Project List
- Yutian Su: Verification of Business Process Modeling Notation
(BPMN) using the SPin model checker by developing a BPMN to Promela
translator
- Andrew Waranis: Implementing temporal logic operators in KDT
- Nicholas Vaughan: An automata-based string constraint solver
- Peter Hsieh and Jose Gallegos: Model checking Java Servlet
applications using Java PathFinder
- Ali Zand: Automated verification of firewall policies
- Vegard Aaker: Using concolic execution for verification of Android
applications
CS 267 Class Project
As a class project you will do a research project on automated verification.
You should think of this project as a research project that would be
publishable in a workshop or a conference. You can conduct your project
as two or three people groups if you can find partners.
Here are four types of
projects that could be done for this course:
- Case study: Find an application area and an interesting
and non-trivial system, program or specification in that area.
Use an automated verification
tool to analyze it (and hopefully find bugs in it). This type of project
may require manual translation or modeling of a
system, program or specification to the
input language of the verification tool,
and manual abstractions or reductions
to get the verification tool working.
- Translator: Find a language which would benefit from
automated verification. Write a translator from this language to the input
language of one of the existing verification tools. It may be necessary to
make some restrictions on the language in order to make the translation
feasible. Find some examples demonstrating the technology.
- Tool Extension: Extend one of the existing
verification tools by adding a new feature to it. There are a bunch of
automated verification tools listed at the end of the class webpage.
- Tool: Find a language (or create your own)
which would benefit from
automated verification. Use verification technologies we will
discuss in the class
to develop a verification tool for this language.
For all these projects the first thing to figure out is the application
area and the language, i.e., to find the thing you want to verify.
You have to figure this out
as soon as possible.
Please choose a topic that is related to your interests so that the
project is fun for you!
Project Deliverables
- Project topic: Send me one paragraph describing your
project. List the team members if it is a team project.
Due: Wednesday, April 6.
- Progress report: Prepare a 3-5 page
progress report about your project.
In the progress report you should explain the topic of your study,
and discuss your findings so far.
Due: Friday, May 6th.
- Final Report:
You will need to turn in a final project report up to 10 pages
at the end of the quarter.
Due: Wednesday, June 8th.
- Project Presentation:
Depending on the number of projects, availability of time
and level of interest, I will consider
scheduling 15 minute project presentations
for the last week of classes.
Some Project Topics
Students are welcome to come up with their own project topics
related to their research interests. Automated verification is an active
area and there are lots of research opportunities both for applying
automated verification to new problems and also extending the existing
automated verification techniques.
Below I will list some project topics that I find interesting:
- Automated verification of Native Client Trusted Code Base:
Use automated verification techniques to analyze the trusted code base of the
Native Client. Native Client project page is
here.
- Automated verification of interactive web applications:
This project will involve translating web applications written in some
scripting language (you can choose which one) to the input language
of an automated verification tool in order to check its properties.
- Model checking for model-view-controller architecture:
Investigating efficient verification techniques for applications
built using the model-view-controller architecture (for example
Ruby-on-Rails applications).
- Data model verification in Web applications:
Web applications built using the model-view-controller architecture
require the developers to develop a data model that identifies the objects
and their relations that the Web application will store in a back-end database.
This project would involve verification of such specifications using
automated verification techniques.
- Verification of inter-process communication in Singularity:
Singularity is an experimental OS developed by Microsoft researchers.
This project would focus on verification of inter-process communication
in Singularity.
Related paper:
-
Zachary Stengel and Tevfik Bultan. "Analyzing Singularity Channel
Contracts." Proceedings of the 2009 International Symposium on Software
Testing and Analysis (ISSTA 2009), pp. 13-24, Chicago, Illinois, July
19-23, 2009.
Available
here.
- Exhaustive testing with JUnit: Adding nondeterministic-choice
primitive to JUnit test cases and then writing a verification tool that
exhaustively explores all possible choices.
Related paper:
-
Andreas Leitner, Ilinca Ciupa, Manuel Oriol, Bertrand Meyer and Arno Fiva,
"Contract-Driven Development = Test Driven Development - Writing Test Cases,"
in ESEC/FSE'07: European Software Engineering Conference and
ACM SIGSOFT Symposium on Foundations of Software Engineering,
Dubrovnik (Croatia), September 2007.
Available
here.
- String analysis: Application of automated verification
techniques to string analysis.
Related paper:
-
X. Fu, X. Lu, K. Qian, B. Peltsverger, L. Tao, and
S. Chen.
"A Static Analysis Framework for Detecting SQL Injection
Vulnerabilities." In
Proceedings of the 31st
IEEE Annual Computer Software and Applications Conference
(COMPSAC
2007), Beijing,
July 2007.
Available
here.
- Shape analysis: Applying shape analysis and model checking
techniques to verification of data structure implementations in Java.
Related paper:
- Wilhelm, R., Sagiv, M., and Reps, T.,
"Shape analysis."
In Proc. of CC 2000: 9th Int. Conf. on Compiler Construction,
(Berlin, Ger., Mar. 27 - Apr. 2, 2000).
Available
here.
- Verification of UML models: Application of model
checking techniques to UML diagrams such as collaboration diagrams,
sequence diagrams, etc.
Related paper:
-
Tevfik Bultan and Xiang Fu. "Specification of Realizable Service Conversations Using Collaboration Diagrams." Proceedings of the IEEE International Conference on Service-Oriented Computing and Applications (SOCA 2007), pp. 122-130, Newport Beach, California, June 19-20, 2007.
Available here
- Size analysis: Size analysis for programs using infinite
state model checking. The
basic idea is
to check properties relating to sizes of collections using infinite state
model checking.
Multiple projects are possible on this topic:
- Size analysis for JML.
- Size analysis in programs for strings or arrays.
Related paper:
-
Fang Yu, Tevfik Bultan and Erik Peterson.
"Automated Size Analysis for OCL."
Proceedings of the 6th joint meeting of
the European Software Engineering Conference and
the ACM SIGSOFT Symposium on the Foundations of Software Engineering
(ESEC/FSE 2007),
pp. 331-340, Dubrovnik, Croatia, September 3-7, 2007.
Available here
- Interface grammars:
Modular verification using interface
grammars. Multiple projects are
possible on this
topic:
- Extending interface grammars for GUI testing
- Extending
interface grammars for testing distributed programs.
- Looking for
restricted interface grammars that lead to efficient verification.
Related paper:
-
Graham Hughes and Tevfik Bultan. "Interface Grammars for Modular Software Model Checking." Proceedings of the 2007 ACM/SIGSOFT International Symposium on Software Testing and Analysis (ISSTA 2007), pp. 39-49, London, United Kingdom, July 9-12, 2007.
Available here
- Design for verification:
Design for verification has been used for verification of synchronization
in concurrent Java programs and for verification of
interactions among web services. This project would involve extending the
design for verification framework to other domains, for example GUI
testing.
Related paper:
-
Tevfik Bultan and Aysu Betin-Can. "Scalable Software Model Checking Using Design for Verification." Proceedings of the IFIP Working Conference on Verified Software: Theories, Tools, Experiments (VSTTE), Bertrand Meyer (ed.), LNCS 4171, Zurich, Switzerland, October 10-14, 2005.
Available here
- Symbolic binary analysis:
Analyzing binary code using a BDD manipulator or a SAT solver.
This will require some kind of abstraction or
approximation technique to be feasible.
It would be interesting to see if one could compute an over approximation
of the set of memory addresses accessed by a small piece of given code.
Related paper:
Balakrishnan, G., Reps, T., Kidd, N., Lal, A., Lim, J., Melski, D., Gruian, R., Yong, S., Chen, C.-H., and Teitelbaum, T.,
"Model checking x86 executables with CodeSurfer/x86 and WPDS++,"
In Proc. Computer-Aided Verification, 2005.
Available here
- Automated verification of web services:
There are a number of languages proposed for web services.
Some of these languages enable behavioral specifications such as
BPEL and WS-CDL. This project will investigate verification of
web service specifications by translating them to the input language
of an automated verification tool.