====== Analysis of Software Safety and Security, Fall 2022 (Draft) ======
This is an introductory course on formal analysis of software safety and security, covering the fundamental formalisms and various methods and tools for analyzing a software program to ensure its safety and security. The goal is to acquaint the students with fundamental analysis techniques tailored particularly for software safety and security and to prepare them for a professional career in the area.  We will focus on static source code analysis interpreted in the most general sense and, for practicality, touch on some dynamic analysis techniques.

===== Announcements =====

===== Instructor =====
[[http://im.ntu.edu.tw/~tsay/|Yih-Kuen Tsay (蔡益坤)]], NTU IM Dept., 3366-1189, Xtsay@im.ntu.edu.twX (between the enclosing pair of X's) 

===== Guest Speakers =====

===== Lectures =====

===== Office Hours =====

===== TAs =====

===== Prerequisites =====
Computer Programming and Discrete Mathematics

===== Textbook =====
//Class Notes// and //Selected Readings//

===== Syllabus/Schedule (with links to slides/notes) =====
We shall seek to strike a balance between depth and breadth, covering both the foundations and some of the more successful techniques and tools. Below is a tentative list of topics and their schedule:
  * Introduction: Properties of a Software Program (.5 week: ) [{{courses:a3s2022:introduction.pdf|slides}}]
  * Fundations: Formal Logic (1.5 weeks: ) [slides:{{courses:a3s2022:logic_propositional.pdf|Propositional Logic}}, {{courses:a3s2022:logic_first_order.pdf|First-Order Logic}}; notes: {{courses:a3s2022:natural_deduction.pdf|Natural Deduction}}]
  * Verification Tools: Coq (2 weeks: ) [{{courses:a3s2022:natural_deduction_in_Coq.pdf|slides}}; notes:{{courses:a3s2022:natural_deduction_tactics.pdf|Tactics for Natural Deduction in Coq}}]
  * Methods: Hoare Logic (I) (2 weeks: ) [slides:{{courses:a3s2022:hoare_logic.pdf|Hoare Logic}}, notes: {{courses:a3s2022:hoare_logic_rules.pdf|Rules of Hoare Logic}}, {{courses:a3s2022:hoare_logic_proofs.pdf|Proofs with Hoare Logic}}]
  * Methods: Predicate Transformers (1 week: ) [{{courses:a3s2022:predicate_transformers.pdf|slides}}]
  * Methods: Hoare Logic (II) (1 week: ) [{{courses:a3s2022:procedures.pdf|slides}}]
  * Verification Tools: Frama-C + Plugins (2 weeks: ) [slides: {{courses:a3s2022:frama-c_acsl.pdf|Frama-C and ACSL}}, {{courses:a3s2022:frama-c_coq.pdf|Frama-C with Coq}}; examples:{{courses:a3s2022:frama-c_examples.zip|Frama-C Examples}}]
  * Methods: Owicki-Gries Method for Concurrent Programs (1 week: ) [{{courses:a3s2022:concurrency.pdf|slides}}]
  * **Final Exam** (**2022/??/??**)
  * Broader Picture: An Overview of Static Software Analysis (1 week: ) [{{courses:a3s2022:static_analysis.pdf|slides}}]
  * Wrap-Up Discussions (1 week: )

===== Grading =====

Homework Assignments 20%, Participation 10%, Final Exam 40%, Term Paper/Report 30%.

===== References =====
  - [[https://www.perforce.com/blog/kw/software-safety-vs-security-whats-different|Software Safety vs. Security: What's the Difference?]].
  - //[[http://www.cis.upenn.edu/~jean/gbooks/logic.html|Logic for Computer Science: Foundations of Automatic Theorem Proving]]//, J.H. Gallier, Harper & Row Publishers, 1985. (Note: click on the link to author's free download site.)
  - //Proof Theory and Automated Deduction//, J. Goubault-Larrecq and I. Mackie, Kluwer Academic Publishers, 1997.
  - //Logic in Computer Science: Modelling and Reasoning about Systems//, M. Huth and M. Ryan, Cambridge University Press, 2004.
  - //Foundations for Programming Languages//, J.C. Mitchell, The MIT Press, 1996.
  - //Formal Syntax and Semantics of Programming Languages//, K. Slonneger and B.L. Kurtz, Addison-Wesley, 1995.
  - //Verification of Sequential and Concurrent Programs, 2nd Edition//, K.R. Apt and E.-R. Olderog, Springer-Verlag, 1997.
  - //[[https://allan-blanchard.fr/publis/frama-c-wp-tutorial-en.pdf|Introduction to C program proof with Frama-C and its WP plugin]]//, Allan Blanchard, 2020.
  - //[[http://www.cis.upenn.edu/~bcpierce/sf/|Software Foundations]]//, B.C. Pierce, C. Casinghino, M. Greenberg, V. Sjöberg, and B. Yorgey. (Note: click on the link to authors' free download site.)
  - //[[http://adam.chlipala.net/cpdt/|Certified Programming with Dependent Types
]]//, A. Chilipala. (Note: click on the link to author's free download site.)
  - //The Formal Methods Page: // http://formalmethods.wikia.com/wiki/Formal_methods, J. Bowen. (Note: this Web portal provides links to numerous formal methods and tools.)