EECS3342 2016W System Specification and Refinement
EECS3342 Winter 2016 Specification and Refinement
Getting Started
- EECS3342 System Specification and Refinement Lecture Times:
- Class TR 11.30am, PSE321. <hi>Starting Thursday Jan 7, classes will be in the Bergeron Centre BCE-213</hi>.
- Scheduled Labs: Every Tuesday 1pm to 2pm in LAS 1002A. Labs attendance is required and there will be required labs, and a quiz almost every week, and Labtests during some of the sessions. <hi> The first lab is due Tuesday Jan 12 by 1.30pm. Quiz 1 is 1.30pm to 1.55pm</hi>
- In the Lab, we now use Rodin 3.2.
- Important: Subscribe to: 3342 Forum for the latest announcements. Please ask all questions relating to the course material on the forum (not via email). For all other questions, see me during office hours.
- See bottom ↓ of this page for login with your Prism password. Slides are available from the SVN repository (see link in the sidebar, once you have logged on).
- Instructions for the Labs will be provided in the first lecture.
- Read the course outline regularly. It is important to read all the required readings (not all of which are discussed in class). It is important to do the suggested exercises.
- In the SVN → Docs, you will find the Rodin 2.8 Manual. Please familiarize yourselves with all the material in the manual, during the first week of classes.
- Suggested Text: Jean-Raymond Abrial, Modeling in Event-B: System and Software Engineering, Cambridge 2010. Available in Steacie. See SVN for notes.
- See Event-B Information for notes on Equational Logic and also on the Sequent Calculus used by Event-B/Rodin. There is an online tutorial on the sequent calculus with point and click to try proofs. Rodin works somewhat differently but the underlying concepts are similar.
Calendar Description
Theory and tools for specifying computer systems (sequential, concurrent and embedded). Specification (via set theory and predicate logic), modelling, abstraction, refinement and formal reasoning are undertaken before code development so that systems are correct by construction under the stated assumptions.
Prerequisites: General prerequisites (CSE2011 3.0 and a cumulative GPA of 4.5 or better over all completed major computer science courses and CSE1019 3.0), and MATH 1090
Long Description
This course provides students with an understanding of how to use mathematics (set theory and predicate logic) to specify and design correct computer systems whether the systems are sequential, concurrent or embedded. The course stresses both the underlying theory as well as the ability to use industrial strength tools that can be applied in practice. User requirements are formalized via an abstract mathematical model that is amenable to formal reasoning long before any programming activity is undertaken (e.g. as done in Event-B, Z and VDM). Successive models are like blueprints in traditional engineering disciplines and their mathematical nature allows us to reason about and predict their safety properties.
After successful completion of the course, students are expected to be able to:
- Document requirements organizing them into appropriate categories such as environmental constraints versus functional properties (safety and progress).
- Construct high level, abstract mathematical models of a system (consisting of both the system and its environment) amenable to formal reasoning.
- Apply set theory and predicate logic to express functional and safety properties from the requirements as events, guards, system variants and invariants of a state-event model.
- Use models to reason about and predict their safety and progress properties.
- Plan and construct a sequence of refinements from abstract high-level specifications to implemented code.
- Prove that a concrete system refines an abstract model.
- Apply the method to a variety of systems such as sequential, concurrent and embedded systems.
- Use practical tools for constructing and reasoning about the models.
- Use Hoare Logic and Dijkstra weakest precondition calculus to derive correct designs
Chapters 1, 2, 3, 4, 5, 9 and 15 from the text Modeling in Event-B: System and Software Engineering, Jean-Raymond Abrial (Cambridge) makes this a possible textbook for the course.
This course is 3 hours of instruction per week as well as 1 hour of supervised labs per week.
The lab time is used to give students detailed exercises and instruction in using a practical verification tool (such as Rodin for Event-B) to accompany the material in the lectures. Tools are essential to using the theory and methods on larger examples and require expert knowledge of the use of automated theorem proving methods. Students will use such tools to prove the examples that are discussed in class as well as larger examples.
Course Outline
1. High-level state/event models and proof rules for invariant preservation
2. Refining a system and proving that the refinement preserves correctness
3. Proving convergence and absence of deadlock
4. Overview of system modelling constructs and proof rules for correctness in a reactive system
5. Design of a distributed systems illustrated with an ftp protocol
6. Anticipated events in high-level models for convergence
7. Use of contexts to develop relevant theories such as parity
8. Nondeterministic systems and associated safety invariant proof rules
9. Design of sequential programs with correction by construction via refinement rules
10. Hoare logic and weakest preconditions for program design and its use in a variety of developments
11. Methods for systematic development of correct-by-construction of reactive systems, illustrated with a train system
12. Thinking before Programming using Lamport’s TLA+ specification method
Grades
- [30%] Weekly quizzes. There will be about 8 weekly quizzes (almost every week). The first 2 quizzes each count 3%. The last 6 quizzes each count 4%. On condition that the Lab work is completed. Quizzes will be based on the Labs, lectures and required readings of the preceding weeks.
- [15%] LabTest after reading week.
- [15%] Project (working in a team of no more than two students)
- [40%] Final exam
It is required that you attend and complete the work allocated in the weekly Lab session in preparation for the Quizzes, Labtest, Project and Exam. <hi> Labs must be completed by their due date in order for you to receive credit for the Quizzes</hi>