EECS 219C: Computer-Aided Verification

(Algorithmic Formal Methods for System Design, Verification, and Dependability)

Spring 2011

General Information

Instructor: Sanjit A. Seshia (office: Cory 566)
Class Hours and Location:
Monday & Wednesday, 2:30 - 4 pm, in 299 Cory
Office Hours:
By appointment in 566 Cory
Credits: 3 units
Check the bSpace site for this course regularly.

Course Description

The evolution of computer systems is seeing two trends: increasing ubiquity (thus we depend more and more on them) and growing complexity (so they are harder to get right). We face a major challenge to ensure that as computing becomes more ubiquitous, it is also dependable and secure. The challenge is to develop and maintain large, complex software systems on top of increasingly unreliable computing substrates under stringent resource constraints such as energy usage. We need to advance the science of building correct and robust systems at all levels of abstraction, from algorithms, through software, to circuits.

This course covers fundamental algorithms and concepts that find widespread use in ensuring that systems are dependable and secure. In particular, we will cover algorithmic techniques for formal verification and synthesis, such as model checking, satisfiability (SAT) solving and satisfiability modulo theories (SMT). These techniques have become essential tools for the design and analysis of hardware and software systems. We will also cover other cutting-edge research topics such as quantitative and probabilistic verification, combining statistical learning and deductive reasoning, and formal methods for fault tolerance and robust system design.

The course material has applications to several EECS areas including CAD for integrated circuits, computer security, software engineering, embedded/cyber-physical systems, control systems, and biological systems.

A tentative list of topics to be covered: (subject to change!):

SAT & BDDs: Complexity, phase transitions, modern DPLL SAT solvers: backjumping, 2-literal watching, conflict-driven learning, etc., proof generation, incremental SAT, circuit SAT. Binary Decision Diagrams, BDD representation and manipulation algorithms, applications.
SMT: Survey of logical theories (uninterpreted functions, linear arithmetic, arrays/memories, bit-vectors, etc.), decision procedures, combination of theories, eager and lazy encoding to SAT, generalized DPLL.
Model Checking: Modeling with finite automata, Kripke structures, temporal logic, explicit-state model checking, partial-order reduction, basic fixpoint theory, symbolic model checking, abstraction, bounded model checking, interpolation, symmetry reduction, assume-guarantee reasoning, checking simulation and bisimulation.
Advanced Topics: Formal methods for synthesis from specifications, Quantitative verification, probabilistic verification, verifying infinite-state systems, combining learning and deduction, coverage computation, verifying fault tolerance and robustness, etc.

Prerequisites

Familiarity with propositional logic, finite automata, basic computational complexity classes (P, NP, PSPACE), and basic graph algorithms is assumed. An undergraduate course in algorithms such as CS 170 is highly recommended, but is not mandatory. EE 219A, EE 219B, and CS 172 are NOT needed. If you are unsure whether you have sufficient background for the course, please meet the instructor.

Reference Books

There is no required textbook for this course. Readings will be listed on the schedule below or handed out in class. The following books are highly recommended (copies are on reserve at the Engineering library):

Authors: Edmund M. Clarke, Jr., Orna Grumberg, and Doron A. Peled
Title: Model Checking
Publisher: MIT Press
Year: January 2000
Acronym: MC
Authors: Michael Huth and Mark Ryan
Title: Logic in Computer Science: Modelling and Reasoning about Systems
Publisher: Cambridge Univ. Press
Year: June 2004 (2nd edition)
Acronym: LICS

Additional reference books:-

Author: Gerard Holzmann
Title: The SPIN Model Checker: Primer and Reference Manual
Publisher: Addison-Wesley
Year: September 2003
Acronym: SPIN

If you lack background in one of the areas mentioned under "pre-requisites" above, please see here for a list of suggested books.

Grading

(tentative)

Project: (50%) The course project is the most important component of this class. It can be a theoretical and/or experimental investigation related to topics covered in class. A list of project topics will be announced in the first three weeks of the semester. You are also encouraged to pick topics of your own, after consulting with the instructor. It is expected that students team up in groups of 2 or 3 for their project. Projects will culminate in a final paper, presentation, and possibly a demo.
Homeworks: (30%) There will be 2-4 homework assignments, mostly in the first half of the course, weighted equally. Assignments will include both theoretical problems and experimentation with verification tools. Homeworks will be due at the beginning of class.
Teamwork: Students may collaborate on homeworks, but each student must individually write up his or her solutions and be prepared to present it in class on the due date. Indicate on your homework the names of those you have collaborated with and on which problems.
Class Participation and Paper Discussions: (20%) The latter half of the course will be on current research topics. Students will have to review papers and present them in class, and actively participate in class discussions.

Projects

The key point about the course project is that there should be some new research in it: either a new application of existing verification technology, or a new verification technique, or both. Projects that are simply surveys of existing papers without any input of new ideas will not be acceptable.

The main deliverables (in chronological order) will be:
1. 1-2 page proposal, with precise problem definition, literature survey, and timeline; (~5 % towards final grade)
2. Mini-update presentations, describing progress on the timeline; (~5 % each)
3. 5-10 page final report: This should read like a conference paper, must use at least 11 pt font; (~25 %)
4. Project presentation and possibly demo. (~20 %)

Guidelines for Project Presentations:

Time your presentation for 15 minutes. It's very important to finish on time. Practise your presentation several times.
Topics to cover:

Motivation, Problem definition, and your approach
Related work and what is new about your work
Your solution. Describe the main technical challenges and how you tackled them.
Hardware/software platform and tools used
Demo (optional) -- could be interleaved with the presentation or performed right after
Finish with a 1-slide summary: what did you achieve, what more can be done?

Guidelines for Project Reports:

One report per team. Hard deadline: Friday, May 13 at midnight. Submit on bSpace.
Recommended length: 5-10 pages, use at least 11 pt font
Topics to cover:
1. Introduction & Problem Definition
2. Outline of your Approach and how it compares to related work
3. Formal Model and Algorithms Devised
4. Major Technical Challenges in the Design/Implementation and how you tackled them
5. Summary of Results -- what worked, what didn't, why, ideas for future work
6. A one-paragraph narrative on the roles each team member played in the project
7. How the project applied one or more of the course topics.
8. Feedback: List of topics covered in class that came in handy; any topics that weren't covered that would have been useful
Illustrate algorithms and models with diagrams, and results with graphs, screenshots, pictures of your hardware, etc.
Keep the report short and precise; avoid lengthy and verbose descriptions!

Course Schedule

The tentative course schedule is given below. Lecture slides are posted alongside; readings will be posted on bSpace.

1/24 - Introduction. (slides)
1/26 - Boolean satisfiability (SAT) solving - Part I (slides)
1/31 - SAT Solving - Part II (Main Lecture, Example 1, Example 2, BCP Intro. BCP Example )
2/2 - SAT Solving Part III, Binary Decision Diagrams (slides)
2/7 - Satisfiability Modulo Theories (SMT) - Survey of Theories (slides)
2/9 - SMT - Survey of Theories (continued), Theory decision procedures (start) (slides)
2/14 - SMT - Theory decision procedures, Combination of theories, Lazy SMT solving (slides)
2/16 - SMT - Eager Encoding Approach, with application to linear arithmetic (slides)
2/23 - Model checking basics: Modeling formalisms, system composition, traces, etc. Temporal logic: LTL, CTL, CTL*. (slides)
2/28 - Explicit-state model checking, automata-theoretic verification (slides)
3/2 - More Explicit-state model checking, SPIN model checker (slides)
3/7 - Symbolic Model Checking with BDDs: QBF, fixpoint theory (slides)
3/9 - More symbolic model checking, basic optimizations (slides)
3/14 - No lecture
3/16 - (morning, 11 am) Guest lecture by Prof. Masahiro Fujita, U. of Tokyo
3/16 - Abstraction, SAT-based Model Checking (slides)
3/28 - Abstraction (continued): CEGAR, Proof-based abstraction, interpolation (slides)
3/30 - Learning and Verification: Compositional reasoning, Angluin's L* algorithm, etc. (Slide set 1, Slide set 2)
4/4 - Guest lecture by Dr. Jason Baumgartner, IBM
4/6 - No class (Sanjit away at SRC review)
4/11 - Symmetry reduction, Checking simulation and bisimulation (slides)
4/13 - Synthesis from temporal logic -- Part I
4/18 - Synthesis from temporal logic -- Part II
4/20 - Synthesis from temporal logic -- Part III
4/25 - Paper reading assignment 1
4/27 - Paper reading assignment 2
5/9: 2:30-4 pm: Project presentations (tentative)

Homeworks/Project Milestones

Homeworks are posted on bSpace. Project milestones as announced in class.

Tools

Some homeworks will involve experimentation with the following tools:

Links to more tools will be added here as needed.