CS 4201/5201: Software Verification

Fall 2017

Software Verification

A seminar for junior and senior CS majors and graduate students on programming languages and software verification, with hands-on exercise in the interactive theorem prover Coq.

Topics: logic; functional programming; inductive datatypes, recursion, and structural induction; operational, denotational, and axiomatic semantics; the simply-typed lambda calculus; the polymorphic lambda calculus; pi calculus; type systems and typechecking; SAT and SMT.

Lecture: MW 3:05pm-4:00pm, ARC 159
Lab: F 3:05pm-4:00pm, Stocker 192
Professor: Gordon Stewart (gstewart@ohio.edu)
Office Hours: W 11:00am-12:00pm, F 1:00pm-2:00pm (Stocker 355), or by appointment

Textbooks and Software

The primary text is Software Foundations (version 4.2) by Pierce et al., a software verification and programming languages course available free and online. Before the first day of class, I encourage you to download and install the Coq proof assistant (version 8.6), the tool upon which Software Foundations is based.

Two IDEs for Coq are available, the Emacs-based ProofGeneral and CoqIDE (bundled with Coq). I recommend CoqIDE for new Coq users (this is also the IDE we'll be using in class); ProofGeneral is good but requires more setup and some Emacs experience.

Periodically I may assign additional supplementary (optional but recommended) readings from Types and Programming Languages, Benjamin Pierce, and from The Formal Semantics of Programming Languages, Glynn Winskel. Both of these books are available on Amazon.

Prerequisites

Some mathematical maturity (at the level of "I've seen and done proofs before"), facility with a couple different programming languages, and a desire to learn.

Course Structure

The course consists of twice-weekly lectures (Mondays and Wednesdays) and a weekly lab (Fridays), during which I'll be around to help with problems you may encounter completing the homeworks.

In addition to the weekly homework assignments, drawn primarily from Software Foundations, there will be a take-home midterm exam (Week 7, approximately 15% of your grade) and a final project (Week 15, approximately 35%). The weekly homeworks and attendance at lecture and lab are worth approximately 50%.

Blackboard will be used only to report grades. Up-to-date information on all other aspects of the course (assignment due dates, etc.) will be posted on this website.

Schedule

The schedule is subject to revision.

Functional Programming, Coq

Week 1

Introduction to functional programming, Coq. Basic proofs.
Reading: Basics, Induction, Lists.
Homework: Assignment 0.

Week 2

More functional programming: polymorphism, implicit arguments, higher-order functions. Coq proof strategies, additional tactics.
Reading: Poly, Tactics.
Homework: Assignment 1.

Monday, September 4: Labor Day, no class

Logic in Coq

Week 3

Logic in Coq, inductively defined propositions.
Reading: Logic, IndProp.
Supplementary Reading: How to Write a 21st Century Proof, by Leslie Lamport
Homework: Assignment 2.

Week 4

Logic in Coq continued, proof objects.
Reading: ProofObjects.
Homework: Assignment 3.

Modeling and Proving Systems

Week 5

The little imperative language Imp.
Reading: Maps, Imp.
Supplementary Reading: Winskel, Ch. 2, Secs. 2.1-2.5.
Homework: Assignment 4.

Week 6

Program equivalence.
Reading: Equiv.
Homework: Assignment 5.

W7:10/9-13

Interlude: More Functional Programming (!) in Coq
Take-home Midterm: due Wednesday, 10/18

Tuesday, October 10: Fall Semester Reading Day, no class

Week 8

Hoare Logic.
Reading: Hoare, Hoare2.
Homework: Assignment 6.

Week 9

Small-step Operational Semantics.
Reading: Smallstep, Auto.
Supplementary Reading: Winskel, Ch. 2, Sec. 2.6.
Homework: Assignment 7.

Lambda Calculus and Type Systems

Week 10

Type systems.
Reading: Types.
Supplementary Reading: TAPL, Chs. 1 and 8.
Homework: Assignment 8, Final Project Checkpoint #1.

Week 11

Untyped Lambda Calculus, Simply-Typed Lambda Calculus.
Reading: Stlc.
Supplementary Reading: TAPL, Chs. 5 and 9.
Homework: Assignment 9.

Friday, November 10: Veterans Day, no class

Week 12

STLC contd., progress and preservation
Reading: StlcProp, Typechecking.
Supplementary Reading: TAPL, Ch. 11.
Homework: Assignment 10.

Week 13

More STLC: let-bindings, pairs, unit, sums, lists, recursion.
Reading: MoreStlc.

November 22-24: Thanksgiving Break, no classes

Concurrent and Distributed Systems

Week 14

Concurrent systems, pi calculus
Homework: Final Project Checkpoint #2.

Week 15

Modeling and reasoning about distributed systems
Supplementary Reading: Verdi: A Framework for Implementing and Formally Verifying Distributed Systems by Wilcox et al., PLDI 2015

Fri. 12/2: Final project presentations

December 11-15: Final Exams

Final Project Written Reports (Due Date 12/15/2017 at 11:59pm)

Student Outcomes vs. Course Learning Outcomes

(a) An ability to apply knowledge of computing and mathematics appropriate to the program's student outcomes and to the discipline. Students will be able to:

Design and implement inductively defined data types to solve computational problems
Design and implement recursive functions over inductively defined data types in order to solve computational problems
Model the behavior of an imperative programming language using operational semantics

(b) An ability to analyze a problem, and identify and define the computing requirements appropriate to its solution. Students will be able to:

Analyze a type system in order to prove metatheoretic properties like type soundness
Analyze a program in order to identify specifications (Hoare-logic pre- and post-conditions) that capture the program's expected behavior

(c) An ability to design, implement, and evaluate a computer-based system, process, component, or program to meet desired needs. Students will be able to:

Use an interactive theorem prover to mechanically prove type soundness for a small arithmetic expression language
Use an interactive theorem prover to prove type soundness for the simply-typed lambda calculus
Use an interactive theorem prover to build a mechanical Hoare-logic proof of safety for a small imperative program

(j) An ability to apply mathematical foundations, algorithmic principles, and computer science theory in the modeling and design of computer-based systems in a way that demonstrates comprehension of the tradeoffs involved in design choices. Students will be able to:

Reason about, and recognize the tradeoffs of, various definitions of program equivalence with respect to a language's operational semantics

Homework and Collaboration Policies

Academic Honesty Policy

Acceptable Collaboration Matrix

	Instructor/GA	Noninstructor (e.g., Another Student)
You	all collaboration allowed	high-level discussion (of the problems, not your code!) allowed but only after you've started the assignment; must be documented in README as described below

You may discuss the homework with other students in the class, but only after you've attempted the problems on your own first. If you do discuss the homework problems with others, write the names of the students you spoke with, along with a brief summary of what you discussed, in a README comment at the top of each submission. Example:

(* README Gordon Stewart, Assn #1
I worked with X and Y. We swapped tips regarding the use of Coq's "rewrite" tactic. *)

However, under no circumstances are you permitted to share or directly copy code or other written homework material, except with course instructors. If I discover that you've cheated on an assignment, you'll get an automatic 0 along with an immediate referral to the Office of Community Standards, which will likely take disciplinary action against you. Remember: homework is there to give *you* practice in the new ideas and techniques covered by the course; it does you no good if you don't engage!

In general, students in EECS courses such as this one must adhere to the Russ College of Engineering and Technology Honor Code, and to the OU Student Code of Conduct. If you haven't ever read these documents, please do so.

Students with Disabilities

If you suspect you may need an accommodation based on the impact of a disability, please contact me privately to discuss your specific needs. If you're not yet registered as a student with a disability, contact the Office of Student Accessibility Services first.