Twinning automata and regular expressions for string static analysis

In this paper we formalize and prove the soundness of Tarsis, a new abstract domain based on the abstract interpretation theory that approximates string values through finite state automata. The main novelty of Tarsis is that it works over an alphabet of strings instead of single characters. On the one hand, such approach requires a more complex and refined definition of the widening operator, and the abstract semantics of string operators. On the other hand, it is in position to obtain strictly more precise results than than state-of-the-art approaches. We implemented a prototype of Tarsis, and we applied it on some case studies taken from some of the most popular Java libraries manipulating string values. The experimental results confirm that Tarsis is in position to obtain strictly more precise results than existing analyses

Twinning Automata and Regular Expressions for String Static Analysis

In this paper we formalize Tarsis, a new abstract domain based on the abstract interpretation theory that approximates string values through finite state automata. The main novelty of Tarsis is that it works over an alphabet of strings instead of single characters. On the one hand, such an approach requires a more complex and refined definition of the widening operator, and the abstract semantics of string operators. On the other hand, it is in position to obtain strictly more precise results than state-of-the-art approaches. We implemented a prototype of Tarsis, and we applied it to some case studies taken from some of the most popular Java libraries manipulating string values. The experimental results confirm that Tarsis is in position to obtain strictly more precise results than existing analyses

Twinning Automata and Regular Expressions for String Static Analysis

In this paper we formalize TARSIS, a new abstract domain based on the abstract interpretation theory that approximates string values through finite state automata. The main novelty of TARSIS is that it works over an alphabet of strings instead of single characters. On the one hand, such an approach requires a more complex and refined definition of the widening operator, and the abstract semantics of string operators. On the other hand, it is in position to obtain strictly more precise results than state-of-the-art approaches. We implemented a prototype of TARSIS, and we applied it to some case studies taken from some of the most popular Java libraries manipulating string values. The experimental results confirm that TARSIS is in position to obtain strictly more precise results than existing analyses

Completeness of string analysis for dynamic languages

In Abstract Interpretation, completeness ensures that the analysis does not lose information with respect to the property of interest. In particular, for dynamic languages like JavaScript, completeness of string analysis is a key security issue, as poorly managed string manipulation code may easily lead to significant security flaws. In this paper, we provide a systematic and constructive approach for generating the completion of string domains for dynamic languages, and we apply it to the refinement of existing string abstractions. We also provide an effective procedure to measure the precision improvement obtained when lifting the analysis to complete domains

Static analysis for dummies: Experiencing LiSA

Semantics-based static analysis requires a significant theoretical background before being able to design and implement a new analysis. Unfortunately, the development of even a toy static analyzer from scratch requires to implement an infrastructure (parser, control flow graphs representation, fixpoint algorithms, etc.) that is too demanding for bachelor and master students in computer science. This approach difficulty can condition the acquisition of skills on software verification which are of major importance for the design of secure systems. In this paper, we show how LiSA (Library for Static Analysis) can play a role in that respect. LiSA implements the basic infrastructure that allows a non-expert user to develop even simple analyses (e.g., dataflow and numerical non-relational domains) focusing only on the design of the appropriate representation of the property of interest and of the sound approximation of the program statements

Probiotics in Orthopedics: From Preclinical Studies to Current Applications and Future Perspective

In recent years, probiotics have been emerging as an attractive therapeutic strategy for several diseases. In orthopedics, probiotics seem to be a promising supplementation for treatment of osteoporosis, osteoarthritis, muscle loss-related disease, wound and ulcer issues, and prevention of surgical antibiotic prophylaxis side effects. Although probiotics are still not included in guidelines for these conditions, several studies have reported theoretical benefits of their administration. Further high-level clinical trials are necessary to convert research into solid clinical practice. However, probiotics represent a cost-effective future perspective and may play a role in association with traditional orthopedic therapies

Pitfals in recognition and management of trigeminal neuralgia

BACKGROUND: Trigeminal neuralgia (TN) is a severe, disabling form of painful cranial neuropathy. Even though TN has a typical clinical picture, diagnosis it is often missed or delayed in clinical practice. In order to investigate the occurrence of diagnostic and therapeutic errors in TN, we studied 102 patients suffering from TN recruited through a multicentric survey. METHODS: We performed a Pubmed database search on errors and pittfalls in TN diagnosis and management. Then, patients with TN were consecutively enrolled in the period from February 2017 to October 2019, by several European Headache Centers participating in the study, following a call of the Headache and Pain Scientific Panels of the European Academy of Neurology (EAN). Diagnosis of Classical Trigeminal Neuralgia (CTN) was made according to the International Headache Society (IHS) criteria (Tölle et al., Pain Pract 6:153-160, 2006). All the patients were evaluated using telephone/frontal interviews conducted by headache/pain specialists using an ad hoc questionnaire. RESULTS: A number of 102 patients were recruited, mostly females (F:M ratio 2.64:1). Eighty-six percent of the patients consulted a physician at the time they experienced the first pain attacks. Specialists consulted before TN diagnosis were: primary care physicians (PCP) (43.1%), dentists (in 30.4%), otorhinolaryngologists (3.9%), neurosurgeons (3.9%), neurologists or headache specialists (14.7%), others (8%). The final diagnosis was made mainly by a neurologist or headache specialist (85.3%), and the mean interval between the disease onset and the diagnosis made by a specialist was 10.8 ± 21.2 months. The "diagnostic delay" was 7.2 ± 12.5 months, and misdiagnoses at first consultation were found in 42.1% of cases. Instrumental and laboratory investigations were carried out in 93.1% of the patients before the final diagnosis of TN. CONCLUSION: While TN has typical features and it is well defined by the available international diagnostic criteria, it is still frequently misdiagnosed and mistreated. There is a need to improve the neurological knowledge in order to promptly recognize the clinical picture of TN and properly adhere to the specific guidelines. This may result in a favorable outcome for patients, whose quality of life is usually severely impaired

Fourier-transform Infrared (FT-IR) spectroscopy fingerprints subpopulations of extracellular vesicles of different sizes and cellular origin

Identification of extracellular vesicle (EV) subpopulations remains an open challenge. To date, the common strategy is based on searching and probing set of molecular components and physical properties intended to be univocally characteristics of the target subpopulation. Pitfalls include the risk to opt for an unsuitable marker set–which may either not represent the subpopulation or also cover other unintended subpopulations–and the need to use different characterization techniques and equipment. This approach focused on specific markers may result inadequate to routinely deal with EV subpopulations that have an intrinsic high level of heterogeneity. In this paper, we show that Fourier-transform Infrared (FT-IR) spectroscopy can provide a collective fingerprint of EV subpopulations in one single experiment. FT-IR measurements were performed on large (LEVs, ~600 nm), medium (MEVs, ~200 nm) and small (SEVs ~60 nm) EVs enriched from two different cell lines medium: murine prostate cancer (TRAMP-C2) and skin melanoma (B16). Spectral regions between 3100–2800 cm−1 and 1880–900 cm−1, corresponding to functional groups mainly ascribed to lipid and protein contributions, were acquired and processed by Principal Component Analysis (PCA). LEVs, MEVs and SEVs were separately grouped for both the considered cell lines. Moreover, subpopulations of the same size but from different sources were assigned (with different degrees of accuracy) to two different groups. These findings demonstrate that FT-IR has the potential to quickly fingerprint EV subpopulations as a whole, suggesting an appealing complement/alternative for their characterization and grading, extendable to healthy and pathological EVs and fully artificial nanovesicles

Completeness of string analysis for dynamic languages

In Abstract Interpretation, completeness ensures that the analysis does not lose information with respect to the property of interest. In particular, for dynamic languages like JavaScript, completeness of string analysis is a key security issue, as poorly managed string manipulation code may easily lead to significant security flaws. In this paper, we provide a systematic and constructive approach for generating the completion of string domains for dynamic languages, and we apply it to the refinement of existing string abstractions. We also provide an effective procedure to measure the precision improvement obtained when lifting the analysis to complete domains. (C) 2021 Elsevier Inc. All rights reserved