- Monday:
**15.45-17.30, HG01.029**(until 21 march) - Monday:
**13.45-15.30, HG01.057**(from 4 april) - Friday:
**10.45-12.30, HG00.622**(from 13 may)

Please make sure that you are registered for this course in Blackboard, as it will be used to send email and administrate results.

The course consists of five parts:

We use a course by Femke van Raamsdonk of the Free University Amsterdam. This will be taught by Freek using the following schedule:

15 february | propositional logic & simple type theory | chapters 1 & 2 |

22 february | predicate logic & dependent types | chapters 4 & 6 |

29 february | second-order logic & polymorphism | chapters 7 & 8 |

7 march | inductive types & recursion | chapter 3 |

14 march | wrapping up Femke's course | chapters 5 & 9 |

The students will be expected to have studied the chapters listed, and the material will be discussed then. You are welcome to ask for help at any time if you have any questions, either by email or by walking into our offices.

The practical work in Coq corresponding to Femke's course will be done using the ProofWeb system on the machine prover.cs.ru.nl. Each participant will get a login to the course page on this machine, and will get his/her password during the lectures.

The relevant links are:

Next we will go through another (slightly more advanced) introduction to Type Theory. This will be taught by Herman and Freek, using the following schedule:

21 march | principal types and type checking | sections 4.1-4.3, 6.4 | slides exercises |

4 april | Church-Rosser property | section 3.1 | exercises |

11 april | normalization of λ→ and λ2 | sections 4.4, 5.6 | slides exercises |

This material overlaps with Femke's course, and therefore not all sections of the course notes will be discussed in the lectures in detail. (But you do have to know them for the test!)

The relevant links are:

- The course notes by Herman
- The Church-Rosser proof by Masako Takahashi (only Section 1 is relevant)

After the fall break the course will be taught by Herman and Freek together. A research paper will be read, together with extra material needed to understand this. Each student will present part of this to the group.

This year the research paper will be on *program verification*:

- Andrew Appel, Verification of a Cryptographic Primitive: SHA-256

As preparation we will read ten chapters from the book

- Benjamin Pierce, e.a., Software Foundations

Then we will read five papers from the CompCert community, culminating in the SHA-256 paper.

The student presentations will be held during the first hour. The assigned chapter(s) or paper needs to be presented, and we recommend to explain everything as much as possible through examples. During the second hour, the teachers will go deeper into the material presented.

The current schedule for the presentations is:

9 may | Imp | Jeroen de Jong |

13 may | ImpParser, ImpCEvalFun, Extraction, Tom's slides | Tom Salet |

20 may | Equiv | (Herman) |

23 may | Hoare, Nico's slides | Nico Broeder |

27 may | Hoare2, HoareAsLogic, Thomas' slides | Thomas Churchman |

30 may | Smallstep, Auto, Zhuoran's slides | Zhuoran Liu |

3 june | Mechanized semantics | Marta Parada Segui |

6 june | Mechanized semantics for Clight, Pim's slides | Pim Jager |

10 june | The CompCert Memory Model, Tom's slides | Tom Evers |

13 june | Tactics for Separation Logic, Rick's slides | Rick Erkens |

17 june | Verification of a Cryptographic Primitive: SHA-256, | (Freek) |

Freek's slides |

Each student will be doing a small Coq formalization assignment. This assignment will be chosen by the student from the following list of suggestions.

The test covers both the contents of the courses by Femke and Herman, as well as the contents of the presentations. The first test opportunity will be:

**Wednesday, 29 june 2016, 12.30-15.30, HG01.028**

Some tests:

- test from 2015
- answers to the test from 2015
- Coq file corresponding to the test from 2015
- test from 2014
- answers to the test from 2014
- test from 2013
- answers to the test from 2013
- a second test from 2013
- answers to the second test from 2013
- test from 2012
- answers to the test from 2012
- test from 2011
- answers to the test from 2011
- test from 2010
- answers to the test from 2010
- test from 2009
- answers to the test from 2009
- test from 2008
- answers to the test from 2008

See the "paper exercises" above too, which are also exercises from old tests.

Each participant will get three grades: one for the presentation in the second half of the course, one for the individual Coq exercise, and one for the test. The final grade will be the average of these three grades.

There will be no grade for the practical work for Femke's course in ProofWeb, but this work will need to be finished to be allowed to pass the course.

- Slides for a course from fall 2004:

- Slides for a course from spring 2012: