



Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Information about the cmsc 631 program analysis and understanding course offered at the university of maryland, college park in the fall of 2004. The course focuses on static analysis, formal systems and notations, and programming language features to help students understand and analyze software. Students are expected to read papers, participate in class discussions, and complete programming and written assignments. The course goals include teaching research skills and completing a substantial research project.
Typology: Study notes
1 / 7
This page cannot be seen from the preview
Don't miss anything!




CMSC 631 ā Program Analysis and Understanding Fall 2004
CMSC 631, Fall 2004 2
ā (^) Static analysis
CMSC 631, Fall 2004 3
ā (^) Office: 4129 AVW ā (^) E-mail: jfoster at cs.umd.edu ā (^) Office hours: Tuesday, Friday 11am-12pm
ā E-mail: kleene at cs.umd.edu
CMSC 631, Fall 2004 4
ā (^) Ideas we will use in this class:
ā Pierce, Types and Programming Languages ā Huth and Ryan, Logic in Computer Science
ā (^) Typically, papers available on the web
ā (^) http://corundum.cs.umd.edu:8000/CMSC ā (^) Post a few sentences to a paragraph or two on
CMSC 631, Fall 2004 7
ā First post! can just put up a summary ā (^) Later posts need to take earlier posts into account ā (^) Posting earlier is less work
ā (^) Includes talk on selected paper in 2nd half of course
CMSC 631, Fall 2004 8
ā Programming assignments (20% of grade)
ā (^) Much more effective than listening to a lecture
CMSC 631, Fall 2004 9
ā (^) So you have to do research as part of the class
ā (^) Any topic vaguely related to the class is acceptable
ā Will ease up on homeworks, reading
CMSC 631, Fall 2004 10
ā (^) Project proposal (one page) + talk with me ā (^) Project write-up
ā (^) And a couple more could have been
ā (^) Based on written and programming assignments ā (^) Take-home or in-class (weāll vote at the end of the semester)
CMSC 631, Fall 2004 19
ā (^) Out(S) = Gen(S) U (In(S) - Kill(S)) ā
ā Finite height lattice ā (^) Monotone transformation functions
x =? x = 3 x = 6 ...
x = *
CMSC 631, Fall 2004 20
x := 0
v := 3 v := 4 + x
x := x + v
x 1 := 0
v 1 := 3 v 2 := 4 + x 1
v 3 := !(v 1 ,v 2 )
x 2 := x 1 + v 3
CMSC 631, Fall 2004 21
variable function function application
ā (replace by in )
CMSC 631, Fall 2004 22
ā (^) true = false = ā (^) if a then b else c =
ā (^) But after a while, realized could be general-purpose
ā Similar to lambda-calculus
ā (^) Is 00110110111100101100111010101000
ā To choose operation (which + op), e.g., FORTRAN ā To avoid programming mistakes
CMSC 631, Fall 2004 25
in type environment , expression has type
dom(A) !
!
!
!
!! !
!
CMSC 631, Fall 2004 26
ā If for each object^ of type^ there is an object^ of type such that for all programs defined in terms of , the behavior of is unchanged when is substituted for then is a subtype of.
ā (^) If anyone expecting a can be given an instead, then is a subtype of.
CMSC 631, Fall 2004 27
ā (^) Hoare, Dijkstra, Gries, others
CMSC 631, Fall 2004 28
ā If statement is executed in a state satisfying precondition , then will terminate, and will hold of the resulting state ā (^) Partial correctness: ignore termination
ā (^) Axiom: ā (^) Example:
ā (^) Lots of parallelism (concurrency), but ā (^) Not a lot of structure (e.g., no dynamic allocation)
loop out: x1 := 1; last := 1 req: await x2 = 0 or last = 2 in: x1 := 0 end loop
loop out: x2 := 1; last := 2 req: await x1 = 0 or last = 1 in: x2 := 0 end loop (Example from Henzinger)
||
ā (^) State = (pc1, pc2, x1, x2, last) ā (^) Is any bad state (iiXXX) reachable from the start state?
oo 001
ro 101 or 012
io 101 rr 112
ir 112
CMSC 631, Fall 2004 37
ā Can perform deep reasoning about programs ā (^) Array out-of-bounds ā (^) Null pointer errors ā (^) Failure to satisfy internal invariants
CMSC 631, Fall 2004 38
ā Format-string vulnerabilities, deadlocks, file I/O protocol errors, kernel security holes
ā (^) Memory allocation and deallocation errors, library protocol errors, misuse of locks
CMSC 631, Fall 2004 39
ā (^) Very deep theory ā (^) But lots of practical applications
ā Focus on program correctness instead of speed ā Forget about full correctness, though ā Scalability to large programs essential