© M. Winter COSC 4P42 – Formal Methods in Software Engineering COSC 4P42 Formal Methods in Software Engineering Course: –Lecture: Wed & Fri, 11:00am - 12:30pm, Winter 2015, Room: TH244 –Lab: Fri, 8:00am - 9:30am, Winter 2015, Room: MCD205 Instructor: Michael Winter –Office J323 –Office Hours: Tue 1:00pm - 3:00pm, Wed 9:00am-11:00am – Webpage:

© M. Winter COSC 4P42 – Formal Methods in Software Engineering Course Description (Brock Calendar): Specification and correctness of software. Topics include algebraic specifications, semantics of programming languages, Hoare/dynamic logic, specification languages, program transformation. Prerequisites: 3.5 COSC credits and MATH 1P67 or permission of the instructor course procedures –cheating on tests/exam

© M. Winter COSC 4P42 – Formal Methods in Software Engineering Textbooks Main Text –None (course material is on the web page). Supplemental Texts –The Formal Semantics of Programming Languages: An Introduction, G. Winskel, The MIT Press (1993), ISBN (hc), (pb) –The Design of Well-Structured and Correct Programs, S. Alagic & M.A. Arbib, Springer-Verlag (1978), ISBN –Fundamentals of Algebraic Specifications 1: Equations and Initial Semantics, H. Ehrig & B. Mahr, Springer-Verlag (1985), ISBN

© M. Winter COSC 4P42 – Formal Methods in Software Engineering Course Work Marking Scheme –Lab Tests (3x20%)60% –Final Exam (Lab D205)40% Important Dates TestLength Date (D205)/Time 160 minsJan 30 (8:00am-9:00am) 260 minsFeb 27 (8:00am-9:00am) 360 minsMar 20 (8:00am-9:00am) Exam90 minsApr 06 (8:00am-9:30am)

© M. Winter COSC 4P42 – Formal Methods in Software Engineering Course Outline WeekDateLecture TopicLab Topic 1Jan 07, 09IntroductionNo lab 2Jan 14, 16First-order logic - Syntax and SemanticsIntroduction to Isabelle 3Jan 21, 23First-order logic - Natural DeductionNatural Deduction in Isabelle 4Jan 28, 30 First-order logic - Soundness of Natural Deduction Test 1 (Jan 30) 5Feb 04, 06 Introduction of the Programming Logic IMP and Hoare Logic Hoare logic in Isabelle 6Feb 11, 13 Programming Language IMP - Syntax and Operational Semantics Hoare logic in Isabelle 7*7* Feb 25, 27Programming Language IMP - Hoare LogicTest 2 (Feb 27) 8Mar 04, 06 Programming Language IMP - Soundness of Hoare logic Introduction to ML 9Mar 11, 13 Algebraic Specifications - Motivation, Syntax and Semantics Using ML as a specification language in Isabelle 10Mar 18, 20 Algebraic Specifications - Homomorphisms, Initial and Terminal Models Test 3 (Mar 20) 11Mar 25, 27 Algebraic Specifications - Homomorphisms, Initial and Terminal Models Review, Questions, Exam preparation 12Apr 01, 06 ** Selected topics, ReviewExam (April 06) * February is Reading Week, no classes ** April 03 is Good Friday, no classes. Make up on April 06.

© M. Winter COSC 4P42 – Formal Methods in Software Engineering A mark of at least 40% on the final exam is required to achieve a passing grade in this course. No electronic devices and especially no calculators will be allowed in the examination room. Consideration regarding illness for test or exam dates will only be considered if accompanied with the completed Departmental Medical Excuse form.

© M. Winter COSC 4P42 – Formal Methods in Software Engineering Motivation Assume you are a project coordinator in a software company. The latest project your team is working on has the following constraints: avoid integer multiplication (there are issues with the hardware); the operation square(n)=n 2 will frequently be used in the program. You present this problem to a member of your team. He comes up with the following piece of code:

© M. Winter COSC 4P42 – Formal Methods in Software Engineering A program r := 0; s := 1; i := 0; while i < n do r := r+s; s := s+2; i := i+1; od The program above computes n 2 in the variable r.

© M. Winter COSC 4P42 – Formal Methods in Software Engineering Testing Input n=irs

© M. Winter COSC 4P42 – Formal Methods in Software Engineering Problems with Testing Testing may unveil errors in the code, but You may only test finitely many examples. Testing cannot verify that the code is bug-free. “Correctness cannot be established through testing. Testing can only delete errors, but never exclude errors.” Are you satisfied with the testing procedure? Yes?!?, but what if this program controls a machine producing toys worth $10,000 an hour? controls a rocket sending a new television satellite into orbit? An error in the code might cause a big financial loss for our company!!!

© M. Winter COSC 4P42 – Formal Methods in Software Engineering A proof The programmer says: “My program obviously computes Here is the proof that this is equal to n 2. […]”

© M. Winter COSC 4P42 – Formal Methods in Software Engineering Further Problems? Are you satisfied with this proof? Yes?!?, but what if this program controls the reentry of a space shuttle? controls the rollercoaster you are sitting in? controls the cooling system of the nuclear plant next door? The previous argument still contains the informal step: “My program obviously computes “ This could be wrong!!!!!

© M. Winter COSC 4P42 – Formal Methods in Software Engineering Formal Methods An alternative approach is based on so-called formal methods in software engineering. These methods try to either mathematically prove programs to be correct or to construct programs correctly step by step. Both attempts Require some formal system/calculus, i.e., a system that is based on a fixed set of simple rules. In this course we will focus on program verification. The idea/procedure of program verification can be summarized by: Provide a specification of the behaviour of the program in a formal system/logic. Common tools are: –Propositional Logic (hardware verification) –First-order Logic (properties of imperative programs) –Higher-order Logic (properties of functional programs) –Algebraic Specifications (specification of datatypes)

© M. Winter COSC 4P42 – Formal Methods in Software Engineering Formal Software Verification Provide a formal semantics of the programming language used. Common approaches are: –Operational Semantics (abstract machine) –Denotational Semantics (input/output behaviour as a function) –Axiomatic Semantics (program logic) Use a specialized logic to verify the implementation with respect to the specification. Common logics are: –Specific Modal Logics such as Dynamic Logic –Hoare Logic –Extended Calculus of Constructions

© M. Winter COSC 4P42 – Formal Methods in Software Engineering Formal Software Verification Important considerations when dealing with a formal system: Soundness/Correctness. This property states that every property that can be obtained using the formal system/calculus is semantically true in some sense. –Slogan: “What you can prove is also true.” Completeness. This property is the opposite implication of correctness. It states that for every true sentence there is also a proof in the formal system/calculus. –Slogan: “What is true can also be proven.” Expressive power. –Slogan: “Can I formulate all my properties in the language?” Decidability. If a formal system is decidable, then all proofs can be found automatically by a program. –Slogan: “Can a computer do my work?”