In this class, we will consider how to use mathematics to specify and analyze models of programs; computer hardware and software; and physical processes such as phylogentics; algorithms; and rapid, single-flux, quantum circuits. This class will require careful thought as we will be pushing the boundaries of what the academic community considers to be an adequate specification and sufficient confirmation evidence that a program (or process) meets its specification. Typically, some form of testing is the only mechanism that is used to see if a program meets its specification; our focus will be on proof-based methods.
We will use mechanical, proof-based, confirmation techniques to determine the correctness of code models, circuit models, and analog/digital systems. At first, we will perform hand proofs; that is, we will use a hand-written notation to compare a specification to an implementation. We will also convert the behavior of some programs into a form that will allow a mechanical comparison of the behavior of some process and its specification.
This class will be taught in an "inverted" style. That is, we will concentrate class time on examples, working through specifications, proofs, describing challenges, and exploring problems being faced by students. Thus, it is important that you bring your laptop to class. There will be lectures to introduce various topics, but primarily, we will use class time for discussing specifications, problem solving, demonstrating how to use proof tools, and exchanging information.
Exam(s) and quizzes are open-book, open-notes affairs -- however, no electronic devices (laptops, cell phones, tablets, PDAs, calculators) of any kind are allowed during exam and quiz events. As such, you may wish to have a physical copy of any materials that you believe will be helpful during quizzes and exams. Remember, cell phones are not allowed during exams or quizzes; during quizzes and exams the remaining time will be periodically announced.
Note: this course requires students to write specifications and proof statements in a subset of Lisp.
Students will be expected to propose a class project using the specification and proof methods that this class entails. The content of a student project is pretty flexible -- so long as it has to do with specification and validation. For instance, I am interested in the development of an ISA model of IBM's Harvest computer (circa the 1950s), which was a extension of IBM's Stretch computer. A possible specification project might involve some microprocessor, such as RISC-V. Another project I'm looking for help with concerns booting FreeBSD on our evolving ACL2-based x86-ISA emulator; we are able to boot Linux, run the gcc compiler, etc.. I sometimes work on rapid, single-flux, quantum computing where there are many questions that formal modeling and proof could help answer. I would like to see all UT undergraduate algorithms and data structures classes encoded in ACL2, and all proofs checked by ACL2. I would like a parser that accepts valid HTML. I would like to have a formal specification of the ZFS file system. I want a formal specification for all of the FreeBSD/Linux/MacOS system calls. I would like to see an ACL2-based specification for all basic Linux, user-level commands (e.g., od, tr, tar, ...). And so on. Other independent study projects are possible; please discuss your ideas with the class instructor and/or TA.
The value you get from this class will be directly related to the effort you (as a student) put forward. This class will require that you work on your own, and this class may be less structured than other classes you have taken. You should bring your laptop computer to class. Note, if you do not have a laptop, it is possible to checkout a Linux-based laptop from the UTCS Department; check with the instructor if you wish to borrow such a laptop.
Students will be encouraged to give short (five- to ten-minutes) presentations in class on relevant topics. When done well, these presentations can serve in place of a missed quiz or homework. In fact, any student may be called upon to give a two- or three-minute presentation on something being discussed in class or about their solution to a homework problem. Please come to class prepared to work; we will sometimes stop for a few minutes to make sure that everyone that has a chance to consolidate their thinking and to help students overcome problems with their understanding or with questions about the in-class presentations.
Our office hours are listed on the main class web-page. In addition, if you need help, you may certainly seek out and visit with the class TA(s) and/or the instructor(s). You may arrange to meet us at other times than those listed, but you will need to send E-mail to arrange a time. If we become too busy during the scheduled office hours, we will expand our office hours to meet the needs of the students. If you cannot come to the scheduled office hours due to conflicts with other classes, let us know quickly so we can make arrangements to meet your needs as well as the needs of the entire class.
The following gives an outline of what we will discuss. We are open to discussing other related topics of general interest, and we will include some of our own experiences. The syllabus below is approximate; the exact rate at which we will cover some material will vary.
Schedule Below is Approximate, Lectures Dates May Change Slightly
*** NOTE: Exam dates are tentative until January 20, 2026 ***
*** NOTE: Quizzes will be given roughly every week randomly ***
*** NOTE: Laboratory due dates are tentative until assigned ***
Week Class Date Short Description
0 00 Jan 13 Course Content Introduction
Course Procedures and UT-required disclosures
0 01 Jan 15 Introduction to the ACL2 Logic, Data Types, Terms
1 02 Jan 20 Function Definitions, Axioms
1 03 Jan 22 Substitution and Abbreviations for Terms
Terms as Formulas
2 04 Jan 27 Basic ACL2 Definitions
Structural Recursion
2 05 Jan 29 Sorting Example and Challenge
Introduction to the ACL2 Proof Builder
3 06 Feb 3 Definition Problems
Structural Induction
3 07 Feb 5 List-based set operations
The General Induction Principle
Using the ACL2 Proof Builder
4 08 Feb 10 Lemmas about NTH and UPDATE-NTH, ISORT
Memory-based ISORT functions and proof
4 09 Feb 12 More ACL2 Proof Builder discussion
Algorithm specification and analysis
5 * 10 Feb 17 Exam -- open notes, but no electronic devices
5 11 Feb 19 List-based set operations
Automating ACL2 Proofs, Class Projects
6 12 Feb 24 Relations between Recursion and Induction
ACL2 Arithmetic
6 13 Feb 26 Specifying and Embedding BDDs in the ACL2 Logic
Proving Correctness of a BDD package
7 14 Mar 3 Student Project-Proposal Presentations
7 15 Mar 6 Student Project-Proposal Presentations
8 16 Mar 10 Specifying and Embedding BDDs in the ACL2 Logic
Proving Correctness of a BDD package
8 17 Mar 12 Symbolic simulation of finite models,
Automated verification of finite models
Mar 17 Spring Break
Mar 19 Spring Break
9 18 Mar 24 Tree-based set operations
Using the ACL2 theorem prover
9 19 Mar 26 Class Projects and Catch-up
10 20 Mar 31 Review, Problem solving -- bring your problems
10 * 21 Apr 2 Exam -- open notes, but no electronic devices
11 22 Apr 7 Problem solving -- bring your problems
11 23 Apr 9 y86 Presentation -- more problem solving
12 24 Apr 14 Student Presentations
12 25 Apr 16 Student Presentations
13 26 Apr 21 Student Presentations
13 27 Apr 23 Student Presentations
Apr 24 Final Projects Due
There will be seven or eight homework assignments given (primarily) during the first half of the semester. Homework will be assigned on Tuesdays and due nine days later (on Thursdays) by the start of class. No homework will be assigned during the last four weeks of class. The lowest homework grade will be dropped in the computation of the final homework grade. Homework will not be accepted late.
There will be two, in-class (50 to 80-minute) examinations. The material on exam(s) will be cumulative. See the above schedule (marked with a * above) for the date(s). There will no final exam. There will be a number of (five to eight) unannounced "pop quizzes". The lowest quiz grade will be dropped in the calculation of your class quiz score. The examination must be taken at the scheduled time. Quizzes are offered at random times; each quiz will take 5 to 15 minutes.
The main result of this class will be student projects.
The weighting of the grades for the various aspects of the course are:
Component Percentage of Course Grade
First Exam: 10%
Second Exam 15%
Quizzes: 20%
Homework: 20%
Project: 35%
The grading for the entire course will be as follows:
Course Score Grade
[90 -- 100] A
[87 -- 90) A-
[85 -- 87) B+
[80 -- 85) B
[77 -- 80) B-
[75 -- 77) C+
[70 -- 75) C
[67 -- 70) C-
[65 -- 67) D+
[60 -- 65) D
[ 0 -- 60) F
Note the interval marks around the course-score column. For example,
a course grade of B will be assigned if your semester grade is greater
than or equal to 80 and (strictly) less than 85. This also means that
a course grade of at least 67 needs to be achieved for this course to
count toward a UTCS degree.
This class is a fair amount of work, and it is important to keep current. The material in this class is cumulative; it can be hard to catch up if one falls behind. It is very important to keep doing and turning in your homework. Homework grades are our most reliable indicator of how well a student will do in this class. Note, it is important to show up for class, as pop quizzes will be given, and material not reproduced in any particular book or web page may be discussed.
Return to CS389r course homepage.