Verification Conditions are Code

This paper presents a new theoretical result concerning Hoare Logic. It is shown here that the verification conditions which support a Hoare Logic program derivation are themselves sufficient to construct a correct implementation of the given pre-, post- condition specification. This property is mainly of theoretical interest, though it is possible that it may have some practical use, for example if predicative programming methodology is adopted. The result is shown to hold for both the original, partial correctness, Hoare logic, and also a variant for total correctness derivations

Prognostic model to predict postoperative acute kidney injury in patients undergoing major gastrointestinal surgery based on a national prospective observational cohort study.

Background: Acute illness, existing co-morbidities and surgical stress response can all contribute to postoperative acute kidney injury (AKI) in patients undergoing major gastrointestinal surgery. The aim of this study was prospectively to develop a pragmatic prognostic model to stratify patients according to risk of developing AKI after major gastrointestinal surgery. Methods: This prospective multicentre cohort study included consecutive adults undergoing elective or emergency gastrointestinal resection, liver resection or stoma reversal in 2-week blocks over a continuous 3-month period. The primary outcome was the rate of AKI within 7 days of surgery. Bootstrap stability was used to select clinically plausible risk factors into the model. Internal model validation was carried out by bootstrap validation. Results: A total of 4544 patients were included across 173 centres in the UK and Ireland. The overall rate of AKI was 14·2 per cent (646 of 4544) and the 30-day mortality rate was 1·8 per cent (84 of 4544). Stage 1 AKI was significantly associated with 30-day mortality (unadjusted odds ratio 7·61, 95 per cent c.i. 4·49 to 12·90; P < 0·001), with increasing odds of death with each AKI stage. Six variables were selected for inclusion in the prognostic model: age, sex, ASA grade, preoperative estimated glomerular filtration rate, planned open surgery and preoperative use of either an angiotensin-converting enzyme inhibitor or an angiotensin receptor blocker. Internal validation demonstrated good model discrimination (c-statistic 0·65). Discussion: Following major gastrointestinal surgery, AKI occurred in one in seven patients. This preoperative prognostic model identified patients at high risk of postoperative AKI. Validation in an independent data set is required to ensure generalizability

An Adaptive Time Management System for Student Learning

We present a modular framework for an adaptive, position-aware student time management system, and a prototype imlementation distributed between a desktop PC and a PDA. The system uses an adapted version of Soloman &amp; Felder's Index of Learning Styles questionnaire to determine the student's learning style. This is matched with the teaching style of module, acquired by using a complementary teaching style questionnaire, to create an individual study plan for a user-defined learning task hierarchy. Based on user feedback the schedule is continually adapted using a multi-layered neural network. The mobile part of the system uses GPS data to launch position-related reminders. The novelty of our approach is its comprehensiveness, combining aspects of education theory, time management, machine learning, and position-awareness in a single framework. Remaining work includes the integration into the university IT infrastructure and a thorough evaluation by a representative group of students

Model-Based Trace-Checking

Trace analysis can be a useful way to discover problems in a program under test. Rather than writing a special purpose trace analysis tool, this paper proposes that traces can usefully be analysed by checking them against a formal model using a standard model-checker or else an animator for executable specifications. These techniques are illustrated using a Travel Agent case study implemented in J2EE. We added trace beans to this code that write trace information to a database. The traces are then extracted and converted into a form suitable for analysis by Spin, a popular model-checker, and Pro-B, a model-checker and animator for the B notation. This illustrates the technique, and also the fact that such a system can have a variety of models, in different notations, that capture different features. These experiments have demonstrated that model-based trace-checking is feasible. Future work is focussed on scaling up the approach to larger systems by increasing the level of automation

Concurrent Development of Model and Implementation

This paper considers how a formal mathematically-based model can be used in support of evolutionary software development, and in particular how such a model can be kept consistent with the implementation as it changes to meet new requirements. A number of techniques are listed can make use of such a model to enhance the development process, and also ways to keep model and implementation consistent. The effectiveness of these techniques is investigated through two case studies concerning the development of small e-business applications, a travel agent and a mortgage broker. Some successes are reported, notably in the use of rapid throwaway modelling to investigate design alternatives, and also in the use of close team working and model-based trace-checking to maintain synchronisation between model and implementation throughout the development. The main areas of weakness were seen to derive from deficiencies in tool support. Recommendations are therefore made for future improvements to tools supporting formal models which would, in principle, make this co-evolutionary approach attractive to industrial software developers. It is claimed that in fact tools already exist that provide the desired facilities, but these are not necessarily production-quality, and do not all support the same notations, and hence cannot be used together

Logical Refinement of Imperative Programs: generating code from verified conditions

Most program development methods rely on a combination of programming and logical notations. Correctness is verified using refinement laws which often have logical side conditions. Checking these conditions involves a separate proof, breaking up the linear flow of the program derivation. This paper explores a variant of the refinement calculus in which only logical notation is used and the program under development is inferred from formulas which are, in effect, the verification conditions that would arise in a traditional derivation. It is preferable that these are verified first, in which case they should be called verified conditions. A polynomial algorithm exists for extracting the refinement argument, and hence the implementation, from these conditions. A prototype code generation system has been implemented in Prolog. The benefits and weaknesses of the approach are compared to those of more conventional refinement calculi