Here are some of the ideas for a 2108 project. These are divided into two categories. I. EXPLORING A MODEL-CHECKER You can explore an existing model-checker. This would include describing how a particular model-checker works and either attempting to model-check a non-trivial specification or extend the model-checker in an interesting way. One possible verification case study is to check that a filesystem conforms to POSIX specifications. You can also compare several different types of model-checkers on an interesting (but maybe rather trivial) example. The list of "interesting" model-checkers includes: BLAST - a system developed at Berkley. Similar functionality to SLAM (done by Microsoft - a system for checking device drivers specified in C using predicate abstraction). Unlike SLAM, BLAST is publically available (including OCaml source code). It implements the abstraction-counterexample-refinement loop, like the Clarke's framework that we have studied in class. A nice project for those interested in abstraction would be to describe BLAST, to download it and do an abstraction case study. JavaPathFinder - an explicit state model-checking for Java developed at NASA. It has recently became open source. URL: http://javapathfinder.sourceforge.net. Bogor - a framework for developing explicit state software model-checkers. This is the best place to start if you want to extend an existing model-checking technique. URL: http://bogor.projects.cis.ksu.edu/ MOCHA - developed to reason about systems comprised of modules while taking advantage of its structure. Users can reason about their systems using ATL - alternating temporal logic, which has very "game-theoretic flavor". A possible project can involve using MOCHA for vacuity detection in component-based verification. URL: http://www.cis.upenn.edu/~mocha/what.shtml A survey comparing existing software model-checking tools may include -- MAGIC -- CBMC -- Blast -- Yasm -- JavaPathFinder -- Bogor II. INTERESTING PROJECT TOPICS NOT COVERED IN CLASS For these, we can provide a list of "starter" papers. Most of these are fairly recent developments. - Unbounded SAT-based model-checking techniques (k-induction, combination of SAT and BDD techniques) - Application of Craig Interpolants in Model-Checking - Abstraction-refinment and termination analysis - From counterexamples to proofs -- how to generate a proof when a property is passed by the model-checker. - Interface Automata - Model-checking components. A good starting point is a paper Tiziana Margaria, A. Prasad Sistla, Bernhard Steffen, Lenore D. Zuck: "Taming Interface Specifications", CONCUR 2005. The following topics deal with model-checking infinite state systems - Model-checking parametrized systems - Model-checking (weighted) push-down systems, or How to model-check recursive programs - Model-checking systems with unbounded queues - Regular model-checking and automata-based representation of infinite sets of states and transition relations Let us know if you are interested in any of these and/or need more info. Marsha Acknowledgements: this list was compiled with contributions from Arie Gurfinkel.