CS 267 Home Page

CS 267 - Automated Verification - Winter 2016

Instructor: Tevfik Bultan Office: Eng. I 2123 Office Hours: Tuesday/Thursday 12:00-12:50
Class Times: Tuesday/Thursday 1:00-2:50 Location: PHELP 3526

Course Topics

This course will cover automated verification techniques focusing mainly on model checking and for software verification. The tentative list of topics include:

Safety and liveness properties, temporal logics
Binary Decision Diagrams (BDDs) and symbolic model checkers
Model checking using automata on infinite words, explicit state model checkers
SAT-solvers and bounded verification
Software model checking
Predicate abstraction
Counter-example guided abstraction refinement
Infinite state model checking
Verification using SMT-solvers
Modular verification
Dynamic symbolic execution
Probablistic program analysis
Quantitative information flow

Course Work

There will be several homeworks, possibly a final, and the students will be required to do a course project. The papers related to the topics discussed in the class will be given as reading assignments.

Recommended Text

The following book is a good reference for model checking techniques:
Model Checking, E. M. Clarke, Orna Grumberg, Doron Peled, ISBN 0-262-03270-8, 2000.

Related Tools

Specification Checkers

SPIN: An explicit state moodel checker
NuSMV: A new BDD-based symbolic model checker
Alloy Verifier: A SAT-based bounded data model verifier
PRISM model checker: A probabilistic model checker
UPPAAL: A model checker for real time systems
Action Language Verifier (ALV): An infinite state model checker

Program Checkers

JPF/SPF: Java Path Finder/Symbolic Path Finder: An explicit state model checker and a symbolic execution tool for Java
CBMC: C Bounded Model Checker: A SAT-based bounded model checker for C
SLAM/Static Driver Verifier: A software model checker for C that uses counter-example guided abstraction refinement
CREST: An automated testing tool for C that uses dynamic symbolic execution
PEX: An automated testing tool for .NET applications that uses dynamic symbolic execution
Spec#: A design-by-contract extenstion to C# and its verifier
Dafny: A language and program verifier for functional correctness
JSA: A string analysis tool for Java
Stranger: An automata-based string analysis tool for PHP

Symbolic Manipulators and Satisfiability Solvers

CUDD: A BDD package
MONA: A symbolic automata package
zChaff: A SAT solver
picoSAT: A SAT solver
Z3: An SMT (Satisfiability-Modula-Theories) solver
ABC: Automata-based Model Counter: an automata-based model counting constraint solver.

CS 267 - Automated Verification - Winter 2016

Course Topics

Course Work

Projects

Lectures

Reading Assignments

Homework Assignments

Recommended Text

Related Tools

Specification Checkers

Program Checkers

Symbolic Manipulators and Satisfiability Solvers