This page gives highlights of past lectures and provides lecture notes, reading assignments, and exercises.
Dates  Topics and Readings  HomeWork 

Aug 22 Aug 24 
Course introduction and administration. Introduction to Formal Methods. Introduction to sets and relations. Required Readings: Recommended Readings: 
All exercises in lecture notes 
Aug 29 Aug 31 
Recap of basic notions in set theory. Relations and relational operators. Modeling general software systems. Introduction to the Alloy modeling language. Alloy's foundations. Signatures, fields and multiplicity constraints. Modeling simple domains in Alloy. Generating and analyzing model instances with the Alloy Analyzer. Relations and operations on them. Formulas, Boolean operators and quantifiers. Expressing constraints on relations using Alloy formulas. Required Readings:

All exercises in lecture notes except for those in Part 2 
Sep 5 Sep 7 
More on the Alloy language. Facts and assertions. Checking models and assertions with the Alloy Analyzer. Examples and exercises. Required Readings:

Exercises in lecture notes 
Sep 12 Sep 14 
Functions and predicates. Examples.
Required Readings:

All exercises in the Academia model notes 
Sep 19 Sep 21 
Modeling dynamic systems in Alloy. Example: making the family model dynamic. General approach: dynamic systems as state transition systems. Operators. Preconditions, postconditions and frame conditions. Examples of operators for the family model. Required Readings:

All exercises on page in Dynamic Models notes 
Sep 26 Sep 28 
More on modeling dynamic systems in Alloy.
Example: rovers on a twodimensional space.
Group exercises.


Oct 3 Oct 5 
Introduction to reactive systems.
Introduction to the Lustre specification language. Required Readings:

Exercises in Lustre notes 
Oct 10 
Practice with writing Lustre models and expressing their properties.
Required Readings: Recommended Readings: 
Exercises in Lustre notes 
Oct 12 
Midterm exam 

Oct 17 Oct 19 
More practice with writing Lustre models and expressing their properties.
Checking properties via synchronous observers.
Useful temporal operators. A few examples. Required Readings:

Simulate and verify in Kind 2 all Lustre examples in the readings 
Oct 24 Oct 26 
Contractbased specification and compositional verification. Motivation and uses. Extending Lustre with contracts. Contract basics: assumptions, guarantees and execution modes. Examples of contracts. Required Readings:

Simulate and verify in Kind 2 the Lustre examples in the readings 
Oct 31 Nov 2 
Specifying and verifying programs in highlevel programming languages. Introduction to Dafny. Main features. Method contracts in Dafny. Specifying pre and postconditions. Compositional verification of methods through the use of contracts. Abstraction of while loops by loop invariants. Examples. Required Readings:

Exercises 06 in [Koen12] 
Nov 7 Nov 9 
More on loop invariants in Dafny. Functions and predicates. Complex specifications using recursive functions. Reading Frames. Termination of while loops and recursive functions in Dafny. Arrays and quantified verification conditions. Loop invariants for arrays. Examples. Required Readings:

Exercises 710 in [Koen12] 
Nov 14 Nov 16 
Introduction to value types in Dafny: sets and sequences. Classes. Constructors, fields and class methods. Class invariants. Ghost fields. Using ghost fields to represent abstract states. Connecting concrete and abstract state in a class. Examples. Required Readings:


Nov 21 Nov 23 
No class (Thanksgiving recess) 

Nov 28 Nov 30 
Specifying classes as abstract datatypes to separate observable behavior
from internal implementation.
Two examples of FIFO queue implementation.


Dec 5 Dec 7 
Introduction to the Lean prover. Motivation and uses. The Lean logic. Examples. Recommended Readings:


Dec 12 
Final Exam 
