Past lecture: Automated Code Analysis for Large Software Systems (ACA)

The slides for the first lecture are available here: PDFPDF with animations
Note: slides for subsequent lectures will be distributed via SVN.

4 CP, 2 SWS, Thursdays on 9:50-11:30 in room C205 in the Piloty Building S2|02

Exam: Feb 21st, 16:00, C205

Exam Review: April 14th, 9-10am, room 3.2.01 at CASED

The topic of this lecture is the automated (static) code analysis of large software systems, particularly with respect to security properties. We will be treating important scientific problems in the area (partially solved, partially open), and will discuss different conceptual frameworks that can be used to design and implement automated code analyses. We will be paying particular attention to flow- and context sensitive analyses, as well as pointer analyses.

Further information

Asking questions

If you have questions regarding the lecture, please use the Forum kindly provided by the Fachschaft. We will be monitoring the forum regularly.

SVN: Slides and other material, submission of coursework

All course material will be distributed through Subversion. This is the URL for the course repository. See the lecture slides above to learn more about how to obtain access.

Exercise sheets and bonus system

There is a bonus system that allows you to improve your final grade by up to 1.0 points, depending on how well you succeed in the exercises.

  • There will be 7 exercise sheets, and all count towards the bonus.
  • Every exercise sheet is pass/fail. When your group passes the exercise sheet, all group members earn a bonus of 0.2=1/5.
  • The maximal bonus is 1.0, i.e., if you have passed 5 exercise sheets then you have reached the maximal bonus. Nevertheless we recommend completing all sheets because all of them give examples of exercises that may be relevant for the final exam.
  • Every sheet will contain at least one exercise marked as optional. Exercises marked as optional do not need to be answered to pass an exercise sheet.
  • If you have failed one exercise sheet (or missed to hand one in), then you may compensate for the lost bonus by correctly completing two optional exercises from (one or more) other exercise sheets. (We will make sure that there are two optional exercises on the last sheet.)
  • The final grade for this course will be computed by adding your bonus to the grade for the final exam and then rounding to the next grading level.
Exercises are usually due two days before the lecture at which the next sheet is given out, i.e., on Tuesday night. This is to allow us to discuss the results of the exercises in the next lecture. The due date will also be printed on each sheet. Hand in your results using SVN. Submissions by Email will not be accepted.

Lecture 1, Oct. 17th
Introduction and Overview; the Jimple Intermediate Representation

Slides

Additional reading material:

Lecture 2, Oct. 24th
Intra-Procedural Static Analysis

Slides

Additional reading material:

Lecture 3, Oct. 31st
Call-graph and Points-to Analysis

Slides

Additional reading material:

There was no lecture on Nov. 7th

Lecture 4, Nov. 14th
Inter-procedural program analysis

Slides

Additional reading material: Chapter 7 of Data Flow Analysis – Theory and Practice

Lecture 5, Nov. 21st
String-based context-sensitive analyses

Slides

Soot Eclipse plugin

Additional reading material:

Lecture 6, Nov. 28th
The functional approach

Slides

Additional reading material:

Lecture 7, Dec. 5th
IFDS

Slides

Additional reading material:

Lecture 8, Dec. 12th
IDE

Slides

Additional reading material:

Lecture 9, Dec. 19th
SPLLIFT

Slides

Additional reading material:

Christmas break

Lecture 10, Jan. 16th
Constructing ICFGs for frameworks

Slides

Additional reading material:

Lecture 11, Jan. 23rd
On-demand
 flow and context sensitive alias analysis

Slides

Additional reading material:

Lecture 12, Jan. 30th
Taming reflection in static analysis

Slides

Additional reading material:

Lecture 13, Feb. 6th
Vulnerability analysis for the Java runtime library

Slides

Additional reading material:

Lecture 14, Feb. 13th
Summary/recap