CS 267 - Automated Verification - Winter 2025
Instructor:
Tevfik Bultan
(bultan@cs.ucsb.edu);
Office Hours: TBD
Class Webpage: URL:
http://www.cs.ucsb.edu/~bultan/courses/267/
Lectures:
Monday/Wednesday 1:00AM-2:50PM, PHELP 2510
Course Topics
This course will cover automated verification techniques focusing
mainly on model checking and software verification.
The tentative list of topics include:
- Safety and liveness properties, temporal logics
- Binary Decision Diagrams (BDDs) and symbolic model checkers
- Model checking using automata on infinite words, explicit
state model checkers
- SAT-solvers and bounded verification
- Software model checking
- Predicate abstraction
- Counter-example guided abstraction refinement
- Infinite state model checking
- Verification using SMT-solvers
- Modular verification
- Dynamic symbolic execution
- Probablistic program analysis
- Quantitative information flow
Course Work
There will be several homeworks (40% of the grade), a final (20% of the grade), and the
students will be required to do a course project (40% of the grade).
The papers related to the
topics discussed in the class will be given as reading assignments.
Homework Assignments
Recommended Text
The following book is a good reference for model checking
techniques:
Model Checking,
E. M. Clarke, Orna Grumberg, Doron Peled,
ISBN 0-262-03270-8, 2000.
A Selection of Related Tools
SV-COMP
Tools that participate in
SV-COMP - International Competition on Software Verification
Specification Checkers
-
SPIN: An explicit state moodel checker
-
NuSMV: A new BDD-based symbolic model checker
-
Alloy : A SAT-based bounded data model verifier
-
PRISM model checker: A probabilistic model checker
-
UPPAAL: A model checker for real time systems
Program Checkers
-
CBMC: C Bounded Model Checker: A SAT-based bounded model checker for C
- KLEE: KLEE is a dynamic symbolic execution engine built on top of the LLVM compiler infrastructure
-
SPF: Symbolic Path Finder:
A symbolic execution tool for Java
- Dafny: Dafny is a verification-aware programming language that has native support for recording specifications and is equipped with a static program verifier.
- angr: angr is an open-source binary analysis platform for Python. It combines both static and dynamic symbolic ("concolic") analysis, providing tools to solve a variety of tasks
Symbolic Manipulators and Satisfiability Solvers
-
Z3: An SMT (Satisfiability-Modula-Theories) solver
-
CVC4:
-
ABC: Automata-based Model Counter: an automata-based model counting constraint solver.