Veri?cation of Compensation Requirements for the
SEPIA Cooperative Authoring System
Susan Even?and David Spelt
Centre for Telematics and Information Technology
University of Twente,P.O.Box217
7500AE Enschede,The Netherlands
October29,1998
Abstract
Compensation plays an important role in advanced transaction models,cooperative work,and work-?ow systems.However,in spite of the fact that the correctness of a system may depend on compensation operations,little attention has been devoted to the speci?cation of these operations and the veri?cation of their ability to compensate.In fact,compensation operations are often simply written as a?1(ignor-ing any parameters or results)and are assumed to be provided by the implementor of a system.This unfortunate situation reveals a signi?cant(and obvious)gap between theory and practice.
In this paper,we introduce a framework for the formal analysis of compensation operations,using an automated theorem prover.This framework includes:a high-level object-oriented schema de?nition language,an automated mapping from this language to a model in higher-order logic,and theorem prover extensions for mechanically reasoning about the database operations.
As an example,we look at compensation requirements for the SEPIA cooperative authoring system, in the context of a semantics-based,advanced transaction model for cooperative activities.We give an object-oriented database schema representative of the core functionality of the SEPIA system(namely, the creation,insertion,and manipulation of nodes and links in a generic graph structure),and discuss proof requirements for the methods of this schema.Automated proof assistance is illustrated by means of a non-trivial example of method compensation.
?Research supported by SION,Stichting Informatica Onderzoek Nederland.
1Introduction
Compensation plays an important role in advanced transaction models,cooperative work,work?ow,and transactional work?ows[KLS90,WK96,CD97,MR97,GVBA97].However,in spite of the fact that the correctness of a model or system may depend on compensation operations,little attention has been devoted to the speci?cation and veri?cation of these operations.There is a signi?cant(but often overlooked)gap between the elegant appearance of compensation operations as found in theory,and the low-level nature of compensation operations as found in implementation code.A compensation operation for a is often written as?a or a?1in the literature.But this notation abstracts away from any parameters and results the operation may have.For a complex operation,de?ning a compensating operation,and proving that it is indeed so,requires more than just notation.
This paper introduces a framework for the formal analysis of compensation operations,using an auto-mated theorem prover.The analysis is based on the semantics of the operations with respect to a formal model of a persistent object store.The operations may take parameters and return results.The analysis framework includes:a high-level object-oriented schema de?nition language,an automated mapping from this language to functions in higher-order logic(de?ned in terms of a generic theory of objects that is used to model the database state),and theorem prover extensions for reasoning about the database operations. Problem de?nition.It is useful to consider the compensation problem informally,at?rst,in order to gain an intuitive understanding of the subtle issues involved.Consider a simple example of a method book de?ned on a Hotel class in a?ctitious travel agency system:
Reservation book(Date start,Date end){
if this.available(start,end)
then this.addReservation(start,end)
else skip returns(nil)
}
If the Hotel is available in the desired period,the reservation is made and the Reservation object resulting from the application of the addReservation method is returned;otherwise,the nil literal is returned.
A method that compensates the effects of the above method,may be de?ned as follows:
void UNDO_book(Date start,Date end,Reservation rtn){
if rtn!=nil
then this.delReservation(start,end)
else skip
}
In general,we assume that for each method M,a compensation method UNDO_M is to be speci?ed.The signature of the compensation method UNDO_M is derived from the signature of M:the parameters of the method UNDO_M are the same as for method M,plus an additional parameter,which corresponds to the result returned by M.If the effects of M are to be compensated,UNDO_M is invoked with the same parameter values,plus the value returned by M.
The speci?cation of such a compensation method gives rise to a proof https://www.doczj.com/doc/1d18785924.html,rmally,for the above example,we obtain the following proof obligation.Consider an Hotel object h,and Date objects d1and d2.If h.book(d1,d2),executed in a state DB returns the Reservation value r(resulting in state DB ),then the subsequent invocation h.UNDO book(d1,d2,r)in state DB should yield the same old state DB,for arbitrary database state DB,receiver object h,and parameter values d1and d2.Notice that the proof obligation involves a universal quanti?cation over all possible database states,receiver object, and parameter values.This can never be veri?ed by simple testing.
The tool described in this paper uses a theorem prover,which can reason about the effects of methods symbolically;thus,we obtain a level of generality that can not be obtained by simple testing.To achieve this,the method de?nitions are translated to function de?nitions in higher-order logic,a well-known formal notation that can be mechanically reasoned about,using a theorem prover such as PVS[ORR+96]or Is-abelle[Pau94].In our work,we use the Isabelle system.We develop a formal model to describe the effects
of primitive update operations on a persistent object store,based on delta values[DHR96].Based on the formal representations of a method M and its compensation UNDO_M,the proof obligation for compensation can be entered as an Isabelle proof goal.In this paper,we show that with extensions for reasoning about delta values,the Isabelle tool is capable of automating non-trivial compensation proofs.
Organization of the paper.Section2gives an overview of the SEPIA cooperative authoring system and the CoAct cooperative transaction model,which is designed to support it.We highlight the role of compen-sation in the model,and explain how it is used in combination with backward commutativity to selectively undo work in a cooperative environment.We show how to model SEPIA structures and operations with the OASIS schema de?nition language in Section3.Section4discusses the schema translation from OASIS to higher-order logic.The analysis tool is illustrated in Section5.A compensation proof goal is given,along with fragments of an example proof and experimental results.Section6discusses related work.Section7 gives a summary and mentions our future work.
In presenting our approach to the veri?cation of compensation requirements,we emphasize the model-ing aspects,the mapping to higher-order logic,and the automated proof procedures.We focus on method compensation,which is the primary focus of the CoAct model,although the results are extendible to trans-actions.(In fact,we“lift”the methods to the transaction level during the analysis.)There is no precedence for veri?cation work of this kind;it is the framework itself that is new in this paper.
2Compensation in the SEPIA cooperative authoring system
The example we study is motivated by a real-life cooperative authoring system(called SEPIA)[SHH+92], and the cooperative transaction model(called CoAct)that is used to provide transaction management sup-port for the system[RKT+95,WK96].Authors using the SEPIA system cooperate to construct a document dynamically,from atomic operations that serve as building blocks.There is no a priori“scripting”of the cooperative activities.This?exibility led to the design of an advanced transaction model to support free-style cooperative https://www.doczj.com/doc/1d18785924.html,pensation operations play an important role in both the SEPIA system and in the CoAct transaction model.As authoring progresses,users may restructure the document to suit their whims,and they may undo changes in order to integrate their work with that of other users.A save point mechanism does not provide adequate support for undoing work in a cooperative work environment:restor-ing a saved state to undo an operation may have the side effect of undoing other operations(by other users).
A compensation operation provides a means to exclusively undo the effects of an update operation. Compensation and commutativity requirements of CoAct.It is instructive to take a closer look at the role of compensation in the CoAct transaction model[RKT+95,WK96,KTWK97].Conceptually,users work in their own private workspaces,each with an associated workspace history.The model makes use of three semantics-based transaction management ideas:backward commutativity[Wei88],compensation [KLS90],and forward commutativity[Wei88,LMWF94].Each of these places requirements on the seman-tics of the operations of the database schema.Backward commutativity(more precisely,failure to backward commute)is used in the CoAct model to identify operations that depend on each other,for the calculation of consistent units of work;it concerns operations in the same workspace history[RKT+95,WK96].Com-pensation also addresses a single workspace history:a compensation operation semantically undoes the effects of the original operation—it does not merely restore a previous workspace state.Conceptually, it is executed immediately after the operation it compensates.If interim operations have been executed after the to-be-compensated operation,these operations must backward commute with(i.e.,be indepen-dent of)it.This means that the interim operations can be moved“backwards”in the history,ahead of the to-be-compensated operation,with the result that the undo operation is executed immediately after it. This is illustrated in Figure1.Note that the reordering is conceptual only.The backward commutativity requirement guarantees that the reordered history is equivalent to the actual execution history.Forward commutativity(more precisely,failure to forward commute)is used to identify con?icts between opera-tions in different histories.A consistent unit of work from one workspace history(a subhistory)can be merged with another workspace history,provided the operations of the two histories forward commute. (See[WK96,KTWK97]for details.)
Figure1.Conceptual Reordering of History to Enable Compensation The CoAct transaction model assumes that backward commutativity relations,compensation opera-tions,and forward commutativity relations are provided by the database schema designer.The correctness of this information is the responsibility of the schema designer.This is exactly the aim of our research:to provide a reasoning tool that can be used to help verify the semantics requirements on a database schema. In this paper,we limit our discussion to compensation.
3Modeling SEPIA structures and operations in OASIS
A characteristic of the style of cooperative work supported by the SEPIA system and the CoAct transac-tion model is that high-level transactions are constructed dynamically,by selecting and executing atomic operations.It is these atomic operations that must be described in the database schema.This section gives a partial schema speci?cation of the core functionality of the SEPIA system.We use a language called OASIS for this,which is based on O2C[BDK92].OASIS includes speci?cation facilities for abstract and concrete classes,object creation,heterogeneous collections,inheritance of methods,and late binding,plus facilities for the speci?cation of integrity constraints,queries,and transactions.Not all features are shown in this paper.The OASIS object manipulation commands include sequential composition,conditional branch,bounded collection iteration[Qia91],and non-recursive update method call.
The SEPIA system is implemented as an extension of a hypermedia engine that provides a generic graph structure and editing operations[KAN94,EFK+96].Below,we give class interface declarations for part of the SEPIA system in OASIS:
abstract class Element{
attribute string name;
attribute int position;
abstract boolean isConnectedTo(Element n);
string changeNameTo(string s);
};
abstract class Node extends Element{
attribute setincomingLinks;
attribute setoutgoingLinks;
boolean addIncomingLink(Link k);
};
class ANode extends Node{
attribute set
};
class CNode extends Node{
attribute int size;
attribute set
Link createLinkIn(Node a,Node b,string s,int p);
boolean removeNodeOrLink(Element n);
};
class Link extends Element{
attribute Node from;
attribute Node to;
Link(string s,int p,Node a,Node b){name=s;position=p;from=a;to=b}; };
class AtomicContents{
attribute string referenceDirectory;
attribute string showStatement;
attribute string URL;
};
name set
name setlinks;
name set
Class Element is abstract.It declares an abstract method isConnectedTo,which has different imple-mentations for classes Node and Link(see Figure2).Atomic nodes(class ANode)contain the hypermedia data of the document;composite nodes(class CNode)contain atomic nodes,links,and other composite nodes as elements.The SEPIA system serves primarily to structure a hypermedia document.For this reason,the class hierarchy ends at the AtomicContents class,which is used for application-speci?c kinds and formats of media,such as text documents,audio,and graphics.Objects of the AtomicContents class maintain e.g.,a?le-system handle to the hypermedia object,along with system commands(represented as strings)for displaying and editing the object.Three persistent roots are speci?ed,which serve as extents for classes CNodes,Links,and ANodes.Persistence by reachability is used[BDK92].
Compensation operations.Figure2gives de?nitions for the methods declared in the schema,plus de?-nitions for four compensation methods.The abstract method isConnectedTo has different implementa-tions in Link and Node.It is invoked by method removeNodeOrLink,within an iteration over Elements; late binding determines the actual implementation that is used.
The compensation methods are applied by the CoAct transaction management software to undo the ef-fects of an operation with the same name(i.e.,changeNameTo,addIncomingLink,createLinkIn, or removeNodeOrLink)in a workspace history.Observe that care was taken when de?ning the original methods so as to allow us to de?ne the UNDO methods.For example,the addIncomingLink method calculates whether the method will succeed in doing anything,using the condition‘k=nil or k in incomingLinks’.Although it is true that if the new link‘k’is already in the set of incomingLinks, its insertion into the set will not cause the set contents to change,the test becomes important when the UNDO addIncomingLink is executed:a previously existing link in the set should not be deleted by mistake(actually the same link,inserted by a earlier invocation of the addIncomingLink method).It is subtle issues such as this that make a proof tool a valuable aid to the speci?er.
Some kinds of operation,such as input and output operations,can not be compensated,because they involve interaction with an external environment.For the SEPIA system,this amounts to operations that implement the graphical user interface.
To prove that one method compensates another,we make use of the fact that the UNDO method is applied(by the transaction manager)immediately after the original method.Proof goals are discussed in Section5.The next section discusses details of our formal model.
4Modeling OASIS schemas in higher-order logic(HOL)
There are two essential ingredients in the formal model we use for an OASIS database schema:a generic model of objects,and a database-speci?c object type,which follows the inheritance relation established
string Element::changeNameTo(string s){
var oldName:string{oldName=name;name=s}returns(oldName)};
void Element::UNDO_changeNameTo(string s,string rtn){name=rtn};
boolean Link::isConnectedTo(Element n){(from==n)or(to==n)};
boolean Node::isConnectedTo(Element n){
(n in incomingLinks)or(n in outgoingLinks)};
boolean Node::addIncomingLink(Link k){
if k=nil or k in incomingLinks then{skip}returns(false)
else{incomingLinks+=set(k)}returns(true)};
void Node::UNDO_addIncomingLink(Link k,boolean rtn){
if(rtn)then incomingLinks-=set(k)else skip};
Link CNode::createLinkIn(Node a,Node b,string s,int p){
var n:Link{
if(a in elements and b in elements)then{
n=new Link(s,p,a,b);elements+=set(n);links+=set(n)}returns(n) else{skip}returns(nil)}};
void CNode::UNDO_createLinkIn(Node a,Node b,string s,int p,Link rtn){ if(rtn!=nil)then{elements-=set(rtn);links-=set(rtn)}else skip};
boolean CNode::removeNodeOrLink(Element n){
if(n!=nil)and(n in elements)and
(forall x in elements:not(x.isConnectedTo(n)))then{
elements-=set(n)}returns(true)
else{skip}returns(false)};
void CNode::UNDO_removeNodeOrLink(Element n,boolean rtn){
if(rtn)then{elements+=set(n)}else skip};
Figure2.Example(UNDO)Operations for the SEPIA Schema
by the schema.The database state includes named persistent roots and a type-tagged object store(i.e., memory).The persistent roots are global variables,bound to complex structures that contain handles to accessible objects.Class methods and transactions may explicitly manipulate the persistent roots.Persis-tence by reachability is used[BDK92].There is no explicit delete operation on the database state;instead, all references to a“deleted”object must be made null by the user.Our formal model of object storage,and the representations we use for methods,constraints,and transactions all accommodate nil values.
The object store is modeled as a partial function from object identi?ers to values.The codomain of this function is modeled as a variant type,with cases for each of the concrete classes of the schema.When an object is created,its value is tagged with the appropriate variant constructor.The model of objects includes algebraic operators and equivalence theorems.
OASIS methods,constraints,and transactions are modeled as HOL functions over the database state. The functions are de?ned in terms of the generic operations of the model of objects.The generic aspects of the model are similar to the ideas proposed by Doherty et al[DH95,DHDD95,DHR96,Doh98].As in their work,we use delta values to model change at the database level and at the object level.Details are given below.
The generic object store.The object store is represented in HOL using the function type‘oid?βoption.’The‘option’type constructor in the codomain is used to represent partial function types: it includes the cases‘None’(to represent unde?ned results)and‘Some v’(to represent de?ned results,
where the actual value v is supplied as an argument).The type variableβgets instantiated with the object type for the classes of the schema(as explained below).
The operations of the generic theory of objects are listed in Figure3,with their signatures,in Is-abelle/HOL notation.The operations are schema-independent and take functions as parameters.The op-oids:(oid?βoption)?oid set
skip:(oid?βoption)
new:[oid,β]?(oid?βoption)
smash:[(oid?βoption),(oid?βoption)]?(oid?βoption)
mod:[(oid?βoption),oid,β?β]?(oid?βoption)
eval:[βoption,β?bool]?bool
get:[βoption,β?α]?α
foreach:[αset,[α,oid]?βoption]?(oid?βoption)
Figure3.Generic Operations of the Theory of Objects
eration oids extracts the domain(de?ned object oids)of a given object store.It is instructive to see the form its de?nition takes in the HOL theory:
oids::(oid?βoption)?oid set
oids os=={x.os x=None}
The application‘oids os’is de?ned(using set comprehension)to be the set of oids x such that the value bound to x in the object store is not‘None’.Note the declarative nature of the de?nition.Isabelle does not actually compute such set-comprehensions;it only reasons about them.
The object store and delta values(at the object store level)share the same type.A delta value describes tentative changes to the object store,and corresponds to a“difference”between database states.The constant‘skip’is an empty delta value(i.e.,no changes to the object store).The application‘new o v’(where o is an oid,and v is a value)constructs a delta value with a binding for(only)the new object. The application‘smash s1s2’makes the bindings in s2hide bindings for the same oid values in s1.The smash operation is used for modeling sequential compositions,and transaction commit.When s1and s2 are both delta values,smash corresponds to the smash operation(for the composition of delta values)of [DHR96];when s1is an object store,smash corresponds to the apply operation(for the materialization of delta values)of[DHR96].
The application‘mod s o f’returns a delta value that contains a binding for(only)the modi?ed object (with oid o).The argument f corresponds to a delta form at the object level in the approach of Doherty et al1;it is applied to the object’s old value in the object store.The next two operations(eval and get)deal with object lookup.Both operations take a“storage cell”as their?rst argument.The second argument is a function to be applied to the value stored in the cell,if it is Some-tagged;a default value is returned if the cell is None-tagged(this amounts to‘False’for the boolean-valued eval operation,and‘arbitrary’for theα-valued get operation).The application‘eval v p’is used to apply a predicate p to an object’s value;the predicate is typically a?lter expression that re?ects database-speci?c typing constraints.The application‘get v f’is used to apply a function f to an object’s value;the function is typically used for attribute selection.
Using Isabelle,we have derived a number of algebraic theorems(49at present)about the generic operations(see Figure4).Basic theorems have been proved for smash(e.g.,left and right identity,and associativity).There are a number of theorems for simplifying delta patterns(e.g.,rule r4for sequential composition of two updates to the same object).There are also rules for“pushing”the retrieval operations get and eval through a modi?ed object store(a modi?ed store always takes the form of a smash of an object store value and a delta).For example,rules r5,r6,and r7are for pushing the get operation through the patterns mod,new,and smash.
1More precisely:a delta?cation operation at the object level.
r1:smash s skip=s
r2:smash skip s=s
r3:smash s1(smash s2s3)=smash(smash s1s2)s3
r4:smash(mod s ida f)(mod(smash s(mod s ida f))ida g)=mod s ida(g?f)
r5:get((smash s1(mod s2idb f))ida)g=
(if idb=ida∧idb∈oids s2then get(s2ida)(g?f)else get(s1ida)g)
r6:idb∈oids s1 →
get((smash s1(new idb valb))ida)g=
(if ida=idb then g valb else get(s1ida)g)
r7:get((smash s(smash s1s2))ida)f=
(if ida∈oids s2then get((smash s s2)ida)f
else if ida∈oids s1then get((smash s s1)ida)f
else get(s ida)f)
Figure4.Illustration of Equivalence Theorems
Type-tagged object values.The type variableβthat appears in the generic object store type is instanti-ated with database-speci?c information obtained from the schema.To describe the domain of object values, we use a variant type.2Cases are introduced for each of the concrete classes in the database schema.The concrete class names are used as the type constructors.For the SEPIA example,the following object type is obtained:
datatype object=ANode string int(oid set)(oid set)(oid set)
|CNode string int(oid set)(oid set)int(oid set)
|Link string int oid oid
|AtomicContents string string string
The abstract classes of the schema(Element and Node)are not listed in the type,since they do not have concrete instantiations.Structural information for an object(attribute values)is supplied as an argument to its data type constructor.This information includes all attributes inherited from superclasses.Class refer-ences in compound objects appear as“pointer”references in the form of oid-values.This accommodates object sharing and heterogeneous sets:representations of objects from different classes can be grouped in one and the same set,since they all have the same Isabelle type oid.The constructors of type object provide run-time type information.In object-oriented systems with inheritance,this information is needed to model run-time type-based decisions,such as late-binding.Type decisions are encoded using case splits to examine the type tag.
Methods as functions on the database state.Methods are represented as functions in HOL.Retrieval methods(queries)take an input object store,persistent roots,and parameters as arguments,and return a(complex)value.Isabelle/HOL prede?nes the basic datatypes such as bool,int,set,and list; arbitrarily nested data structures—characteristic of OO databases—are already supported(e.g.,sets of lists of integers).This was one of the motivations for choosing HOL.
Update methods are built from commands;their HOL function representations describe changes to the database state.An update method maps an input object store,persistent roots,an oid(the this parameter), actual parameter values and any required new oids to a tuple.This tuple includes components for the modi?cations to the object store,the persistent roots,and the method parameters.The modi?cations to the object store are described by a delta value,given as the?rst component of the tuple.Updates to persistent roots and parameters are by value-result:modi?cations to the roots and parameters are returned as Some-tagged values,where the value represents the updated root or parameter;‘None’is returned as a result if 2This is analogous to the use of the disjoint union domain in denotational semantics,as a means to put values from different domains in the same set[MS76].
no modi?cations are made.(Recall that the HOL‘optionβ’type is generic.)The return value of the method application is given in the last position of the tuple.
As an example,we look at the HOL representation of the removeNodeOrLink method:
CNode_removeNodeOrLink::[OS,(oid set),(oid set),(oid set),oid,oid]?(OS×(oid set)option×(oid set)option×(oid set)option×oid option×oid option×bool) CNode_removeNodeOrLink os cnodes links anodes this n==
if condition then(mod os this f,None,None,None,None,None,True)
else(skip,None,None,None,None,None,False)
In the signature,‘OS’abbreviates the object store(delta value)type‘oid?object option’.The condition is explained below.The?rst component of the result tuple is a delta value at the object store-level.Argument f of the‘mod’application is an object-level delta value that modi?es the elements ?eld of the‘this’object,by removing oid‘n’from the set.The‘None’components of the result tuple indicate no changes to the roots and parameters.Below,we?ll in the details for the condition expression; details of f are omitted.
The condition expression of the method body is represented using a number of applications of the ‘eval’and‘get’operations of the theory of objects:
(eval(os n)isElement)∧n∈(get(os this)elementsOf)∧
(?x∈(get(os this)elementsOf).
?(if(eval(os x)isLink)
then(Link_isConnectedTo os cnodes links anodes x n)
else(if(eval(os x)isNode)
then(Node_isConnectedTo os cnodes links anodes x n)
else arbitrary)))
The?rst subexpression represents the‘n!=nil’comparison of the removeNodeOrLink method. The eval operation is applied to the storage cell associated with n,and the function isElement:
(λval.case val of ANode name position incomingLinks outgoingLinks content?True
|CNode name position incomingLinks outgoingLinks size elements?True
|Link name from to?True
|AtomicContents···?False)
The eval application returns True if n is Some-tagged in the object store,with the right type(i.e.,it is not nil).The second subexpression checks that n is in the‘elements’?eld of the‘this’object. (If‘this’is incorrectly typed or nil,the result of‘get’is arbitrary and the membership test is False.)The last subexpression is the HOL representation of the following test in the method de?ni-tion:(forall x in elements:not(x.isConnectedTo(n))).This involves late binding: based on the(run-time)type of x,the appropriate version of the isConnectedTo method is applied;an ‘arbitrary’value results for a wrongly typed or nil x.
The OASIS to HOL schema translation is,in some sense,a semantics mapping,where the output is HOL notation.The mapping is less rigorous than a denotational de?nition,in that the output notation (roughly corresponding to domains)is only intended to be reasoned about by the Isabelle system.Some aspects of the mapping are declarative in nature.For example,the“newness”of new oids only needs to be asserted as an assumption in proofs;new oid values do not need to be computed.The full mapping from OASIS to HOL is documented in[Spe98].It has been implemented in ML to automatically generate an Isabelle theory?le from an input OASIS database schema.
5Compensation analysis using the Isabelle theorem prover
Our analysis tool is built around the Isabelle/HOL theorem prover[Pau94].The schema translation from OASIS to HOL discussed in the previous section provides a formal foundation for mechanically reasoning about the effects of methods on the database state.In this section,we show how to use Isabelle to automate proofs about compensation.
Compensation in terms of the formal model.In the introduction,we informally explained the com-pensation requirement.We can now formalize this requirement in terms of the HOL representation of the methods.To formulate what we mean by a compensation requirement for method UNDO M with respect to method M,consider the following applications(and results)of the two methods:
let(?,v 1,...,v n,r)=M os v1···v n
let(? ,v 1,...,v n,r )=UNDO M(smash os?)v1···v n r
The UNDO method is applied to the same arguments as the original method,with the exception of the object store argument;it is also applied to the return value of M.The delta value?contains the(tentative) changes to the database state made by method M.These changes are combined with the original object store in order to evaluate method UNDO M.The operator smash is used to hide(override)any bindings for the same objects in its?rst argument.This use of smash corresponds to the apply operator used by Doherty and Hull to materialize delta values(i.e.,apply the changes to the database state).As can be seen above,method UNDO M is applied to an M-modi?ed object store;it returns a delta value? that contains its (tentative)changes to the database state.For compensation,we want to prove that the original object store os is equivalent(in some sense)to the object store obtained after the changes proposed by both methods are applied:os≡smash(smash os?)? .To state this requirement formally,we use the‘get’and ‘eval’operations as follows:
(eval(os x)isObject) →
(get((smash(smash os?)? )x)(λval.val))=(get(os x)(λval.val))
The above implication asserts that for an arbitrary oid value x:if x is de?ned in os,then its value retrieved in os should be the same as its value retrieved in the state after application of the composed updates.The compensation requirement also includes an assertion about the equivalence of the persistent roots.This is illustrated by the example below.
Compensation requirements as proof goals.The proof goal for method removeNodeOrLink is shown in Figure5.Because‘oid’is an uninterpreted data type,any required properties of oids(e.g., os nil=None →
let(?,cnodes1,links1,anodes1,this1,n1,ret1)=
CNode_removeNodeOrLink os cnodes links anodes this n;
(? ,cnodes2,links2,anodes2,this2,n2,rtn2,ret2)=
CNode_UNDO_removeNodeOrLink(smash os?)
(case cnodes1of None?cnodes|Some y?y)
(case links1of None?links|Some y?y)
(case anodes1of None?anodes|Some y?y)this n ret1 in((eval(os x)isObject) →
(get((smash(smash os?)? )x)(λval.val))=(get(os x)(λval.val))
∧(case cnodes2of None?(case cnodes1of None?True|Some y?y=cnodes)
|Some y?y=cnodes)
∧(case links2of None?(case links1of None?True|Some y?y=links)
|Some y?y=links)
∧(case anodes2of None?(case anodes1of None?True|Some y?y=anodes)
|Some y?y=anodes))
Figure5.A Proof Goal for Compensation
freshness of new oids,and the fact that the lookup of‘nil’always gives‘None’)must be speci?ed as pre-conditions in proofs.This is the reason for the assumption‘os nil=None’.Unbound variables in the proof goal are implicitly universally quanti?ed.Thus,the object store(os),the persistent roots(cnodes,
links,and anodes),the receiver object(this),the Element argument to the methods(parameter‘n’in their signatures),and the oid‘x’in the implication of the let-in construct are all universally quanti?ed in the proof.3This achieves the desired level of generality mentioned in the introduction.
The let-construct includes applications of both methods.The UNDO method is applied to the removeNodeOrLink-modi?ed object store,(smash os?).As explained in Section4,updates to variables is by value-result:case-expressions are used to pass on changes to the persistent roots.Any changes to the method parameters are discarded(call by value is assumed).In this example,parameters this and n are both oids;any changes to the values of the objects they refer to(side effects of the method) appear in the delta values.The implication of the let-in construct asserts that if x is de?ned in os,then its value retrieved in os should be the same as its value retrieved in(smash(smash os?)? );fur-ther,the values of the persistent roots should be the same.The latter is expressed for each root individually, using a nested case statement.
The OASIS schema translator includes ML functions for automating proof goal generation.The above compensation goal is generated by simply entering the following command at the Isabelle prompt:
-start_proof(undo_method_goal("CNode","removeNodeOrLink"));
Automated proof procedure.The analysis tool implements an automated proof strategy,which cus-tomizes Isabelle’s standard automated proof strategy.This is essentially the same strategy we have previ-ously used for verifying consistency requirements(i.e.,that a method preserves a number of static integrity constraints)[SE99,SE98].The proof strategy is comprised of the following three steps:(i)normaliza-tion of the goal using rewriting;(ii)safe natural deduction inference steps;and(iii)exhaustive depth-?rst search.These steps are carried out successively,without human interaction.However,automated theorem proving in HOL is inherently limited.The proof search may fail because of undecidability:subgoals that cannot be solved automatically are returned by the proof procedure and can be examined interactively in Isabelle.
(i)The proof starts with a normalization step,using the Isabelle Simpli?er.The Simpli?er performs term-rewriting with an arbitrary set of(conditional)equivalence theorems.The default Isabelle Simpli?er installs a large collection of standard reduction rules for HOL;new rules are easily added to customize the Sim-pli?er to particular tasks.Our theory of objects extends the standard set of rules with rules for simplifying delta patterns,like those illustrated in Figure4.These rules are applied to normalize the initial proof goal. For example,rule r7applies to the following subterm:
get((smash(smash os?)? )x)(λval.val)
Application of the rules yields a normal form,in which all occurrences of get and eval are expressed in terms of the input object store os.
(ii)Automated theorem proving in Isabelle combines term-rewriting with natural deduction.Its Classical Reasoner uses a set of introduction and elimination rules(i.e.,theorems)for higher-order logic to automate natural deduction inferences.The default con?guration of the tool includes machinery to reason about sets,lists,tuples,booleans,etc.The tool implements a depth-?rst search strategy;variables introduced by the use of quanti?ers can be automatically instantiated,and backtracking is performed between different alternative uni?ers.The tool requires a distinction to be made between so-called safe and unsafe rules.Safe rules can be applied deterministically;they do not introduce or instantiate variables,so there is no need to undo any of these steps at later stages in the proof.For example,introduction of universal quanti?cation is safe,whereas its elimination is unsafe.Safe steps get rid of trivial cases.The Classical Reasoner interleaves these steps with further term-rewriting.
As we did for the Simpli?er tool,some extensions have to be made to the Classical Reasoner.The extensions include a database-speci?c rules for the introduction(and a converse rule for elimination)of the predicates eval and oids.These rules(and their proof scripts)are generated automatically by the OASIS schema translator.They provide a mechanism for case-based reasoning for the database-speci?c 3The variable names in the goal are automatically generated.The mathematics symbols are used to improve readability.
object type.Application of safe inference steps to our example proof goal(after normalization)yields 12subgoals,which require further analysis.
(iii)Once the safe steps have been performed,any remaining goals are subject to an exhaustive depth-?rst analysis[Isa].Safe inference steps are now interleaved with unsafe steps.This may involve backtracking, and undoing of uni?cation steps.Isabelle allows a limit to be imposed on the search depth.This guarantees termination of the search tactics.In our practical experiments,a depth of2turned out to be suf?cient.This step of the proof procedure solves the remaining12subgoals of the example proof.
Practical results.The OASIS schema translator consists of approximately2029lines of ML code.At present,the generic OO theory is632lines of Isabelle/HOL code,and49theorems.The input SEPIA schema currently includes6class de?nitions,27method de?nitions(9of which are UNDO methods),and 5integrity constraints.4The Isabelle theory and ML?les generated for this schema comprise162lines of code.
All compensation requirements of our case study could be proved automatically.Table1gives experi-
C LASS M ETHO
D C OMPENSATION P ROOF T IME
Element changeNameTo UNDO changeNameTo3.40s.
Node addIncomingLink UNDO addIncomingLink5.10s.
CNode createLinkIn UNDO createLinkIn85.92s.
CNode removeNodeOrLink UNDO removeNodeOrLink11.52s.
Table1.Experimental Results for Method Compensation
mental results for verifying the compensation methods shown in this paper.The proof times are in seconds, with Isabelle running on a SUN296MHz Ultra-SPARC-II,under Solaris.The times given are only a rough guide of the ef?ciency of the automated compensation proofs.The timings reveal that methods that involve object creation(i.e.,method createLinkIn)are more costly to analyze.
6Related work
We are not aware of related work on the automated veri?cation of compensation requirements.This paper extends our previous work on the analysis of object-oriented database schemas.We have looked at transac-tion and method safety analysis with respect to a number of static integrity constraints[SB97,SE99,SE98]. The compensation analysis discussed in this paper uses the same automated proof procedure that is used for safety analysis.In[SE99],we give an example proof and proof times for the safety of method re-moveNodeOrLink with respect to?ve integrity constraints on the SEPIA schema.Our extensions to the Isabelle system are discussed in more detail in that paper.In[SE98],we discuss the impact of object creation on the formal model in more detail.The HOL representation of,and safety proof for method createCompositeIn(for creating a composite node within another composite node)are discussed.
The formal model underlying our approach is related to the work on delta values for object-oriented databases by Doherty et al[DH95,DHDD95,DHR96,Doh98].Their work investigates the use of delta values in the detection and resolution of con?icts between proposed updates,in a cooperative work envi-ronment.Delta values exist as?rst-class citizens in their database programming language(called H2O): special language constructs are available for manipulating and combining delta values.Delta values also exist as database objects.Thus,system support is needed for the creation of delta values(delta?cation), and for the application of delta values to the database state(materialization).
In[Doh98],Doherty introduces state speci?cation trees for the run-time management of delta values and hypothetical states.A system architecture for delta-based groupware,and a prototype authoring system based on this architecture are given.Delta operations at the object level must be provided by the schema designer,to support delta-based application software.To support authoring,a delta form for documents, 4Only parts of the SEPIA schema are shown in this paper.
modeled as sequences is given.H2O delta?cation operations,such as‘insert at head’,are given
for constructing sequence delta values.Such an operation is applied to a sequence object and produces a
sequence delta value that represents the tentative change.Operations are also given for composing sequence
delta values(e.g.,‘smash seq?1?2’,where?1and?2are deltas on sequences).In our formal model, a smash on delta values at the object level corresponds to function composition(see rule r4of Figure4).
Our generic theory of objects allows general properties to be proved about the operations.As illustrated in
the?gure,these properties are independent of the database-speci?c‘object’type.
7Conclusions and future work
In a nutshell,the contributions of this paper are:
?a formal analysis technique and prototype tool for the compile-time veri?cation of compensation operations on an object-oriented database schema,and
?a case study and experimental results that show the technique is applicable to the kinds of operations that arise in real-life object-oriented database software.
The analysis technique is based on the semantics of the database operations,with respect to a formal model
of memory that re?ects the type-tagged storage structure of an implementation.Issues such as object
creation,inheritance,and late binding of methods(all of which are linked to run-time type information)
are accommodated by the formal model.The prototype tool is built using the Isabelle automated theorem
prover[Pau94].The tool was initially developed to verify consistency requirements[SE99,SE98].The
compensation analysis discussed in this paper uses the same automated proof procedure,which is largely
based on standard machinery developed for higher-order logic.This paper makes it clear that different
requirements on the semantics of update operations can be veri?ed within a single formal framework.
The compensation analysis is done statically,at compile-time.This is a bene?t,because the user of such
an analysis tool can experiment with different implementations of methods,to?ne-tune the speci?cation,
and immediately spot problems in a design.Indeed,we had to recode the addIncomingLink method
of the example SEPIA schema,because we had forgotten part of the condition.It is subtle coding issues
that make a proof tool a valuable aid to the schema designer.
Support for the veri?cation of compensation requirements provides an important?rst step to support ad-
vanced transaction models at the schema design level.As illustrated in Section2(Figure1),compensation
should be combined with backward commutativity.Since the veri?cation of consistency and compensation
requirements has already proven feasible in our framework,we hope to be able to generalize it to support
the veri?cation of commutativity requirements as well.
References
[BDK92]Bancilhon,C.Delobel,and P.Kanellakis.Building an Object-oriented Database System:The
Story of O2.Morgan Kaufmann,1992.
[CD97]Q.Chen and U.Dayal.Failure handling for transaction hierarchies.In Proceedings of ICDE,
pages245–254,Birmingham,U.K.,April1997.
[DH95]M.Doherty and R.Hull.Towards a framework for ef?cient management of potentially con-
?icting database updates.In IFIP International Conference on Database Semantics(DS-6),
Atlanta,Georgia,May1995.
[DHDD95]M.Doherty,R.Hull,M.Derr,and J.Durand.On detecting con?ict between proposed up-
dates.In International Workshop on Database Programming Languages(DBPL),Gubbio,
Italy,September1995.
[DHR96]M.Doherty,R.Hull,and M.Rupawalla.Structures for manipulating proposed updates in
object-oriented databases.In ACM SIGMOD Symposium on the Management of Data,pages
306–317,June1996.
[Doh98]Michael Doherty.A Multistate Service Based on Deltas and Its Application to Support Collab-orative Work.PhD thesis,University of Colorado,Boulder,Colorado,1998.
[EFK+96]S.Even,F.Faase,H.Kaijanranta,J.Klingemann,A.Lehtola,O.Pihlajamaa,T.Tesch, and J.W¨a sch.Deliverable VII.1:Design of the TransCoop Demonstrator System.Report
TC/REP/GMD/D7-1/704,Esprit Project No.8012,1996.
[GVBA97]P.Grefen,J.V onk,E.Boertjes,and P.Apers.Two-layer transaction management for work-?ow management applications.In International Conference on Database and Expert System
Applications,Toulouse,France,1997.
[Isa]https://www.doczj.com/doc/1d18785924.html,/Research/HVG/Isabelle.
[KAN94]W.Klas,K.Aberer,and E.J.Neuhold.Object-Oriented Modelling for Hypermedia Systems Using the VODAK Modelling Language(VML).In Advances in Object-Oriented Database
Systems,volume130of Computer and Systems Sciences,pages389–443.Springer-Verlag,
1994.
[KLS90]Henry F.Korth,Eliezer Levy,and Abraham Silberschatz.A formal approach to recovery by compensating transactions.In Proceedings of the16th VLDB Conference,pages95–106,
Brisbane,Australia,1990.
[KTWK97]Justus Klingemann,Thomas Tesch,J¨u rgen W¨a sch,and Wolfgang Klas.The TransCoop Transaction Model.In Transaction Management Support for Cooperative Applications,chap-
ter7,pages149–172.Kluwer Academic Publishers,1997.
[LMWF94]Nancy Lynch,Michael Merrit,William Weihl,and Alan Fekete.Atomic Transactions.Mor-gan Kaufmann Publishers,1994.
[MR97]Cris Pedregal Martin and Krithi Ramamritham.Delegation:Ef?ciently rewriting history.In Proceedings of ICDE,pages266–275,Birmingham,U.K.,April1997.
[MS76]https://www.doczj.com/doc/1d18785924.html,ner and C.Strachey.A Theory of Programming Language Semantics.Wiley,New York, 1976.
[ORR+96]S.Owre,S.Rajan,J.M.Rushby,N.Shankar,and M.K.Srivas.Pvs:Combining speci?cation, proof checking,and model checking.In Computer-Aided Veri?cation(CAV’96),number1102
in LNCS,July/August1996.
[Pau94]Lawrence C.Paulson.Isabelle:A Generic Theorem Prover,volume828of LNCS.Springer-Verlag,1994.
[Qia91]Xiaolei Qian.The expressive power of the bounded-iteration construct.Acta Informatica, 28(7):631–656,October1991.
[RKT+95]Marek Rusinkiewicz,Wolfgang Klas,Thomas Tesch,J¨u rgen W¨a sch,and Peter Muth.Towards
a cooperative transaction model—The Cooperative Activity Model.In Proceedings of the21st
VLDB Conference,Zurich,Switzerland,September1995.
[SB97]David Spelt and Herman Balsters.Automatic veri?cation of transactions on object-oriented databases.In Proceedings of the Workshop on Database Programming Languages(DBPL),
Estes Park,Colorado,1997.
[SE98]David Spelt and Susan Even.An Engineering Approach to Atomic Transaction Veri?cation: Use of a Simple Object Model to Achieve Semantics-based Reasoning at Compile-time.Tech-
nical Report98–15,CTIT,University of Twente,Enschede,The Netherlands,1998.
[SE99]David Spelt and Susan Even.A theorem prover-based analysis tool for object-oriented databases.In Tools and Algorithms for the Construction and Analysis of Systems,5th In-
ternational Conference,TACAS’99,number1579in LNCS,pages375–389.Springer-Verlag,
1999.
[SHH+92]N.Streitz,J.Haake,J.Hannemann,A.Lemke,W.Schuler,H.Schuett,and M.Thuering.
SEPIA:A cooperative hypermedia authoring environment.In ACM Conference on Hypertext
(ECHT),pages11–22,Milano,Italy,1992.
[Spe98]David Spelt.Representing Object-Oriented Database Schemas in Higher-Order Logic.Techni-cal Report98-XX,CTIT,University of Twente,Enschede,The Netherlands,1998.To appear.
Published as CTIT Ph.D.series,No.99-24.
[Wei88]William https://www.doczj.com/doc/1d18785924.html,mutativity-based concurrency control for abstract data types.IEEE Transactions on Computers,37(12):1488–1505,December1988.
[WK96]J¨u rgen W¨a sch and Wolfgang Klas.History merging as a mechanism for concurrency control in cooperative environments.In IEEE Workshop on Research Issues in Data Engineering:
Interoperability of Nontraditional Database Systems,pages76–85,1996.
如何写先进个人事迹 篇一:如何写先进事迹材料 如何写先进事迹材料 一般有两种情况:一是先进个人,如先进工作者、优秀党员、劳动模范等;一是先进集体或先进单位,如先进党支部、先进车间或科室,抗洪抢险先进集体等。无论是先进个人还是先进集体,他们的先进事迹,内容各不相同,因此要整理材料,不可能固定一个模式。一般来说,可大体从以下方面进行整理。 (1)要拟定恰当的标题。先进事迹材料的标题,有两部分内容必不可少,一是要写明先进个人姓名和先进集体的名称,使人一眼便看出是哪个人或哪个集体、哪个单位的先进事迹。二是要概括标明先进事迹的主要内容或材料的用途。例如《王鬃同志端正党风的先进事迹》、《关于评选张鬃同志为全国新长征突击手的材料》、《关于评选鬃处党支部为省直机关先进党支部的材料》等。 (2)正文。正文的开头,要写明先进个人的简要情况,包括:姓名、性别、年龄、工作单位、职务、是否党团员等。此外,还要写明有关单位准备授予他(她)什么荣誉称号,或给予哪种形式的奖励。对先进集体、先进单位,要根据其先进事迹的主要内容,寥寥数语即应写明,不须用更多的文字。 然后,要写先进人物或先进集体的主要事迹。这部分内容是全篇材料
的主体,要下功夫写好,关键是要写得既具体,又不繁琐;既概括,又不抽象;既生动形象,又很实在。总之,就是要写得很有说服力,让人一看便可得出够得上先进的结论。比如,写一位端正党风先进人物的事迹材料,就应当着重写这位同志在发扬党的优良传统和作风方面都有哪些突出的先进事迹,在同不正之风作斗争中有哪些突出的表现。又如,写一位搞改革的先进人物的事迹材料,就应当着力写这位同志是从哪些方面进行改革的,已经取得了哪些突出的成果,特别是改革前后的.经济效益或社会效益都有了哪些明显的变化。在写这些先进事迹时,无论是先进个人还是先进集体的,都应选取那些具有代表性的具体事实来说明。必要时还可运用一些数字,以增强先进事迹材料的说服力。 为了使先进事迹的内容眉目清晰、更加条理化,在文字表述上还可分成若干自然段来写,特别是对那些涉及较多方面的先进事迹材料,采取这种写法尤为必要。如果将各方面内容材料都混在一起,是不易写明的。在分段写时,最好在每段之前根据内容标出小标题,或以明确的观点加以概括,使标题或观点与内容浑然一体。 最后,是先进事迹材料的署名。一般说,整理先进个人和先进集体的材料,都是以本级组织或上级组织的名义;是代表组织意见的。因此,材料整理完后,应经有关领导同志审定,以相应一级组织正式署名上报。这类材料不宜以个人名义署名。 写作典型经验材料-般包括以下几部分: (1)标题。有多种写法,通常是把典型经验高度集中地概括出来,一
Overview of Formality Labs for Debugging Failing Verifications Purpose: These labs are designed for you to find, analyze, and solve common equivalency checking problems using Formality. You can use these labs to increase your awareness of Formality and to practice debugging skills. Content: These labs use public-domain RTL source. The netlists were generated using Design Compiler F-2011.09 release software. Procedure: ?There is a README file for every lab describing what to do. ?Each lab has a “runme.fms” FM Tcl script you can use initially. ?Each lab has a “hint” directory containing a README file if you need some helpful pointers on what to do. ?If you find that a lab is too difficult, there is a “.solution” sub-directory with the correct solution. ?Please compare your results with the correct results when you finish each lab. ?This lab document will guide you through each lab. Invoke Formality in this manner: "fm_shell -gui -f runme.fms |tee runme.log" or "formality -f runme.fms |tee runme.log"
小学生个人读书事迹简介怎么写800字 书,是人类进步的阶梯,苏联作家高尔基的一句话道出了书的重要。书可谓是众多名人的“宠儿”。历来,名人说出关于书的名言数不胜数。今天小编在这给大家整理了小学生个人读书事迹,接下来随着小编一起来看看吧! 小学生个人读书事迹1 “万般皆下品,惟有读书高”、“书中自有颜如玉,书中自有黄金屋”,古往今来,读书的好处为人们所重视,有人“学而优则仕”,有人“满腹经纶”走上“传道授业解惑也”的道路……但是,从长远的角度看,笔者认为读书的好处在于增加了我们做事的成功率,改善了生活的质量。 三国时期的大将吕蒙,行伍出身,不重视文化的学习,行文时,常常要他人捉刀。经过主君孙权的劝导,吕蒙懂得了读书的重要性,从此手不释卷,成为了一代儒将,连东吴的智囊鲁肃都对他“刮目相待”。后来的事实证明,荆州之战的胜利,擒获“武圣”关羽,离不开吕蒙的“运筹帷幄,决胜千里”,而他的韬略离不开平时的读书。由此可见,一个人行事的成功率高低,与他的对读书,对知识的重视程度是密切相关的。 的物理学家牛顿曾近说过,“如果我比别人看得更远,那是因为我站在巨人的肩上”,鲜花和掌声面前,一代伟人没有迷失方向,自始至终对读书保持着热枕。牛顿的话语告诉我们,渊博的知识能让我们站在更高、更理性的角度来看问题,从而少犯错误,少走弯路。
读书的好处是显而易见的,但是,在社会发展日新月异的今天,依然不乏对读书,对知识缺乏认知的人,《今日说法》中我们反复看到农民工没有和用人单位签订劳动合同,最终讨薪无果;屠户不知道往牛肉里掺“巴西疯牛肉”是犯法的;某父母坚持“棍棒底下出孝子”,结果伤害了孩子的身心,也将自己送进了班房……对书本,对知识的零解读让他们付出了惨痛的代价,当他们奔波在讨薪的路上,当他们面对高墙电网时,幸福,从何谈起?高质量的生活,从何谈起? 读书,让我们体会到“锄禾日当午,汗滴禾下土”的艰辛;读书,让我们感知到“四海无闲田,农夫犹饿死”的无奈;读书,让我们感悟到“为报倾城随太守,西北望射天狼”的豪情壮志。 读书的好处在于提高了生活的质量,它填补了我们人生中的空白,让我们不至于在大好的年华里无所事事,从书本中,我们学会提炼出有用的信息,汲取成长所需的营养。所以,我们要认真读书,充分认识到读书对改善生活的重要意义,只有这样,才是一种负责任的生活态度。 小学生个人读书事迹2 所谓读一本好书就是交一个良师益友,但我认为读一本好书就是一次大冒险,大探究。一次体会书的过程,真的很有意思,咯咯的笑声,总是从书香里散发;沉思的目光也总是从书本里透露。是书给了我启示,是书填补了我无聊的夜空,也是书带我遨游整个古今中外。所以人活着就不能没有书,只要爱书你就是一个爱生活的人,只要爱书你就是一个大写的人,只要爱书你就是一个懂得珍惜与否的人。可真所谓
How to Meet ISO 17025 Requirements for Method Verification Prepared by: AOAC INTERNATIONAL 481 N. Frederick Ave, Suite 500 Gaithersburg, MD 20877, USA https://www.doczj.com/doc/1d18785924.html,
Acknowledgments At the request of the AOAC Technical Division for Laboratory Management (TDLM), the Analytical Laboratory Accreditation Criteria Committee (ALACC) prepared this guide in an effort to provide guidance to laboratory managers by clarifying the activities needed to verify that a laboratory can perform a method successfully. Experts from various groups representing different sectors of the analytical community drafted and reviewed the guide. The guide shows the consensus of a diverse group of stakeholders, including accreditation bodies, laboratories, auditors, statisticians, and p harmaceutical and feed industries. European viewpoints are also represented. The guide was written under the leadership of: M.L. JANE WEITZEL, Watson Pharmaceuticals, USA, Chair of ALACC ALACC sub-chairs: SUZANNE M. LEE, General Mills, USA, Chair of the Chemistry Subcommittee MICHELE SMOOT, Silliker Laboratories Group, USA, Chair of the Microbiology Subcommittee NUBIA VIAFARA, Cangene Corp., Canada, Chair of the Pharmaceutical Subcommittee In addition, MICHAEL BRODSKY, Brodsky Consultants, Canada, contributed the microbiology section.
建筑行业通用英文缩写及含义
————————————————————————————————作者: ————————————————————————————————日期:
常用的英语缩写(ABBREVIATIONS) 构件篇 英语缩写中文翻译COLUMN 柱子 POST 从梁上升起的柱子BASEPLATE 底板 CAP PLATE 顶板 COVER PLATE盖板 END PLATE 封板,短板 SEAL PLATE 封板 SHEAR PLATE 剪切板 CONNECTION PLATE 连接板 GIRDER 主梁 BEAM 梁/次梁 SECONDARY BEAM 次梁 JOIST GIRDER主桁架 JOIST次桁架 BRACE 支撑 LINTEL过梁 MISC 杂件 EMBED PALTE 预埋板件 ANCHOR BOLT 地脚螺栓 FRAME钢架 RAILING扶手 STAIR 楼梯 RC WALL 混凝土墙 BRACKET 马仔 PART/TYP PART零件 ASSY 组合件CANOPY 雨棚 CATWALK 猫道 LADDER 爬梯 PURLIN檩条 FISH PLATE 结合板 HOISTBEAM 起吊运输梁 BUILT-UP SECTION 组合截面 BEARINGPLATE 支撑板 CANTILEVERBEAM悬臂梁/挑梁 CRANE GIRDER 吊车梁 CROSS BEAM井字梁
GIRT 抗风梁 RINGBEAM圈梁 DIAPHRAGM 横隔板 STIFFENER/STIFF 加劲板/肋 GUSSET PLATE节点板 HANGER吊杆/吊环GRIP夹具/卡子TIE BAR 拉结钢筋 TIEBEAM系梁 TIETOD 系杆 TIEROD系杆FLANGE 翼缘/法兰WEBPLATE/WEB 腹板 图纸/版本篇 DESIGN DRAWING设计图SHOP DRAWING 施工图/详图FABRICATION DRAWING加工图 ARCHITECTURE建筑图 AS-BUILT DRAWING 竣工图 FOR APPROVAL 审批 FOR FAB加工UPDATE 更新 FOR FIELDUSED 现场使用 材料篇 SHS(SQUARE HOLLOW SECTION)方通/方管RHS(RECTANGLE HOLLOW SECTION) 矩形管 CHS(CIRCULAR HOLLOW SECTION)圆管/喉管GMS( GALVMILDSTEEL) 低碳钢 RSC(ROLLEDSTEEL CHANNEL) 槽钢 RSA(ROLLEDSTEELAMGLE) 角钢 HSB (HIGN STRENGTH BOLT)高强螺栓 TS(TUBE CHANNEL)方通/方管HSS(HOLLOW SQUARE SECTION) 方通/方管 EA(EQUAL ANGLE) 等边角钢 UA(UNEQUAL ANGLE)不等边角钢UC(UNIVERSAL COLUMNS)等边工字钢UB(UNIVERSAL BEAM)不等边工字钢PFC(PARALLEL FLANGE CHANNEL)方脚槽钢CSK BOLT 沉头螺栓 FLAT BAR扁钢 CHANNEL 槽钢
Design verification is an essential step in the development of any product. Also referred to as qualification testing, design verification ensures that the product as designed is the same as the product as intended. Unfortunately, many design projects do not complete thorough design qualification resulting in products that do not meet customer expectations and require costly design modifications. Project activities in which design verification is useful: *Concept through to Detailed Design *Specification Development *Detailed Design through to Pre-Production *Production Other tools that are useful in conjunction with design verification: *Configuration Management *Engineering Records *Failure Modes and Effects Analysis *Requirements Management Introduction Many customers hold the testing of products in the same regard as the actual design. In fact, many development projects specify design verification testing as a major contract requirement and customers will assign their own people to witness testing and ensure that it is completed to satisfaction. Although potentially costly, the expense of not testing can be far greater therefore projects that do not specifically require testing are wise to include testing as part of the development program. Testing may occur at many points during the design process, from concept development to post-production. This tool will focus mainly on prototype testing however many of the guidelines that are provided can be applied to all testing. ?Development tests conducted with materials, models or sub-assemblies are useful for determining the feasibility of design ideas and gaining insights that further direct the design. The results of these tests cannot be considered verification tests however their use can be crucial. ?Prototype testing verifies that the product complies with product design specification requirements and occurs with items that closely resemble the final product. These tests generally stress the product up to and beyond specified use conditions and may be destructive. Testing may occur at ? T. Brusse-Gendre 2002 1 V1.1
个人先进事迹简介 01 在思想政治方面,xxxx同学积极向上,热爱祖国、热爱中国共产党,拥护中国共产党的领导.利用课余时间和党课机会认真学习政治理论,积极向党组织靠拢. 在学习上,xxxx同学认为只有把学习成绩确实提高才能为将来的实践打下扎实的基础,成为社会有用人才.学习努力、成绩优良. 在生活中,善于与人沟通,乐观向上,乐于助人.有健全的人格意识和良好的心理素质和从容、坦诚、乐观、快乐的生活态度,乐于帮助身边的同学,受到师生的好评. 02 xxx同学认真学习政治理论,积极上进,在校期间获得原院级三好生,和校级三好生,优秀团员称号,并获得三等奖学金. 在学习上遇到不理解的地方也常常向老师请教,还勇于向老师提出质疑.在完成自己学业的同时,能主动帮助其他同学解决学习上的难题,和其他同学共同探讨,共同进步. 在社会实践方面,xxxx同学参与了中国儿童文学精品“悦”读书系,插画绘制工作,xxxx同学在班中担任宣传委员,工作积极主动,认真负责,有较强的组织能力.能够在老师、班主任的指导下独立完成学院、班级布置的各项工作. 03 xxx同学在政治思想方面积极进取,严格要求自己.在学习方面刻苦努力,不断钻研,学习成绩优异,连续两年荣获国家励志奖学金;作
为一名学生干部,她总是充满激情的迎接并完成各项工作,荣获优秀团干部称号.在社会实践和志愿者活动中起到模范带头作用. 04 xxxx同学在思想方面,积极要求进步,为人诚实,尊敬师长.严格 要求自己.在大一期间就积极参加了党课初、高级班的学习,拥护中国共产党的领导,并积极向党组织靠拢. 在工作上,作为班中的学习委员,对待工作兢兢业业、尽职尽责 的完成班集体的各项工作任务.并在班级和系里能够起骨干带头作用.热心为同学服务,工作责任心强. 在学习上,学习目的明确、态度端正、刻苦努力,连续两学年在 班级的综合测评排名中获得第1.并荣获院级二等奖学金、三好生、优秀班干部、优秀团员等奖项. 在社会实践方面,积极参加学校和班级组织的各项政治活动,并 在志愿者活动中起到模范带头作用.积极锻炼身体.能够处理好学习与工作的关系,乐于助人,团结班中每一位同学,谦虚好学,受到师生的好评. 05 在思想方面,xxxx同学积极向上,热爱祖国、热爱中国共产党,拥护中国共产党的领导.作为一名共产党员时刻起到积极的带头作用,利用课余时间和党课机会认真学习政治理论. 在工作上,作为班中的团支部书记,xxxx同学积极策划组织各类 团活动,具有良好的组织能力. 在学习上,xxxx同学学习努力、成绩优良、并热心帮助在学习上有困难的同学,连续两年获得二等奖学金. 在生活中,善于与人沟通,乐观向上,乐于助人.有健全的人格意 识和良好的心理素质.
I N VE N TI V E
CONFIDENTIAL
Formal Verification Guide
Prototype | Implement | Verify
Agenda
? Equivalence Checking Refresh ? Verification Guide
– RTL Design – Verifiable Synthesis Flow – Abort Resolution
? ECO Automation ? Best Practice Recommendation
2
August 6, 2009
Cadence Confidential
Encounter Conformal Product Family
Verifies 100% of design functionality without requiring test vectors Provides independent verification for lowest risk silicon Validates CPF LP Equivalence Checking Verifies Low Power design implementation Performs structural and functional checks
Equivalence Checking
RTL or Gate RTL or Gate
Digital Custom Verification including Memories, Data Paths, and IO Orders of magnitude faster than simulation
Low Power Verification
Functional Checks
v1
v2
ISO
A
B
Finds bugs earlier in the design cycle Verifies proper CDC synchronization to avoid clock related re-spins Creates safer EC environment
Validation, generation and analysis of constraints Uses industry proven formal engines Shorter design cycle with improved timing constraints
Constraint Design
ECO Implementation
o1 o2
Provides automated RTL2GDS ECO solution Identifies and generates fix to implement ECO Interfaces with physical implementation tool flow
3
August 6, 2009
Cadence Confidential
软件验证与确认(Verification and Validation)简述 张艾森1,2 (上海工业自动化仪表研究院1,国家能源核电站仪表研发(实验)中心2,上海,200233) 摘要:计算机设备和信息处理技术正迅速进入仪表和过程控制工程之中,由于其方便的操作和其他诸多优点,更多用户乐于去使用它们。在起初用于基本功能控制后,在更多的安全关键控制中,计算机设备和信息处理技术得到了更多的应用,此时,软件的质量被人们日益重视起来,其好坏如何评判,其质量如何保证是人们最关心的问题。软件的验证与确认技术正是达到质量保证的重要环节。 关键词:软件验证与确认(V&V);独立性;管理;文档 1软件V&V的准则 软件的验证与确认是数字化仪控系统的关键技术之一,其质量的评估难以量化的给出。从相关标准条款中,可以得到软件V&V的准则如下: ⑴计划先于行动,没有计划和大纲无法开展工作。 ⑵对所有软件开发步骤的验证和确认方案,没有完全可信的东西,没有“免检产品”。 ⑶所有结果和过程都应详细的记录并保存,确保可追溯性。 2评估独立性的要求 通常对于软件质量的评估其出发点来自于对软件开发过程的评估,辅以对软件成品的一系列测试。从验证和确认的角度来说,对过程的逐一评估是软件的验证阶段,而对软件成品的测试归结为软件的确认。在IEC60880中提及,额外的验证活动由第三方来进行。第三方的介入对软件质量而言是提升了信心。 在IEEE1012中,V&V团队的独立形式和独立程度被分成了四个等级。IEC60880针对核电站A类软件,其独立性要求应参照IEEE1012中最高级别来制定。但有一点要指出,60880中对于独立评审的要求规定似乎没有IEEE1012中给的具体。在标准中没有给出经济独立性的要求,也没有明确给出第三方是指不同组织间的,还是同一公司的不同部门。在其中只是指出,V&V团队的独立程度应在国家相关规定条款中给出,而国内还没有哪一个具体标准给出了关于团队独立性的明确指导,多数还是遵循IEEE1012中的相关规定。 3软件评估的初始管理 从对IEC60880整篇标准的理解中不难看出,软件质量的获得最重要的并不是某几位专家的评估,而是整个开发过程的有序管理。有序管理的几个重要目标应该是: ⑴足够的人员配置以及人员对应职责的明确无误。这点可以在第8章中看出,其明确要求 了构成人员的能力以及其目标职责的明晰。 ⑵文档的正确管理。在IEC60880中,无论在软件开发的任何阶段,都会在某一结点明确 的要求相应的输出文档。这些文档的存在最大程度的保证了整个过程的可追溯性。针对文档的管理及要求在第7.4条中给出。
优秀党务工作者事迹简介范文 优秀党务工作者事迹简介范文 ***,男,198*年**月出生,200*年加入党组织,现为***支部书记。从事党务工作以来,兢兢业业、恪尽职守、辛勤工作,出色地完成了各项任务,在思想上、政治上同党中央保持高度一致,在业务上不断进取,团结同事,在工作岗位上取得了一定成绩。 一、严于律己,勤于学习 作为一名党务工作者,平时十分注重知识的更新,不断加强党的理论知识的学习,坚持把学习摆在重要位置,学习领会和及时掌握党和国家的路线、方针、政策,特别是党的十九大精神,注重政治理论水平的提高,具有坚定的理论信念;坚持党的基本路线,坚决执行党的各项方针政策,自觉履行党员义务,正确行使党员权利。平时注重加强业务和管理知识的学习,并运用到工作中去,不断提升自身工作能力,具有开拓创新精神,在思想上、政治上和行动上时刻同党中央保持高度一致。 二、求真务实,开拓进取 在工作中任劳任怨,踏实肯干,坚持原则,认真做好学院的党务工作,按照党章的要求,严格发展党员的每一个步骤,认真细致的对待每一份材料。配合党总支书记做好学院的党建工作,完善党总支建设方面的文件、材料和工作制度、管理制度等。
三、生活朴素,乐于助人 平时重视与同事间的关系,主动与同事打成一片,善于发现他人的难处,及时妥善地给予帮助。在其它同志遇到困难时,积极主动伸出援助之手,尽自己最大努力帮助有需要的人。养成了批评与自我批评的优良作风,时常反省自己的工作,学习和生活。不但能够真诚的指出同事的缺点,也能够正确的对待他人的批评和意见。面对误解,总是一笑而过,不会因为误解和批评而耿耿于怀,而是诚恳的接受,从而不断的提高自己。在生活上勤俭节朴,不铺张浪费。 身为一名老党员,我感到责任重大,应该做出表率,挤出更多的时间来投入到**党总支的工作中,不找借口,不讲条件,不畏困难,将总支建设摆在更重要的位置,解开工作中的思想疙瘩,为攻坚克难铺平道路,以支部为纽带,像战友一样团结,像家庭一样维系,像亲人一样关怀,践行入党誓言。把握机遇,迎接挑战,不负初心。
All prospective tenants are required to fill out our Rental application, Employment Verification form, and Bank Verification form. This effort to investigate creditworthiness can only be undertaken with your express and complete signed approval. If you do not wish to have your credit investigated, please return these papers and look elsewhere for residency. Please fill out the form below in the area required for you to do so. To be filled out by the prospective Tenant My Current Employer’s name, add ress, phone number, email, and contact person: ______________________________________________________________________. My Monthly Gross Wages: ____________. Time employed, in months and years: _____________. To be filled out by the prospective Employer Your employee has authorized us to get confirmation of his or her employment with your firm, his or her gross wages, and time employed. Please review the information as listed above and mail or fax this back to us based on the data on our letterhead. The above facts are true: ________. If not, the following facts are true: _____________________________________________________________________. Any other comments that you believe appropriate: _____________________________. _____________ Employer To be filled out by the prospective Tenant I authorize the Landlord to conduct a credit investigation for the purposes of being approved as a Tenant in their facility or facilities. I further authorize my employer to verify the employment information I have provided above and to comment on it further to the extent the employer believes the information is right or wrong. I hold both the Landlord and my employer harmless for any claims against them for filling out this form, commenting on the form, or any discussions regarding this form and its subject matter. ________________ Date: Tenant ________________ Witness
主要事迹简介怎么写 概括?简要地反映?个单位(集体)或个?事迹的材料。简要事迹不?定很短,如果情况 多的话,也有?千字的。简要事迹虽然“简要”,但切忌语?空洞,写得像?学?期末鉴定。 ?应当以事实来说话。简要事迹是对某单位或个?情况概括?简要地反映情况,?如有三个??很突出,就写三个??,只是写某???时,要把主要事迹突出出来。 简要事迹?般来说,?少要包括两个??的内容。?是基本情况。简要事迹开头,往往要??段?字来表述?些基本情况。如写?个单位的简要事迹,应包括这个单位的?员、 承担的任务以及?段时间以来取得的主要成绩。如写个?的简要事迹,应包括该同志的性 别、出?年?、参加?作时间、籍贯、民族、?化程度以及何时起任现职和主要成绩。这 样上级组织在看了材料的开头,就会对这个单位或个?有?个基本印象。?是主要特点。 这是简要事迹的主体部分,最突出的事例有?个??就写成?块,并按照?定的逻辑关系进 ?排列,把同类的事例排在?起,?个??通常由?个?然段或?个?然段组成。 写作时,特别要注意以下四点: 1.?第三?称。就是把所要写的对象,是集体的?“他们”来表述,是个?的称之为“他(她)”。 (她)”,单位可直接写名称,个?可写其姓名。 为了避免连续出现?个“他们”或“他 2.掌握好时限。?论是单位或个?的简要事迹,都有?个时间跨度,既不要扯得太远,也不 要故意混淆时间概念,把过去的事当成现在的事写。这个时间跨度多长,要根据实际情况 ?定。如上级要某个同志担任乡长以来的情况就写他任乡长以来的事迹;上级要该同志两年 来的情况,就写两年来的事迹。当然,有时为了需要,也可适当地写?点超过这个时间的 背景情况。 3.?点他?的语?。就是在写简要事迹时,可?些群众的语?或有关?员的语?,这样会给??种?动、真切的感觉,衬托出写作对象?较?的思想境界。在?他?语?时,可适当加?,但不能造假。 4.?事实说话。简要事迹的每?个??可分为多个层次,?个层次先??句话作为观点,再???两个突出的事例来说明。?事实说话时,要尽量把?个事例说完整,以给?留下深 刻印象。
质量管理体系中英文缩写与其解释 Engineering 工程 / Process 工序(制程) Man, Machine, Method, Material, 人,机器,方法,物料,环境- 可能导 4M&1E Environment 致或造成问题的根本原因 AI Automatic Insertion 自动插机 ASSY Assembly 制品装配 ATE Automatic Test Equipment 自动测试设备 BL Baseline 参照点 BM Benchmark 参照点
BOM Bill of Material 生产产品所用的物料清单 C&ED/C Cause and Effect Diagram 原因和效果图 AED CA Corrective Action 解决问题所采取的措施 电脑辅助设计.用于制图和设计3维物体 CAD Computer-aided Design 的软件 对文件的要求进行评审,批准,和更改 CCB Change Control Board 的小组 依照短期和长期改善的重要性来做持续 CI Continuous Improvement 改善 COB Chip on Board 邦定-线焊芯片到PCB板的装配方法. CT Cycle Time 完成任务所须的时间 DFM
Design for Manufacturability 产品的设计对装配的适合性 设计失效模式与后果分析--在设计阶段 Design Failure Mode and Effect DFMEA 预测问题的发生的可能性并且对之采取 Analysis 措施 六西格玛(6-Sigma)设计 -- 设计阶段预 DFSS Design for Six Sigma 测问题的发生的可能性并且对之采取措施并提高设计对装配的适合性 DFT Design for Test 产品的设计对测试的适合性 实验设计-- 用于证明某种情况是真实DOE Design of Experiment 的 根据一百万件所生产的产品来计算不良DPPM Defective Part Per Million 品的标准 Design Verification / Design
树立榜样的个人事迹简介怎么写800字 榜样是阳光,温暖着我们的心;榜样如马鞭,鞭策着我们努力奋斗;榜样似路灯,照亮着我们前进的方向。今天小编在这给大家整理了树立榜样传递正能量事迹作文,接下来随着小编一起来看看吧! 树立榜样传递正能量事迹1 “一心向着党”,是他向着社会主义的坚定政治立场;“人的生命是有限的,可是,为人民服务是无限的,我要把有限的生命投入到无限的为人民服务中去”,是他的至理名言;“甘学革命的“螺丝钉”,是他干一行爱一行、钻一行的爱岗敬业态度。他——雷锋,是我们每一个人的“偶像”…… 雷锋的事迹传遍大江南北,他,曾被人们称为可敬的“傻子”。一九六零年八月,驻地抚顺发洪水,运输连接到了抗洪抢险命令。他强忍着刚刚参加救火工作被烧伤的手的疼痛,又和战友们在上寺水库大坝连续奋战了七天七夜,被记了一次二等功。望花区召开了大生产号召动员大会,声势很大,他上街办事,正好看到这个场面,他取出存折上在工厂和部队攒的200元钱,那时,他的存折上只剩下了203元,就跑到望花区党委办公室要为之捐献出来,为建设祖国做点贡献,接侍他的同志实在无法拒绝他的这份情谊,只好收下一半。另100元在辽阳遭受百年不遇洪水的时候,他捐献给了正处于水深火热之中的辽阳人民。在我国受到严重的自然灾害的情况下,他为国家建设,为灾区捐献出自已的全部积蓄,却舍不得喝一瓶汽水。就这样,他毫不犹豫的捐出了自己的所有积蓄,不求功名,不求名利,只求自己心安理得,只求为
革命献出自己的微薄之力,甘愿做革命的“螺丝钉”——在一次施工任务中,他整天驾驶汽车东奔西跑,很难抽出时间学习,他就把书装在挎包里,随身带在身边,只要车一停,没有其他工作时,就坐在驾驶室里看书。他曾经在自己的日记中写下这样一段话:”有些人说工作忙,没时间学习,我认为问题不在工作忙,而在于你愿不愿意学习,会不会挤时间来学习。要学习的时间是总是有的,问题是我们善不善于挤,愿不愿意钻。一块好好的木板,上面一个眼也没有,但钉子为什么能钉进去呢?这就是靠压力硬挤进去的。由此看来,钉子有两个长处:一个是挤劲,一个是钻劲。我们在学习上也要提倡这种”钉子“精神,善于挤和钻。”这就是他,用自己的实际行动来证明自己,用自己的亲生经历来感化世人,用自己的所作所为来传颂古今……人们都拼命地学习他的精神,他的精神被不同肤色的人所敬仰。现在,一切都在变,但是,那些决定人类向前发展的基本要素没有变,那些美好的事物没有变,那些所谓的“螺丝钉”精神没有变——而这正是他的功劳,是他开启了无私奉献精神的大门,为后人树立了做人的榜样…… 这就是他,一位中国家喻户晓的全心全意为人民服务的楷模,一位共产主义战士!他作为一名普通的中国人民解放军战士,在他短暂的一生中却助人无数。而且,伟大领袖毛泽东主席于1963年3月5日亲笔为他题词:“向雷锋同志学习”。 正是因为如此,全国刮起了学习雷锋的热潮。雷锋已经离开我们很长时间了。但是雷锋的精神却深深地在所有中国人心中扎下了根,现在它已经长成一株小树。正以其顽强的生命力,茁壮成长。我坚信,
大学生先进事迹简介怎么写 苑xx,男,汉族,1990年07月22日出生,中国共青团团员,入党积极分子,现任xx学院电气优创0902班班长,担任xx学院09级总负责人、xx学院团委学生会科创部干事、xx学院文艺团主持部部长。 步入大学生活一年以来,他思想积极,表现优秀,努力向党组织靠拢,学习刻苦,品学兼优,工作认真负责,脚踏实地,生活勤俭节约,乐于助人。一直坚持多方面发展,全面锻炼自我,注重综合能力、素质拓展能力的培养。再不懈的努力下获得了多项荣誉: ●获得09-10学年xx大学“百佳千优”(文化体育)一等奖学金和“百佳千优”(班级建设)二等奖学金; ●获得09-10学年xx大学“优秀学生干部”荣誉称号; ●2010年xx大学普通话知识竞赛中获得一等奖; ●2010年xx大学主持人大赛中获得一等奖,被评为金话筒; ●xx学院首届“大学生文明修身”活动周——再生比赛中获得一等奖; ●xx学院首届“大学生文明修身”活动周——演讲比赛中获得一等奖。 一、刻苦钻研树学风 作为班长,他在学习方面,将班级同学分成各个学习小组,布置每日学习任务,分组竞争,通过开展各项趣味学习活动,全面调动班级同学的积极性,如:排演英语戏剧、文学常识竞答、数学辅导小组等。他带领全班同学努力学习、勤奋刻苦,全班同学奖学金获得率达91%,四级通过率达66%。 二、勤劳负责建班风
在日常班级工作中,他尽心尽力,通过网络组织建立班级博客,把班级的日常情况,班级比赛,特色主题班会等活动,及时上传到 班级博客,以方便更多同学了解自己的班级,也把班级的魅力、特色,更全面、更具体的展现出来。 在班级建设中,他带领全班同学参加学院组织的各项文体活动中也收获颇多: ●在xx学院首届“大学生文明修身”活动周中荣获第二名, ●xx学院首届乒乓球比赛中荣获第一名、精神文明奖, ●在xx学院“迎新杯”男子篮球赛中荣获第四名、最佳组织奖。 除了参加学院组织的各项活动外,为了进一步丰富班级同学们的课余生活,他在班级内积极开展各式各样的课余活动: ●普通话知识趣味比赛,感受中华语言的魅力,复习语文文学常识,为南方同学打牢普通话基础,推广普通话知识。 ●“我的团队我的班”主题班会活动中,创办特色活动“情暖你我心”天使行动,亲切问候、照顾其他同学的生活、学习方面细节 小事,即使在寒冷的冬天,也要让外省的同学感受到家一样的温暖。 ●“预览科技知识”科技宫之行,作为现代大学生,不能只顾书本知识,也要跟上时代,了解时代前沿最新科技。 ●感恩节“感谢我们身边的人”主题班会活动,在这个特殊的节日里,他带领同学们通过寄贺卡、送礼物等方式,来感谢老师辛勤 的付出;每人写一封家书,寄给父母,感谢父母劳苦的抚育,把他们 的感激之情,转化为实际行动来感化周围的人;印发感恩宣传单,发 给行人,唤醒人们的感恩的心。 三、热情关怀暖人心 生活中,他更能发挥榜样力量,团结同学,增强班级凝聚力。时刻观察每一位同学的情绪状态,在心理上帮助同学。他待人热情诚恳,积极帮助生活中有困难的同学:得知班级同学生病高烧,病情 严重,马上放下午饭,赶到同学寝室,背起重病同学到校医院进行