1. This course is about …

• Formal Verification
  • An act of proving (or disproving) that a program is correct
  • Applicable to both software and hardware
  • Focus only on software
• Theories and practices
• How to use Coq to verify code

2. Why should we care?

• Software systems run everywhere and even control our lives

• We have to trust them but they are not trustworthy due to program errors

  <aside> 💡 Software Errors Cost Economy $312 Billion Annually. – Cambridge[2013]

  </aside>

• TheDAO (decentralized autonomous organization) attack (double-spend attack), 3.6M ETH lost

  void withdraw(int account) {
  		int balance = bank.balance[account];
      if (balance <= 0) {
        return;
      }
      bank.fund -= balance;
      receiverHandlePayment (account, balance);
      bank.balance[account] = 0;
  }
  

3. Goal of Formal Verification

• Prove (or verify) the absence of program errors
• Easy? NO!

  • Finite code often has an infinite set of behaviors

    // @spec ret = (a+b)/2
    int mean (int a, int b) {
    	return (a + b) / 2;
    }
    

  • What does it even mean for sort to be correct?

• A number of ways to approach the problem

4. Methods to Achieve the Goal

4.1 Testing?

• Can we use testing to prove correctness/incorrectness?
• No! May need an infinite testsuit