• Why automatize mechanical proofs (figures in industrial formal developments).
• Some logical concepts (formula, sequent, inference). Practical application to Propositional Calculus proofs.
• More logical concepts (quantification, substitution). Practical application to Predicate Calculus proofs.
• Some set-theoretic concepts (axioms, definitions). Practical application to set-theoretic proofs.
• Some arithmetic concepts. Practical application to arithmetic proofs.

Each step will be illustrated with corresponding automatic proofs that will be demonstrated to the students.

We will consider the verification of finite-state systems (such as digital circuits and communication protocols) with respect to specifications written in propositional temporal logics. For such systems the verification problem can be decided efficiently using model checking algorithms.

Temporal logic model checking is a procedure that given a finite-state system and a temporal logic formula determines whether the system satisfies the formula or not.

We will define several temporal logics, compare their expressive power, and survey model checking algorithms for them. We will show how to avoid the high space requirements of these algorithms by representing the verified system as a Binary Decision Diagram (BDD).

The necessary background on temporal logics, binary decision diagrams, and model checking will be introduced.

Other methods to reduce space requirements, such as abstraction and modularity will be presented.

Theories come in different strengths for different purposes. I will present a simple theory that is adequate for most programming. I hope to cover sequential and parallel constructs, batch and interactive computation, terminating and nonterminating behaviors, and data transformation, with emphasis on time and space complexity. The theory uses boolean expressions for specifications and program semantics, and implication for refinement; proofs remain within ordinary first-order logic. I will mention the limitations of the theory: a stronger theory (predicate transformers, higher-order logic) is required for loop semantics (but not loop proofs).

Eric C.R. Hehner: a Practical Theory of Programming. Springer, New York, 1993. 244 pages.

Telecommunication systems are communication networks intended for real-time transmission of continuous media such as voice and video. Telecommunication systems are distributed, long-lived, and complex. Telecommunication software suffers from all the usual problems of legacy software, plus a host of more specialized problems including chaotic feature interaction, a critical need for interoperability, a critical need for separation of user-oriented from resource-oriented concerns, and an ongoing revolution in communication technology.

There is no doubt that telecommunication software could benefit in many ways from formal methods, and there has been much research activity in this area, but until recently no formalization has emerged with the ability to describe the behavior of a realistic system at a level of abstraction significantly above that of the implementation.

Distributed Feature Composition (DFC) is a new technology for describing telecommunication services. It is based on a virtual architecture that is designed specifically for feature modularity, and that offers benefits analogous to those of a pipe-and-filter architecture in other application domains. The DFC virtual architecture is first presented informally, with numerous examples to show its potential for managing behavioral complexity and for addressing other telecommunication problems.

Next the DFC virtual architecture is presented formally, for the purpose of laying a foundation for future work on verification. This presentation includes placing the architecture in a context relating it to the concepts of requirements, specification, and implementation as they are widely understood. It also includes the use of several formal languages.

Finally the subject of verification of telecommunication requirements is addressed. Examples of these properties partial requirements rather than complete ones are presented, and possible proof strategies are discussed. It is easiest to think about verifying closed telecommunication systems, but the DFC virtual architecture has a composition property that might make open (interoperating) telecommunication systems verifiable as well.