EECS 219C: Computer-Aided Verification

Spring 2015

General Information

Instructor: Sanjit A. Seshia (office: Cory 566)
Class Hours and Location:
Monday and Wednesday, 2:30-4 pm, in 299 Cory
Office Hours:
Wednesday 1:30-2:30 pm and by appointment (in 566 Cory)
Credits: 3 units
Check the bCourses site for this course regularly.

Scribed course notes are available here (PDF). Please email the instructor if you have any feedback on these notes or find typos.

Course Description

This course is an introduction to the theory and applications of formal methods, a field of computer science and engineering concerned with the rigorous mathematical specification, design, and verification of systems. At its core, formal methods is about proof: formulating specifications that form proof obligations, designing systems to meet those obligations, and verifying, via algorithmic proof search, that the systems indeed meet their specifications. In particular, the course will cover topics such as model checking, Boolean satisfiability (SAT) solving and satisfiability modulo theories (SMT). These techniques have become essential tools for the design and analysis of hardware, software, and cyber-physical systems. Central themes of the course this year will include (i) the close connections between verification and synthesis, and (ii) the interplay between inductive inference (learning from examples) and deductive reasoning (logical inference and constraint solving). Based on time and interests, we will also cover other current research topics such as quantitative and probabilistic verification, combining machine learning and formal methods, specification inference, and emerging application areas such as computer networking, robotics, and education.

The course material has applications to several areas in EECS and beyond including computer security, software engineering, embedded/cyber-physical systems, control systems, robotics, networking and distributed systems, education, systems and synthetic biology, and CAD for integrated circuits. We will therefore focus on fundamental theory and techniques that apply broadly to many systems.

A tentative list of topics to be covered: (subject to change!):

SAT & BDDs: Complexity, phase transitions, modern DPLL SAT solvers: backjumping, 2-literal watching, conflict-driven learning, etc., proof generation, incremental SAT, circuit SAT. Binary Decision Diagrams, BDD representation and manipulation algorithms, applications.
SMT and Beyond: Survey of logical theories (uninterpreted functions, linear arithmetic, arrays/memories, bit-vectors, etc.), decision procedures, combination of theories, eager and lazy encoding to SAT, generalized DPLL, syntax-guided synthesis.
Model Checking: Modeling with finite automata, Kripke structures and extended finite automata. Temporal logic. Explicit-state model checking, partial-order reduction. Basic fixpoint theory, symbolic model checking, abstraction, bounded model checking, interpolation and its variants, symmetry reduction, assume-guarantee reasoning, learning finite automata, checking simulation and bisimulation, infinite-state model checking.
Advanced Topics: Formal methods for synthesis from specifications, quantitative verification, probabilistic verification, combining inductive learning and deduction, specification inference, emerging applications, etc.

Prerequisites

Familiarity with propositional logic, finite automata, basic computational complexity classes (P, NP, PSPACE), and basic graph algorithms is assumed. An undergraduate course in algorithms such as CS 170 is highly recommended, but is not mandatory. EE 219A, EE 219B, and CS 172 are NOT needed. If you are unsure whether you have sufficient background for the course, please meet the instructor.

Reference Books

There is no required textbook for this course. Readings will be listed on the schedule below or posted on bCourses; you should come prepared to take notes. The following books may be used in selected parts of the course (copies will be on reserve at the Engineering library):

Authors: Edmund M. Clarke, Jr., Orna Grumberg, and Doron A. Peled
Title: Model Checking
Publisher: MIT Press
Year: January 2000

Authors: Michael Huth and Mark Ryan
Title: Logic in Computer Science: Modelling and Reasoning about Systems
Publisher: Cambridge Univ. Press
Year: June 2004 (2nd edition)

Authors: Edward A. Lee and Sanjit A. Seshia
Title: Introduction to Embedded Systems: A Cyber-Physical Systems Approach
Website: LeeSeshia.org
Year: 2011
Author: Gerard Holzmann
Title: The SPIN Model Checker: Primer and Reference Manual
Publisher: Addison-Wesley
Year: September 2003

If you lack background in one of the areas mentioned under "pre-requisites" above, please see here for a list of suggested books.

Grading

(tentative)

Project: (60%) The course project is the most important component of this class. It can be a theoretical and/or experimental investigation related to topics covered in class. A list of project topics will be announced in the first three weeks of the semester. You are also encouraged to pick topics of your own, after consulting with the instructor. It is expected that students team up in groups of 2 or 3 for their project. Projects will culminate in a final paper, presentation, and possibly a demo.
Scribing: (20%) Many of the lectures (but not all) this semester will use the whiteboard. Each student will be assigned to scribe notes for one lecture and edit notes prepared by another student for one lecture.
Class Participation and Paper Discussions: (20%) Each course topic will have associated readings, and some topics will involve reading and critiquing current research papers. Students will be graded on their participation in these paper discussions.

Projects

The key point about the course project is that there should be some new research in it: either a new application of existing verification technology, or a new verification technique, or both. Projects that are simply surveys of existing papers without any input of new ideas will not be acceptable.

In each of the past offerings, more than 50% of the projects have resulted in published conference papers. You are highly encouraged to work towards publishable results.

Here are some suggested project topics.

The main deliverables (in chronological order) will be:
1. 1-2 page proposal, with precise problem definition, literature survey, and timeline; (~5 % towards final grade)
2. Mini-update presentations, describing progress on the timeline; (~5 % each)
3. 5-10 page final report: This should read like a conference paper, must use at least 11 pt font; (~25 %)
4. Project presentation and possibly demo. (~20 %)

Guidelines for Project Presentations:

Time your presentation for 12 minutes. It's very important to finish on time. Practise your presentation several times.
Topics to cover:

Motivation, Problem definition, and your approach
Related work and what is new about your work
Your solution. Describe the main technical challenges and how you tackled them.
Hardware/software platform and tools used
Demo (optional) -- could be interleaved with the presentation or performed right after
Finish with a 1-slide summary: what did you achieve, what more can be done?

Guidelines for Project Reports:

One report per team. Hard deadline: May 12 at midnight. Submit on bCourses.
Recommended length: 5-10 pages, use at least 11 pt font
Topics to cover:
1. Introduction & Problem Definition
2. Outline of your Approach and how it compares to related work
3. Formal Model and Algorithms Devised
4. Major Technical Challenges in the Design/Implementation and how you tackled them
5. Summary of Results -- what worked, what didn't, why, ideas for future work
6. A one-paragraph narrative on the roles each team member played in the project
7. How the project applied one or more of the course topics.
8. Feedback: List of topics covered in class that came in handy; any topics that weren't covered that would have been useful
Illustrate algorithms and models with diagrams, and results with graphs, screenshots, pictures of your hardware, etc.
Keep the report short and precise; avoid lengthy and verbose descriptions!

Course Topics and Schedule (subject to change)

The tentative course schedule will be posted below. Lecture slides will be posted alongside where available; note however that most lectures will have scribed notes and these notes and readings will be posted on bCourses.

1/21 - Introduction and Course Overview (slides)
1/26 - 2007 Turing Award lecture viewing 2007 Turing Award video
1/28 - SAT Solving Part I (slides)
2/2 - SAT Solving Part II (In addition to above slides, see: Example 1, Example 2, BCP Intro. BCP Example )
2/4 - Binary Decision Diagrams (BDDs) (slides)
2/9 - No class, work on project proposals
2/11 - Satisfiability Modulo Theories (SMT) - Part I (Examples used in class)
2/16 - President's Day: No class
2/18 - Satisfiability Modulo Theories (SMT) - Part II (Examples used in class)
2/23 - Satisfiability Modulo Theories (SMT) - Part III (Lazy SMT Examples, Eager SMT (see slides 26-66) )
2/25 - Syntax-Guided Synthesis (SyGuS)
3/2 - Probabilistic Verification (guest lecture by Prof. Marta Kwiatkowska) (Slide Set 1, Slide Set 2)
3/4 - Modeling for Verification (Example used in Class)
3/9 - Temporal Logic (Examples used in class)
3/11 - Explicit-state Model Checking (Extra Slides used in class)
3/16 - Project mini-updates
3/18 - Symbolic Model Checking: Reachability Analysis and Fixpoint Computation
3/23 - Spring break: no class
3/25 - Spring break: no class
3/30 - Bounded Model Checking with SAT/SMT, Abstraction-based model checking
4/1 - Deductive Verification: k-induction, IC3/PDR
4/6 - Combining Inductive Learning and Deduction for Verification
4/8 - Simulation/Bisimulation; Compositional Reasoning
4/13 - Synthesis from Temporal Logic
4/15 - Verifying Liveness and Termination
4/20 - Project updates
4/22 - Simulation-based Verification of Hybrid Systems
4/27 - Hyperproperties: Specification and Verification
4/29 - Conclusion & wrap-up
5/6 - Final Project Presentations (1-4 pm in 299 Cory)

Tools

Here is an incomplete list of tools that could be useful in your projects.

SAT solvers:

Finite-State Model checking tools:

SMT solvers and SMT-based verification tools:

Timed / Hybrid systems verification / synthesis tools: