Decentralized Asynchronous Crash-Resilient Runtime Verification

Runtime Verification (RV) is a lightweight method for monitoring the formal specification of a system during its execution. It has recently been shown that a given state predicate can be monitored consistently by a set of crash-prone asynchronous distributed monitors, only if sufficiently many different verdicts can be emitted by each monitor. We revisit this impossibility result in the context of LTL semantics for RV. We show that employing the four-valued logic Rv-LTL will result in inconsistent distributed monitoring for some formulas. Our first main contribution is a family of logics, called Ltl2k+4, that refines Rv-Ltl incorporating 2k + 4 truth values, for each k >= 0. The truth values of Ltl2k+4 can be effectively used by each monitor to reach a consistent global set of verdicts for each given formula, provided k is sufficiently large. Our second main contribution is an algorithm for monitor construction enabling fault-tolerant distributed monitoring based on the aggregation of the individual verdicts by each monitor

Parallelizing Deadlock Resolution in Symbolic Synthesis of Distributed Programs

Previous work has shown that there are two major complexity barriers in the synthesis of fault-tolerant distributed programs: (1) generation of fault-span, the set of states reachable in the presence of faults, and (2) resolving deadlock states, from where the program has no outgoing transitions. Of these, the former closely resembles with model checking and, hence, techniques for efficient verification are directly applicable to it. Hence, we focus on expediting the latter with the use of multi-core technology. We present two approaches for parallelization by considering different design choices. The first approach is based on the computation of equivalence classes of program transitions (called group computation) that are needed due to the issue of distribution (i.e., inability of processes to atomically read and write all program variables). We show that in most cases the speedup of this approach is close to the ideal speedup and in some cases it is superlinear. The second approach uses traditional technique of partitioning deadlock states among multiple threads. However, our experiments show that the speedup for this approach is small. Consequently, our analysis demonstrates that a simple approach of parallelizing the group computation is likely to be the effective method for using multi-core computing in the context of deadlock resolution

Brief announcement: incremental component-based modeling, verification, and performance evaluation of distributed reset

In this work, we apply a methodology which consistently integrates modeling, verification, and performance evaluation techniques, based on the BIP (Behavior, Interaction, Priority) component framework developed at Verimag [A. Basu et al., 2006; A. Basu et al., 2008]. BIP is based on a semantic model encompassing composition of heterogeneous components. The distributed semantics of BIP allows generating from a high-level component-based model in BIP an observationally equivalent distributed implementation [A. Basu et al., 2008]. BIP uses two families of composition operators for expressing coordination between components: interactions and priorities. Interactions may involve multiple components (unlike traditional point-to-point formalisms) and are expressed by combining two protocols: rendezvous and broadcast. We note that addition of interactions among components adds no extra behaviors

Fully-automated Runtime Enforcement of Component-based Systems with Formal and Sound Recovery

International audienceWe introduce runtime enforcement of specifications on component-based systems (CBS) modeled in the BIP (Behavior, Interaction and Priority) framework. Runtime enforcement is an increasingly popular and effective dynamic validation technique aiming to ensure the correct runtime behavior (w.r.t. a formal specification) of a system using a so-called enforcement monitor. BIP is a powerful and expressive component-based framework for the formal construction of heterogeneous systems. Because of BIP expressiveness however , it is difficult to enforce complex behavioral properties at design-time. We first introduce a theoretical runtime enforcement framework for component-based systems where we delineate a hierarchy of enforceable properties (i.e., properties that can be enforced) according to the number of observational steps a system is allowed to deviate from the property (i.e., the notion of k-step enforceability). To ensure the observational equivalence between the correct executions of the initial system and the monitored system, we show that i) only stutter-invariant properties should be enforced on CBS with our monitors, and ii) safety properties are 1-step enforceable. Second, given an abstract enforcement monitor for some 1-step enforceable property, we define a series of formal transformations to instrument (at relevant locations) a CBS described in the BIP framework to integrate the monitor. At runtime, the monitor observes and automatically avoids any error in the behavior of the system w.r.t. the property. Third, our approach is fully implemented in RE-BIP, an available tool integrated in the BIP tool suite. Fourth, to validate our approach, we use RE-BIP to i) enforce deadlock-freedom on a dining philosophers benchmark, and ii) ensure the correct placement of robots on a map

Explainable Reactive Synthesis

Reactive synthesis transforms a specification of a reactive system, given in a temporal logic, into an implementation. The main advantage of synthesis is that it is automatic. The main disadvantage is that the implementation is usually very difficult to understand. In this paper, we present a new synthesis process that explains the synthesized implementation to the user. The process starts with a simple version of the specification and a corresponding simple implementation. Then, desired properties are added one by one, and the corresponding transformations, repairing the implementation, are explained in terms of counterexample traces. We present SAT-based algorithms for the synthesis of repairs and explanations. The algorithms are evaluated on a range of examples including benchmarks taken from the SYNTCOMP competition

The longitudinal changes of BOLD response and cerebral hemodynamics from acute to subacute stroke. A fMRI and TCD study

<p>Abstract</p> <p>Background</p> <p>By mapping the dynamics of brain reorganization, functional magnetic resonance imaging MRI (fMRI) has allowed for significant progress in understanding cerebral plasticity phenomena after a stroke. However, cerebro-vascular diseases can affect blood oxygen level dependent (BOLD) signal. Cerebral autoregulation is a primary function of cerebral hemodynamics, which allows to maintain a relatively constant blood flow despite changes in arterial blood pressure and perfusion pressure. Cerebral autoregulation is reported to become less effective in the early phases post-stroke.</p> <p>This study investigated whether any impairment of cerebral hemodynamics that occurs during the acute and the subacute phases of ischemic stroke is related to changes in BOLD response.</p> <p>We enrolled six aphasic patients affected by acute stroke. All patients underwent a Transcranial Doppler to assess cerebral autoregulation (Mx index) and fMRI to evaluate the amplitude and the peak latency (time to peak-TTP) of BOLD response in the acute (i.e., within four days of stroke occurrence) and the subacute (i.e., between five and twelve days after stroke onset) stroke phases.</p> <p>Results</p> <p>As patients advanced from the acute to subacute stroke phase, the affected hemisphere presented a BOLD TTP increase (p = 0.04) and a deterioration of cerebral autoregulation (Mx index increase, p = 0.046). A similar but not significant trend was observed also in the unaffected hemisphere. When the two hemispheres were grouped together, BOLD TTP delay was significantly related to worsening cerebral autoregulation (Mx index increase) (Spearman's rho = 0.734; p = 0.01).</p> <p>Conclusions</p> <p>The hemodynamic response function subtending BOLD signal may present a delay in peak latency that arises as patients advance from the acute to the subacute stroke phase. This delay is related to the deterioration of cerebral hemodynamics. These findings suggest that remodeling the fMRI hemodynamic response function in the different phases of stroke may optimize the detection of BOLD signal changes.</p

Partially distributed coordination with Reo and constraint automata

Algorithms and the Foundations of Software technolog

The anterior temporal lobes support residual comprehension in Wernicke’s aphasia

Wernicke’s aphasia occurs following a stroke to classical language comprehension regions in the left temporoparietal cortex. Consequently, auditory-verbal comprehension is significantly impaired in Wernicke’s aphasia but the capacity to comprehend visually presented materials (written words and pictures) is partially spared. This study used fMRI to investigate the neural basis of written word and picture semantic processing in Wernicke’s aphasia, with the wider aim of examining how the semantic system is altered following damage to the classical comprehension regions. Twelve participants with Wernicke’s aphasia and twelve control participants performed semantic animate-inanimate judgements and a visual height judgement baseline task. Whole brain and ROI analysis in Wernicke’s aphasia and control participants found that semantic judgements were underpinned by activation in the ventral and anterior temporal lobes bilaterally. The Wernicke’s aphasia group displayed an “over-activation” in comparison to control participants, indicating that anterior temporal lobe regions become increasingly influential following reduction in posterior semantic resources. Semantic processing of written words in Wernicke’s aphasia was additionally supported by recruitment of the right anterior superior temporal lobe, a region previously associated with recovery from auditory-verbal comprehension impairments. Overall, the results concord with models which indicate that the anterior temporal lobes are crucial for multimodal semantic processing and that these regions may be accessed without support from classic posterior comprehension regions

Magnetic resonance imaging of anterior cruciate ligament rupture

BACKGROUND: Magnetic resonance (MR) imaging is a useful diagnostic tool for the assessment of knee joint injury. Anterior cruciate ligament repair is a commonly performed orthopaedic procedure. This paper examines the concordance between MR imaging and arthroscopic findings. METHODS: Between February, 1996 and February, 1998, 48 patients who underwent magnetic resonance (MR) imaging of the knee were reported to have complete tears of the anterior cruciate ligament (ACL). Of the 48 patients, 36 were male, and 12 female. The average age was 27 years (range: 15 to 45). Operative reconstruction using a patellar bone-tendon-bone autograft was arranged for each patient, and an arthroscopic examination was performed to confirm the diagnosis immediately prior to reconstructive surgery. RESULTS: In 16 of the 48 patients, reconstructive surgery was cancelled when incomplete lesions were noted during arthroscopy, making reconstructive surgery unnecessary. The remaining 32 patients were found to have complete tears of the ACL, and therefore underwent reconstructive surgery. Using arthroscopy as an independent, reliable reference standard for ACL tear diagnosis, the reliability of MR imaging was evaluated. The true positive rate for complete ACL tear diagnosis with MR imaging was 67%, making the possibility of a false-positive report of "complete ACL tear" inevitable with MR imaging. CONCLUSIONS: Since conservative treatment is sufficient for incomplete ACL tears, the decision to undertake ACL reconstruction should not be based on MR findings alone