Hoare Logic and Model Checking

Part 1: Hoare logic

Lecture	Slides	Interesting reading and links
Lecture 1: Introduction to Hoare logic	pdf
Lecture 2: Examples in Hoare logic	pdf
Lecture 3: Formalising the semantics of Hoare logic	pdf
Lecture 4: Introduction to separation logic	pdf	Original separation logic paper by John C Reynolds
Lecture 5: Verifying abstract data types in separation logic	pdf
Lecture 6: Extending Hoare logic	pdf

Supervision questions (Hoare logic)

Jean Pichon Pharabod's Hoare Logic exercise sheet has a list of suggested supervision questions for the Hoare logic part of the course. Mike Gordon's exercise set contains some additional exercises.

Past exam questions (Hoare logic)

Care should be taken when revising using past exam papers; a change of emphasis in the course content (starting 2016/17) caused new material to be added, while material that was focused on in earlier years is now only being skimmed over. Further, the current Hoare Logic and Model Checking course is a descendent of many similar courses offered by the Computer Laboratory in previous years, which often had radically different syllabuses. However, the following exam sub-components of exam questions from previous years are still relevant:

• (Hoare Logic and Model Checking) Paper 8, Question 7, 2019.
• (Hoare Logic and Model Checking) Paper 9, Question 7, 2018.
• (Hoare Logic and Model Checking) Paper 7, Question 8, 2017.
• (Hoare Logic and Model Checking) Paper 7, Question 8, 2016.
• (Hoare Logic) Part (b) and subsection (i) of Part (c); Paper 7, Question 7, 2015.
• (Hoare Logic) Paper 7, Question 7, 2013.
• (Hoare Logic) Parts (a), (b), (c), (d), (e); Paper 8, Question 8, 2013.
• (Hoare Logic) Parts (a) and (b); Paper 8, Question 8, 2012.
• (Hoare Logic) Parts (b) and (c); Paper 8, Question 2, 2011.
• (Hoare Logic) Parts (a) and (b); Paper 7, Question 6, 2011.
• (Specification and Verification I) Part (a); Paper 7, Question 14, 2010.
• (Specification and Verification I) Parts (a), (b), (d) and (e); Paper 7, Question 14, 2009.
• (Specification and Verification I) Parts (a) and (b); Paper 8, Question 16, 2008.
• (Specification and Verification I) Parts (a), (c), (e) and (i); Paper 7, Question 6, 2007.
• (Specification and Verification I) Parts (a), (b), (c), (d), (f), (g) and (h); Paper 7, Question 6, 2006.

Part 2: model checking

Lecture	Slides	Interesting reading and links
Lecture 7: Introduction to Model Checking	pdf
Lecture 8: Temporal logics	pdf
Lecture 9: Temporal logics (CTL and CTL*)	pdf
Lecture 10: Model checking	pdf	OCaml code for naive model checker wwctlmc.ml
Lecture 11: Relating temporal models	pdf

other materials

Model Checker

• How Amazon Web Services Uses Formal Methods (pdf)
• Software Abstractions
• Specifying Systems (pdf)

• Alloy
• CBMC
• Cerberus BMC
• NuSMV (docker)
• Spin (ubuntu package)
• TLA+ Toolbox (github)

Supervision questions (model checking)

• You might refer to Jean Pichon Pharabod's exercise sheet , which is largely based on previous sheets due to Dominic Mulligan (link) (notation differs).
• The TLA+ examples page contains a few puzzles (with solutions): Missionaries and Cannibals, Car Talk, N queens, Prisoners, Die Hard 3 puzzle, etc.
• LTL Tutor, developed at Brown University, might also help you familiarize yourself with LTL effectively.

Past exam questions (model checking)

It is recommended that you first review the past exam questions from the last 4 years.

Care should be taken when revising using past exam papers further; a change of emphasis in the course content (starting 2016/17) caused new material to be added, while material that was focused on in earlier years is now only been skimmed over. Further, the current Hoare Logic and Model Checking course is a descendent of many similar courses offered by the Computer Laboratory in previous years, which often had radically different syllabuses. However, the following exam sub-components of exam questions from previous years are still relevant:

• (Hoare Logic and Model Checking) 2019 Paper 9 Question 8
• (Hoare Logic and Model Checking) 2018 Paper 7 Question 7
• (Hoare Logic and Model Checking) 2017 Paper 9 Question 13 (notation differs)
• (Hoare Logic and Model Checking) 2016 Paper 9 Question 12
• (Temporal Logic and Model Checking) 2015 Paper 8 Question 6 not part (e)
• (Temporal Logic and Model Checking) 2014 Paper 8 Question 8
• (Temporal Logic and Model Checking) 2012 Paper 7 Question 13
• (Temporal Logic and Model Checking) 2012 Paper 9 Question 12 (the question should say "for every reachable state s", as pointed out by an anonymous student)
• (Temporal Logic and Model Checking) 2011 Paper 7 Question 10 not part (c)
• (Temporal Logic and Model Checking) 2011 Paper 9 Question 11 only parts (b) and (c)

Older questions (beware that sometimes notation differs from that used in the current course)

• (Specification and Verification II) 2009 Paper 7 Question 15 not covered, but part (a) is worth discussing
• (Specification and Verification II) 2007 Paper 9 Question 8 only parts (a) and (c)
• (Specification and Verification II) 2006 Paper 7 Question 7 not part (d) and part (b) only sketchily covered
• (Specification and Verification II) 2005 Paper 7 Question 7 only parts (a) and (b) (the rest of the question is `enrichment')?
• (Specification and Verification II) 2003 Paper 7 Question 7 not parts (d) and (e)
• (Specification and Verification II) 2002 Paper 7 Question 2
• (Specification and Verification II) 2000 Paper 8 Question 13
• (Specification and Verification II) 1999 Paper 8 Question 13 not really part of the course as taught, but useful background on BDDs
• (Specification and Verification II) 1998 Paper 7 Question 11 not the second point