CS410/510 Practical Specification and Verification Winter 2016

Instructor: Andrew Tolmach

Course Information

• Syllabus

Key to Readings

• H&R = Huth and Ryan, Logic in Computer Science, 2nd ed., Cambridge University Press, 2004. (Website for supporting materials.)
• SS = Leslie Lashemport, Specifiying Systems, Addison-Wesley, 2002.
• HB = Leslie Lamport, The TLA+ Hyperbook.

Tools

• TLA+
• Dafny rise4fun site

Tool Investigation Ideas

• Alloy
• Spin (Promela)
• CMBC
• Cubicle
• Why3
• Frama-C
• SPARK Pro (consult with me if interested)
• QuickCheck

  Schedule

  Read the assigned materials before class on the specified date.
  • Tu. Jan. 5 Introduction
    • Introductory Slides from Cesare Tinelli's course at University of Iowa.
    • Hotel Room Lock problem coded in TLA+.
  • Th. Jan. 7 Propositional Logic
    • Read H&R 1.1--5
    • Quiz yourself using the relevant on-line tutor problems here
  • Tu. Jan. 12 Predicate Logic
    • Submit exercise set 1
    • Read H&R 2.1--5
    • Try on-line tutor problems here
  • Th. Jan. 14 Beginning TLA+.
    • Make sure you can run the TLA Toolbox on a machine of your choice.
    • Read HB 1 & 2, working through the examples using the Toolbox.
  • Tu. Jan. 19 Guest lecture by Aaron Tomb, Galois, Inc. on Applying Satisfiability to the Analysis of Cryptography.
    • Slides and accompanying examples. You are encouraged to check out these materials before the lecture, and even build Cryptol and SAW if you are interested; the repository includes instructions for doing that.
  • Th. Jan. 21 Guest lecture by John O'Leary, Intel.
    • Slides
  • Tu. Jan. 26 TLA+ for simple machines
    • Submit exercise set2, which includes a TLA exercise.
    • sample TLA solution and model directory.
  • Th. Jan. 28 TLA+ for planning problems
    • Read TLA hyperbook Ch. 3.
    • Farmer/River example as developed in class (thanks to Yuriy) and my alternative encoding.
  • Tu. Feb. 2 TLA+ for concurrent problems
    • Read TLA hyperbook Ch. 6.
    • Read H&R 3.1-2.
    • Internal Memory TLA example
    • Write Through Cache Memory WTC example
  • Th. Feb. 4 TLA+ refinement
    • Fix problems in WTC example
  • Tu. Feb. 9 TLA+ wrap-up
    • More background reading on Cache examples is in Specifying Systems, Chs. 5 and 8.5.
    • Exercise set 3, primarily a TLA+ exercise.
    • Sample solution to MSI Cache problem
  • Th. Feb. 11 Introduction to Dafny
    • Dafny rise4fun site
  • Tu. Feb. 16 More on Program Proof (Midterm due)
    • Midterm
    • Reach H&R Chapter 4.
    • Work through part 1 of Dafny tutorial
    • Binary search code
    • Initial insertion sort code
  • Th. Feb. 18 Proofs of Functional Programs
    • Initial reverse code
    • Full reverse code [updated 19Feb 2:35pm]
    • Full insertion sort code
  • Tu. Feb. 23 Proofs of Imperative Programs
    • Complete the quicksort example
    • Initial quicksort code
    • Sample quicksort solution
    • Initial parity code
    • Initial array insertion sortcode (version using swap )
    • Final array insertion sortcode (version using swap)
    • Initial array insertion sortcode (version using temp)
    • Final array insertion sortcode (version using temp)
  • Th. Feb. 25 Proofs of Pointer Programs
    • List reversal code
    • For more background on the technologies underlying Dafny, see K.R.M. Leino, Specification and Verification of OO Software, Marktoberdorf International Summer School 2008 lecture notes.
  • Tu. Mar. 1 Verification Condition Generation and Triggers
    • Define and verify a Dafny method to concatenate (destructively) two linked lists, represented in the same style as in the list reversal example. In other words, your method should take two lists as inputs and mutate the last element of the first one to point to the second one. Hint: try a recursive solution.
    • Example of using triggers with an axiomatized theory.
  • Th. Mar. 3 F*
  • Tu. Mar. 8 Student Reports (Frama-C, Cryptol)
  • Th. Mar. 10 Student Reports (Spin, Alloy, CBMC)