Autonomic visualisation.

This thesis introduces the concept of autonomic visualisation, where principles of autonomic systems are brought to the field of visualisation infrastructure. Problems in visualisation have a specific set of requirements which are not always met by existing systems. The first half of this thesis explores a specific problem for large scale visualisation; that of data management. Visualisation algorithms have somewhat different requirements to other external memory problems, due to the fact that they often require access to all, or a large subset, of the data in a way that is highly dependent on the view. This thesis proposes a knowledge-based approach to pre-fetching in this context, and presents evidence that such an approach yields good performance. The knowledge based approach is incorporated into a five-layer model, which provides a systematic way of categorising and designing out-of-core, or external memory, systems. This model is demonstrated with two example implementations, on in the local and one in the remote context. The second half explores autonomic visualisation in the more general case. A simulation tool, created for the purpose of designing autonomic visualisation infrastructure is presented. This tool, SimEAC, provides a way of facilitating the development of techniques for managing large-scale visualisation systems. The abstract design of the simulation system, as well as details of the implementation are presented. The architecture of the simulator is explored, and then the system is evaluated in a number of case studies indicating some of the ways in which it can be used. The simulator provides a framework for experimentation and rapid prototyping of large scale autonomic systems

The Meaning of Memory Safety

We give a rigorous characterization of what it means for a programming language to be memory safe, capturing the intuition that memory safety supports local reasoning about state. We formalize this principle in two ways. First, we show how a small memory-safe language validates a noninterference property: a program can neither affect nor be affected by unreachable parts of the state. Second, we extend separation logic, a proof system for heap-manipulating programs, with a memory-safe variant of its frame rule. The new rule is stronger because it applies even when parts of the program are buggy or malicious, but also weaker because it demands a stricter form of separation between parts of the program state. We also consider a number of pragmatically motivated variations on memory safety and the reasoning principles they support. As an application of our characterization, we evaluate the security of a previously proposed dynamic monitor for memory safety of heap-allocated data.Comment: POST'18 final versio

Coupling between diffusion and orientation of pentacene molecules on an organic surface.

The realization of efficient organic electronic devices requires the controlled preparation of molecular thin films and heterostructures. As top-down structuring methods such as lithography cannot be applied to van der Waals bound materials, surface diffusion becomes a structure-determining factor that requires microscopic understanding. Scanning probe techniques provide atomic resolution, but are limited to observations of slow movements, and therefore constrained to low temperatures. In contrast, the helium-3 spin-echo (HeSE) technique achieves spatial and time resolution on the nm and ps scale, respectively, thus enabling measurements at elevated temperatures. Here we use HeSE to unveil the intricate motion of pentacene admolecules diffusing on a chemisorbed monolayer of pentacene on Cu(110) that serves as a stable, well-ordered organic model surface. We find that pentacene moves along rails parallel and perpendicular to the surface molecules. The experimental data are explained by admolecule rotation that enables a switching between diffusion directions, which extends our molecular level understanding of diffusion in complex organic systems.The authors acknowledge financial support from the EPSRC (EP/E0049621, B.A.J.L., D.J.W., D.M.C., A.P.J., J.E., W.A.), the Austrian Academy of Sciences (B.A.J.L.), the Royal Society (A.P.J.), the E.U. ERASMUS programme (A.M.) and the Deutsche Forschungsgemeinschaft (GRK 1782, P.R.). Underlying data are available at the University of Cambridge Research data repository (https://www.repository.cam.ac.uk).This is the author accepted manuscript. The final version is available from Nature Publishing Group via http://dx.doi.org/10.1038/nmat457

Virtualization Support for Dynamic Core Library Update

International audienceDynamically updating language runtime and core libraries such as collections and threading is challenging since the update mechanism uses such libraries at the same time that it modifies them. To tackle this challenge, we present Dynamic Core Library Update (DCU) as an extension of Dynamic Software Update (DSU) and our approach based on a virtualization architecture. Our solution supports the update of core libraries as any other normal library, avoiding the circular dependencies between the updater and the core libraries. Our benchmarks show that there is no evident performance overhead in comparison with a default execution. Finally, we show that our approach can be applied to real life scenario by introducing a critical update inside a web application with 20 simulated concurrent users. Acknowledgments We thank the European Smalltalk User Group for their support (www.esug.org)

CHERI Concentrate: Practical Compressed Capabilities

We present CHERI Concentrate, a new fat-pointer compression scheme applied to CHERI, the most developed capability-pointer system at present. Capability fat-pointers are a primary candidate for enforcing fine-grained and non-bypassable security properties in future computer systems, although increased pointer size can severely affect performance. Thus, several proposals for capability compression have been suggested but these did not support legacy instruction sets, ignored features critical to the existing software base, and also introduced design inefficiencies to RISC-style processor pipelines. CHERI Concentrate improves on the state-of-the-art region-encoding efficiency, solves important pipeline problems, and eases semantic restrictions of compressed encoding, allowing it to protect a full legacy software stack. We analyze and extend logic from the open-source CHERI prototype processor design on FPGA to demonstrate encoding efficiency, minimize delay of pointer arithmetic, and eliminate additional load-to-use delay. To verify correctness of our proposed high-performance logic, we present a HOL4 machine-checked proof of the decode and pointer-modify operations. Finally, we measure a 50%-75% reduction in L2 misses for many compiled C-language benchmarks running under a commodity operating system using compressed 128-bit and 64-bit formats, demonstrating both compatibility with and increased performance over the uncompressed, 256-bit format

A new neonatal BCG vaccination pathway in England: a mixed methods evaluation of its implementation.

INTRODUCTION: The introduction of a national evaluation of newborn screening for Severe Combined Immunodeficiency (SCID) in England triggered a change to the selective Bacillus Calmette-Guerin (BCG) vaccination programme delivery pathway, as this live attenuated vaccine is contraindicated in infants with SCID. The neonatal BCG vaccination programme is a targeted programme for infants at increased risk of tuberculosis and used to be offered shortly after birth. Since September 2021 the BCG vaccine is given to eligible infants within 28 days of birth, when the SCID screening outcome is available. We explore the experiences of those implementing the new pathway, and how they made sense of, engaged with, and appraised the change. METHODS: A mixed-methods evaluation was conducted between October 2022 and February 2023. This involved national online surveys with BCG commissioners and providers and qualitative semi-structured interviews with commissioners, providers, and Child Health Information System stakeholders in two urban areas. Survey data was analysed using descriptive statistics and interview data was analysed thematically. The data was triangulated using Normalization Process Theory as a guiding framework. RESULTS: Survey respondents (n = 65) and qualitative interviewees (n = 16) revealed that making sense of the new pathway was an iterative process. Some expressed a desire for more direction on how to implement the new pathway. The perceived value of the change varied from positive, ambivalent, to concerned. Some felt well-prepared and that improvements to data capture, eligibility screening, and accountably brought by the change were valuable. Others were concerned about the feasibility of the 28-day target, reductions in vaccination coverage, increased resource burden, and the outcome of the SCID evaluation. New collaborations and communities of practice were required to facilitate the change. Three main challenges in implementing the pathway and meeting the 28-day vaccination target were identified: appointment non-attendance; appointment and data systems; and staffing and resourcing. Feedback mechanisms were informal and took place in tandem with implementation. CONCLUSION: The new NHS neonatal BCG service specification has created an effective structure for monitoring and managing the BCG vaccination programme, but further work is required to support delivery of the 28-day vaccination target and improve uptake rates

CHERI JNI: Sinking the Java Security Model into the C

Java provides security and robustness by building a high- level security model atop the foundation of memory protection. Unfortunately, any native code linked into a Java program – including the million lines used to implement the standard library – is able to bypass both the memory protection and the higher-level policies. We present a hardware-assisted implementation of the Java native code interface, which extends the guarantees required for Java’s security model to native code. Our design supports safe direct access to buffers owned by the JVM, including hardware-enforced read-only access where appropriate. We also present Java language syntax to declaratively describe isolated compartments for native code. We show that it is possible to preserve the memory safety and isolation requirements of the Java security model in C code, allowing native code to run in the same process as Java code with the same impact on security as running equivalent Java code. Our approach has a negligible impact on performance, compared with the existing unsafe native code interface. We demonstrate a prototype implementation running on the CHERI microprocessor synthesized in FPGA.Defense Advanced Research Projects Agency Google, Inc. Isaac Newton Trust Thales E-Securit

Low exposure long-baseline neutrino oscillation sensitivity of the DUNE experiment

The Deep Underground Neutrino Experiment (DUNE) will produce world-leading neutrino oscillation measurements over the lifetime of the experiment. In this work, we explore DUNE's sensitivity to observe charge-parity violation (CPV) in the neutrino sector, and to resolve the mass ordering, for exposures of up to 100 kiloton-megawatt-years (kt-MW-yr). The analysis includes detailed uncertainties on the flux prediction, the neutrino interaction model, and detector effects. We demonstrate that DUNE will be able to unambiguously resolve the neutrino mass ordering at a 3$\sigma$ (5$\sigma$) level, with a 66 (100) kt-MW-yr far detector exposure, and has the ability to make strong statements at significantly shorter exposures depending on the true value of other oscillation parameters. We also show that DUNE has the potential to make a robust measurement of CPV at a 3$\sigma$ level with a 100 kt-MW-yr exposure for the maximally CP-violating values \delta_{\rm CP}} = \pm\pi/2. Additionally, the dependence of DUNE's sensitivity on the exposure taken in neutrino-enhanced and antineutrino-enhanced running is discussed. An equal fraction of exposure taken in each beam mode is found to be close to optimal when considered over the entire space of interest