Course Description

This course provides a rigorous and hands-on introduction to the field of software analysis – a body of powerful yet practical techniques and tools for analyzing modern software, with applications to systematically uncover insidious bugs, prevent security vulnerabilities, automate testing and debugging, and improve our confidence that software will behave as intended.

Topics covered include dynamic analysis, random testing, automated test generation, dataflow analysis, constraint solving, type inference, and symbolic execution. Lectures present software analysis concepts and algorithms in a language-independent manner, while weekly programming labs involve realizing them concretely in C++ using the LLVM compiler infrastructure.

This course aims to enable you to become a better software engineer or security analyst by learning a rich repertoire of software analysis ideas and know-how to apply them to specific scenarios in practice.

Learning Objectives

• Understand methods for analyzing, testing, debugging, and verifying software.
• Analyze the tradeoffs and limits of different software analysis techniques in aspects such as scalability, accuracy, and cost.
• Evaluate the suitability of a software analysis technique under a given set of real-world constraints.
• Implement and apply a software analysis algorithm to a codebase, application, library, or category of programs.

Course Prerequisites

• Experience with C and systems programming (CIS 240 or CIT 595)
• Familiarity with data structures and algorithms (CIS 120 or CIT 594)
• Understanding of mathematical logic (CIS 160 or CIT 592)

Specifically:

• The assignments involve programming in C++ using the LLVM compiler infrastructure.
• The lectures and exams presume basic knowledge of algorithms (e.g. graph traversal and asymptotic analysis) and basic background in logic (e.g. set theory and boolean algebra).