides | |||
| Aug 29 | recitation CodeQL | github | |||
| Sep 2 | Program Semantics (cont.) | Text ch. 2 & 3 same slides | |||
| Sep 4 | Intermediate Representations, Control-Flow Graphs, and Data-Flow | Text ch. 2 & 3 slides | hw1 github | PPA ch. 2 & 6 | |
| Sep 5 | recitation Semantics | notes soln | |||
| Sep 9 | Dataflow Analysis & Abstract Interpretation Framework | Text ch. 4 | PPA ch. 2.1 | ||
| Sep 11 | Dataflow Analysis examples | Text ch. 5 | hw2 pdf mathpartir | PPA ch. 2 | |
| Sep 12 | recitation Specifying/Implementing Dataflow Analysis | ||||
| Sep 16 | Dataflow Analysis examples (cont.) | PPA ch. 2.2—2.3 | |||
| Sep 18 | Termination and Correctness | Text ch. 6 | PPA ch. 2.3—2.4 | ||
| Sep 19 | recitation Data-Flow Analysis Correctness | ||||
| Sep 23 | Termination and Correctness | PPA ch. 2.5 | |||
| Sep 25 | Precision and Widening | Text ch. 7 | PPA ch. 2.5 | ||
| Sep 26 | recitation | ||||
| Sep 30 | Interprocedural analysis | Text ch. 8 | |||
| Oct 2 | Context-Sensitive Analysis | Text ch. 8 & ch. 10.2 | |||
| Oct 6 | recitation Midterm review. | ||||
| Oct 7 | Pointer Analysis + Call Graphs for Object-Oriented Languages | Text ch. 10 | PPA ch. 3 | ||
| Oct 9 | Midterm exam 1 | ||||
| Oct 10 | no recitation | ||||
| Oct 13—17 | Fall Break; no classes | ||||
| Oct 21 | Intro to Hoare Logic | Text ch. 11 | |||
| Oct 23 | Verification using Hoare Logic | Text ch. 11 | |||
| Oct 24 | recitation Hoare Logic Proofs using Axiomatic Semantics | ||||
| Oct 28 | Symbolic Execution | Text ch. 13 | |||
| Oct 30 | Concolic Testing | Text ch. 14 | |||
| Oct 31 | recitation Midterm 1 review | ||||
| Nov 4 | Democracy Day; no class | ||||
| Nov 6 | Satisfiability Modulo Theories | Text ch. 12 | |||
| Nov 7 | recitation Intro to Z3 | ||||
| Nov 11 | Satisfiability Modulo Theories (cont.) | ||||
| Nov 13 | Program Synthesis | Text ch. 15 | |||
| Nov 14 | recitation Simple synthesis using Z3 | ||||
| Nov 18 | Program Repair | ||||
| Nov 20 | Temporal Logic and Model Checking | supplementary reading | |||
| Nov 21 | recitation Midterm review | ||||
| Nov 25 | Midterm exam 2 | ||||
| Nov 27 | Thanksgiving Break; no class | ||||
| Nov 28 | No recitation | ||||
| Dec 2 | Dynamic Analysis (Fuzz Testing, Invariant Generation) | Text ch. 16 | |||
| Dec 4 | Review and Project Discussions | ||||
| Dec 5 | recitation Dynamic analysis on stack machine bytecode | ||||
| Dec TBD | Project Presentations (Time/location TBD) |