Modular and Safe Event-Driven Programming

Asynchronous event-driven systems are ubiquitous across domains such as device drivers, distributed systems, and robotics. These systems are notoriously hard to get right as the programmer needs to reason about numerous control paths resulting from the complex interleaving of events (or messages) and failures. Unsurprisingly, it is easy to introduce subtle errors while attempting to fill in gaps between high-level system specifications and their concrete implementations.This dissertation proposes new methods for programming safe event-driven asynchronous systems.In the first part of the thesis, we present ModP, a modular programming framework for compositional programming and testing of event-driven asynchronous systems.The ModP module system supports a novel theory of compositional refinement for assume-guarantee reasoning of dynamic event-driven asynchronous systems. We build a complex distributed systems software stack using ModP.Our results demonstrate that compositional reasoning can help scale model-checking (both explicit and symbolic) to large distributed systems.ModP is transforming the way asynchronous software is built at Microsoft and Amazon Web Services (AWS). Microsoft uses ModP for implementing safe device drivers and other software in the Windows kernel.AWS uses ModP for compositional model checking of complex distributed systems. While ModP simplifies analysis of such systems, the state space of industrial-scale systems remains extremely large.In the second part of this thesis, we present scalable verification and systematic testing approaches to further mitigate this state-space explosion problem.First, we introduce the concept of a delaying explorer to perform prioritized exploration of the behaviors of an asynchronous reactive program. A delaying explorer stratifies the search space using a custom strategy (tailored towards finding bugs faster), and a delay operation that allows deviation from that strategy. We show that prioritized search with a delaying explorer performs significantly better than existing approaches for finding bugs in asynchronous programs.Next, we consider the challenge of verifying time-synchronized systems; these are almost-synchronous systems as they are neither completely asynchronous nor synchronous.We introduce approximate synchrony, a sound and tunable abstraction for verification of almost-synchronous systems. We show how approximate synchrony can be used for verification of both time-synchronization protocols and applications running on top of them.Moreover, we show how approximate synchrony also provides a useful strategy to guide state-space exploration during model-checking.Using approximate synchrony and implementing it as a delaying explorer, we were able to verify the correctness of the IEEE 1588 distributed time-synchronization protocol and, in the process, uncovered a bug in the protocol that was well appreciated by the standards committee.In the final part of this thesis, we consider the challenge of programming a special class of event-driven asynchronous systems -- safe autonomous robotics systems.Our approach towards achieving assured autonomy for robotics systems consists of two parts: (1) a high-level programming language for implementing and validating the reactive robotics software stack; and (2) an integrated runtime assurance system to ensure that the assumptions used during design-time validation of the high-level software hold at runtime.Combining high-level programming language and model-checking with runtime assurance helps us bridge the gap between design-time software validation that makes assumptions about the untrusted components (e.g., low-level controllers), and the physical world, and the actual execution of the software on a real robotic platform in the physical world. We implemented our approach as DRONA, a programming framework for building safe robotics systems.We used DRONA for building a distributed mobile robotics system and deployed it on real drone platforms. Our results demonstrate that DRONA (with the runtime-assurance capabilities) enables programmers to build an autonomous robotics software stack with formal safety guarantees.To summarize, this thesis contributes new theory and tools to the areas of programming languages, verification, systematic testing, and runtime assurance for programming safe asynchronous event-driven across the domains of fault-tolerant distributed systems and safe autonomous robotics systems

SOTER: A Runtime Assurance Framework for Programming Safe Robotics Systems

The recent drive towards achieving greater autonomy and intelligence in robotics has led to high levels of complexity. Autonomous robots increasingly depend on third party off-the-shelf components and complex machine-learning techniques. This trend makes it challenging to provide strong design-time certification of correct operation. To address these challenges, we present SOTER, a robotics programming framework with two key components: (1) a programming language for implementing and testing high-level reactive robotics software and (2) an integrated runtime assurance (RTA) system that helps enable the use of uncertified components, while still providing safety guarantees. SOTER provides language primitives to declaratively construct a RTA module consisting of an advanced, high-performance controller (uncertified), a safe, lower-performance controller (certified), and the desired safety specification. The framework provides a formal guarantee that a well-formed RTA module always satisfies the safety specification, without completely sacrificing performance by using higher performance uncertified components whenever safe. SOTER allows the complex robotics software stack to be constructed as a composition of RTA modules, where each uncertified component is protected using a RTA module. To demonstrate the efficacy of our framework, we consider a real-world case-study of building a safe drone surveillance system. Our experiments both in simulation and on actual drones show that the SOTER-enabled RTA ensures the safety of the system, including when untrusted third-party components have bugs or deviate from the desired behavior

Nano-curcumin: A Potent Enhancer of Body Antioxidant System in Diabetic Mice.

Nano preparation of drug to be helpful in targeted delivery, which avoids any unwanted damage of adjacent healthy tissues. Antidiabetic compounds from natural and synthetic sources have been found to successful management of diabetes. Antioxidants are compound that protect cell against the damaging effects of reactive oxygen species (ROS). Curcumin has many beneficial effects against health problems; it has limited use due to its poor bioavailability as concluded by number of its pharmacokinetic studies. Since the aim of this study was to investigate the effects of curcumin nanoparticles (Nano-curcumin) on antioxidative enzymes i.e Glutathione peroxidase (GPx), Superoxide dismutase (SOD) and Catalase (CAT) in pancreas of diabetic mice. For the present investigation mice (Mus musculus) used as experimental animal. Mice were divided into four groups viz, a) Control group b) Diabetic group c) Recovery group I- Diabetic mice treated with curcumin d) Recovery group II - Diabetic mice treated with curcumin and nano-curcumin. The activity of antioxidative enzymes in the pancreas was recorded at the end of experiment. There was decrease in antioxidative enzymes in pancreas of diabetic mice compared to control. After the treatment of curcumin and curcumin nanoparticles significant increase in levels of antioxidative enzymes in recovery group I and II was observed. Moreover as compare to free curcumin nano-curcumin showed better results in enhancement of antioxidative enzymes. Thus it proves that nano-curcumin found to be potent antioxidative compound to reduced oxidative stress induced during the diabetes.

A New Simulation Metric to Determine Safe Environments and Controllers for Systems with Unknown Dynamics

We consider the problem of extracting safe environments and controllers for reach-avoid objectives for systems with known state and control spaces, but unknown dynamics. In a given environment, a common approach is to synthesize a controller from an abstraction or a model of the system (potentially learned from data). However, in many situations, the relationship between the dynamics of the model and the \textit{actual system} is not known; and hence it is difficult to provide safety guarantees for the system. In such cases, the Standard Simulation Metric (SSM), defined as the worst-case norm distance between the model and the system output trajectories, can be used to modify a reach-avoid specification for the system into a more stringent specification for the abstraction. Nevertheless, the obtained distance, and hence the modified specification, can be quite conservative. This limits the set of environments for which a safe controller can be obtained. We propose SPEC, a specification-centric simulation metric, which overcomes these limitations by computing the distance using only the trajectories that violate the specification for the system. We show that modifying a reach-avoid specification with SPEC allows us to synthesize a safe controller for a larger set of environments compared to SSM. We also propose a probabilistic method to compute SPEC for a general class of systems. Case studies using simulators for quadrotors and autonomous cars illustrate the advantages of the proposed metric for determining safe environment sets and controllers.Comment: 22nd ACM International Conference on Hybrid Systems: Computation and Control (2019

Prevalence and determinants of hypertension in apparently healthy schoolchildren in India: a multi-center study

Background: Hypertension in children is often under recognized, especially in developing countries. Data from rural areas of developing countries is particularly lacking. Objectives: To study prevalence of hypertension and its determinants in apparently health school children from predominantly rural populations of India. Methods: Apparently healthy schoolchildren (n = 14,957) aged 5–15 years (mean (standard deviation) age 10.8 (2.8) years; 55.5% boys) at four predominantly rural sites in separate states of India were studied. Systolic and diastolic blood pressures were recorded by trained staff in addition to age, gender, height, weight, type of school and season. Waist circumference was also recorded in 12,068 children. Geographic location and type of school (government, government-aided or private) were used to determine socio-economic status. Results: Systolic and/or diastolic hypertension was present in 3443 (23%) children. Systolic hypertension was present in 13.6%, diastolic hypertension in 15.3% and both in 5.9%. Isolated systolic hypertension was present in 7.7% while isolated diastolic hypertension was present in 9.4%. On univariate analysis, age, gender, geographical location, socio-economic status, season and anthropometric parameters (z-scores of height, weight and waist circumference, waist/height ratio and body mass index) were all significantly related to risk of hypertension (p < 0.0001 for each). Similar association was observed with weight group (normal, overweight and obese). Multiple regression analysis showed lower age, female gender, richer socio-economic status, certain geographical locations, higher weight and larger waist circumference to be independently associated with a greater risk of hypertension. Conclusion: There is a high prevalence of hypertension in apparently healthy schoolchildren even in predominantly rural areas of India. Screening and management programs targeted to high risk groups identified may prove cost-effective

Lifestyle intervention programme for Indian women with history of gestational diabetes mellitus.

Aim: To evaluate the feasibility and potential effectiveness of a lifestyle intervention (diet and physical activity) among women with history of gestational diabetes mellitus (GDM), delivered by trained facilitators. Methods: Fifty-six normoglycaemic or prediabetic women with prior GDM were recruited at mean of 17 months postpartum. Socio-demographic, medical and anthropometric data were collected. Six sessions on lifestyle modification were delivered in groups (total four groups, with 12-15 women in each group). Pre and post intervention (6 months) weight, body mass index (BMI), waist circumference, 75 g oral glucose tolerance test, blood pressure (BP) and lipid parameters were compared. Results: The intervention was feasible, with 80% of women attending four or more sessions. Post-intervention analyses showed a significant mean reduction of 1.8 kg in weight, 0.6 kg/m2 in BMI and 2 cm in waist circumference. There was also a significant drop of 0.3 mmol/L in fasting plasma glucose, 0.9 mmol/L in 2 h post glucose load value of plasma glucose, 3.6 mmHg in systolic BP, and 0.15 mmol/L in triglyceride levels. Changes in total cholesterol, low-density lipoprotein-cholesterol, high-density lipoprotein-cholesterol and diastolic BP were non-significant. Conclusions: This study showed feasibility of the lifestyle intervention delivered in group sessions to women with prior gestational diabetes

Lifestyle intervention programme for Indian women with history of gestational diabetes mellitus.

Aim: To evaluate the feasibility and potential effectiveness of a lifestyle intervention (diet and physical activity) among women with history of gestational diabetes mellitus (GDM), delivered by trained facilitators. Methods: Fifty-six normoglycaemic or prediabetic women with prior GDM were recruited at mean of 17 months postpartum. Socio-demographic, medical and anthropometric data were collected. Six sessions on lifestyle modification were delivered in groups (total four groups, with 12-15 women in each group). Pre and post intervention (6 months) weight, body mass index (BMI), waist circumference, 75 g oral glucose tolerance test, blood pressure (BP) and lipid parameters were compared. Results: The intervention was feasible, with 80% of women attending four or more sessions. Post-intervention analyses showed a significant mean reduction of 1.8 kg in weight, 0.6 kg/m2 in BMI and 2 cm in waist circumference. There was also a significant drop of 0.3 mmol/L in fasting plasma glucose, 0.9 mmol/L in 2 h post glucose load value of plasma glucose, 3.6 mmHg in systolic BP, and 0.15 mmol/L in triglyceride levels. Changes in total cholesterol, low-density lipoprotein-cholesterol, high-density lipoprotein-cholesterol and diastolic BP were non-significant. Conclusions: This study showed feasibility of the lifestyle intervention delivered in group sessions to women with prior gestational diabetes

Self-assembly of artificial microtubules

Understanding the complex self-assembly of biomacromolecules is a major outstanding question. Microtubules are one example of a biopolymer that possesses characteristics quite distinct from standard synthetic polymers that are derived from its hierarchical structure. In order to understand how to design and build artificial polymers that possess features similar to those of microtubules, we have initially studied the self-assembly of model monomers into a tubule geometry. Our model monomer has a wedge shape with lateral and vertical binding sites that are designed to form tubules. We used molecular dynamics simulations to study the assembly process for a range of binding site interaction strengths. In addition to determining the optimal regime for obtaining tubules, we have calculated a diagram of the structures that form over a wide range of interaction strengths. Unexpectedly, we find that the helical tubules form, even though the monomer geometry is designed for nonhelical tubules. We present the detailed dynamics of the tubule self-assembly process and show that the interaction strengths must be in a limited range to allow rearrangement within clusters. We extended previous theoretical methods to treat our system and to calculate the boundaries between different structures in the diagram.Comment: 15 pages, 11 figure