EECS3342 Winter 2016 Specification and Refinement
Theory and tools for specifying computer systems (sequential, concurrent and embedded). Specification (via set theory and predicate logic), modelling, abstraction, refinement and formal reasoning are undertaken before code development so that systems are correct by construction under the stated assumptions.
Prerequisites: General prerequisites (CSE2011 3.0 and a cumulative GPA of 4.5 or better over all completed major computer science courses and CSE1019 3.0), and MATH 1090
This course provides students with an understanding of how to use mathematics (set theory and predicate logic) to specify and design correct computer systems whether the systems are sequential, concurrent or embedded. The course stresses both the underlying theory as well as the ability to use industrial strength tools that can be applied in practice. User requirements are formalized via an abstract mathematical model that is amenable to formal reasoning long before any programming activity is undertaken (e.g. as done in Event-B, Z and VDM). Successive models are like blueprints in traditional engineering disciplines and their mathematical nature allows us to reason about and predict their safety properties.
After successful completion of the course, students are expected to be able to:
Chapters 1, 2, 3, 4, 5, 9 and 15 from the text Modeling in Event-B: System and Software Engineering, Jean-Raymond Abrial (Cambridge) makes this a possible textbook for the course.
This course is 3 hours of instruction per week as well as 1 hour of supervised labs per week.
The lab time is used to give students detailed exercises and instruction in using a practical verification tool (such as Rodin for Event-B) to accompany the material in the lectures. Tools are essential to using the theory and methods on larger examples and require expert knowledge of the use of automated theorem proving methods. Students will use such tools to prove the examples that are discussed in class as well as larger examples.
1. High-level state/event models and proof rules for invariant preservation
2. Refining a system and proving that the refinement preserves correctness
3. Proving convergence and absence of deadlock
4. Overview of system modelling constructs and proof rules for correctness in a reactive system
5. Design of a distributed systems illustrated with an ftp protocol
6. Anticipated events in high-level models for convergence
7. Use of contexts to develop relevant theories such as parity
8. Nondeterministic systems and associated safety invariant proof rules
9. Design of sequential programs with correction by construction via refinement rules
10. Hoare logic and weakest preconditions for program design and its use in a variety of developments
11. Methods for systematic development of correct-by-construction of reactive systems, illustrated with a train system
12. Thinking before Programming using Lamport’s TLA+ specification method
It is required that you attend and complete the work allocated in the weekly Lab session in preparation for the Quizzes, Labtest, Project and Exam. <hi> Labs must be completed by their due date in order for you to receive credit for the Quizzes</hi>