COMS W4117
Compilers and Translators:
Software Verification Tools
Lecture 1: September 4, 2007
Mudd 337, 11:00am-12:15pm

Lecture Outline

1. Intoductions
2. Course overview
3. Textbooks and references
4. Course requirements and grading
5. What is reliable software?
6. How can we make reliable software
7. Reading

1. Introductions

Professor Alfred V. Aho

http://www1.cs.columbia.edu/~aho

aho@cs.columbia.edu

513 Computer Science Building

Office hours: Tuesdays 2:00-3:00pm, Thursdays 1:00-2:00pm

Course webpage: http://www1.cs.columbia.edu/~aho/cs4117

2. Course Overview

• Course objectives
• You will learn methods for creating more reliable software.
• You will learn about new software verification tools being used in industry.
• You will learn program analysis techniques used by these tools. Many of these analysis techniques have come from modern optimizing compilers.
• A highlight of this course is a semester-long project in which you will learn how to use and build one of these new software verification tools.
• You will learn about compiler frameworks, like Microsoft's Phoenix, that can be used to help build of these tools.
• The concepts, techniques, and tools that you will learn in this course have broad application to software development in general.


• Course syllabus
• Software reliability
• Software verification tools
• Overview of compiling
• Data-flow analysis
• Interprocedural analysis
• Datalog
• Syntax-directed translation
• Pointer analysis
• Binary decision diagrams
• Model checking


• Guest lectures
• There will be several guest lectures by leading researchers and developers who have created some of these new tools.

3. Textbooks and References

• The course text is



• Alfred V. Aho, Monica S. Lam, Ravi Sethi, and Jeffrey D. Ullman
Compilers: Principles, Techniques, and Tools, second edition
Pearson Addison-Wesley, 2007

4. Course Projects and Grading

• Each student can select a software verification tool to study and evaluate.
• Alternate project: a student team can implement a rudimentary software verification tool using Microsoft's Phoenix Compiler Framework
• Each student will give three in-class presentations on the selected tool.
• One presentation on how to use it. (25% of final grade)
• One presentation on how it works. (25% of final grade)
• One presentation evaluating it. (25% of final grade)
• A final project report summarizing its use, functioning, and evaluation. (25% of final grade)
• Phoenix framework
• The Phoenix July 2007 SDK can be found at: http://connect.microsoft.com/Phoenix/Downloads/DownloadDetails.aspx?DownloadID=7540
• You need a copy of Visual Studio 2005. Most of you should have access to Visual Studio through MSDN Academic Alliance. If not, you can use the C#/C++ express versions which are free to download from http://msdn2.microsoft.com/en-us/express/aa975050.aspx. If you download, make sure you get the VS2005 version, and not the betas for VS2008.
• A PC with Windows XP, Server 2003, or Vista (both x32 and x64 versions will work fine)

5. What is Reliable Software?

• A software bug (or just "bug") is an error in a computer program that prevents it from behaving as intended (e.g., producing an incorrect result). Wikipedia: Software Bug
• Examples of common types of bugs
• Divide by zero
• NULL pointer dereference
• Infinite loops
• Arithmetic overflow or underflow
• Exceeding array bounds
• Using an uninitialized variable
• Accessing memory not owned
• Memory leak
• Stack overflow or underflow
• Buffer overflow
• Deadlock
• Off-by-one error
• Race condition
• Loss of precision in type conversion
• Failure to meet system requirements
• Trustworthiness of software systems has become an acute issue.

• Very roughly, there are about 500 billion lines of existing software in the world
• 5 million programmers in the world today
• An industrial programmer writes around 5,000 lines of finished code per year
• Very roughly, there are about 5 million to 5 billion defects in the embedded base
• Industrial software densities vary between 10 and 10,000 defects per million lines of code
• Alfred V. Aho, Software and the Future of Programming Languages, Science, Vol. 303, Issue 5662, pp. 1331-1333, 27 February 2004

• Wired: History's Worst Software Bugs
• Wikipedia: Famous Computer Bugs

6. How Can we Make Reliable Software

• In 1948 Claude Shannon showed how we can get reliable communication over a noise channel using error-detecting and -correcting codes
• In 1956 John von Neumann showed how we can get more reliable hardware out of unreliable components by using redundacy
• Why hasn't a similar paper been written for software: how can we get reliable software from unreliable programmers?
• Note that N-version programming doesn't work since programmers' software errors are correlated, even if they don't communicate with one another.
• The probabilistically correct proof (PCP) theorem *might* show the way. Wikipedia: PCP Theorem
• Industrial approaches to more reliable software
• Better processes
• Better verification tools

7. Reading Assignment

• ASLU: Sections 8.4-8.5 and sections 9.1-9.3