When will I have access to the lectures and assignments?

To access the course materials, assignments and to earn a Certificate, you will need to purchase the Certificate experience when you enroll in a course. You can try a Free Trial instead, or apply for Financial Aid. The course may offer 'Full Course, No Certificate' instead. This option lets you see all course materials, submit required assessments, and get a final grade. This also means that you will not be able to purchase a Certificate experience.

What will I get if I subscribe to this Specialization?

When you enroll in the course, you get access to all of the courses in the Specialization, and you earn a certificate when you complete the work. Your electronic Certificate will be added to your Accomplishments page - from there, you can print your Certificate or add it to your LinkedIn profile.

Is financial aid available?

Yes. In select learning programs, you can apply for financial aid or a scholarship if you can’t afford the enrollment fee. If fin aid or scholarship is available for your learning program selection, you’ll find a link to apply on the description page.

Design by Provable Contracts

This course is part of Rust for Data Engineering Specialization

Instructor: Noah Gift

Included with

Learn more

5 modules

Gain insight into a topic and learn the fundamentals.

Advanced level

Designed for those already in the industry

4 hours to complete

Flexible schedule

Learn at your own pace

5 modules

Gain insight into a topic and learn the fundamentals.

Advanced level

Designed for those already in the industry

4 hours to complete

Flexible schedule

Learn at your own pace

Skills you'll gain

Tools you'll learn

Details to know

Shareable certificate

Add to your LinkedIn profile

See how employees at top companies are mastering in-demand skills

Learn more about Coursera for Business

logos of Petrobras, TATA, Danone, Capgemini, P&G and L'Oreal

Build your subject-matter expertise

This course is part of the Rust for Data Engineering Specialization

When you enroll in this course, you'll also be enrolled in this Specialization.

Learn new concepts from industry experts
Gain a foundational understanding of a subject or tool
Develop job-relevant skills with hands-on projects
Earn a shareable career certificate

There are 5 modules in this course

e.g. This is primarily aimed at first- and second-year undergraduates interested in engineering or science, along with high school students and professionals with an interest in programming.Design by Provable Contracts teaches you how to move from "the tests pass" to "the math says it cannot break." Across five modules, you'll climb a five-rung provability ladder — from lint and types, through property-based and bounded-model checking, to dependent-typed proofs in Lean 4 — applied to a single running example: the softmax function used in modern machine learning.

By the end, you will be able to: (1) read a peer-reviewed paper and translate its preconditions, postconditions, and invariants into a YAML contract; (2) choose the right verification rung for a given cost-vs-confidence trade-off, using lint, types, proptest, and Kani in Rust; and (3) build a complete pipeline from paper to YAML to Lean theorem, producing a machine-checked guarantee that holds for every input of every length. The course is hands-on and tool-first: Rust for the lower rungs, Lean 4 for the top rung, and YAML as the connective tissue between math and code. You will leave with a reusable mental model and a working capstone you can apply to any safety-critical numerical kernel.

Module details

Master Hoare triples and the contract foundations of Design by Contract. Learn how {P} S {Q} formalizes preconditions, postconditions, and the caller/callee responsibility split through Eiffel's require/ensure idiom and its Rust port via Prusti and Creusot.

What's included

4 videos4 readings

4 videosTotal 8 minutes

1.1.1 Hoare's Triples and Why2 minutes
1.1.2 Meyer's Eiffel: Require, Ensure, Invariant2 minutes
1.1.3 Liskov Substitution Principle2 minutes
1.2.1 Rust Port: Prusti, Creusot, Requires, Ensures2 minutes

4 readingsTotal 40 minutes

Reading: Key Terms — Hoare's Triples and Why10 minutes
Reading: Reflection — Hoare's Triples and Why10 minutes
Reading: Key Terms — Rust's Port10 minutes
Reading: Reflection — Rust's Port10 minutes

Shift contracts from runtime checks into the type system. Learn parse-don't-validate, the newtype pattern as a zero-cost contract, and typestate to encode state machines directly in types so invalid states cannot be represented.

What's included

4 videos4 readings

4 videosTotal 8 minutes

Video 2.1.1: Parse, Don't Validate2 minutes
Video 2.1.2: Newtype as Zero-Cost Contract2 minutes
Video 2.1.3: PhantomData and Compile-Time Tags2 minutes
Video 2.2.1: Typestate — State Machines in Types2 minutes

4 readingsTotal 40 minutes

Reading: Key Terms — Parse, Don't Validate10 minutes
Reading: Reflection — Parse, Don't Validate10 minutes
Reading: Key Terms — Typestate10 minutes
Reading: Reflection — Typestate10 minutes

Use a YAML contract as the machine-readable, human-auditable bridge between research papers and verified Rust kernels. Learn the 19-property obligation taxonomy, Popperian falsification testing, and how pv aggregates L1 to L5 status into one audit artifact.

What's included

5 videos4 readings1 assignment

5 videosTotal 10 minutes

Video 3.1.1: Why YAML Specification as Code2 minutes
Video 3.1.2: Obligation Taxonomy — 19 Property + 7 Eiffel2 minutes
Video 3.1.3: Popperian Falsification — Actionable Failure2 minutes
Video 3.2.1: pv Property 7-Eiffel2 minutes
Video 3.2.2: From Paper to YAML — One Equation1 minute

4 readingsTotal 40 minutes

Reading: Key Terms — Why YAML10 minutes
Reading: Reflection — Why YAML10 minutes
Reading: Key Terms — pv: The CLI10 minutes
Reading: Reflection — pv: The CLI10 minutes

1 assignmentTotal 30 minutes

Practice Quiz: Module 3 Knowledge Check — The YAML Bridge30 minutes

Walk the proof ladder on softmax: L1 lint, L2 types, L3 proptest, L4 Kani bounded model checking, and L5 Lean theorems. Learn to pick the rung that matches the cost of being wrong.

What's included

4 videos3 readings

4 videosTotal 8 minutes

Video 4.1.1: L1 + L2 — Lint and Types on softmax2 minutes
Video 4.1.2: L3 — proptest softmax sums to one2 minutes
Video 4.1.3: L4 — Kani softmax non-negativity2 minutes
Video 4.2.1: Cost vs Confidence — Which Rung Fits2 minutes

3 readingsTotal 30 minutes

Reading: Key Terms — L1 + L2: Lint and Types on softmax10 minutes
Reading: Reflection — L1 + L2: Lint and Types on softmax10 minutes
Reading: Key Terms — Cost vs Confidence: Which Rung Fits10 minutes

End-to-end capstone: take softmax from a peer-reviewed paper, through a YAML contract, to a Lean 4 theorem holding for every finite vector of every length. Every cell of the Lesson 1.1 tooling map gets demonstrated.