Quick Links

Lectures

This page gives highlights of past lectures and provides lecture notes, reading assignments, and exercises.


Dates Topics, Readings, and Exercises
Aug 22

Course introduction and administration. Introduction to Formal Methods. What are formal methods and how they help in software development.

Required Readings:

  • Syllabus
  • Course overview [pdf] and introduction [pdf]
  • [Haxt10] An introduction to formal methods, with examples of industrial usage

Recommended Readings:

  • [vLam00] An introduction to formal specifications, and a survey of formal specification approaches.
  • Chap. 1-2 of [Gara13] A fairly comprehensive recent survey on the use and practice of FM.
  • [Barr13] Notes on expert reports and testimony of the Toyota Unintended Acceleration Litigation.

Aug 24

More on Formal Methods.

Introduction to sets and relations. Recap of basic notions in set theory. Relations and relational operators.

Required Readings:
  • Course introduction [pdf]
  • Lecture notes on sets and relations [pdf]
Exercises:
  • All exercises in set and relations notes
Aug 29
Aug 31

Relations. Functions as relations. Operations on relations.

Modeling general software systems. Introduction to the Alloy modeling language. Alloy's foundations. Signatures, fields and multiplicity constraints.

Modeling simple domains in Alloy. Generating and analyzing model instances with the Alloy Analyzer.

Relations and operations on them. Formulas, Boolean operators and quantifiers. Relational operators.


Required Readings:
  • Lecture notes on sets and relations [pdf]
  • Lecture notes: An introduction to Alloy 6 - Part 1 [pdf] and 2 [pdf]
Recommended Readings: Exercises:
  • All exercises in lecture notes
Sep 5
Sep 7

More on relational operators in Alloy. Expressing constraints on relations using Alloy formulas. Examples of constraints. Operator precedence and parsing. Exercises.

Required Readings:

  • Lecture notes: an introduction to Alloy 6 - Part 2 [pdf] and 3 [pdf]
  • Family examples from the notes
  • Lecture notes on First Order Logic [pdf] (up to slide 31)

Recommended Readings:

Exercises:

  • Exercises in Part 2 of lecture notes
Sep 12
Sep 14

More on Alloy models. Facts. Checking models with the Alloy Analyzer. Signature scopes. Assertions. Checking assertions. Scope restrictions. Functions and predicates. Examples and in-class exercises.

Practice with modeling in Alloy: the Academia domain.

Required Readings:

Recommended Readings:

Exercises:

  • All exercises in Part 3 of lecture notes
Sep 19
Sep 21

More practice with modeling in Alloy: the Academia domain. Examples and exercises.

Modeling dynamic systems in Alloy. Explicit time modeling. Example: making the family model dynamic.

Required Readings:

  • Lecture notes: the Academia model [pdf]
  • Academia examples from the notes
  • Lecture notes: Dynamic Models in Alloy [pdf]

Exercises:

  • All exercises in Academia Model notes
  • First exercise in Dynamic Models notes
Sep 26
Sep 28

Explicit vs. implicit time modelling in Alloy 6. Trace semantics. Temporal operators and their semantics. Examples.

General approach to model dynamic systems: state transition systems. Operators. Preconditions, postconditions and frame conditions. Examples of operators for the family model.

Required Readings:

  • Lecture notes: Dynamic Models in Alloy (revised) [pdf]
  • Examples of equivalences in Alloy
  • Dynamic systems examples from class and the notes

Recommended Readings:

Exercises:

  • All exercises in the Dynamic Models notes
Oct 3
Oct 5

More on modeling and analyzing dynamic systems in Alloy. Family and traffic light examples.

A complete Alloy modeling case study: the hotel room lock system.

Required Readings:

  • Dynamic systems examples from class and the notes
  • Lecture notes: Hotel Lock System [pdf]

Recommended Readings:

  • Lecture notes: Alloy Modules [pdf]
  • util/ordering.als sample model in the Alloy Analyzer

Oct 10
Oct 12

Specifying and verifying programs in high-level programming languages.

Introduction to Dafny. Method contracts in Dafny. Specifying pre and post-conditions. Compositional verification of methods through the use of contracts.

Introduction to Floyd-Hoare logic. Formalizing program behavior with Hoare triples. Strongest postconditions and weakest preconditions. The WP and SP operators. Computing WPs and SPs for assignments.

Required Readings:

  • Lecture notes: Reasoning About Programs in Dafny [pdf]
  • Lecture notes: Floyd-Hoare logic [pdf]
  • Chapters 0 and 1 of the Program Proofs textbook
  • Chapter 2 of the textbook up to Section 2.3.3

Recommended Readings:

  • [Wing95], which provides several hints to specifiers
  • Appendix A and B of the textbook (as needed)

Exercises:

  • Exercises in lecture notes
Oct 17
Oct 19

Weakest preconditions and strongest postconditions for variable introduction, sequential composition, conditional statements, methods calls, and assert and assume statements. Method vs function calls in Dafny. Partial expressions. Examples in Dafny.

Termination of recursive methods and functions. Well founded orders.

Required Readings:

  • Lecture notes: Floyd-Hoare logic [pdf] (revised)
  • Lecture notes: Recursion and termination [pdf]
  • Chapter 2 of the textbook except for 2.9
  • Chapter 3.1, 3.2 of the textbook

Recommended Readings:

  • Appendix A and B of the textbook (as needed)
  • Chapter 2.9 of the textbook

Exercises:

  • Exercises in lecture notes
  • Exercises 2.4-2.8, 2.11, 2.15, 2.20-2.23, 2.25, 2.26, 2.29(a), 2.32, 2.33, 2.36, 2.40, 2.41 from the textbook
Oct 24 Midterm exam
Oct 26 No class
Oct 31
Nov 2

More on termination and well founded orders in Dafny.

Inductive datatypes. Definition and examples.

Lemmas and proofs. Motivation, uses and examples.

Required Readings:

  • Lecture notes: Recursion and termination [pdf]
  • Chapters 3 and 4 of the textbook
  • Chapter 5 of the textbook except for 5.8
  • Mini-tutorial on sets in Dafny

Recommended Readings:

  • Appendix A and B of the textbook (as needed)

Exercises:

  • Exercises 3.1-3.6, 3.11, 4.1, 4.3, 4.6, 4.7, 5.4, 5.5, 5.11-5.13 from the textbook
Nov 7
Nov 9

Verifying functional programs over lists. More on lemmas and proofs.

Specifying and verifying sorting algorithms.

Required Readings:

Recommended Readings:

  • Appendix A and B of the textbook (as needed)

Exercises:

  • Exercises 6.2, 6.3, 6.6, 6.8, 6.13 from the textbook
Nov 14
Nov 16

Specifying and verifying list sorting algorithms. Insert sort and merge sort.

Specifying and verifying while loops. Examples. Loop termination.
Recursive specifications of iterative programs. Arrays. Checking iterative programs with arrays. Examples.

Required Readings:

  • Chapter 8 of the textbook
  • Chapters 11-13 of the textbook except for 12.3, 13.4-7
  • Lecture notes: Reasoning about Loops [pdf]
  • Lecture notes: Reasoning about Iterative Programs [pdf]
  • Lecture notes: Reasoning about Programs with Arrays [pdf]

Exercises:

  • Exercises 8.0, 8.6, 11.0-11.3, 11.5-11.18 from the textbook
Nov 21
Nov 23

Fall break

Nov 28
Nov 30

Linear and binary search.
Reading and writing frames for reference variables. Methods that modify arrays. Examples.

Classes and Objects in Dafny. Specifying classes as abstract data types to separate observable behavior from internal implementation. Examples: counters and alternative implementations of FIFO queues.

Required Readings:

Exercises:

  • Exercises 13.2, 13.8, 13.12, 14.0, 14.5, 14.8 from the textbook
Dec 5
Dec 7

More on abstract view vs. concrete implementation of classes. The FIFO queue example.

The use of dynamic frames in Dafny to specify and verify programs using objects. Motivation and uses. Counter, bank account and linked list examples.

Required Readings: Recommended Readings:
Dec 12  

Final Exam
 

Copyright: Cesare Tinelli, The University of Iowa, 2023