Tentative Project List
Neer Shay: A PHP to Promela (SPIN) translator for
analyzing concurrent database accesses.
Puneet Lakhina : Introducing channel contracts to Erlang.
Burak Ozek: Automated verification of UML State Machines using Spin
by translating XMI to Promela with appropriate abstractions.
Jonathan Kupferman: Investigating effectiveness of mutation testing on
Ruby on Rails web applications framework.
Nupur Garg: Exhaustive profiling of Python code using the Spin model checker.
Joshua Bouganim: A case study on verification of the
Verilog specification of an 8-bit processor controller using NuSMV.
Ben Rubinger: A case study on
specification and verification of the data model of
a Facebook application using the Alloy Analyzer
Youngjoon Choi: Semi-automated exhaustive navigation sequence generation for
verification of web applications.
Hakan Yildiz: Investigating automata widening operations for string verification.
Jaideep Nijjar and Aleksandra Potapova:
Analyzing Ruby data models using Alloy analyzer
Wei Tang:
Verification of the Verilog specification of a multi-threaded MSP430 design
using NuSMV.
CS 267 Class Project
As a class project you will do a research project on automated verification.
You should think of this project as a research project that would be
publishable in a workshop or a conference. You can conduct your project
as two or three people groups if you can find partners.
Here are four types of
projects that could be done for this course:
- Case study: Find an application area and an interesting
and non-trivial program or specification in that area.
Use one of the model checking
tools to analyze it (and hopefully find bugs in it). This type of project
may require manual translation of a program or specification to the
input language of model checker, or some manual abstractions or reductions
to get the verification tool working.
- Translator: Find a language which would benefit from
automated verification. Write a translator from this language to the input
language of one of the existing verification tools. It may be necessary to
make some restrictions on the language in order to make the translation
feasible. Find some examples demonstrating the technology.
- Tool Extension: Extend one of the existing
verification tools by adding a new feature to it. There are a bunch of
automated verification tools listed at the end of the class webpage.
- Tool: Find a language (or create your own)
which would benefit from
automated verification. Use verification technologies we will
discuss in the class (such as symbolic
model checking, explicit state model checking, infinite state model checking,
or bounded model checking) to develop a verification tool for this language.
For all these projects the first thing to figure out is the application
area and the language, i.e., to find the thing you want to verify.
You have to figure this out
as soon as possible, I list some things that are on my mind below.
Please choose a topic that is related to your interests so that the
project is fun for you!
Project Deliverables
- Project topic: Send me one paragraph describing your
project. List the team members if it is a team project.
Due: Monday, October 5.
- Progress report: Prepare a 3-5 page
progress report about your project.
In the progress report you should explain the topic of your study,
and discuss your findings so far.
Due: Monday, November 9.
- Final Report:
You will need to turn in a final project report up to 10 pages
at the end of the quarter.
Due: Friday, December 4.
- Project Presentation:
Depending on the number of projects, availability of time
and level of interest, I will consider
scheduling 15 minute project presentations
for the last week of classes.
Some Project Topics
Students are welcome to come up with their own project topics
related to their research interests. Model checking is an active
area and there are lots of research opportunities both for applying
model checking to new problems and also extending the existing
model checking techniques.
Below I will list some project topics that I find interesting:
- Model checking Native Client Trusted Code Base:
Using model checking techniques to analyze the trusted code base of the
Native Client. Native Client project page is
here.
- Model checking interactive web applications:
This project will involve translating web applications written in some
scripting language (you can choose which one) to the input language
of a model checker in order to check its properties.
- Model checking for model-view-controller architecture:
Investigating efficient verification techniques for applications
built using the model-view-controller architecture (for example
Ruby-on-Rails applications).
- Data model verification in Web applications:
Web applications built using the model-view-controller architecture
require the developers to develop a data model that identifies the objects
and their relations that the Web application will store in a back-end database.
This project would involve verification of such specifications using
automated verification techniques.
- Verification of inter-process communication in Singularity:
Singularity is an experimental OS developed by Microsoft researchers.
This project would focus on verification of inter-process communication
in Singularity.
Related paper:
-
Zachary Stengel and Tevfik Bultan. "Analyzing Singularity Channel
Contracts." Proceedings of the 2009 International Symposium on Software
Testing and Analysis (ISSTA 2009), pp. 13-24, Chicago, Illinois, July
19-23, 2009.
Available
here.
- Exhaustive testing with JUnit: Adding nondeterministic-choice
primitive to JUnit test cases and then writing a verification tool that
exhaustively explores all possible choices.
Related paper:
-
Andreas Leitner, Ilinca Ciupa, Manuel Oriol, Bertrand Meyer and Arno Fiva,
"Contract-Driven Development = Test Driven Development - Writing Test Cases,"
in ESEC/FSE'07: European Software Engineering Conference and
ACM SIGSOFT Symposium on Foundations of Software Engineering,
Dubrovnik (Croatia), September 2007.
Available
here.
- String analysis: Application of model checking
techniques to string analysis.
Related paper:
-
X. Fu, X. Lu, K. Qian, B. Peltsverger, L. Tao, and
S. Chen.
"A Static Analysis Framework for Detecting SQL Injection
Vulnerabilities." In
Proceedings of the 31st
IEEE Annual Computer Software and Applications Conference
(COMPSAC
2007), Beijing,
July 2007.
Available
here.
- Shape analysis: Applying shape analysis and model checking
techniques to verification of data structure implementations in Java.
Related paper:
- Wilhelm, R., Sagiv, M., and Reps, T.,
"Shape analysis."
In Proc. of CC 2000: 9th Int. Conf. on Compiler Construction,
(Berlin, Ger., Mar. 27 - Apr. 2, 2000).
Available
here.
- Verification of UML models: Application of model
checking techniques to UML diagrams such as collaboration diagrams,
sequence diagrams, etc.
Related paper:
-
Tevfik Bultan and Xiang Fu. "Specification of Realizable Service Conversations Using Collaboration Diagrams." Proceedings of the IEEE International Conference on Service-Oriented Computing and Applications (SOCA 2007), pp. 122-130, Newport Beach, California, June 19-20, 2007.
Available here
- Size analysis: Size analysis for programs using infinite
state model checking. The
basic idea is
to check properties relating to sizes of collections using infinite state
model checking.
Multiple projects are possible on this topic:
- Size analysis for JML.
- Size analysis in programs for strings or arrays.
Related paper:
-
Fang Yu, Tevfik Bultan and Erik Peterson.
"Automated Size Analysis for OCL."
Proceedings of the 6th joint meeting of
the European Software Engineering Conference and
the ACM SIGSOFT Symposium on the Foundations of Software Engineering
(ESEC/FSE 2007),
pp. 331-340, Dubrovnik, Croatia, September 3-7, 2007.
Available here
- Interface grammars:
Modular verification using interface
grammars. Multiple projects are
possible on this
topic:
- Extending interface grammars for GUI testing
- Extending
interface grammars for testing distributed programs.
- Looking for
restricted interface grammars that lead to efficient verification.
Related paper:
-
Graham Hughes and Tevfik Bultan. "Interface Grammars for Modular Software Model Checking." Proceedings of the 2007 ACM/SIGSOFT International Symposium on Software Testing and Analysis (ISSTA 2007), pp. 39-49, London, United Kingdom, July 9-12, 2007.
Available here
- Design for verification:
Design for verification has been used for verification of synchronization
in concurrent Java programs and for verification of
interactions among web services. This project would involve extending the
design for verification framework to other domains, for example GUI
testing.
Related paper:
-
Tevfik Bultan and Aysu Betin-Can. "Scalable Software Model Checking Using Design for Verification." Proceedings of the IFIP Working Conference on Verified Software: Theories, Tools, Experiments (VSTTE), Bertrand Meyer (ed.), LNCS 4171, Zurich, Switzerland, October 10-14, 2005.
Available here
- Symbolic binary analysis:
Analyzing binary code using a BDD manipulator or a SAT solver.
This will require some kind of abstraction or
approximation technique to be feasible.
It would be interesting to see if one could compute an over approximation
of the set of memory addresses accessed by a small piece of given code.
Related paper:
Balakrishnan, G., Reps, T., Kidd, N., Lal, A., Lim, J., Melski, D., Gruian, R., Yong, S., Chen, C.-H., and Teitelbaum, T.,
"Model checking x86 executables with CodeSurfer/x86 and WPDS++,"
In Proc. Computer-Aided Verification, 2005.
Available here
- Model checking web services:
There are a number of languages proposed for web services.
Some of these languages enable behavioral specifications such as
BPEL and WS-CDL. This project will investigate verification of
web service specifications by translating them to the input language
of a model checker.
- Symbolic representation and analysis for XML:
In this project you will investigate using different symbolic
representations (such as BDDs or automata) for representing a set
of XML documents symbolically.