Semantics and correctness proofs for programs with partial functions

This paper presents a portion of the work on specification, design, and implementation of safety-critical systems such as reactor control systems. A natural approach to this problem, once all the requirements are captured, would be to state the requirements formally and then either to prove (preferably via automated tools) that the system conforms to spec (program verification), or to try to simultaneously generate the system and a mathematical proof that the requirements are being met (program derivation). An obstacle to this is frequent presence of partially defined operations within the software and its specifications. Indeed, the usual proofs via first order logic presuppose everywhere defined operations. Recognizing this problem, David Gries, in ``The Science of Programming,`` 1981, introduced the concept of partial functions into the mainstream of program correctness and gave hints how his treatment of partial functions could be formalized. Still, however, existing theorem provers and software verifiers have difficulties in checking software with partial functions, because of absence of uniform first order treatment of partial functions within classical 2-valued logic. Several rigorous mechanisms that took partiality into account were introduced [Wirsing 1990, Breu 1991, VDM 1986, 1990, etc.]. However, they either did not discuss correctness proofs or departed from first order logic. To fill this gap, the authors provide a semantics for software correctness proofs with partial functions within classical 2-valued 1st order logic. They formalize the Gries treatment of partial functions and also cover computations of functions whose argument lists may be only partially available. An example is nuclear reactor control relying on sensors which may fail to deliver sense data. This approach is sufficiently general to cover correctness proofs in various implementation languages

Reliable software systems via chains of object models with provably correct behavior

This work addresses specification and design of reliable safety-critical systems, such as nuclear reactor control systems. Reliability concerns are addressed in complimentary fashion by different fields. Reliability engineers build software reliability models, etc. Safety engineers focus on prevention of potential harmful effects of systems on environment. Software/hardware correctness engineers focus on production of reliable systems on the basis of mathematical proofs. The authors think that correctness may be a crucial guiding issue in the development of reliable safety-critical systems. However, purely formal approaches are not adequate for the task, because they neglect the connection with the informal customer requirements. They alleviate that as follows. First, on the basis of the requirements, they build a model of the system interactions with the environment, where the system is viewed as a black box. They will provide foundations for automated tools which will (a) demonstrate to the customer that all of the scenarios of system behavior are presented in the model, (b) uncover scenarios not present in the requirements, and (c) uncover inconsistent scenarios. The developers will work with the customer until the black box model will not possess scenarios (b) and (c) above. Second, the authors will build a chain of several increasingly detailed models, where the first model is the black box model and the last model serves to automatically generated proved executable code. The behavior of each model will be proved to conform to the behavior of the previous one. They build each model as a cluster of interactive concurrent objects, thus they allow both top-down and bottom-up development

Software with partial functions: Automating correctness proofs via nonstrict explicit domains

As our society becomes technologically more complex, computers are being used in greater and greater numbers of high consequence systems. Giving a machine control over the lives of humans can be disturbing, especially if the software that is run on such a machine has bugs. Formal reasoning is one of the most powerful techniques available to demonstrate the correctness of a piece of software. When reasoning about software and its development, one frequently encounters expressions that contain partial functions. As might be expected, the presence of partial functions introduces an additional dimension of difficulty to the reasoning framework. This difficulty produces an especially strong impact in the case of high consequence systems. An ability to use formal methods for constructing software is essential if we want to obtain greater confidence in such systems through formal reasoning. This is only reasonable under automation of software development and verification. However, the ubiquitous presence of partial functions prevents a uniform application to software of any tools not specifically accounting for partial functions. In this paper we will describe a framework for reasoning about software, based on the nonstrict explicit domain approach, that is applicable to a large class of software/hardware systems. In this framework the Hoare triples containing partial functions can be reasoned about automatically in a well-defined and uniform manner

Predictors of rethrombosis and death in patients with COVID-19 after lower limb arterial thrombectomy for acute ischemia

Aim. To identify predictors of rethrombosis and death in patients with coronavirus disease (COVID-19) after thrombectomy for acute lower limb ischemia.Material and methods. For the period from April 2020 to January 2022, 189 pa tients with acute arterial lower limb thrombosis and acute lower limb ischemia were included in this study. In all cases, a positive polymerase chain reaction test for SARS-CoV-2 was obtained. According to chest multislice computed tomography, bilateral multisegmental pneumonia was identified as follows: 76 patients — grade 2 (25-50% of lung tissue involvement); 52 patients — grade 3 (50-75%); 61 patients — grade 4 (>75%). Breathing was carried out as follows: in 88 patients — spontaneous; in 42 — with oxygen administration by nasal cannula; 26 — non-invasive ventilation; 33 had artificial ventilation. All acute arterial thromboses developed within the hospital at 4,5±1,5 days after hospitalization. The time between the onset to diagnosis verification was 27,8±5,0 min. The revascularization strategy was established by a multidisciplinary team meeting. The interval between the development of acute ischemia symptoms and surgery was 45,9±6,3 minutes. Thrombectomy was performed according to the standard technique, under local and/or intravenous anesthesia, using 3F-7F Fogarty catheters.Results. Retrombosis developed in 80,4% of cases 6,4±5,1 hours after surgery. In 59,8% of cases, retrombectomy turned out to be ineffective and the patient underwent limb amputation. In 65,6% of patients, a death was established due to multiple organ dysfunction. Among them, limb amputation was performed in 103 patients. Binary logistic regression identified following predictors of retrombosis/ death: age over 70 years (odds ratio (OR), 30,73; 95% confidence interval (CI), 11,52-33,7), obesity (OR, 15,53; 95% CI, 6,41-78,19), diabetes (OR 14,21; 95% CI, 5,86-49,21), vasopressor support (OR 8,55; 95% CI, 4,94-17,93), mechanical ventilation (OR 7,39; 95% CI, 4,81-16,52).Conclusion. Predictors of retrombosis and death in patients with COVID-19 after lower limb arterial thrombectomy are age over 70 years, obesity, diabetes, vasopressor support, and mechanical ventilation

Effect of Stride Length Alterations on Heart Rate and Ratings of Perceived Exertion During Treadmill Running

Advisor: David S. SenchinaThis study describes results of exercise physiology research intended to examine the effects of running at normal, less than normal, and greater than normal stride length on heart rate (HR) and rating of perceived exertion (RPE). The objective of this study was to determine how running above or below the natural stride length influences HR and RPE, and we hypothesized that any aberrations to normal stride patterns would result in increases in both HR and RPE. Three males and three females of moderate fitness were asked to run on a treadmill for three 10-minute periods, each separated by 10 minutes of recovery. The first trial allowed volunteers to select their own stride, while the remaining runs were conducted with a metronome set at either 15% above or 15% below their normal gait. A significant increase was found in HR at both above- or below-normal stride length. RPE was increased during the below-normal stride length trial compared to other trials. We concluded that altering the normal stride length results in increased cardiac exertion and further studies into the negative physiological consequences of this are warranted.Drake University, College of Arts and Sciences, Department of Biolog