CS615: Formal Specification and Verification of Programs
(Autumn 2004)


Instructor Supratik Chakraborty
Friendly Teaching Assistant Bhargav Gulavani

Announcements

All scores and grades have been posted. Happy vacations!

Course Description

This course aims at providing students with a basic understanding of the theory and practice of specifying correctness properties of programs and proving them correct. The primary emphasis will be on the theoretical aspects of specification formalisms, proof techniques and algorithmic verification. There will also be occasion to study some of the issues that arise in deploying these techniques in practice, and solution strategies for them. Techniques covered in the course should be applicable in both software and hardware (modeled as processes) domains.

Prerequisites

This is a graduate level course, and good working knowledge (at undergraduate level) of propositional and first order logics, algorithm design and analysis, automata theory and some aspects of programming languages are required for crediting/auditing this course.

Hours

What When Where
LecturesMon 15:30-17:00,
Thurs 15:30-17:00 		Seminar Hall, Ground Floor, CSE Bldg
Office hourWed 15:00-16:00
by email appointment		 CFDVS (Maths Bldg Basement)

Tutorials When Where
Tutorial 1 Fri, Sep 10, 18:00-19:00 S9, CSE Dept.
Tutorial 2 Oct 8, 18:00-19:00 Seminar Hall, CSE Dept.

Related links ...

Grading

Quizzes 30%
Endterm 50%
Term paper 20%

Homework Policy

Regular homework problems will be given. These are meant for your practice and your performance in homeworks will not contribute towards your final grade. You are encouraged to solve all problems by yourself on in small groups, in order to gain understanding of the ideas. You are also encouraged to approach the instructor or TA (by setting up an appointment by email) for help with homework problems, if needed.

Term Paper Policy

Each student is required to choose a topic for in-depth study, in consultation with the instructor. After having chosen a topic, the student is expected to read a few key papers on the specific topic (with more readings to clarify related concepts, if needed). Each student is required to write a survey paper based on the topic studied and submit it for evaluation. In addition, a student should be prepared to make a presentation on the ideas studied in the papers, if asked to do so.

A tentative list of term paper topics has been provided. You are welcome to suggest alternative topics in consultation with the instructor.

A suggestive template for term papers has been posted. However, it is not obligatory to follow this template exactly. The purpose of the template is to provide an idea of the depth and breadth to which your term paper must cover the topic that you studied.

Some more logistics ...

  • There will be no midterm examination.
  • Endterm exam and quizzes will be open book, notes and any material brought to the exam hall.
  • If you miss a quiz for a genuine reason, meet the instructor after setting up an appointment.
  • Discussion among students for the purpose of clarification is strongly encouraged.
  • There will be zero tolerance for dishonest means like copying solutions from others in quizzes, term-papers and end-term exam. Anybody found indulging in such activities will be summarily awarded an FR grade. The onus will be on the supposed offender to prove his or her innocence.

Quizzes, Assignments, Practice Problems ...

Quiz 1 Aug 26
Practice Assignment 1
Practice Assignment 2
Quiz 2 Sep 23
Practice Assignment 3 Already posted on newsgroup
Quiz 3 Nov 8
Practice Assignment 4
Endsem Exam  

Reading Material

  • Papers and articles to be announced in class.
  • Class notes.

Current Reading List
  1. Selected sections of Chapter 15, Methods and Logics for Proving Programs by P. Cousot, in Handbook of Theoretical Computer Science, Vol B (Formal Models and Semantics), edited by Jan Van Leeuwen,   Elsevier and The MIT Press
  2. A wonderful repository of property specifications using Temporal Logic
  3. Selected chapters of the book Model Checking by Clarke, Grumberg and Peled, The MIT Press
  4. Automatic discovery of linear restraints among variables of a program by P. Cousot and N. Halbwachs, in Conference Record of the Fifth Annual Symposium on Principles of Programming Languages, pages 84-97, 1978. A link to the paper is available from Prof. Cousot's home page. This paper discusses the use of the widening operator for computing linear invariants.
  5. Implementation of an Array Bound Checker by N. Suzuki and K. Ishihata, in Conference Record of the Fourth Annual Symposium on Principles of Programming Languages, pages 132-143, 1977. This paper talks about the induction-iteration method.

References for the more interested ...

  • A good set of slides prepared by Prof. S. Ramesh on material relevant to this course.
  • Logic in Computer Science: Modeling and Reasoning about Systems by Michael Huth and Mark Ryan,   Cambridge University Press
  • Formal Methods educational resources from the world-wide web Formal Methods page.
  • The Temporal Logic of Reactive and Concurrent Systems: Specification by Zohar Manna and Amir Pnueli, Springer Verlag.
  • Temporal Verification of Reactive Systems: Safety by Zohar Manna and Amir Pnueli, Springer Verlag.

Lecture Schedule
Date Topics details
Jul 26 Introduction, logistics. Examples of "almost similar" programs that compute very different results. An illustration of Floyd-Naur style of proof using a simple "while" program.
Jul 29 Prerequisites Quiz
Aug 2 Overview of partial orders, lattices and fixed points. Overview of Tarski's fixed point theorem.
Aug 5 More on fixed points: reflexive transitive closure of relations as least fixed point. Operational semantics of programs: configurations, operational transition relation.
Aug 9 More on operational transition relation: recursive definition, an example using "while" programs.
Aug 12 Relational semantics of programs: definition, discussion, an example.
Clarifications
Aug 16 Relational semantics continued. Assertions, specifications, partial correctness: Floyd Naur approach. Stepwise induction method for Floyd Naur style proofs: role of local and global invariants and their equivalence with an example
Aug 19 Floyd Naur style partial correctness proofs with stepwise induction: generating local invariants by pushing precondition "down" through a program and by hoisting postcondition "up" through a program
Aug 23 More on stepwise induction method: soundness and completeness, rules for generating local invariants from preconditons and postconditions in simple "while" programs
Aug 26 Introduction to compositional method for Floyd-Naur style proofs. Quiz 1
Aug 30 Quiz 1 solution discussion. More on compositional method for Floyd-Naur style proofs. Introduction to Hoare Logic
Sep 2 Hoare Logic: Syntax of formulae, examples of axioms, inference rules, and the idea of deductive proofs.
Sep 6 Hoare deductive system: Axiom schemata, Inference Rule schemata, deductive proofs, automatic proof checking in Hoare deductive system. Hoare proof outlines.
Sep 9 Hoare proof outlines: examples and practical utility. Using Hoare Logic in proving partial correctness of programs with theorem provers. Importance of loop invariants in program proofs. A sneak peek into semi-automatic generation of loop invariants.
Sep 13, Sep 16 Mid-semester week
Sep 20 Comments and discussion about Hoare deductive system. Introduction to model checking: motivation for looking at finite state systems, definition of Kripke structure.
Sep 23 Pre-quiz brush-up on Hoare Logic proofs. Quiz 2.
Sep 27 Discussion of (partial) solution to quiz 2. General recap of Hoare Logic proof ideas
Sep 30 Modeling a simple concurrent program involving semaphores using a Kripke structure. Specifying properties of paths in Kripke structures, Linear Temporal Logic (LTL): syntax and semantics
Oct 4 Examples and explanations of several LTL formulae expressing commonly encountered properties of systems. Computation Tree Logic (CTL): syntax and semantics
Oct 7 Examples of several CTL formulae expressing commonly encountered properties of systems. Comparison with LTL, limitations and power of each logic.
Oct 11 CTL model checking with explicit representation of a Kripke structure, complexity analysis. Illustrative example of CTL model checking.
Oct 14 Boolean encoding of states in a Kripke structure, representing sets of states and transition relations using characteristic functions, computing image and pre-image of state sets using quantification and conjunction (relational product). Symbolic breadth-first search (BFS) of a Kripke structure using characteristic functions, symbolic reachability analysis.
Oct 18 Binary Decision Diagrams (BDDs) and ROBDDs, manipulating Boolean functions by graph manipulations in ROBDDs, basic ROBDD algorithms and their complexities. Use of ROBDDs in symbolic BFS.
Oct 21 Fixpoint characterizations of CTL operators, CTL model checking using symbolic fixpoint computation. Illustrative example for symbolic CTL model checking
Oct 25 LTL model checking by tableau construction: motivation, intuition and construction of tableau.
Oct 28 More on LTL model checking by tableau construction, self fulfilling strongly connected components and their relevance in LTL model checking, using the cross product of a Kripke structure with the tableau for finding witness paths. Complexity of LTL model checking, reducing Hamiltonian path problem to LTL model checking -- evidence of NP hardness.
Nov 1 Comparison and contrast between LTL and CTL model checking techniques. Introduction to fairness constraints, fair CTL model checking, fixpoint characterization of fair CTL operators, reducing LTL model checking to fair CTL model checking.
Nov 4 Importance of automatic detection of loop invariants in proving correctness of programs. Overview of the general problem of loop invariant computation. Induction-iteration method a la Suzuki and Ishihata for computing invariants, weaknesses of the approach.
Nov 5 Detection of linear loop invariants, Cousot and Halbwach's approach of using widening operator and convex polyhedra for computing linear loop invariants, illustration with an example. Summarization of course, and general discussion.