This quantity comprises the lecture notes of the 5 classes and one seminar given on the university on Engineering reliable software program platforms (SETSS 2014), held in September 2014 at Southwest collage in Chongqing, China.

the fabric comes in handy for postgraduate scholars, researchers, lecturers and business engineers who're attracted to the speculation and perform of equipment and instruments for the layout and programming of reliable software program platforms. the typical subject matters of the classes comprise the layout and use of theories, ideas and instruments for software program specification and modeling, research and verification. The classes hide sequential programming, part- and item software program, hybrid platforms and cyber-physical structures with demanding situations of termination, safeguard, safeguard, safety, fault-tolerance and real-time necessities. The recommendations comprise version checking, correctness via development via refinement and version alterations, synthesis and desktop algebra.

The assignment is reproduced in Appendix B. 1 Tools for Development and Proof: Software Engineering Proofs by Hand; Proofs by Machine It’s tempting to base a computer-science course on a particular programming language, a particular IDE, a particular program-verifier. If the lecturer is already familiar with the tools, then the lectures and exercises can very easily be generated from the specifics of those tools; and indeed “not much energy required” lectures can easily be given by passing-on information that you already know to people who just happen not to know it yet (but don’t realise they could teach themselves).

In-)Formal Methods: The Lost Art Fig. 11. Example of marked assignment with colour conventions. 43 44 C. Morgan Fig. 11. (continued) (In-)Formal Methods: The Lost Art Fig. 11. (continued) 45 46 C. Morgan Fig. 11. (continued) (In-)Formal Methods: The Lost Art Fig. 11. (continued) 47 48 C. Morgan Fig. 11. (continued) (In-)Formal Methods: The Lost Art Fig. 11. (continued) 49 50 C C. Morgan Dafny Versions of Introductory Assertion-Exercises method Page1() { {var x:int; assume {var x:int; assume {var x:int; assume {var x:int; assume x==1; x==2; x==3; false; x:= x:= x:= x:= x+1; x/2; x/2; x/2; assert assert assert assert true;} true;} true;} x==1;} {var x,y:int; ghost var A,B:int; assume x==A && y==B; x:= y; assert true;} {var x,y:int; ghost var A,B:int; assume x==A && y==B; x:= y; y:= x; assert true; } {var x,y:int; ghost var A,B:int; assume x==A && y==B; x:= x+y; y:= x-y; assert true; } {var x,y:int; ghost var A,B:int; assume x==A && y==B; x:= x+y; y:= x-y; x:= x-y; assert true; } {var x,y,t:int; ghost var A,B:int; assume x==A && y==B; t:= x; x:= y; y:= t; assert true; } {var x,y,z,t:int; var A,B,C:int; assume x==A && y==B && z==C; t:= x; x:| x==A; y:| y==C; z:| z==A; assert x==B && y==C && z==A; } {var x,y:int; assume false; y:= x*x - 2*x + 1; assert y==0;} {var x,y:int; assume false; y:= x*x - 3*x + 2; assert y==0;} } Fig.

I am also grateful also for the institutional support of the University of New South Wales and of NICTA, both during the running of these courses and during the preparation of this article. 33 This is a problem with any form of teaching, of course. But it’s especially an issue with Formal Methods because those who haven’t “got it” don’t want it and, furthermore, don’t realise that actually they need it. On the other hand, those who have got it are so amazed at their new perspective that they tend to run ahead of the evidence and so discredit the whole enterprise.

