A Strategy Language for Testing Register Transfer Level Logic

The development of modern ICs requires a huge investment in RTL verification. This is a reflection of brisk release schedules and the complexity of contemporary chip designs. A major bottleneck to reaching verification closure in such designs is the disproportionate effort expended in crafting directed tests; which is necessary to reach those behaviors that other, more automated testing methods fail to cover. This paper defines a novel language that can be used to generate targeted stimuli for RTL logic and which mitigates the complexities of writing directed tests. The main idea is to treat directed testing as a meta-reasoning problem about simulation. Our language is both formalized and prototyped as a proof-search strategy language in rewriting logic. We illustrate its novel features and practical use with several examples.published or submitted for publicatio

Formalization and Correctness of the PALS Architectural Pattern for Distributed Real-Time Systems

Many Distributed Real-Time Systems (DRTS), such as integrated modular avionics systems and distributed control systems in motor vehicles, are made up of a collection of components communicating asynchronously among themselves and with their environment that must change their state and respond to environment inputs within hard real-time bounds. Such systems are often safety-critical and need to be certi???ed; but their certi???cation is currently very hard due to their distributed nature. The Physically Asynchronous Logically Synchronous (PALS) architectural pattern can greatly reduce the design and veri???cation complexities of achieving virtual synchrony in a DTRS. This work presents a formal speci???cation of PALS as a formal model transformation that maps a synchronous design, together with a set of performance bounds of the underlying infrastructure, to a formal DRTS speci???cation that is semantically equivalent to the synchronous design. This semantic equivalence is proved, showing that the formal veri???cation of temporal logic properties of the DRTS can be reduced to their veri???cation on the much simpler synchronous design. An avionics system case study is used to illustrate the usefulness of PALS for formal verification purposes.unpublishednot peer reviewe

A Formal Executable Semantics of Verilog

This paper describes a formal executable semantics for the Verilog hardware description language. The goal of our formalization is to provide a concise and mathematically rigorous reference augmenting the prose of the official language standard, and ultimately to aid developers of Verilog-based tools; e.g., simulators, test generators, and verification tools. Our semantics applies equally well to both synthesizeable and behavioral designs and is given in a familiar, operational-style within a logic providing important additional benefits above and beyond static formalization. In particular, it is executable and searchable so that one can ask questions about how a, possibly nondeterministic, Verilog program can legally behave under the formalization. The formalization should not be seen as the final word on Verilog, but rather as a starting point and basis for community discussions on the Verilog semantics.CCF-0916893CNS-0720512CCF-0905584CCF-0448501NNL08AA23Cunpublishedis peer reviewe

Mortality and pulmonary complications in patients undergoing surgery with perioperative SARS-CoV-2 infection: an international cohort study

Background: The impact of severe acute respiratory syndrome coronavirus 2 (SARS-CoV-2) on postoperative recovery needs to be understood to inform clinical decision making during and after the COVID-19 pandemic. This study reports 30-day mortality and pulmonary complication rates in patients with perioperative SARS-CoV-2 infection. Methods: This international, multicentre, cohort study at 235 hospitals in 24 countries included all patients undergoing surgery who had SARS-CoV-2 infection confirmed within 7 days before or 30 days after surgery. The primary outcome measure was 30-day postoperative mortality and was assessed in all enrolled patients. The main secondary outcome measure was pulmonary complications, defined as pneumonia, acute respiratory distress syndrome, or unexpected postoperative ventilation. Findings: This analysis includes 1128 patients who had surgery between Jan 1 and March 31, 2020, of whom 835 (74·0%) had emergency surgery and 280 (24·8%) had elective surgery. SARS-CoV-2 infection was confirmed preoperatively in 294 (26·1%) patients. 30-day mortality was 23·8% (268 of 1128). Pulmonary complications occurred in 577 (51·2%) of 1128 patients; 30-day mortality in these patients was 38·0% (219 of 577), accounting for 81·7% (219 of 268) of all deaths. In adjusted analyses, 30-day mortality was associated with male sex (odds ratio 1·75 [95% CI 1·28–2·40], p\textless0·0001), age 70 years or older versus younger than 70 years (2·30 [1·65–3·22], p\textless0·0001), American Society of Anesthesiologists grades 3–5 versus grades 1–2 (2·35 [1·57–3·53], p\textless0·0001), malignant versus benign or obstetric diagnosis (1·55 [1·01–2·39], p=0·046), emergency versus elective surgery (1·67 [1·06–2·63], p=0·026), and major versus minor surgery (1·52 [1·01–2·31], p=0·047). Interpretation: Postoperative pulmonary complications occur in half of patients with perioperative SARS-CoV-2 infection and are associated with high mortality. Thresholds for surgery during the COVID-19 pandemic should be higher than during normal practice, particularly in men aged 70 years and older. Consideration should be given for postponing non-urgent procedures and promoting non-operative treatment to delay or avoid the need for surgery. Funding: National Institute for Health Research (NIHR), Association of Coloproctology of Great Britain and Ireland, Bowel and Cancer Research, Bowel Disease Research Foundation, Association of Upper Gastrointestinal Surgeons, British Association of Surgical Oncology, British Gynaecological Cancer Society, European Society of Coloproctology, NIHR Academy, Sarcoma UK, Vascular Society for Great Britain and Ireland, and Yorkshire Cancer Research

On the Completeness of Context-Sensitive Order-sorted Specifications

We propose three different notions of completeness for term rewrite specifications supporting order-sorted signatures, deduction modulo axioms, and context-sensitive rewriting relative to a replacement map mu. Our three notions are: (1) an appropriate definition of mu-sufficient completeness with respect to a set of constructor symbols; (2) a definition of mu-canonical completeness under which mu-canonical forms coincide with canonical forms; and (3) a definition of semantic completeness that guarantees that the mu-operational semantics and standard initial algebra semantics are isomorphic. Based on these notions, we use equational tree automata techniques to obtain decision procedures for checking these three kinds of completeness for equational specifications satisfying appropriate requirements such as ground confluence, ground sort-decreasingness, weakly normalization, and left-linearity. Although the general equational tree automata problems are undecidable, our algorithms work modulo any combination of associativity, commutativity, and identity axioms. For all combinations of these axioms except associativity without commutativity, our algorithms are decision procedures. For the associativity without commutativity case, which is undecidable in general, our algorithms use learning techniques that are effective in all practical examples we have considered. We have implemented these algorithms as an extension of the Maude sufficient completeness checker

On the Church-Rosser and Coherence Properties of Conditional Order-Sorted Rewrite Theories

In the effort to bring rewriting-based methods into contact with practical applications, both in programing and in formal verification, there is a tension between: (i) expressiveness and generality ???so that a wide range of applications can be expressed easily and naturally???, and (ii) support for formal verification, which is harder to get for general and expressive specifications. This paper answers the challenge of successfully negotiating the tension between goals (i) and (ii) for a wide class of quite expressive Maude specifications, namely: (a) equational order-sorted conditional specifications (??, E ??? A), corresponding to functional programs modulo axioms such as associativity and/or commutativity and/or identity; and (b) order-sorted conditional rewrite theories R = (??, E ??? A, R, ??), corresponding to concurrent programs modulo axioms A. For functional programs the key formal property checked is the Church-Rosser property. For concurrent declarative programs in rewriting logic, the key property checked is the coherence between rules and equations modulo the axioms A. Such properties are essential, both for executability purposes and as a basis for verifying many other properties, such as, for example, proving inductive theorems of a functional program, or correct model checking of temporal logic properties for a concurrent program. This paper develops the mathematical foundations on which the checking of these properties (or ground versions of them) is based, presents two Maude tools, the Church-Rosser Checker (CRC) and the Coherence Checker (ChC) supporting the verification of these properties, and illustrates with examples a methodology to establish such properties using the proof obligations returned by the tools.unpublishednot peer reviewe

Five Isomorphic Boolean Theories and Four Equational Decision Procedures

We present four equational theories that are isomorphic to the traditional Boolean theory and show that each one of them gives rise to a canonical rewrite system modulo associativity, thus providing four decision procedures for propositional logic. The four theories come in two pairs of isomorphic dual theories. The first pair corresponds to J. Hsiang's rewrite system for the theory of Boolean rings, and to a rewrite system we propose for Dijkstra-Scholten propositional logic. The second pair uses the same Boolean operators as the previous pair but in a ``twisted'' fashion. These procedures, when run on a high performance rewrite engine, are quite efficient, but can be further sped up by the use of **optimizing equations** that perform obvious simplifications in the input expression before a decision procedure is invoked. Based on their Maude implementation, we present experimental results comparing the performance of the different procedures, and showing that they outperform a DPLL(T)-based SAT-solver

Symbolic Model Checking of Infinite-State Systems Using Narrowing

Rewriting is a general and expressive way of specifying concurrent systems, where concurrent transitions are axiomatized by rewrite rules. Narrowing is a complete symbolic method for model checking reachability properties. We show that this method can be reinterpreted as a lifting simulation relating the original system and the symbolic system associated to the narrowing transitions. Since the narrowing graph can be infinite, this lifting simulation only gives us a semi-decision procedure for the failure of invariants. However, we propose new methods for folding the narrowing tree that can in practice result in finite systems that symbolically simulate the original system and can be used to algorithmically verify its properties. We also show how both narrowing and folding can be used to symbolically model check systems which, in addition, have state predicates, and therefore correspond to Kripke structures on which ACTL* and LTL formulas can be algorithmically verified using such finite symbolic abstractions

The Rewriting Logic Semantics Project

Rewriting logic is a flexible and expressive logical framework that unifies denotational semantics and SOS in a novel way, avoiding their respective limitations and allowing very succinct semantic definitions. The fact that a rewrite theory's axioms include both equations and rewrite rules provides a very useful ``abstraction knob'' to find the right balance between abstraction and observability in semantic definitions. Such semantic definitions are directly executable as interpreters in a rewriting logic language such as Maude, whose generic formal tools can be used to endow those interpreters with powerful program analysis capabilities

Rewriting Logic Semantics of Orc

Orc is a language for \emph{orchestration} of web services developed by J. Misra that offers simple, yet powerful and elegant, constructs to succinctly program sophisticated web orchestration applications. However, because of its real-time nature and the different priorities given to internal and external events in an Orc program, giving a formal operational semantics that captures the real-time behavior of Orc programs is nontrivial and poses some interesting challenges. In this report, we first propose a real-time operational Orc semantics, that captures the informal operational semantics given in [26]. This operational semantics is given as a rewrite theory $\mathcal{R}^{sos}_{Orc}$ in which the elapse of time is explicitly modeled. This is followed by presenting a much more efficient \emph{reduction semantics} of Orc, which is provably equivalent to the SOS semantics. A detailed proof of strong bisimilarity of the two semantic specifications is then given. In both theories, the priorities between internal and external events and the \emph{time-synchronous} execution strategy used are modeled in two alternative ways: (i) by a rewrite strategy; and (ii) by adding extra equational conditions to the semantic rules. We show experiments demonstrating the much better performance of the reduction semantics when compared to the SOS semantics. We view this reduction semantics as a key intermediate stage towards a future, provably correct distributed implementation of Orc. We describe a distributed, object-based view of the Orc model and its specification. Using the Maude rewriting logic language, we also illustrate how the distributed semantics can be used to endow Orc with useful formal analysis capabilities, including an LTL model checker and search for violations of invariants. We illustrate these formal analysis features by means of two applications: an online auction system and a meeting scheduler, both of which are modeled as distributed systems of actors that perform Orc computations