This page gives highlights of past lectures and provides lecture notes, reading assignments, and exercises.
Dates  Topics and Readings  HomeWork 

Aug 25 Aug 27 
Course introduction and administration. Introduction to Formal Methods. Introduction to sets and relations. Required Readings: Recommended Readings: 
All exercises in lecture notes 
Sep 1 Sep 3 
Recap of basic notions in set theory. Relations and relational operators. Modeling general software systems. Introduction to the Alloy modeling language. Alloy's foundations. Signatures, fields and multiplicity constraints. Modeling simple domains in Alloy. Generating and analyzing model instances with the Alloy Analyzer. Required Readings:

All exercises in lecture notes except for those in Part 2 
Sep 8 Sep 10 
Relations and operations on them. Formulas, Boolean operators and quantifiers. Expressing constraints on relations using Alloy formulas. Examples of constraints. Exercises. Required Readings:

Exercises in lecture notes 
Sep 15 Sep 17 
Facts and assertions. Functions and predicates. Checking models and assertions with the Alloy Analyzer. Examples and exercises. Practice with modeling in Alloy: the Academia domain. Examples and exercises. Required Readings:

All exercises in the Academia model notes 
Sep 22 Sep 24 
More practice with modeling in Alloy: the Academia domain. Alloy's module system. Motivations and uses. Parametric modules. An example: the predefined Ordering module. Modeling dynamic systems in Alloy. Example: making the family model dynamic. General approach: dynamic systems as state transition systems. Operators. Preconditions, postconditions and frame conditions. Examples of operators for the family model. Required Readings:

First exercise in Dynamic Models notes 
Sep 29 Oct 1 
Introduction to Electrum Alloy.
Modeling dynamic systems in Electrum.
Examples.
Group exercises.

All exercises in Dynamic Models notes 
Oct 6 Oct 8 
Introduction to reactive systems.
Introduction to the Lustre specification language. Required Readings:

Exercises in Lustre notes 
Oct 13 Oct 15 
Practice with writing Lustre models and expressing their properties.
Simulating and checking Lustre models with Kind 2 (online examples).
Required Readings: Recommended Readings: 
Exercises in Lustre notes 
Oct 20 
Midterm exam 

Oct 22 
More practice with writing Lustre models and expressing their properties. Boolean Switches and traffic light examples. Inclass exercise. Required Readings:

Simulate and verify in Kind 2 all Lustre examples in the readings 
Oct 27 Oct 29 
Contractbased specification and compositional verification. Motivation and uses. Extending Lustre with contracts. Contract basics: assumptions, guarantees and execution modes. Examples of contracts. Required Readings:

Simulate and verify in Kind 2 the Lustre examples in the readings 
Nov 3 
More on contractbased specification. Specifying system modes in Kind 2's contract language. Motivation and uses. Examples of contracts with modes. Required Readings:


Nov 5 
Specifying and verifying programs in highlevel programming languages. Introduction to Dafny. Method contracts in Dafny. Specifying pre and postconditions. Compositional verification of methods through the use of contracts. Introduction to FloydHoare logic. Required Readings:

Exercises in lecture notes 
Nov 10 Nov 12 
Formalizing program behavior with Hoare triples. Strongest postconditions and weakest preconditions. The WP and SP operators. Computing WPs and SPs for assignments, sequential compositions, conditional statements, and methods calls. Assert and assume statements. Method vs function calls in Dafny. Partial expressions. Required Readings:

Exercises in lecture notes 
Nov 17 Nov 19 
Dafny in action. Various examples.
Required Readings:

Exercises in lecture notes 
Nov 23 Nov 27 
No class (Thanksgiving recess) 

Dec 1 Dec 3 
More on arrays.
Binary search. Reading and writing frames for reference variables.
Methods that modify arrays.
Examples.
Required Readings:


Dec 8 Dec 10 
Specifying classes as abstract datatypes to separate observable behavior
from internal implementation.
Two examples of FIFO queue implementation.


Dec 18 
Final Exam 
