Overview

This course was a survey course, touching on a lot of useful topics in the field of Software Analysis and Testing. The labs gave students the practical experience needed to really bring home the lessons learnt. There were 11 major topics and 7 main labs (plus a warm-up lab). Each lesson had a corresponding quiz worth 1.5% and had a lab or was covered on the 20% exam. Labs were worth 8% each excluding the warm-up lab which weighed in at 4%. There was a bonus 5% for participation on the online platform, Ed. This proved to be very busy with lots of help from TAs and fellow students. The course was fairly easy to follow and understand whereas the labs required a bit of a leap as students were thrown into the deep end tasked with using the LLVM toolchain.

Labs (50.49/60)
Lab 0 (4/4)

This was an introductory lab where we were able to get our feet wet with the world of LLVM. Luckily, a well compiled Primer document was provided for the students which proved to be quite useful throughout all the labs. We were tasked with inspecting the LLVM IR code and counting the number of functions that existed.In total, I spent around an hour trying to complete this lab and ended up writing only about 5 lines of code max. It took a little digging around in the doxygen documentation to find the right function calls etc. but this was a relatively easy lab.

Lab 1 - Fuzzing (0/8)

We were tasked with instrumenting function calls at compile time to modify the behaviour of the program. This is generally known as the most difficult lab of the course as it requires quite an amount of patience to complete. After the instrumentation was done, we needed to come up with different fuzzing techniques to cause a program to crash. I copy and pasted some code I found online and quickly realized how strict foreign universities are when it comes to academic integrity and plagiarism. I was given a 0 on this lab but the rest of the class spent around 30-40 hours trying to complete this.

Lab 2 - Dataflow (8/8)

This lab was fairly straightforward. All that needed to be done was implement two algorithms from the lectures; Reaching Definitions Analysis and Liveness Analysis. Once you are comfortable with c++ and pointers this lab should be a breeze to complete. I spent around 10 hours total for this one.

Lab 3 - Datalog (8/8)

This was a really interesting lab where we had to write rules in Datalog to pass to the z3 solver which solved the same problem as lab 2. This really gave me an appreciation for these tools since we had to do the manual analysis prior to using these solvers. I spent around an hour on this lab.

Lab 4 - Type Systems (7.13/8)

This was my first time working with Typescript and it was a really nice intro. We were given a codebase and had to do type checking of variables to find bugs. This was really cool to do because it's basically the same thing the compile does when you get that "TypeError" message. This was was super simple but easy to overthink, most students spent hours on this lab whereas I was on the other spectrum only spending like 2 hours adding in type checks wherever I can. I must've missed one due to my lack of carefulness.

Lab 5 - CBI (8/8)

I had gotten accustomed with the LLVM toolchain and it's documentation by now so this lab was a breeze for me. History dictates this lab to be one of the hardest in the course however this was not the case for me. I spent around 10 hours on this lab, not much else to say about this one.

Lab 6 - Delta (7.76/8)

Similar to lab 2, we needed to implement an algorithm form the lecture but in Java this time. I have very limited experience with Java (only touched it a little in undergrad) and I do not like the language. Nontheless, I'd say it is very easy to score high in this lab but it is difficult to get full marks due to the amount of edge cases that must be covered. I spent around 15 hours working on this lab.

Lab 7 - KLEE (7.6/8)

This was my favorite lab as there was some back story to it. I like when labs can be related to real life scenarios. We played the role of a security analyst and had to dig through obfuscated code finding malicious intent using the KLEE engine. I spent arounnd 5 hours working on this lab.

Exam (19/20)

The exam was given at the middle of the semester and was based off of 4 lectures. I think it was pretty straightforward and the exam did not try to trick you. Once you understand the content fully, there should be no issues. We were also allowed one page of notes to look at during the exam. I'd suggest adding in anything you don't feel comfortable about (snippets of lesson quizzes even). For me, I always mix up the differences between a sound and complete analysis so I wrote down the definitions and gave examples in my notes. Most of the class did pretty well in this exam and you can too.

Quizzes, Surveys, and Participation (23.61/20)

Not much to say about quizzes, they were mostly straighforward as well. I watched most lectures twice at 2x speed, this technique worked well for me and helped solidify any concepts taught. I'd suggest actually doing the practice quizzes provided as they are similar in format to the actual lesson quizzes. I gained a full 5% for participation as I was very active on the Ed discussions page. Many students had problems understanding the concepts and other students were able to share their unique insights to help each other. The community was very supportive and willing to help one another.

Concluding Thoughts

I'd definitely reccomend this course to anyone in OMSCS as you learn valuable information that isn't really taught anywhere else. This course is not heavy however and should possibly be taken in the summer. I finished all the labs with over a month and a half to spare. The TAs were very helpful on Ed and during office hours and I could not have pulled an A (93.1%) without that extra 5% credit. This is definitely a moderate class and a must-take for newcomers to the program.