Project
Presentation Schedule
Group 1
Group 2
Overview
- Each student will complete an individual project, which helps explore more deeply a topic covered in the course (or a related topic which we didn't cover).
-
There are two type of projects: understand existing and creating new tools. Important: graduate students MUST choose the second type.
-
Learning an existing program testing, verification, or analysis tool. This type of project typically involves
- learn about the problem the tool is trying to solve
- learn how to use the tool
- demonstrate how the tool works on concrete and challenging examples. Also include example where the tool fails to work to understand what it can and cannot do
- evaluate the tool on some real-world, medium/large software
- Tools examples are given below. You can provide additional suggestions to work on some tools you're interested in (but you must discuss with me first).
- IMPORTANT: you must be able to get a tool installed/run on your machine BEFORE you propose to work on it. This is to avoid the problem where you select some tool and at the end cannot install/run it and give up.
-
Creating (i.e., implementing) a new TVA technique or extending an existing one. You will work on developing some TVA tool and evaluate it thoroughly. This work is typically more challenging than the first one. If you're a graduate student, you must select this option. For undergraduate student, you are also welcome to do this (but if you select this, I expect you to follow it through). This type of project involves
- select a TVA problem you want to solve and do some survey on existing approaches on solving it
- create new or extend an existing technique to solve the problems.
- implement the technique as tool (no restriction on language or machine, you can work on your own computer and use whatever languages you want)
- demonstrate how the tool works on concrete and challenging examples. Also include example where the tool fails to work to understand what it can and cannot do
- Potential topics are listed below. You can choose your own but you must talk to me first if you do this.
-
Formats: See this example for what to write (for both proposals and report): https://cse.unl.edu/~goddard/WritingResources/Templates/Generic-Technical-Paper-Skeleton.html
Proposal
- submit a project proposal (1-2 page) that explains what you want to do and what you expect to learn from the project
- Here is a proposal example, and the TeX source code (running
make
will build the pdf) - You can use LaTex or Word to write your proposal, but you must turn in a PDF version file named
proposal-last-firstname.pdf
.
Report
- Submit a project report (4-5 pages for double-column report).
- You will write a formal report on what you did (e.g., using LaTeX and including all the sections such as Introduction, Body, Related Work, Conclusion).
- You can use Word or Latex, but you must turn in a PDF version of your paper (
report-last-firstname.pdf
). Here's an outline of what usually should be in the final report
Presentation
You will give a 10 min presentation of your project at the end of the semester. The presentation will include running demo's on how your program/tool works on some interesting examples. You can use the report outline to structure your presentation.
Potential Tools/Topics
Tools
crossed out: the tool has been selected by someone
ANGR: Static and dynamic symbolic (concolic) analysis for binariesMypy: static type checker for PythonPMD: Static Source Code analyzer for Java and other languagesSoot: Framework for analyzing and transforming Java and Android apps- CBMC: bounded model checking tool for C
Facebook Pyre and Pysa: type checking and static analysis tool for PythonFlow: A static type checker for JavaScriptZ3: SMT Solver (used by many static analysis tools)- JPF: model checking tool for Java
Facebook Infer: bug checking tool for C and Java- Sketch: Program synthesis tool
- Randoop and EvoSuite: Search-based test generation tools (if you pick this, you need to do both tools)
- Frama-C: source-code analysis for C programs
- Ultimate: verification tool for C programs
- Daikon: Dynamic Invariant Generation tool for Java programs
- DIG: Dynamic + Symbolic Execution approach for inferring numerical program invariants
- SPIN: Verifying multi-threaded software
- Symbolic PathFinder (SPF): symbolic execution tool for Java
- CPAChecker: Configurable Program Analysis tool for C programs
- Eran: verification tool for Deep Neural Network
NNV: Matlab toolbox to verify Deep Neural Network (Note: you cannot select this if you are currently enrolling in the Deep Learning Assurance class (which uses this tool extensively))
Topics
- Validating Array Invariants: use existing checking tools, , e.g., Symbolic Execution, to validate assertions involving array/list variables (potential tools: SPF, CPAChecker)
- Validating Complex Data Invariants: use existing tools, e.g., Symbolic Execution, to validate assertions capturing required properties of data structures such as trees, heaps
- Inferring Algebraic Specifications: synthesize specifications describing relations among program methods, e.g.,
pop(pus(Stack_A)) == Stack_A
- Infer high-coverage input interactions: discover interactions over configuration options leading to high code coverage
- Use Genetic Algorithm to find data structure inputs leading to high program complexity
- Use Genetic Algorithm to repair buggy Python programs (benchmark: Quixbugs benchmark)
- Extend DIG (Dynamic Invariant Generation) to work with additional abstract domain (zonotopes, bags, triangle, star set, etc)
- Dynamically infer invariants for Deep Neural Networks
- Create Fuzzing techniques (AFL, GA, etc) to test Neural Networks
Discovering program complexity from runtime informationAnalyzing Interactions in Highly Configurable SystemsExtending MIRAI (verification tool for RUST) with Octagonal Abstract Domain