1,007 research outputs found
Verification of Snapshotable Trees using Access Permissions and Typestate
Abstract. We use access permissions and typestate to specify and verify a Java library that implements snapshotable search trees, as well as some client code. We formalize our approach in the Plural tool, a sound modular typestate checking tool. We describe the challenges to verifying snapshotable trees in Plural, give an abstract interface specification against which we verify the client code, provide a concrete specification for an implementation and describe proof patterns we found. We also relate this verification approach to other techniques used to verify this data structure.
A Systematic Approach from a Comparison of Three Glucocorticoids
Solid lipid nanoparticles (SLNs) can enhance drug penetration into the skin,
yet the mechanism of the improved transport is not known in full. To unravel
the influence of the drug-particle interaction on penetration enhancement, 3
glucocorticoids (GCs), prednisolone (PD), the diester prednicarbate (PC) and
the monoester betamethasone 17-valerate (BMV), varying in structure and
lipophilicity, were loaded onto SLNs. Theoretical permeability coefficients
(cm/s) of the agents rank BMV (–6.38) ≧ PC (–6.57) > PD (–7.30). GC-particle
interaction, drug release and skin penetration were investigated including a
conventional oil-in-water cream for reference. Both with SLN and cream, PD
release was clearly superior to PC release which exceeded BMV release. With
the cream, the rank order did not change when studying skin penetration, and
skin penetration is thus predominantly influenced by drug release. Yet, the
penetration profile for the GCs loaded onto SLNs completely changed, and
differences between the steroids were almost lost. Thus, SLNs influence skin
penetration by an intrinsic mechanism linked to a specific interaction of the
drug-carrier complex and the skin surface, which becomes possible by the lipid
nature and nanosize of the carrier and appears not to be derived by testing
drug release. Interestingly, PC and PD uptake from SLN even resulted in
epidermal targeting. Thus, SLNs are not only able to improve skin penetration
of topically applied drugs, but may also be of particular interest when
specifically aiming to influence epidermal dysfunction
Verifying object-oriented programs with higher-order separation logic in Coq
We present a shallow Coq embedding of a higher-order separation logic with nested triples for an object-oriented programming language. Moreover, we develop novel specification and proof patterns for reasoning in higher-order separation logic with nested triples about programs that use interfaces and interface inheritance. In particular, we show how to use the higher-order features of the Coq formalisation to specify and reason modularly about programs that (1) depend on some unknown code satisfying a specification or that (2) return objects conforming to a certain specification. All of our results have been formally verified in the interactive theorem prover Coq
Recommended from our members
Engineering with logic: Rigorous test-oracle specification and validation for TCP/IP and the Sockets API
Conventional computer engineering relies on test-and-debug development processes, with the behavior of common interfaces described (at best) with prose specification documents. But prose specifications cannot be used in test-and-debug development in any automated way, and prose is a poor medium for expressing complex (and loose) specifications.
The TCP/IP protocols and Sockets API are a good example of this: they play a vital role in modern communication and computation, and interoperability between implementations is essential. But what exactly they are is surprisingly obscure: their original development focused on “rough consensus and running code,” augmented by prose RFC specifications that do not precisely define what it means for an implementation to be correct. Ultimately, the actual standard is the de facto one of the common implementations, including, for example, the 15 000 to 20 000 lines of the BSD implementation—optimized and multithreaded C code, time dependent, with asynchronous event handlers, intertwined with the operating system, and security critical.
This article reports on work done in the
Netsem
project to develop lightweight mathematically rigorous techniques that can be applied to such systems: to specify their behavior precisely (but loosely enough to permit the required implementation variation) and to test whether these specifications and the implementations correspond with specifications that are
executable as test oracles
. We developed post hoc specifications of TCP, UDP, and the Sockets API, both of the service that they provide to applications (in terms of TCP bidirectional stream connections) and of the internal operation of the protocol (in terms of TCP segments and UDP datagrams), together with a testable abstraction function relating the two. These specifications are rigorous, detailed, readable, with broad coverage, and rather accurate. Working within a general-purpose proof assistant (HOL4), we developed
language idioms
(within higher-order logic) in which to write the specifications: operational semantics with nondeterminism, time, system calls, monadic relational programming, and so forth. We followed an
experimental semantics
approach, validating the specifications against several thousand traces captured from three implementations (FreeBSD, Linux, and WinXP). Many differences between these were identified, as were a number of bugs. Validation was done using a special-purpose
symbolic model checker
programmed above HOL4.
Having demonstrated that our logic-based engineering techniques suffice for handling real-world protocols, we argue that similar techniques could be applied to future critical software infrastructure at design time, leading to cleaner designs and (via specification-based testing) more robust and predictable implementations. In cases where specification looseness can be controlled, this should be possible with lightweight techniques, without the need for a general-purpose proof assistant, at relatively little cost.EPSRC Programme Grant EP/K008528/1 REMS: Rigorous Engineering for Mainstream Systems
EPSRC Leadership Fellowship EP/H005633 (Sewell)
Royal Society University Research Fellowship (Sewell)
St Catharine's College Heller Research Fellowship (Wansbrough),
EPSRC grant GR/N24872 Wide-area programming: Language, Semantics and Infrastructure Design
EPSRC grant EP/C510712 NETSEM: Rigorous Semantics for Real
Systems
EC FET-GC project IST-2001-33234 PEPITO Peer-to-Peer Computing: Implementation and Theory
CMI UROP internship support (Smith)
EC Thematic Network IST-2001-38957 APPSEM 2
NICTA was funded by the Australian Government's Backing Australia's Ability initiative, in part through the Australian Research Council
Reshaping cortical activity with subthalamic stimulation in Parkinson's disease during finger tapping and gait mapped by near infrared spectroscopy
Exploration of motor cortex activity is essential to understanding the pathophysiology in Parkinson's Disease (PD), but only simple motor tasks can be investigated using a fMRI or PET. We aim to investigate the cortical activity of PD patients during a complex motor task (gait) to verify the impact of deep brain stimulation in the subthalamic nucleus (DBS-STN) by using Near-Infrared-Spectroscopy (NIRS). NIRS is a neuroimaging method of brain cortical activity using low-energy optical radiation to detect local changes in (de)oxyhemoglobin concentration. We used a multichannel portable NIRS during finger tapping (FT) and gait. To determine the signal activity, our methodology consisted of a pre-processing phase for the raw signal, followed by statistical analysis based on a general linear model. Processed recordings from 9 patients were statistically compared between the on and off states of DBS-STN. DBS-STN led to an increased activity in the contralateral motor cortex areas during FT. During gait, we observed a concentration of activity towards the cortex central area in the "stimulation-on" state. Our study shows how NIRS can be used to detect functional changes in the cortex of patients with PD with DBS-STN and indicates its future use for applications unsuited for PET and a fMRI
High-Resolution Optical Functional Mapping of the Human Somatosensory Cortex
Non-invasive optical imaging of brain function has been promoted in a number of fields in which functional magnetic resonance imaging (fMRI) is limited due to constraints induced by the scanning environment. Beyond physiological and psychological research, bedside monitoring and neurorehabilitation may be relevant clinical applications that are yet little explored. A major obstacle to advocate the tool in clinical research is insufficient spatial resolution. Based on a multi-distance high-density optical imaging setup, we here demonstrate a dramatic increase in sensitivity of the method. We show that optical imaging allows for the differentiation between activations of single finger representations in the primary somatosensory cortex (SI). Methodologically our findings confirm results in a pioneering study by Zeff et al. (2007) and extend them to the homuncular organization of SI. After performing a motor task, eight subjects underwent vibrotactile stimulation of the little finger and the thumb. We used a high-density diffuse-optical sensing array in conjunction with optical tomographic reconstruction. Optical imaging disclosed three discrete activation foci one for motor and two discrete foci for vibrotactile stimulation of the first and fifth finger, respectively. The results were co-registered to the individual anatomical brain anatomy (MRI) which confirmed the localization in the expected cortical gyri in four subjects. This advance in spatial resolution opens new perspectives to apply optical imaging in the research on plasticity notably in patients undergoing neurorehabilitation
Registration evaluation of dynamic breast MR images
The interpretation of dynamic contrast-enhanced breast MR images is predicated on the assumption of minimal voxel movement during the time course of the image acquisition. Misalignment of the dynamic image sequence as a result of movement during image acquisition can lead to potentially misleading diagnostic conclusions. In this paper a new methodology is presented for assessing the degree of in-plane (intra-slice) movement in a dynamic image sequence. The method is demonstrated on data from six subjects. The conclusion is that the method makes it possible to quantitatively qualify the accuracy of computed enhancement curves and more importantly to identify unacceptably poor registration
Recommended from our members
Not-quite-so-broken TLS: Lessons in re-engineering a security protocol specification and implementation
- …