CS 267 Home Page

CS 267 - Automated Verification - Winter 2025

Instructor: Tevfik Bultan (bultan@cs.ucsb.edu); Office Hours: Monday/Wednesday 3:00-4:00pm at HFH 2159.

Class Webpage: URL: http://www.cs.ucsb.edu/~bultan/courses/267/

Lectures: Monday/Wednesday 1:00AM-2:50PM, PHELP 2510

Course Topics

This course will cover automated verification techniques focusing mainly on model checking and software verification. The tentative list of topics include:

Safety and liveness properties, temporal logics
Binary Decision Diagrams (BDDs) and symbolic model checkers
Model checking using automata on infinite words, explicit state model checkers
SAT-solvers and bounded verification
Software model checking
Predicate abstraction
Counter-example guided abstraction refinement
Infinite state model checking
Verification using SMT-solvers
Modular verification
Dynamic symbolic execution
Probablistic program analysis
Quantitative information flow

Course Work

There will be several homeworks (40% of the grade), a final (20% of the grade), and the students will be required to do a course project (40% of the grade). The papers related to the topics discussed in the class will be given as reading assignments.

Final

Final exam will be sent via email at 5:00pm on Tuesday, March 18th. You need to turnin a hard copy of your answers by 5:00pm on Wednesday, March 19th.

Recommended Text

The following book is a good reference for model checking techniques:
Model Checking, E. M. Clarke, Orna Grumberg, Doron Peled, ISBN 0-262-03270-8, 2000.

A Selection of Related Tools

SV-COMP

Tools that participate in SV-COMP - International Competition on Software Verification

Specification Checkers

SPIN: An explicit state moodel checker
NuSMV: A new BDD-based symbolic model checker
Alloy : A SAT-based bounded data model verifier
PRISM model checker: A probabilistic model checker
UPPAAL: A model checker for real time systems

Program Checkers

CBMC: C Bounded Model Checker: A SAT-based bounded model checker for C
KLEE: KLEE is a dynamic symbolic execution engine built on top of the LLVM compiler infrastructure
SPF: Symbolic Path Finder: A symbolic execution tool for Java
Dafny: Dafny is a verification-aware programming language that has native support for recording specifications and is equipped with a static program verifier.
angr: angr is an open-source binary analysis platform for Python. It combines both static and dynamic symbolic ("concolic") analysis, providing tools to solve a variety of tasks

Symbolic Manipulators and Satisfiability Solvers

Z3: An SMT (Satisfiability-Modula-Theories) solver
CVC4:
ABC: Automata-based Model Counter: an automata-based model counting constraint solver.