Sections

The University of Iowa

CS/ECE:5810 Formal Methods in
Software Engineering

Fall 2025

Syllabus

Course Description and Goals

This course provides a hands-on introduction to formal methods for software engineering. The purpose of formal methods is to enable the construction of highly reliable software. Their foundation is the precise specification of run-time properties that a software system is expected to satisfy. Formal methods are concerned with specifications that are precise for being stated in languages endowed with a formal syntax, semantics, and theory. Formality helps the specification process in at least two ways:

  1. it naturally leads to unambiguous, high-quality specifications
  2. it provides the bases for automated tool support.

As we will see, formal specification techniques allow for the construction of highly automated verification tools that help software developers analyze specifications and corresponding code, looking for errors in requirements, models, designs, and implementations.

Learning Objectives

We will study a few techniques for formal software development, spanning the whole development process: from high-level semantic modeling to coding and debugging. The study will not be done in the abstract, however, but through the use of actual tools supporting these techniques. In this course, students will

  1. learn about formal methods (FMs) in software engineering;
  2. understand how FMs help produce high-quality software;
  3. learn about formal modeling and specification languages;
  4. write and understand formal requirement specifications;
  5. learn about main approaches in formal software verification;
  6. know which formal methods to use and when;
  7. use automated and interactive tools to verify models and code.

Students should be prepared to put in considerable time and effort into reading to become familiar with the course's topics, and into homework and exercises to gain experience with the techniques seen in class.

Prerequisites

CS:2810 or ECE:3330, or equivalent.

Lectures

Tue and Thu, 11:00am - 12:15pm, S116 Chemistry Building

Staff

Prof. Cesare Tinelli (Instructor)
1 Jessup Hall, Room C
(319) 335-0735
cesare-tinelli + @ + uiowa.edu

Jiadong "Arnold" Yu (TA)
201N MLH,
jiadong-yu + @ + uiowa.edu

Alberto Segre (DEO)
14G MLH,
alberto-segre + @ + uiowa.edu

Drop-in Hours

Students are invited to drop by in person or on Zoom during the hours listed below to discuss questions about the course material or other concerns.

Prof: Tue 2:15pm-3:45pm, Thu 3:15pm-4:45pm.
Zoom: 884 316 858.

TA: Mon 3:00pm-4:00pm, Wed 12:00pm-1:00pm, Fri 2:30pm-3:30pm.
Zoom: 947 445 655 26

The instructors are also available by appointment if you are unable to attend the scheduled drop-in hours.

Online Resources

Most of the information about the class, including handouts and assignments, will be available from the class web site:

http://www.cs.uiowa.edu/~tinelli/classes/5810/Fall25

We will also use Piazza, a class discussion service, for announcements, questions and discussions, and ICON for homework submissions and grade posting. Lectures will be recorded and recordings will be available to registered students on UICapture.

Note that lecture recordings are the intellectual property of the instructor, and they may not be shared, reproduced, or uploaded to any online environment without the explicit, written consent of the instructor. Doing so is a breach of the Code of Student Conduct and, in some cases, a violation of the Federal Education Rights and Privacy Act (FERPA).

Students are expected to check both the class web site and the Piazza discussion board on a regular basis (at least every other day) for announcements regarding the course.

Textbooks and Readings

The required textbooks are
    Practical Alloy
by A. Cunha, N. Macedo, J. Brunel, and D. Chemouil.
2025. 		    Program Proofs by K. Rustan Leino.
MIT Press, 2023.
ISBN: 9780262375429
    Concise Guide to Formal Methods
by Gerard O’Regan.
Springer, 2017.
The Alloy book is freely available online. The FM guide book is freely downloadable for UI students. The Program Proofs book must be purchased. A copy of it is on reserve in the Engineering Library. We will also use a variety of additional reading materials all of which will be made available through the course web site.

Weekly readings will be posted in the Lectures section and updated as the course progresses. Readings will include various class notes and handouts, papers on formal software specification and verification, and material on how to use the specification/verification tools adopted in the course.

The formalisms used in this class are ultimately based on propositional logic and on first-order logic (aka, predicate calculus). Links to background reading material on that will also be available on the course website.

Computer Accounts and Software

You may find it useful to use your account on the CS remote servers which have a working installation of some of the software tools used in this course. Instructions on how to access those machines, on-site or remotely, and use the installed software are provided on the course website.

Alternatively, you are welcome to use your own computer for course work but you are responsible for installing any necessary software. We regret that maybe not be able to provide assistance for any problems with your own installation.

Homework Assignments

There will be six graded homework assignments: three introductory assignments, to be done individually, and three mini-projects, to be done in teams of 2 people. See ICON for the expected release dates and submission deadlines. These will be adjusted as needed.

For the mini-projects, every team member will be expected to be involved in all aspects of the assignment (no dividing up the work). The whole team is responsible for the work submitted. Although the work is shared, each students will received an individualized grade. Team members will be asked to submit an evaluation of how well they and their teammates performed as team members. Each evaluation is confidential and will be be incorporated into the calculation of the individual grade.

Each student is responsible for contacting other students and form a team. The discussion forum on Piazza can be use to establish initial contacts. It is okay to form different teams for each project. Teams of 1 are accepted but not encouraged. In particular, no reduction of work will be granted to them.

Exams

There will be one midterm exam and one final exam. They will be both on campus for the UI students and both online for the Grinnell students. The midterm will be held during class time. The final exam will be held during exam week, per university schedule, and will last two hours. The midterm exam will cover material from approximately half of the course, including information presented in lectures, and the assigned readings. The final will be comprehensive. Both exams will test your knowledge of basic concepts, terms, and general techniques discussed in the course. More information can be found in the Exams section of the course website. In preparation for each exam, it is strongly recommended that students complete all the readings, exercises, and homework assigned until then.

The final examination date and time will be announced by the Registrar generally by the fifth week of classes, and it will be announced on the course ICON site once it is known. Do not plan your end of the semester travel plans until the final exam schedule is made public. It is your responsibility to know the date, time, and place of the final exam. The Registrar’s Office website details which types of schedule conflicts qualify for make-up exams and the processes students should follow to request make-up exams. Not all conflicts qualify for make-up exam times, and requests must be made by the deadlines listed.

Class Participation

Regular and prompt attendance is expected for this course. Since a substantial percentage of your grade will be based on class attendance and participation, it is in your interest to attend every class and be ready to make significant contributions to in-class discussions. Participation includes being up to date with the course readings so as to be able to answer questions from the instructor and actively contribute to the solution of in-class exercises.

Grading

The weighting of items in grade determination will be the following:

Item Weight
In-class Participation 13%
Intro Assignments 15%
Mini Projects 18%
Midterm 24%
Final Exam 30%

The following cutoffs will be used to determine letter grades. In the ranges below, x stands for your total score at the end of the semester. Final scores near a cutoff will be individually considered for the next higher grade. Plus(+) and minus(-) grades will also be given; their cutoffs will be determined at the end of the semester. A+ will be given to scores close or above 100%.

Score Grade
88 ≤ x < 100 A
75 ≤ x < 88

B
60 ≤ x < 75 C
50 ≤ x < 60 D
00 ≤ x < 50 F

Grades are not curved in this course. It is theoretically possible for everyone in the class to get an A (or an F). Your final grade depends only on your own final score and not on that of others.

Academic Excellence and Workload

The University of Iowa expects students to set high academic standards for themselves and work hard towards achieving them. You can achieve true academic excellence only through dedicated work. An average workload of 6 hours a week besides class attendance should be considered the norm for this course. More effort might be needed depending on your background, predisposition and academic ambition.

Artificial Intelligence (AI) Policy

Using AI tools like ChatGPT in homework assignments is permitted. However, students must disclose such use in their submission. For each problem in an assignment, you must indicate how AI-generated material informed your solution process and the final solution, including how you validated any AI-generated response included in your solution. Each assignment will contain more specific guidance on how these tools might be part of your process and how to provide transparency about their use in your work.

Academic Honesty and Misconduct

All students in CLAS courses are expected to abide by the college's standards of academic honesty. In particular, under no circumstances should you pass off someone else's work as your own. Undergraduate academic misconduct will be reported by instructors to CLAS according to these procedures. Graduate academic misconduct will be reported to the Graduate College according to Section F of the Graduate College Manual.

In general, you are allowed and encouraged to discuss with students in other teams concepts and ideas that relate to the class and the homework assignments. However, it is important to ensure that these discussions do not lead to the actual exchange of written material. The use of AI tools is also allowed but subject disclosure and attribution. See below.

This course assumes that work submitted by students will be generated by the students themselves, working individually or in teams. This means that the following will be considered violations of academic integrity: a student has another person do the writing of any substantive portion of an assignment or exam for them; this includes hiring a person or a company to write homework or exam solutions.

In addition, the following is also explicitly disallowed.

If you are unclear about what constitutes academic dishonesty bit is your responsibility to contact the instructors or consult the CLAS policy (online version). Be aware that repeated academic dishonesty offenses lead to suspension or expulsion from the University.

General Course Policies

Course’s Administrative Home The College of Liberal Arts and Sciences (CLAS) is the home of this course, and CLAS governs the policies and procedures for its courses. Graduate students, however, must adhere to the academic deadlines set by the Graduate College.

Communicating with the Instructors: We welcome questions related to the course. Students are strongly encouraged to post their class-related questions on Piazza (publicly or privately, as appropriate) rather than emailing questions to the teaching staff. Questions sent by email will receive lower priority. We are committed to answer all questions posted on Piazza within 24 hours.
We will make any course-related announcements on Piazza and will occasionally send direct email notifications to all students in the class. Students are responsible for all official correspondences sent to their UI email address (uiowa.edu) and must use this address for any communication with instructors outside of Piazza. For the privacy and the protection of student records, UI faculty and staff can only correspond by email with UI addresses.

Drop-in Hours: Students are invited to connect/drop by during the posted drop-in hours to discuss questions about the course material or concerns. The instructors are also available by appointment if your are unable to attend the drop-in hours.

Assigned Readings: Students are expected to study all the material assigned as required readings, even if that material is not explicitly discussed in class or in the homework.

Additional Readings and Discussions: Students are encouraged to go over any specifically suggested readings and consult any relevant materials beyond those provided on the course's web site. They are also encouraged to discuss the course topics with their classmates. It is a genuinely helpful learning activity having to formulate one's own thoughts about the material well enough to express them to others.

Attendance and Absences: Lectures will be in person for the the UI students. Grinnell students will be able to attend the same lectures remotely via Zoom. Lectures will be taught in person, with frequent (ungraded) in-class exercises or other forms of active participation. Students are expected to attend all lectures and, in case they cannot attend a lecture, timely watch its recorded version. Students do not need to communicate their absences to the instructors unless these are due to long-term illness (so that suitable arrangements can be made if possible). However, they are responsible for all announcements made in class and material covered there regardless of whether they attended/watched the lecture or not.

Extra Credit: No extra-credit assignments or tests will be given on an individual basis, although they maybe given to the whole class.

Make-up Exams: Make-up exams will be offered only if there is a serious, documented reason for not being able to take a scheduled exam, and if the request is made at least a week before the exam. Emergency situations will be considered on a case-by-case basis.

Regrading: Students thinking a graded assignment or test has been misgraded and deserves a regrading are invited to let the instructors know. The instructors welcome and will give full consideration to all well motivated regrading requests.

Student Complaints: Students with a complaint about a grade or a related matter should first discuss the situation with the instructors, and finally with the Department Chair (DEO).
Undergraduate students should contact CLAS Undergraduate Programs for support when the matter is not resolved at the previous level. Graduate students should contact the CLAS Graduate Affairs Manager when additional support is needed.

Drop Deadline: Students may drop an individual course before its drop deadline; after this deadline they will need collegiate approval. When you drop a course, a “W” will appear on your transcript. The mark of “W” is a neutral mark that does not affect your GPA. Undergraduate students can find policies on dropping CLAS courses here. Graduate students should adhere to the academic deadlines and policies set by the Graduate College.

University Policies

Unless otherwise noted, this course abides to the general university policies for courses. Make sure you familiarize yourself with them.


Copyright: Cesare Tinelli, The University of Iowa, 2025