This page gives highlights of past lectures and provides lecture notes, reading assignments, and exercises.
Dates | Topics and Readings | HomeWork |
---|---|---|
Aug 25 Aug 27 |
Course introduction and administration. Introduction to Formal Methods. Introduction to sets and relations. Required Readings: Recommended Readings: |
All exercises in lecture notes |
Sep 1 Sep 3 |
Recap of basic notions in set theory. Relations and relational operators. Modeling general software systems. Introduction to the Alloy modeling language. Alloy's foundations. Signatures, fields and multiplicity constraints. Modeling simple domains in Alloy. Generating and analyzing model instances with the Alloy Analyzer. Required Readings:
|
All exercises in lecture notes except for those in Part 2 |
Sep 8 Sep 10 |
Relations and operations on them. Formulas, Boolean operators and quantifiers. Expressing constraints on relations using Alloy formulas. Examples of constraints. Exercises. Required Readings:
|
Exercises in lecture notes |
Sep 15 Sep 17 |
Facts and assertions. Functions and predicates. Checking models and assertions with the Alloy Analyzer. Examples and exercises. Practice with modeling in Alloy: the Academia domain. Examples and exercises. Required Readings:
|
All exercises in the Academia model notes |
Sep 22 Sep 24 |
More practice with modeling in Alloy: the Academia domain. Alloy's module system. Motivations and uses. Parametric modules. An example: the predefined Ordering module. Modeling dynamic systems in Alloy. Example: making the family model dynamic. General approach: dynamic systems as state transition systems. Operators. Preconditions, postconditions and frame conditions. Examples of operators for the family model. Required Readings:
|
First exercise in Dynamic Models notes |
Sep 29 Oct 1 |
Introduction to Electrum Alloy.
Modeling dynamic systems in Electrum.
Examples.
Group exercises.
|
All exercises in Dynamic Models notes |
Oct 6 Oct 8 |
Introduction to reactive systems.
Introduction to the Lustre specification language. Required Readings:
|
Exercises in Lustre notes |
Oct 13 Oct 15 |
Practice with writing Lustre models and expressing their properties.
Simulating and checking Lustre models with Kind 2 (online examples).
Required Readings: Recommended Readings: |
Exercises in Lustre notes |
Oct 20 |
Midterm exam |
|
Oct 22 |
More practice with writing Lustre models and expressing their properties. Boolean Switches and traffic light examples. In-class exercise. Required Readings:
|
Simulate and verify in Kind 2 all Lustre examples in the readings |
Oct 27 Oct 29 |
Contract-based specification and compositional verification. Motivation and uses. Extending Lustre with contracts. Contract basics: assumptions, guarantees and execution modes. Examples of contracts. Required Readings:
|
Simulate and verify in Kind 2 the Lustre examples in the readings |
Nov 3 |
More on contract-based specification. Specifying system modes in Kind 2's contract language. Motivation and uses. Examples of contracts with modes. Required Readings:
|
|
Nov 5 |
Specifying and verifying programs in high-level programming languages. Introduction to Dafny. Method contracts in Dafny. Specifying pre and post-conditions. Compositional verification of methods through the use of contracts. Introduction to Floyd-Hoare logic. Required Readings:
|
Exercises in lecture notes |
Nov 10 Nov 12 |
Formalizing program behavior with Hoare triples. Strongest postconditions and weakest preconditions. The WP and SP operators. Computing WPs and SPs for assignments, sequential compositions, conditional statements, and methods calls. Assert and assume statements. Method vs function calls in Dafny. Partial expressions. Required Readings:
|
Exercises in lecture notes |
Nov 17 Nov 19 |
Dafny in action. Various examples.
Required Readings:
|
Exercises in lecture notes |
Nov 23 Nov 27 |
No class (Thanksgiving recess) |
|
Dec 1 Dec 3 |
More on arrays.
Binary search. Reading and writing frames for reference variables.
Methods that modify arrays.
Examples.
Required Readings:
|
|
Dec 8 Dec 10 |
Specifying classes as abstract datatypes to separate observable behavior
from internal implementation.
Two examples of FIFO queue implementation.
|
|
Dec 18 |
Final Exam |
|