Lectures

This page gives highlights of past lectures and provides lecture notes, reading assignments, and exercises.


Dates Topics and Readings HomeWork
Aug 25
Aug 27

Course introduction and administration. Introduction to Formal Methods.

Introduction to sets and relations.


Required Readings:
  • Syllabus
  • Course overview [pdf] and introduction [pdf]
  • [Haxt10] An introduction to formal methods, with examples of industrial usage
  • Lecture notes on sets and relations (as needed) [pdf]
Recommended Readings:
  • [vLam00] An introduction to formal specifications, and a survey of formal specification approaches.
  • Chap. 1-2 of [Gara13] A fairly comprehensive recent survey on the use and practice of FM.
  • [Barr13] Notes on expert reports and testimony of the Toyota Unintended Acceleration Litigation.
All exercises in lecture notes
Sep 1
Sep 3

Recap of basic notions in set theory. Relations and relational operators.

Modeling general software systems. Introduction to the Alloy modeling language. Alloy's foundations. Signatures, fields and multiplicity constraints.

Modeling simple domains in Alloy. Generating and analyzing model instances with the Alloy Analyzer.


Required Readings:
  • Lecture notes on sets and relations (as needed) [pdf]
  • Lecture notes: An introduction to Alloy 4 - Part 1 [pdf] and 2 [pdf] (both revised)
Recommended Readings:
All exercises in lecture notes except for those in Part 2
Sep 8
Sep 10

Relations and operations on them. Formulas, Boolean operators and quantifiers. Expressing constraints on relations using Alloy formulas. Examples of constraints. Exercises.


Required Readings: Recommended Readings:
Exercises in lecture notes
Sep 15
Sep 17

Facts and assertions. Functions and predicates. Checking models and assertions with the Alloy Analyzer. Examples and exercises.

Practice with modeling in Alloy: the Academia domain. Examples and exercises.


Required Readings:
  • Lecture notes: an introduction to Alloy 4 - Part 3 (revised) [pdf]
  • Lecture notes: the Academia model (revised) [pdf]
  • Academia examples from the notes
Recommended Readings:
All exercises in the Academia model notes
Sep 22
Sep 24

More practice with modeling in Alloy: the Academia domain.

Alloy's module system. Motivations and uses. Parametric modules. An example: the predefined Ordering module.

Modeling dynamic systems in Alloy. Example: making the family model dynamic. General approach: dynamic systems as state transition systems. Operators. Preconditions, postconditions and frame conditions. Examples of operators for the family model.


Required Readings:
  • Lecture notes: the Academia model [pdf]
  • Academia examples from the notes
  • Lecture notes: Alloy Modules [pdf]
  • util/ordering.als sample model in the Alloy Analyzer
  • Lecture notes: Dynamic Models in Alloy [pdf]
First exercise in Dynamic Models notes
Sep 29
Oct 1

Introduction to Electrum Alloy. Modeling dynamic systems in Electrum. Examples. Group exercises.
A complete Alloy modeling case study: the hotel room lock system.

Required Readings:
  • Lecture notes: Dynamic Models in Alloy [pdf] (revised)
  • Lecture notes: Hotel Lock System [pdf]
  • Electrum tutorial
Recommended Readings:
  • Lecture notes on Alloy/Electrum by Alcino Cunha and Nuno Macedo on
    • Electrum overview [pdf]
    • First Order Logic [pdf]
    • Relational Logic [pdf]
    • Alloy's type system [pdf]
    • Relational model finding [pdf]
    • First-order Linear Temporal Logic [pdf]
    • Safety, liveness, and fairness [pdf]
All exercises in Dynamic Models notes
Oct 6
Oct 8

Introduction to reactive systems. Introduction to the Lustre specification language.
Examples of Lustre programs. Specifying simple reactive systems in Lustre. Simulating Lustre programs with the Kind 2 tool (online examples).


Required Readings:
  • Lecture notes: Reactive Systems and the Lustre language, Part 1 [pdf] and Part 2 [pdf]
  • Chap. 1 of [Halb02], a Lustre tutorial
  • Lustre examples seen in class
Recommended Readings:
Exercises in Lustre notes
Oct 13
Oct 15

Practice with writing Lustre models and expressing their properties. Simulating and checking Lustre models with Kind 2 (online examples).
Checking properties via synchronous observers. Useful temporal operators. Examples.


Required Readings:
  • Lecture notes: Reactive Systems and the Lustre language, Part 1 [pdf] and 2 [pdf]
  • Lustre examples seen in class (extended)
  • Chap. 1 of [Halb02], a Lustre tutorial
Recommended Readings:
  • [Halb91], the main reference paper for Lustre
  • [Halb99], an introduction to verification and testing with Lustre
Exercises in Lustre notes
Oct 20

Midterm exam

Oct 22

More practice with writing Lustre models and expressing their properties. Boolean Switches and traffic light examples. In-class exercise.


Required Readings:
Simulate and verify in Kind 2 all Lustre examples in the readings
Oct 27
Oct 29

Contract-based specification and compositional verification. Motivation and uses. Extending Lustre with contracts. Contract basics: assumptions, guarantees and execution modes. Examples of contracts.


Required Readings:
  • Lecture notes: A Mode-aware Contract Language for Reactive System [pdf] (revised)
  • StopwatchSpec and ElevatorSpec examples on the Kind 2 online page
Recommended Readings:
Simulate and verify in Kind 2 the Lustre examples in the readings
Nov 3

More on contract-based specification. Specifying system modes in Kind 2's contract language. Motivation and uses. Examples of contracts with modes.


Required Readings:
  • Lecture notes: A Mode-aware Contract Language for Reactive System [pdf]
  • StopwatchSpec and ElevatorSpec examples on the Kind 2 online page
Recommended Readings:
Nov 5

Specifying and verifying programs in high-level programming languages. Introduction to Dafny. Method contracts in Dafny. Specifying pre and post-conditions. Compositional verification of methods through the use of contracts. Introduction to Floyd-Hoare logic.


Required Readings:
  • Lecture notes: Reasoning About Programs with Dafny [pdf]
  • Chap. 1, 2.1 of Program Proofs (textbook)
Recommended Readings:
  • [Wing95], which provides several hints to specifiers
Exercises in lecture notes
Nov 10
Nov 12

Formalizing program behavior with Hoare triples. Strongest postconditions and weakest preconditions. The WP and SP operators. Computing WPs and SPs for assignments, sequential compositions, conditional statements, and methods calls. Assert and assume statements. Method vs function calls in Dafny. Partial expressions.


Required Readings:
  • Lecture notes: Floyd-Hoare logic [pdf] (revised)
  • Chap. 2 of Program Proofs except for 2.9
Recommended Readings:
  • Chap. 2.9 of Program Proofs
Exercises in lecture notes
Nov 17
Nov 19

Dafny in action. Various examples.
Loops in Dafny. The loop rule in Floyd-Hoare logic. Loop specifications and implementations. Deriving correct by construction implementations from specs. Loop termination. Examples.
Recursive specifications iterative programs. Examples.
Arrays. Checking iterative programs with arrays.


Required Readings:
  • Lecture notes: Loops in Dafny [pdf] (revised)
  • Lecture notes: Iterative programs in Dafny [pdf] (revised)
  • Lecture notes: Arrays in Dafny [pdf] (revised)
  • Chap. 11, 12 of Program Proofs except 12.3
  • Chap. 13.0-13.3 of Program Proofs
Recommended Readings:
  • Chap. 3 of Program Proofs
Exercises in lecture notes
Nov 23
Nov 27

No class (Thanksgiving recess)

 
Dec 1
Dec 3

More on arrays. Binary search. Reading and writing frames for reference variables. Methods that modify arrays. Examples.
Specifying classes as abstract data types to separate observable behavior from internal implementation. Examples.


Required Readings:
Dec 8
Dec 10

Specifying classes as abstract datatypes to separate observable behavior from internal implementation. Two examples of FIFO queue implementation.
The use of dynamic frames in Dafny to specify and verify programs using objects. Motivation and uses. Queue, counter, bank account and linked list examples.

Required Readings: Recommended Readings:
Dec 18  

Final Exam

 
 

Copyright: Cesare Tinelli, The University of Iowa, 2020