Static analysis for dummies: experiencing LiSA

Semantics-based static analysis requires a significant theoretical background before being able to design and implement a new analysis. Unfortunately, the development of even a toy static analyzer from scratch requires to implement an infrastructure (parser, control flow graphs representation, fixpoint algorithms, etc.) that is too demanding for bachelor and master students in computer science. This approach difficulty can condition the acquisition of skills on software verification which are of major importance for the design of secure systems. In this paper, we show how LiSA (Library for Static Analysis) can play a role in that respect. LiSA implements the basic infrastructure that allows a non-expert user to develop even simple analyses (e.g., dataflow and numerical non-relational domains) focusing only on the design of the appropriate representation of the property of interest and of the sound approximation of the program statements

Detection of a misaligned broken pipe by electromagnetic interaction

The study we are presenting concerns electromagnetic scattering of a plane wave due to the presence of a misaligned broken pipe buried in a half-space occupied by cement and by asphalt/ground, for civil-engineering applications

Design and experimental test of a low costweather buoy

The importance of prevention plans based on realistic inundation scenarios was dramatically highlighted by the Indian Ocean Tsunami of 26 December 2004. But also in the Mediterranean, sea storms basin are a quite common event especially during winter months. These scenarios are generally based on numerical models of tsunami wave propagation that can become more realistic and effective when calibrated with the distribution of true data acquired by special weather buoy. In this paper we present the result of an experimental weather buoy built by DEIM of University of Palermo, that is characterized by small cost and big versatility

Teaching Through Practice: Advanced Static Analysis with LiSA

Nowadays, ready-to-use libraries and code generation are often used to streamline and speed up the software development process. The resulting programs are thus a collection of different modules that cooperate: proving their safety and reliability is increasingly complex, requiring sound formal techniques, such as static program analysis. However, while teaching static analysis to master’s or PhD students, the predominant focus on theoretical concepts often leaves limited space for students to engage with the practical aspects of implementing static analyses and is limited to developing elementary ones. In this paper, we show how the infrastructure offered by LiSA can be exploited to learn how to implement advanced static analyses, such as string and relational numerical analyses, just focusing on their distinctive aspects. This would help to narrow the gap between theoretical and practical contents in static analysis courses, bringing the learning experience beyond the rudimentary implementation of static analyses to more sophisticated applications

A New Approach to Land-Use Structure. Patch Perimeter Metrics as a Spatial Analysis Tool

This work introduces a new class of landscape metrics characterizing basic features of patch perimeters. Specific computation on patch perimeters was carried out on fine-grained land-use maps with the aim to characterize spatial patterns of neighbor patches, evidencing contact points and perimeter length between two (or more) land-use types. A detailed set of class and landscape metrics were derived from such analysis. This approach is complementary to classical landscape metrics and proved to be particularly useful to characterize complex, fragmented landscapes profiling metropolitan regions based on integrated evaluations of their structural (landscape) and functional (land-use) organization. A multivariate analysis was run to characterize distinctive spatial patterns of the selected metrics in four metropolitan regions of southern Europe reflecting different morphological configurations (Barcelona: compact, polycentric; Lisbon: dispersed, mono-centric; Rome: dispersed, polycentric; and Athens: compact, mono-centric). Perimeter metrics assumed different values for each investigated land-use type, with peculiar characteristics associated to each city. Land-use types assessing residential, discontinuous urban patches were associated to particularly high values of perimeter metrics, possibly indicating patch fragmentation, spatially-associated distribution of land-use types and landscape complexity. Multivariate analysis indicates substantial differences among cities, reflecting the range of morphological configurations described above (from compact mono-centric to dispersed polycentric) and suggesting that urban expansion is accompanied with multiple modifications in the use of the surrounding non-urban land. The computational approach proposed in this study and based on spatially-explicit metrics of landscape configuration and proximity may reflect latent changes in local socio-spatial structures. Our results demonstrate that scattered urban expansion determines a polarization in suburban areas with highly fragmented and more homogeneous landscapes, respectively, associated with mixed cropland and forest systems

Detection of Phantom Reads in Hyperledger Fabric

In concurrent transactional systems, a occurs when a transaction retrieves a set of data, and simultaneously, new data is inserted, updated, or removed from that set by one or more other transactions, leading to unexpected data being read. In Hyperledger Fabric (HF), a popular enterprise-grade framework for developing permissioned blockchain platforms, phantom reads are detected during the transaction validation phase. It inspects the values from read operations and checks their consistency, also re-executing some domain-specific read operations called . However, being HF based on an optimistic concurrency control model, managing an excessive number of conflicts related to phantom reads could result in sudden system slowdowns. Additionally, some kind of range queries are not considered in the validation and verification process. For the latter, the re-execution is not performed and checks are not provided leading to undetected phantom reads when the values returned from them are written to the ledger. Hence, the burden of implementing phantom read-free applications (i.e., ) is on the developers, who need to correctly manage the read instructions in the code and use automatic verification tools to detect any unsafe implementations leading to system slowdowns and undetectable phantom reads. In this paper, we explore the phantom reads detection problem at the smart contract level and demonstrate how a verification approach through formal methods can identify possible bottlenecks caused by phantom reads and mitigate range query risks, outperforming the current state-of-the-art and state-of-the-practice for their detection. Our approach is implemented with GoLiSA, a semantic static analyzer based on abstract interpretation for Go applications

The occurrence of diseases and related factors in a center for asylum seekers in italy

Introduction. Italy is the main recipient of asylum seekers in the European region, and Sicily is their first point of arrival. This geographical position creates a large job for Health Authorities to identify and deal with the health of immigrants. This study evaluates the prevalence of disease among asylum seekers, assessing which are associated factors. Methods. A cross-sectional study was conducted to analyse demographic and clinical data in an Acceptance Centres for Asylum Seekers from February 2012 to May 2013. All variables that were found to be significant on unvariable analysis for the most frequent pathologies were included in a multivariable logistic regression model. Results. Post-traumatic stress disorders with 17.4% and major depression with 7.3% were the most frequent diseases. The factors associated with post-traumatic stress disorders among asylum seekers were: major depression diagnosis (OR=2.91, p=0.004),Pakistan as a country of origin (OR=3.88, p<0.001), the largest number of medical visits (OR=1.02, p=0.033) and refugee status (OR=1.97, p=0.036). The variables linked with the diagnosis of major depression from the multivariable analysis were: suffering from post-traumatic stress disorders (OR=3.83, p<0.001), Pakistan as a country of origin (OR=3.45, p=0.004) and the highest number of visits to psychologist (OR=1.15, p<0.001). Conclusions.The mental wellbeing of asylum seekers needs special attention, and interventions should be done to prevent the consolidation of psychiatric morbidity. A short psychological screening after the arrival might prove helpful here. Moreover, carefully designed longitudinal studies should be carried out when political recommendations try to change the organization of psychological and healthcare services

Multimodal treatment for local recurrent malignant gliomas: resurgery and/or reirradiation followed by chemotherapy

The therapeutic management of recurrent malignant gliomas (MGs) is not determined. Therefore, the efficacy of a multimodal approach and a combination systemic therapy was investigated. A retrospective analysis of 26 MGs patients at first relapse treated with multimodal therapy (chemotherapy plus surgery and/or reirradiation) or chemotherapy alone was performed. Second-line chemotherapy consisted of fotemustine (FTM) in combination with bevacizumab (BEV) (cFTM/BEV) or followed by third-line BEV (sFTM/BEV). Subgroup analyses were performed. Multimodal therapy provided a higher overall response rate (ORR) (73 vs. 47%), disease control rate (DCR) (82 vs. 67%), median progression-free survival (mPFS) (11 vs. 7 months; P=0.08) and median overall survival (mOS) (13 vs. 8 months; P=0.04) compared with chemotherapy. Concomitant FTM/BEV resulted in higher ORR (84 vs. 36%), DCR (92 vs. 57%), mPFS (10 vs. 5 months; P=0.22) and mOS (11 vs. 5.2 months; P=0.15) compared with sFTM/BEV. Methylated patients did not experience additional survival benefits with multimodality treatment but had higher mPFS (10 vs 7.1 months; P=0.33) and mOS (11 vs. 8 months; P=0.33) with cFTM/BEV. Unmethylated patients experienced the greatest survival benefit with the multimodal approach (mPFS: 10 vs. 5 months; mOS 11 vs 6 months; both P=0.02) and cFTM/BEV (mPFS: 5 vs. 2 months; mOS 6 vs. 3.2 months; both P=0.01). In conclusion, in recurrent MGs, multimodal therapy and cFTM/BEV provide survival and response benefits. Methylated patients benefit from a cFTM/BEV but not from a multimodal approach. Notably, unmethylated patients had the highest survival benefit with the two strategies

Information Flow Analysis for Detecting Non-Determinism in Blockchain

A mandatory feature for blockchain software, such as smart contracts and decentralized applications, is determinism. In fact, non-deterministic behaviors do not allow blockchain nodes to reach one common consensual state or a deterministic response, which causes the blockchain to be forked, stopped, or to deny services. While domain-specific languages are deterministic by design, general purpose languages widely used for the development of smart contracts such as Go, provide many sources of non-determinism. However, not all non-deterministic behaviours are critical. In fact, only those that affect the state or the response of the blockchain can cause problems, as other uses (for example, logging) are only observable by the node that executes the application and not by others. Therefore, some frameworks for blockchains, such as Hyperledger Fabric or Cosmos SDK, do not prohibit the use of non-deterministic constructs but leave the programmer the burden of ensuring that the blockchain application is deterministic. In this paper, we present a flow-based approach to detect non-deterministic vulnerabilities which could compromise the blockchain. The analysis is implemented in GoLiSA, a semantics-based static analyzer for Go applications. Our experimental results show that GoLiSA is able to detect all vulnerabilities related to non-determinism on a significant set of applications, with better results than other open-source analyzers for blockchain software written in Go