{"id":18689052,"url":"https://github.com/codersguild/software-analysis-pavt","last_synced_at":"2025-04-12T05:39:03.138Z","repository":{"id":46205212,"uuid":"271285211","full_name":"codersguild/Software-Analysis-PAVT","owner":"codersguild","description":"Program Analysis, Software Verification \u0026 Testing. Python3, CAS, Dafny, Z3, CVC4, UCLID, ZChaff, NuSMV, AFL, Scala, CBMC \u0026 LLVM Framework (CO). ","archived":false,"fork":false,"pushed_at":"2023-04-09T14:57:24.000Z","size":22955,"stargazers_count":37,"open_issues_count":0,"forks_count":6,"subscribers_count":6,"default_branch":"master","last_synced_at":"2025-04-12T05:38:52.001Z","etag":null,"topics":["analysis","boogie","cbmc","cvc4","dafny","dynamic-taint-analysis","fuzzing","hacktoberfest","hacktoberfest2021","hoare-logic","llvm","sudoku-solver","uclid","uclid5","verification","z3-smt-solver","z3py"],"latest_commit_sha":null,"homepage":"","language":"Boogie","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/codersguild.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2020-06-10T13:31:19.000Z","updated_at":"2024-07-04T20:50:51.000Z","dependencies_parsed_at":"2023-01-19T20:47:00.465Z","dependency_job_id":"35536f79-956f-4893-ac24-ac31379688f5","html_url":"https://github.com/codersguild/Software-Analysis-PAVT","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/codersguild%2FSoftware-Analysis-PAVT","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/codersguild%2FSoftware-Analysis-PAVT/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/codersguild%2FSoftware-Analysis-PAVT/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/codersguild%2FSoftware-Analysis-PAVT/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/codersguild","download_url":"https://codeload.github.com/codersguild/Software-Analysis-PAVT/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248525170,"owners_count":21118617,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["analysis","boogie","cbmc","cvc4","dafny","dynamic-taint-analysis","fuzzing","hacktoberfest","hacktoberfest2021","hoare-logic","llvm","sudoku-solver","uclid","uclid5","verification","z3-smt-solver","z3py"],"created_at":"2024-11-07T10:39:52.348Z","updated_at":"2025-04-12T05:39:03.111Z","avatar_url":"https://github.com/codersguild.png","language":"Boogie","readme":"## Program Analysis, Testing \u0026 Formal Verification :\n\nFormal Method is a set of techniques and methodology that helps us in\ndoing formal verification. Formal Verification is a way of defining a\nconcrete / abstract overview of a problem or model and then answering some\nquestions regarding the properties of that model. We try to prove certain\nassertions and check for validity. Eg. Given a program does it ever happen\nthat some variables take negative values. Does a model access a particular\narray element while execution. Some of the claims and problems that verifications tries to solve\nare `undecideable` but these things are done in finite amount of time and\nresources for most of the practical `programming/development` problems that we try solving via `abstractions` and `approximations`. You can\nhowever provide specific inputs that make the problem hard to solve/non\nhalting.\n\n## Figures\n\n- [Install and use inkspace to make beautiful drawings for your paper](https://textext.github.io/textext/install/linux.html)\n\n## ACM Winter School :\n\n- [ACM Winter School : Computer Architecture, Compilers, PL, Logic, Testing \u0026 Verification.](https://winterschool2022.cse.iitk.ac.in/)\n\n# \u003ca name='updates'\u003eResearch Papers \u0026 Topics\u003c/a\u003e\n\nSome cool paper links. \n\n### [[⬆]](#updates) \u003ca name='links'\u003ePaper Links\u003c/a\u003e\n\n- [ ] [KLEE Paper](https://www.doc.ic.ac.uk/~cristic/papers/klee-osdi-08.pdf)\n- [ ] [Deferred concretization in symbolic execution via fuzzing](https://dl.acm.org/doi/10.1145/3293882.3330554)\n- [ ] [UCLID Paper](https://cse.iitk.ac.in/users/spramod/papers/memocode18.pdf)\n- [ ] [Bucketing Failing Tests via Symbolic Analysis](https://link.springer.com/chapter/10.1007/978-3-662-54494-5_3)\n- [ ] [Hot Path SSA](https://dl.acm.org/doi/10.1145/3078659.3078660)\n- [ ] [K-paths Profiling](https://dl.acm.org/doi/10.1109/CGO.2009.11)\n- [ ] [Exploring program phases for statistical bug localization](https://dl.acm.org/doi/10.1145/2462029.2462034)\n- [ ] [Symbolic Execution and Dynamic Taint Analysis](https://users.ece.cmu.edu/~aavgerin/papers/Oakland10.pdf)\n- [ ] [Non-Interference](http://csl.sri.com/papers/csl-92-2/csl-92-2.pdf)\n- [ ] [A Formal Approach to Secure Speculation](https://eprint.iacr.org/2019/310.pdf)\n- [ ] [A Formal Verification Framework for Security Issues of Blockchain Smart Contracts](https://www.mdpi.com/2079-9292/9/2/255)\n- [ ] [Formal Verification of Smart Contracts: Short Paper](https://hal.inria.fr/hal-01400469/document)\n- [ ] [ZEUS: Analyzing Safety of Smart Contracts](http://pages.cpsc.ucalgary.ca/~joel.reardon/blockchain/readings/ndss2018_09-1_Kalra_paper.pdf)\n- [ ] [Using Dafny, an Automatic Program Verifier](http://leino.science/papers/krml221.pdf)\n- [ ] [DART Paper](https://web.eecs.umich.edu/~weimerw/2014-6610/reading/p213-godefroid.pdf)\n- [ ] [From Program to Logic: An Introduction](https://link.springer.com/chapter/10.1007/978-3-642-35746-6_2)\n- [ ] [SAGE : Whitebox Fuzzing for Security Testing](https://patricegodefroid.github.io/public_psfiles/cacm2012.pdf)\n- [ ] [SoC Verification Problem](https://www.youtube.com/watch?v=rtaaOdGuMCc)\n\n### [[⬆]](#updates) \u003ca name='pending'\u003eOther Papers\u003c/a\u003e\n\n- [ ] [ConCert: A Smart Contract Certification Framework in Coq](https://www.researchgate.net/publication/334694940_ConCert_A_Smart_Contract_Certification_Framework_in_Coq)\n- [ ] [Scilla-Paper](https://arxiv.org/abs/1801.00687)\n- [ ] [CUTE Symbolic Execution](https://web.archive.org/web/20100629114645if_/http://srl.cs.berkeley.edu/~ksen/papers/C159-sen.pdf)\n- [ ] [Control Flow Integrity](https://www.microsoft.com/en-us/research/wp-content/uploads/2005/11/ccs05.pdf)\n- [ ] [Avoiding Exponential Explosion](https://users.soe.ucsc.edu/~cormac/papers/popl01.pdf)\n\n### Reading Material \u0026 Book References\n\n- [ ] [Dafny](https://arxiv.org/pdf/1701.04481.pdf)\n- [ ] [Hyperproperties](https://arxiv.org/pdf/1905.13517.pdf)\n- [ ] [Computer Security](https://dl.acm.org/doi/pdf/10.1145/1592761.1592773)\n- [ ] [Dafny Examples](https://arxiv.org/pdf/1701.04481.pdf)\n- [ ] [The Art, Science, and Engineering of Fuzzing](https://arxiv.org/pdf/1812.00140.pdf)\n- [ ] [Boolean Satisfiability Solversand Their Applications inModel Checking](https://publik.tuwien.ac.at/files/PubDat_243714.pdf)\n- [ ] [Software Foundations - Logical Foundations](https://softwarefoundations.cis.upenn.edu/lf-current/index.html)\n- [ ] [Model Checking](https://www.youtube.com/playlist?list=PLnbFC0ntxiqdpoWwMKCVh6BRwBePHaqQx)\n- [ ] [FORMAL METHODS IIT-D Lecture Slides](http://web.iitd.ac.in/~sumeet/slide3.pdf)\n- [ ] [Program Analysis, Verification \u0026 Testing Book](http://faculty.sist.shanghaitech.edu.cn/faculty/songfu/cav/PPA.pdf)\n- [ ] [The Science Of Programming](http://www.cs.cornell.edu/gries/July2016/The-Science-Of-Programming-Gries-038790641X.pdf)\n- [ ] [Model Checking](https://www.youtube.com/watch?v=KrWSK-UzCRc\u0026list=PLnbFC0ntxiqdpoWwMKCVh6BRwBePHaqQx)\n- [ ] [Building Secure Systems from Buggy Code with Information Flow Control](https://www.youtube.com/watch?v=kZApEMgz2xY)\n- [ ] [Modular Verification of Secure Information Flow - Peter Müller](https://www.youtube.com/watch?v=a8SosOAG1Dc)\n- [ ] [CISSP Domain Security](https://www.youtube.com/playlist?list=PLWqLeluv2Rq2jH70NFPYm0PB8sDMJ8gJR)\n- [ ] [Delta Debugging](https://www.cs.purdue.edu/homes/suresh/408-Spring2017/Lecture-9.pdf)\n- [ ] [What is fuzzing?](https://www.wired.com/2016/06/hacker-lexicon-fuzzing/)\n- [ ] [AFL++](https://github.com/AFLplusplus/AFLplusplus)\n\n## Some Methods \u0026 Basic Resources :\n\n1. Induction is a way to prove things that are defined recursively.\n\n- Base case, we show that either for 1 or 0 / starting cases some property is true.\n- For some k th case we show that if we assume P(k) is true, P(k+1) is true\n- From this we may conclude that P(n) holds for all n in our domain.\n\nIntroduction Videos :\n\n### `Program Analysis \u0026 Verification`\n\nFantastic videos by Dr. Subhajit Roy (IIT Kanpur)\n\n- [ACM School PAVT](https://www.youtube.com/watch?v=QLIQpF9ENqk\u0026list=PLpk1frgfR2WqaacNyPUC-fwUZGMZEY0q9)\n\n### `Simple Inductions` :\n\n- https://www.youtube.com/watch?v=m_91KWQiC0o\u0026list=PLA72M-qSGPm3Bnkc6iKGxrL1OARztbm6V\n\n### `Tree Data Structure Induction` :\n\n- https://www.youtube.com/watch?v=Fy8cNMuk_rY\u0026list=PLA72M-qSGPm3HZbcRLVOSpxELUHtdaNpt\n\n### `Natural Deductions` :\n\n- https://www.youtube.com/watch?v=v2i59XRceXE\u0026list=PLA72M-qSGPm2ohvwvJVbd3abnaSkiBy8j\n\n2. Bounded Model Checking : We model the problem like a Finite State\n   Machine. An execution of a FSM is a string formed by simulating the\n   state-to-state transitions. We ask if a certain property holds for the FSM\n   globally or eventually when we move from say State S1 to S2. The model is\n   bounded in the sense that we consider a finite number of states but an\n   have infinite number of executions or traces possible.\n\n### `Turing Machine, As an extension to FSM` :\n\n- https://www.youtube.com/watch?v=QOcxbzopSk4\u0026list=PLA72M-qSGPm27TjJaMOsNcMnLUoYAO9ZT\n\n### `Model Checking` :\n\n- https://www.youtube.com/watch?v=piISG8bV2GI\u0026list=PLJ5C_6qdAvBGojQMUzL4x5Y0N5gBJmT4l\n\n### `How we model and define properties` :\n\n- https://www.youtube.com/watch?v=8wI5ee3Lwsw\u0026list=PLJ5C_6qdAvBGojQMUzL4x5Y0N5gBJmT4l\u0026index=13\n\nLTL, this logic theory is needed to model temporal properties or state transitions where the property depends on time / or on the next state of\nexecution. As in the case of an FSM, we need to check if property holds from state to state.\n\n- https://www.youtube.com/watch?v=W5Q0DL9plns\u0026list=PLJ5C_6qdAvBGojQMUzL4x5Y0N5gBJmT4l\u0026index=33\n\nFor properties that need a set of set of traces to define and prove correctness, we need hyper-properties.\n\n- https://www.youtube.com/watch?v=JZ5OWdX3hmY\n\n### `Hoare Logic` :\n\n- https://www.youtube.com/watch?v=kjxdelbo9C4\u0026list=PLA72M-qSGPm2bZlhxYB-ePerW0U8nPn4H\n- http://www0.cs.ucl.ac.uk/staff/p.ohearn/papers/IncorrectnessLogic.pdf\n\n### `Binary Search Verification in Dafny` :\n\n- https://www.youtube.com/watch?v=-_tx3lk7yn4\n\n### `Dafny PDF` :\n\n- https://arxiv.org/pdf/1701.04481.pdf.\n\n### `Calculus of Computation` :\n\n- https://link.springer.com/book/10.1007/978-3-540-74113-8\n\n### `Hyperproperties` :\n\n- https://www.cs.cornell.edu/fbs/publications/Hyperproperties.pdf.\n\n### `Hedra Formal Methods` :\n\n- https://www.youtube.com/watch?v=6q15ytIOE3U\n\n## Detailed Study : For Research Orientated Learning\n\nWhat is Computer Security ?\n\n- https://www.microsoft.com/en-us/research/publication/practical-principles-for-computer-security/\n- https://dl.acm.org/doi/pdf/10.1145/1592761.1592773\n\n### `Propositional Natural Deductions` :\n\n- https://www.youtube.com/watch?v=v2i59XRceXE\u0026list=PLA72M-qSGPm2ohvwvJVbd3abnaSkiBy8j\n\n### `First Order Natural Deductions` :\n\n- https://www.youtube.com/watch?v=gggItiZ3Sjk\u0026list=PLA72M-qSGPm1pISu85QR6bZL4wK4rZZxp\n\n### `Hoare Logic Link` :\n\n- https://www.youtube.com/watch?v=t-Mj4ji3tCw\u0026list=PLA72M-qSGPm2WxSxXthNiYx2u4KBZlXCC\n\n### `Hoare Logic + Loops` :\n\n- https://www.youtube.com/watch?v=kjxdelbo9C4\u0026list=PLA72M-qSGPm2bZlhxYB-ePerW0U8nPn4H\n\n### `Induction` :\n\n- https://www.youtube.com/watch?v=m_91KWQiC0o\u0026list=PLA72M-qSGPm3Bnkc6iKGxrL1OARztbm6V\n\n### `Tree Induction` :\n\n- https://www.youtube.com/watch?v=Fy8cNMuk_rY\u0026list=PLA72M-qSGPm3HZbcRLVOSpxELUHtdaNpt\n\n### `Model Checking - 1` :\n\n- https://www.youtube.com/watch?v=piISG8bV2GI\u0026list=PLJ5C_6qdAvBGojQMUzL4x5Y0N5gBJmT4l\n\n### `Model Chceking - 2` :\n\n- https://www.youtube.com/watch?v=KrWSK-UzCRc\u0026list=PLnbFC0ntxiqdpoWwMKCVh6BRwBePHaqQx\n\n### `Linear Temporal Logic` :\n\n- https://www.youtube.com/watch?v=CUno7iGUmAo\n\n### `Clause Learning (CDCL)` :\n\n- [Clause learning : CDCL](https://cse442-17f.github.io/Conflict-Driven-Clause-Learning/)\n- [Handbook of SAT](https://www.ics.uci.edu/~dechter/courses/ics-275a/winter-2016/readings/SATHandbook-CDCL.pdf)\n- [Conflict Driven Clause Learning - CDCL](https://www.cs.utexas.edu/~isil/cs389L/CDCL.pdf)\n\n### `Hyperproperties` :\n\n- https://www.youtube.com/watch?v=vVMu6g2H50Q\n\n### `Verification Corner Dafny` :\n\n- https://www.youtube.com/channel/UCP2eLEql4tROYmIYm5mA27A/videos\n\n### `Verification Corner Loop Invariants` :\n\n- https://www.youtube.com/watch?v=spcfzbisBv4\n\n### `UCLID5` :\n\n- https://github.com/uclid-org/uclid/tree/master/tutorial\n- https://cse.iitk.ac.in/users/spramod/papers/memocode18.pdf\n- https://cse.iitk.ac.in/users/spramod/papers/ccs17.pdf\n\n### `UCLID5 is based on Z3. Z3 Reference` :\n\n- https://theory.stanford.edu/~nikolaj/programmingz3.html\n- https://z3prover.github.io/api/html/namespacez3.html\n- https://github.com/Z3Prover/z3\n- https://ericpony.github.io/z3py-tutorial/guide-examples.htm\n\n### `Dynamic Taint Analysis` :\n\n- https://users.ece.cmu.edu/~aavgerin/papers/Oakland10.pdf\n\n### `The Calculus of Computation. (Bradley \u0026 Manna)`\n\n- Slides : https://lara.epfl.ch/w/_media/sav15:calculus-of-computation-slides.pdf\n\n### `Non-Interference` :\n\n- http://csl.sri.com/papers/csl-92-2/csl-92-2.pdf\n\n### `Hyperproperties` :\n\n- https://eprint.iacr.org/2019/310\n- https://www.cs.cornell.edu/fbs/publications/Hyperproperties.pdf\n- https://arxiv.org/pdf/1905.13517.pdf\n\n### `Probabilistic Symbolic Execution` :\n\n- [Probabilistic Symbolic Execution](https://www.cs.cmu.edu/~emc/2014/speakers/CorinaPasareanuEMC14.pdf)\n- [PSE Paper](https://dl.acm.org/doi/10.1145/2338965.2336773)\n\n### `Probabilistic Programming` :\n\n- [Hakaru](https://hakaru-dev.github.io/)\n\n### `LLVM Frameworks` :\n\n- [LLVM : Compilers Lab](https://www.youtube.com/playlist?list=PLDSTpI7ZVmVnvqtebWnnI8YeB8bJoGOyv)\n- [LLVM Ball-Laurus Profiler](https://github.com/syoyo/LLVM/blob/master/lib/Transforms/Instrumentation/PathProfiling.cpp)\n\n### `Model Checkers` :\n\n- [CBMC](https://www.cprover.org/cbmc/)\n- [ESBMC](https://github.com/esbmc/esbmc)\n\n## Concepts/Topics :\n\n- [Universal Quantification](https://en.wikipedia.org/wiki/Universal_quantification)\n- [Uniqueness Quantification](https://en.wikipedia.org/wiki/Uniqueness_quantification#Reduction_to_ordinary_existential_and_universal_quantification)\n- [More on Hoare Logic](https://www.cs.cmu.edu/~aldrich/courses/654-sp07/slides/7-hoare.pdf)\n- [Abstract Interpretation](https://www.researchgate.net/publication/220997507_Abstract_Interpretation_A_Unified_Lattice_Model_for_Static_Analysis_of_Programs_by_Construction_or_Approximation_of_Fixpoints)\n\n## Hands-On Stuff \u0026 Tutorials I made :\n\n- [Use of gcov \u0026 gtest](https://dr-kino.github.io/2019/12/22/test-coverage-using-gtest-gcov-and-lcov/)\n- [Example use of gcov, gtest, cmake \u0026 make](https://github.com/CS253-IITK-2021/Demo-Codes)\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcodersguild%2Fsoftware-analysis-pavt","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcodersguild%2Fsoftware-analysis-pavt","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcodersguild%2Fsoftware-analysis-pavt/lists"}