CIS-5130 (Analysis of Artifacts) Home Page
This is the home page for CIS-5130 course notes for the Fall 2019 semester. Here you
will find class handouts, slides used during the lectures, homework assignments, and links
to other references of interest.
- The course syllabus gives an overview of the course
and its content, lists course resources, and describes the grading policy and related
issues.
- The homework submission area and grade book are on Canvas but all other course resources
are here.
- Here is a list of the analysis projects chosen by the class
members.
Topics
- 2019-08-27. Course introduction and overview. Introduced SPARK.
- 2019-08-29. Demonstrated SPARK using the Buffers example.
- 2019-09-03. Demonstrated SPARK contacts and loop invariants.
- 2019-09-05. Discussed the BinarySearch example. Demonstrated using SPARK on a larger
example (CubedOS).
- 2019-09-10. Provided hints related to Homework #1.
Discussed the SelectionSort example that uses ghost functions.
- 2019-09-12. Described in the architecture of SPARK and its use of Why3.
- 2019-09-17. Discussion of the first Splint paper, with demonstration.
- 2019-09-19. Discussion of SPARK's ownership model of pointers.
- 2019-09-24. Introduced Frama-C and the WP plugin for doing formal verification.
- 2019-09-26. Brief discussion of JML and the goals of the KeY project. Started
discussing Frama-C's value analysis. Reviewed the EVA tutorial in the EVA
documentation.
- 2019-10-01. Discussed Homework #3. Introduced the
analysis project.
- 2019-10-03. Discussed software metrics and the Frama-C metrics plug-in. Discussed call
graphs, stack depth analysis, and cyclomatic complexity.
- 2019-10-08. Discussed code coverage and gconv.
- 2019-10-10. Discussed execution profiling and gprof.
- 2019-10-22. Discussed valgrind.
- 2019-10-24. Discussed secure information flow.
- 2019-10-29. Discussed ASIS and libadalang.
- 2019-10-31. Discussed spin.
- 2019-11-05. Introduced the ELK stack.
- 2019-11-07. Discussed the RFC index example: indexing the RFC index in Elastic.
- 2019-11-12. No class.
- 2019-11-14. Introduced logstash.
- 2019-11-19. No class.
- 2019-11-21. ?
- 2019-12-03. Homework time.
- 2019-12-05. Homework time.
Slides
Papers
A detailed bibliography in BibTeX format.
Samples
Homework
- Homework #1. SPARK. Due: 2019-09-13. This
assignment gives you an opportunity to experiment with SPARK.
- OPTIONAL. Read the Why3 paper (Why3: Shepherd Your Herd...).
- Read the first Splint paper (Static Detection of...).
- OPTIONAL. Read the second Splint paper (Improved Security Using...).
- Review Rust's approach to memory management via its ownership model.
- Set up Frama-C on Lemuria or on your own system. This entails installing OPAM and then
using OPAM to install Frama-C and all its dependencies (which OPAM will figure out for
you).
- Homework #2 gives you an opportunity to experiment with
Frama-C's WP plug-in and compare it with SPARK.
- OPTIONAL. Read the two JML papers listed in the Papers section above. Review the KeY
project.
- Read the paper Value Analysis for C Programs.
- Review the tutorial for Frama-C's EVA plug-in.
- Homework #3 gives you an opportunity to experiment with
Frama-C's EVA plug-in.
- OPTIONAL. Read the paper Structing Abstract Intpreters...
- You will do an analysis project of your own choosing.
- Try out the gcov demonstration sample.
- Try out the gprof demonstration sample.
- Read the paper Valgrind: A framework for....
- OPTIONAL. Read the paper Lattice Model of....
- Import the RFC index into an Elastic instance. Use the sample RFC-0821 information as
a basis.
Resources
The following are links to relevant resources for this class.
- The SPARK Reference
Manual.
- The SPARK Users
Guide.
- The opam tool is used to manage OCaml
packages, including the OCaml compiler itself.
- Objective Caml is a programming language favored by
those doing research in formal verification. It is also a good, general purpose
functional/imperative/OOP language.
- Why3 is an intermediate verification language.
- SMT solvers: alt-ergo, cvc4, z3.
- Proof assistant tools: Coq, Isabelle.
- The Splint home page.
- The Splint Manual.
- Frama-C is a framework for the analysis of C
programs.
- ACSL by Example demonstrates ACSL on various
"simple" C library-like functions. It can be used as a vehicle for learning ACSL.
- The KeY Project provides formal
verification of Java programs augmented with JML (Java Modeling Language)
specifications.
- Frama-C's slicing plugin
documentation.
- The Valgrind home page. A direct link to the
Valgrind User Manual.
- Jif is an extended version of Java that
supports secure information flow labels. It is a research project at Cornell
University.
- Microsoft's Code
Contracts allow any .NET language to benefit from contract style programming. The
contracts are proved statically if possible, but failing that are tested dynamically.
- Here is the GitHub site for AdaCore's libadalang library supporting the
construction of Ada tools that need to access the parse tree of Ada programs.
- The clang C/C++ compiler provides well documented
interfaces to facilitate the creation of
tools for analyzing C and C++ programs.
- Roslyn is an open source C# compiler
that provides rich APIs that allow analysis tools to access internal compiler
information.
- The spin tool does model
checking.
- The Elastic Stack.
- The Alloy tools.
Last Revised: 2019-12-05
© Copyright 2019 by Peter C. Chapin
<pchapin@vtc.edu>