OpenJML: Software verification for Java 7 using JML, OpenJDK, and Eclipse

OpenJML is a tool for checking code and specifications of Java programs. We describe our experience building the tool on the foundation of JML, OpenJDK and Eclipse, as well as on many advances in specification-based software verification. The implementation demonstrates the value of integrating specification tools directly in the software development IDE and in automating as many tasks as possible. The tool, though still in progress, has now been used for several college-level courses on software specification and verification and for small-scale studies on existing Java programs.Comment: In Proceedings F-IDE 2014, arXiv:1404.578

SPEEDY: An Eclipse-based IDE for invariant inference

SPEEDY is an Eclipse-based IDE for exploring techniques that assist users in generating correct specifications, particularly including invariant inference algorithms and tools. It integrates with several back-end tools that propose invariants and will incorporate published algorithms for inferring object and loop invariants. Though the architecture is language-neutral, current SPEEDY targets C programs. Building and using SPEEDY has confirmed earlier experience demonstrating the importance of showing and editing specifications in the IDEs that developers customarily use, automating as much of the production and checking of specifications as possible, and showing counterexample information directly in the source code editing environment. As in previous work, automation of specification checking is provided by back-end SMT solvers. However, reducing the effort demanded of software developers using formal methods also requires a GUI design that guides users in writing, reviewing, and correcting specifications and automates specification inference.Comment: In Proceedings F-IDE 2014, arXiv:1404.578

Inferring Concise Specifications of APIs

Modern software relies on libraries and uses them via application programming interfaces (APIs). Correct API usage as well as many software engineering tasks are enabled when APIs have formal specifications. In this work, we analyze the implementation of each method in an API to infer a formal postcondition. Conventional wisdom is that, if one has preconditions, then one can use the strongest postcondition predicate transformer (SP) to infer postconditions. However, SP yields postconditions that are exponentially large, which makes them difficult to use, either by humans or by tools. Our key idea is an algorithm that converts such exponentially large specifications into a form that is more concise and thus more usable. This is done by leveraging the structure of the specifications that result from the use of SP. We applied our technique to infer postconditions for over 2,300 methods in seven popular Java libraries. Our technique was able to infer specifications for 75.7% of these methods, each of which was verified using an Extended Static Checker. We also found that 84.6% of resulting specifications were less than 1/4 page (20 lines) in length. Our technique was able to reduce the length of SMT proofs needed for verifying implementations by 76.7% and reduced prover execution time by 26.7%

Perancangan Ilm Untuk Mengedukasi Pengendara Motor Di Surabaya Dalam Menaati Lampu Lalu Lintas

Fenomena yang menjadi penyakit sosial masyarakat kota Surabaya khususnya pengguna motor yang sebagian besar melanggar lalu lintas dikarenakan kurangnya kesadaran akan keselamatan sendiri maupun masyarakat sekitar. Adanya Iklan Layanan Masyarakat berupa Video yang menjelaskan tentang menaati peraturan lampu lalu lintas adalah wujud cinta akan keluarga. Video Iklan Layanan Masyarakat ini bertujuan untuk menyadarkan masyarakat akan pentingnya menaati peraturan lampu lalu lintas

Applying SMT Solvers to the Test Template Framework

The Test Template Framework (TTF) is a model-based testing method for the Z notation. In the TTF, test cases are generated from test specifications, which are predicates written in Z. In turn, the Z notation is based on first-order logic with equality and Zermelo-Fraenkel set theory. In this way, a test case is a witness satisfying a formula in that theory. Satisfiability Modulo Theory (SMT) solvers are software tools that decide the satisfiability of arbitrary formulas in a large number of built-in logical theories and their combination. In this paper, we present the first results of applying two SMT solvers, Yices and CVC3, as the engines to find test cases from TTF's test specifications. In doing so, shallow embeddings of a significant portion of the Z notation into the input languages of Yices and CVC3 are provided, given that they do not directly support Zermelo-Fraenkel set theory as defined in Z. Finally, the results of applying these embeddings to a number of test specifications of eight cases studies are analysed.Comment: In Proceedings MBT 2012, arXiv:1202.582

Histological Examination in Obtaining a Diagnosis in Patients with Lymphadenopathy in Lima, Peru.

The differential diagnosis for lymphadenopathy is wide and clinical presentations overlap, making obtaining an accurate diagnosis challenging. We sought to characterize the clinical and radiological characteristics, histological findings, and diagnoses for a cohort of patients with lymphadenopathy of unknown etiology. 121 Peruvian adults with lymphadenopathy underwent lymph node biopsy for microbiological and histopathological evaluation. Mean patient age was 41 years (Interquartile Range 26-52), 56% were males, and 39% were HIV positive. Patients reported fever (31%), weight loss (23%), and headache (22%); HIV infection was associated with fever (P < 0.05) and gastrointestinal symptoms (P < 0.05). Abnormalities were reported in 40% of chest X-rays (N = 101). Physicians suspected TB in 92 patients (76%), lymphoma in 19 patients (16%), and other malignancy in seven patients (5.8%). Histological diagnoses (N = 117) included tuberculosis (34%), hyperplasia (27%), lymphoma (13%), and nonlymphoma malignancy (14%). Hyperplasia was more common (P < 0.001) and lymphoma less common (P = 0.005) among HIV-positive than HIV-negative patients. There was a trend toward reduced frequency of caseous necrosis in samples from HIV-positive than HIV-negative TB patients (67 versus 93%, P = 0.055). The spectrum of diagnoses was broad, and clinical and radiological features correlated poorly with diagnosis. On the basis of clinical features, physicians over-diagnosed TB, and under-diagnosed malignancy. Although this may not be inappropriate in resource-limited settings where TB is the most frequent easily treatable cause of lymphadenopathy, diagnostic delays can be detrimental to patients with malignancy. It is important that patients with lymphadenopathy undergo a full diagnostic work-up including sampling for histological evaluation to obtain an accurate diagnosis

IEEE 1355-Based Architecture for an ATM Switch: A Case for Onboard Switching and Processing

The recent evolution of the communication scenario has profound implications for the role of communication satellites within the communication infrastructure. Indeed, it raises the possibility that the satellite be viewed not merely as a repeater but rather as a network node in its own right in a hopefully integrated space/terrestrial network. We draw attention to the new IEEE 1355 Standard for Heterogeneous Inter-Connect as a possible platform to support several onboard processing functions, including onboard communications and onboard ATM switching. The IEEE 1355 is a new serial bus standard which enables high- performance, scalable, modular, parallel systems to be constructed with low system integration cost. This IEEE 1355- based approach can satisfy many of the requirements of onboard communications and onboard ATM switching, e.g., size, flexibility, reliability, fault-tolerance, and high communication processing speeds. This is made possible by using the highly integrated 1355 chipsets and performing protocol processing with multiple transputers in parallel. The IEEE 1355 approach also allows for easy expandability owing to its inherent design modularity