CS:5810 Formal Methods in Software Engineering

Lectures

This page summarizes the content of past lectures and provides lecture notes and exercises.

Dates	Topics and Readings	HomeWork
Aug 26	Course introduction and administration. Introduction to Formal Methods. Required Readings: Syllabus Course overview [pdf] [Haxt10] An introduction to formal methods, with examples of industrial usage. Recommended Readings: [Barr13] A sobering reading on the probable causes of the fatal sudden acceleration problem in some Toyota cars. See also this EE times article [vLam00] An introduction to formal specifications, and a survey of formal specification approaches.
Aug 28	Introduction to Formal Methods continued. Required Readings: Course introduction [pdf] [Medv00] Excellent complementary class notes introducing FM's. [Haxt10] An introduction to formal methods, with examples of industrial usage. Recommended Readings: [Beck06] A look at the state of the art in formal methods and a discussion of the developments that make successful applications possible. [Wood09] A fairly recent survey on the use and practice of FM.

Sep 2	Formal methods: main goals and challenges. Recap of basic notions in set theory. Required Readings: Course introduction [pdf] Lecture notes on sets and relations (as needed) [pdf]	Exercises in lecture notes
Sep 4	More on relations and relational operators. Modeling general software systems. Introduction to the Alloy modeling language. Required Readings: Lecture notes on sets and relations (as needed) [pdf] Lecture notes: An introduction to Alloy 4 - Part 1 [pdf] Recommended Readings: Alloy FAQ	Exercises in sets lecture notes

Sep 09 Sep 11	Alloy's foundations. Signatures, fields and multiplicity constraints. Modeling simple domains in Alloy. Relations and operations on them. Formulas, Boolean operators and quantifiers. Expressing constraints on relations using Alloy formulas. Required Readings: Lecture notes: an introduction to Alloy 4 - Part 1 [pdf] and 2 [pdf] Family examples from the notes `models/examples/toys/genealogy.als` sample model in the Alloy Analyzer Alloy 4 tutorial Part 1, notes by Greg Dennis and Rob Seater [pdf]	Exercises in lecture notes

Sep 16 Sep 18	More features of the Alloy language: functions and predicates, facts and assertions. Practice with modeling in Alloy: the Academia domain. Examples and exercises. Required Readings: Lecture notes: an introduction to Alloy 4 - Part 1 [pdf] and 2 [pdf] Family examples from the notes Lecture notes: the Academia model [pdf] Academia examples from the notes	All exercises in the lecture notes

Sep 23 Sep 25	Alloy's module system. Motivations and uses. Parametric modules. An example: the predefined Ordering module. Modeling dynamic systems in Alloy. General approach: dymanic systems as state transition systems. Operators. Preconditions, postconditions and frame conditions. Required Readings: Lecture notes: Alloy Modules [pdf] Lecture notes: Dynamic Models in Alloy [pdf] Family examples Recommended Readings: `util/ordering.als` sample model in the Alloy Analyzer	All exercises in Dynamic Models notes

Sep 30 Oct 2	More on modeling dynamic systems in Alloy. Example: rovers on a two-dimentional space. A complete Alloy modeling case study: the hotel room lock system. Brief discussion of Homework 1 and its solution. Required Readings: Lecture notes: Dynamic Models in Alloy [pdf] `rover.als` Rover model in dynamic systems examples Lecture notes: Hotel Lock System [pdf] `book/chapter6/hotel*.als` sample models (first 2 only) in the Alloy Analyzer

Oct 7 Oct 9	Introduction to reactive systems. Introduction to the Lustre specification language. Examples of Lustre programs. Specifying simple reactive systems in Lustre. Required Readings: Lecture notes: Reactive Systems and the Lustre language, Part 1 [pdf] and 2 [pdf] Recommended Readings: Lustre/Luke examples Chap. 1 of [Halb02], a Lustre tutorial

Oct 14 Oct 16	Practice with writing Lustre models and expressing their properties. Checking properties via synchronous observers. Simulating Lustre programs with the Kind 2 tool (online examples). Useful temporal operators. A few examples. Required Readings: Lecture notes: Reactive Systems and the Lustre language, Part 1 [pdf] and 2 [pdf] Lustre examples seens in class Notes on synchronous observers Chap. 1 of [Halb02], a Lustre tutorial Recommended Readings: [Halb91], the main reference paper for Lustre [Halb99], an introduction to verification and testing with Lustre

Oct 21 Oct 23	More practice with writing Lustre models and expressing their properties. Checking properties via synchronous observers. In-class exercises. Boolean Switches and traffic light examples. Required Readings: Lustre examples seens in class Notes on synchronous observers Recommended Readings: [Halb91], the main reference paper for Lustre [Halb99], an introduction to verification and testing with Lustre

Oct 28	Discussion of Homework 2 and its solution. Modeling systems and building simulators. The elevator case study. Required Readings: Description of Elevator problem in Exercise 5	Exercise 5: Problems 1,2 in Elevator I and Elevator II
Oct 30	Midterm exam.

Nov 4 Nov 6	Discussion of midterm solutions. Specifying and verifying programs in high-level programming languages. Introduction to Dafny. Main features. Specifying pre and post-conditions. Examples. Required Readings: [Koen12], an introduction to the Dafny language (also available as an online tutorial)	Exercises 0-6 in [Koen12]

Nov 11 Nov 13	More on Dafny. Loop invariants. Complex specifications using recursive functions. Arrays and quantified verification conditions. Predicates. Examples. Required Readings: [Koen12], an introduction to the Dafny language Recommended Readings: Dafny on-line tutorials Dafny quick reference	Exercises 7-10 and 1-13 in [Koen12]

Nov 18 Nov 20	Termination of while loops and recursive functions in Dafny. Reading Frames. Classes. Class invariants. Constructors, fields and class methods. Ghost fields. Using ghost fields to represent abstract states. Connecting concrete and abstract state in class. Examples. Brief introduction to value types in Dafny: finite sets, multisets and sequences. Required Readings: [Herb11] and [Lein13], lecture and tutorial notes on Dafny Dafny on-line tutorial on termination Dafny on-line tutorials on sets, multisets and sequences Abstract counter example seen in class Abstract integer set example seen in class Recommended Readings: Dafny quick reference Language reference for the Dafny type system (which also describes available expressions for each type)	All exercises in [Koen12]

Nov 25 Nov 27	No class (Thanksgiving recess)

Dec 2 Dec 4	Discussion of Homework 3 solutions. More on specifying classes and methods in terms of abstract state. Abstract FIFO queue example. More on frames and on developing code and specifications in Dafny. Common issues and pitfalls. Required Readings: FIFO queue example Dafny on-line tutorials on sets, multisets and sequences

Dec 9 Dec 11	Dynamic Frames in Dafny. Motivation and uses. Counter example revised. An overview to Frama-C and ACSL. Required Readings: Counter example with dynamic frames [Herb11] Recommended Readings: Lecture notes by V. Prevosto on Frama C and ACSL ACSL reference manual

CS:5810 Formal Methods in Software Engineering Fall 2014

Lectures

CS:5810 Formal Methods in Software Engineering
Fall 2014