Flexible Invariants Through Semantic Collaboration

Modular reasoning about class invariants is challenging in the presence of dependencies among collaborating objects that need to maintain global consistency. This paper presents semantic collaboration: a novel methodology to specify and reason about class invariants of sequential object-oriented programs, which models dependencies between collaborating objects by semantic means. Combined with a simple ownership mechanism and useful default schemes, semantic collaboration achieves the flexibility necessary to reason about complicated inter-object dependencies but requires limited annotation burden when applied to standard specification patterns. The methodology is implemented in AutoProof, our program verifier for the Eiffel programming language (but it is applicable to any language supporting some form of representation invariants). An evaluation on several challenge problems proposed in the literature demonstrates that it can handle a variety of idiomatic collaboration patterns, and is more widely applicable than the existing invariant methodologies.Comment: 22 page

The VerCors tool for verification of concurrent programs

The VerCors tool implements thread-modular static verification of concurrent programs, annotated with functional properties and heap access permissions. The tool supports both generic multithreaded and vector-based programming models. In particular, it can verify multithreaded programs written in Java, specified with JML extended with separation logic. It can also verify parallelizable programs written in a toy language that supports the characteristic features of OpenCL. The tool verifies programs by first encoding the specified program into a much simpler programming language and then applying the Chalice verifier to the simplified program. In this paper we discuss both the implementation of the tool and the features of its specification language

Automating Deductive Verification for Weak-Memory Programs

Writing correct programs for weak memory models such as the C11 memory model is challenging because of the weak consistency guarantees these models provide. The first program logics for the verification of such programs have recently been proposed, but their usage has been limited thus far to manual proofs. Automating proofs in these logics via first-order solvers is non-trivial, due to reasoning features such as higher-order assertions, modalities and rich permission resources. In this paper, we provide the first implementation of a weak memory program logic using existing deductive verification tools. We tackle three recent program logics: Relaxed Separation Logic and two forms of Fenced Separation Logic, and show how these can be encoded using the Viper verification infrastructure. In doing so, we illustrate several novel encoding techniques which could be employed for other logics. Our work is implemented, and has been evaluated on examples from existing papers as well as the Facebook open-source Folly library.Comment: Extended version of TACAS 2018 publicatio

Multisite musculoskeletal pain predicts medically certified disability retirement among Finns

BackgroundMusculoskeletal pain at several sites (multisite pain) is more common than single-site pain. Little is known on its effects on disability pension (DP) retirement. MethodsA nationally representative sample comprised 4071 Finns in the workforce aged 30 to 63. Data (questionnaire, interview, clinical examination) were gathered in 2000-2001 and linked with national DP registers for 2000-2011. Pain during the preceding month in 18 locations was combined into four sites (neck, upper limbs, low back, lower limbs). Hazard ratios (HR) of DP were estimated by Cox regression. ResultsThe HR of any DP (n=477) was 1.6 (95% confidence interval 1.2-2.1) for one, 2.5 (1.9-3.3) for two, 3.1 (2.3-4.3) for three and 5.6 (4.0-7.8) for four pain sites, when adjusted for age and gender. When additionally adjusted for clinically assessed chronic diseases, the HRs varied from 1.4 (1.0-1.8) to 3.5 (2.5-4.9), respectively. When further adjusted for physical and psychosocial workload, education, body mass index, smoking, exercise and sleep disorders, the HRs were 1.3 (0.9-1.7), 1.6 (1.2-2.2), 1.8 (1.3-2.5) and 2.5 (1.8-3.6). The number of pain sites was especially strong in predicting DPs due to musculoskeletal diseases (HRs in the full model; 3.1 to 4.3), but it also predicted DPs due to other somatic diseases (respective HRs 1.3 to 2.3); pain in all four sites was also predictive of DPs due to mental disorders (full model HR 2.2). ConclusionsThe number of pain sites independently predicted DP retirement. Employees with multisite pain may need specific support to maintain their work ability.Peer reviewe

S53P4 bioactive glass scaffolds induce BMP expression and integrative bone formation in a critical-sized diaphysis defect treated with a single-staged induced membrane technique

Surgical management of critical-sized diaphyseal defects involves multiple challenges, and up to 10% result in delayed or non-union. The two-staged induced membrane technique is successfully used to treat these defects, but it is limited by the need of several procedures and bone graft. Repeated procedures increase costs and morbidity, while grafts are subject to donor-site complications and scarce availability. To transform this two-staged technique into one graft-independent procedure, we developed amorphous porous scaffolds sintered from the clinically used bioactive glass S53P4. This work constitutes the first evaluation of such scaffolds in vivo in a critical-sized diaphyseal defect in the weight-bearing rabbit femur. We provide important knowledge and prospects for future development of sintered S53P4 scaffolds as a bone substitute. Critical-sized diaphysis defects are complicated by inherent sub-optimal healing conditions. The two staged induced membrane technique has been used to treat these challenging defects since the 1980 & rsquo;s. It involves temporary implantation of a membrane-inducing spacer and subsequent bone graft defect filling. A single-staged, graft-independent technique would reduce both socio-economic costs and patient morbidity. Our aim was to enable such single-staged approach through development of a strong bioactive glass scaffold that could replace both the spacer and the graft filling. We constructed amorphous porous scaffolds of the clinically used bioactive glass S53P4 and evaluated them in vivo using a critical sized defect model in the weight-bearing femur diaphysis of New Zealand White rabbits. S53P4 scaffolds and standard polymethylmethacrylate spacers were implanted for 2, 4, and 8 weeks. Induced membranes were confirmed histologically, and their osteostimulative activity was evaluated through RT-qPCR of bone morphogenic protein 2, 4, and 7 (BMPs). Bone formation and osseointegration were examined using histology, scanning electron microscopy, energy-dispersive X-ray analysis, and micro-computed tomography imaging. Scaffold integration, defect union and osteosynthesis were assessed manually and with X-ray projections. We demonstrated that S53P4 scaffolds induce osteostimulative membranes and produce osseointegrative new bone formation throughout the scaffolds. We also demonstrated successful stable scaffold integration with early defect union at 8 weeks postoperative in critical-sized segmental diaphyseal defects with implanted sintered amorphous S53P4 scaffolds. This study presents important considerations for future research and the potential of the S53P4 bioactive glass as a bone substitute in large diaphyseal defects. Statement of significance Surgical management of critical-sized diaphyseal defects involves multiple challenges, and up to 10% result in delayed or non-union. The two-staged induced membrane technique is successfully used to treat these defects, but it is limited by the need of several procedures and bone graft. Repeated procedures increase costs and morbidity, while grafts are subject to donor-site complications and scarce availability. To transform this two-staged technique into one graft-independent procedure, we developed amorphous porous scaffolds sintered from the clinically used bioactive glass S53P4. This work constitutes the first evaluation of such scaffolds in vivo in a critical-sized diaphyseal defect in the weight-bearing rabbit femur. We provide important knowledge and prospects for future development of sintered S53P4 scaffolds as a bone substitute. (c) 2021 The Author(s). Published by Elsevier Ltd on behalf of Acta Materialia Inc. This is an open access article under the CC BY-NC-ND license ( http://creativecommons.org/licenses/by-nc-nd/4.0/ )Peer reviewe

S53P4 bioactive glass scaffolds induce BMP expression and integrative bone formation in a critical-sized diaphysis defect treated with a single-stage d induce d membrane technique

Surgical management of critical-sized diaphyseal defects involves multiple challenges, and up to 10% result in delayed or non-union. The two-staged induced membrane technique is successfully used to treat these defects, but it is limited by the need of several procedures and bone graft. Repeated procedures increase costs and morbidity, while grafts are subject to donor-site complications and scarce availability. To transform this two-staged technique into one graft-independent procedure, we developed amorphous porous scaffolds sintered from the clinically used bioactive glass S53P4. This work constitutes the first evaluation of such scaffolds in vivo in a critical-sized diaphyseal defect in the weight-bearing rabbit femur. We provide important knowledge and prospects for future development of sintered S53P4 scaffolds as a bone substitute. Critical-sized diaphysis defects are complicated by inherent sub-optimal healing conditions. The two staged induced membrane technique has been used to treat these challenging defects since the 1980 & rsquo;s. It involves temporary implantation of a membrane-inducing spacer and subsequent bone graft defect filling. A single-staged, graft-independent technique would reduce both socio-economic costs and patient morbidity. Our aim was to enable such single-staged approach through development of a strong bioactive glass scaffold that could replace both the spacer and the graft filling. We constructed amorphous porous scaffolds of the clinically used bioactive glass S53P4 and evaluated them in vivo using a critical sized defect model in the weight-bearing femur diaphysis of New Zealand White rabbits. S53P4 scaffolds and standard polymethylmethacrylate spacers were implanted for 2, 4, and 8 weeks. Induced membranes were confirmed histologically, and their osteostimulative activity was evaluated through RT-qPCR of bone morphogenic protein 2, 4, and 7 (BMPs). Bone formation and osseointegration were examined using histology, scanning electron microscopy, energy-dispersive X-ray analysis, and micro-computed tomography imaging. Scaffold integration, defect union and osteosynthesis were assessed manually and with X-ray projections. We demonstrated that S53P4 scaffolds induce osteostimulative membranes and produce osseointegrative new bone formation throughout the scaffolds. We also demonstrated successful stable scaffold integration with early defect union at 8 weeks postoperative in critical-sized segmental diaphyseal defects with implanted sintered amorphous S53P4 scaffolds. This study presents important considerations for future research and the potential of the S53P4 bioactive glass as a bone substitute in large diaphyseal defects. Statement of significance Surgical management of critical-sized diaphyseal defects involves multiple challenges, and up to 10% result in delayed or non-union. The two-staged induced membrane technique is successfully used to treat these defects, but it is limited by the need of several procedures and bone graft. Repeated procedures increase costs and morbidity, while grafts are subject to donor-site complications and scarce availability. To transform this two-staged technique into one graft-independent procedure, we developed amorphous porous scaffolds sintered from the clinically used bioactive glass S53P4. This work constitutes the first evaluation of such scaffolds in vivo in a critical-sized diaphyseal defect in the weight-bearing rabbit femur. We provide important knowledge and prospects for future development of sintered S53P4 scaffolds as a bone substitute. (c) 2021 The Author(s). Published by Elsevier Ltd on behalf of Acta Materialia Inc. This is an open access article under the CC BY-NC-ND license ( http://creativecommons.org/licenses/by-nc-nd/4.0/ )Peer reviewe

The International Cancer Expert Corps: A Unique Approach for Sustainable Cancer Care in Low and Lower-Middle Income Countries

The growing burden of non-communicable diseases including cancer in low- and lower-middle income countries (LMICs) and in geographic-access limited settings within resource-rich countries requires effective and sustainable solutions. The International Cancer Expert Corps (ICEC) is pioneering a novel global mentorship–partnership model to address workforce capability and capacity within cancer disparities regions built on the requirement for local investment in personnel and infrastructure. Radiation oncology will be a key component given its efficacy for cure even for the advanced stages of disease often encountered and for palliation. The goal for an ICEC Center within these health disparities settings is to develop and retain a high-quality sustainable workforce who can provide the best possible cancer care, conduct research, and become a regional center of excellence. The ICEC Center can also serve as a focal point for economic, social, and healthcare system improvement. ICEC is establishing teams of Experts with expertise to mentor in the broad range of subjects required to establish and sustain cancer care programs. The Hubs are cancer centers or other groups and professional societies in resource-rich settings that will comprise the global infrastructure coordinated by ICEC Central. A transformational tenet of ICEC is that altruistic, human-service activity should be an integral part of a healthcare career. To achieve a critical mass of mentors ICEC is working with three groups: academia, private practice, and senior mentors/retirees. While in-kind support will be important, ICEC seeks support for the career time dedicated to this activity through grants, government support, industry, and philanthropy. Providing care for people with cancer in LMICs has been a recalcitrant problem. The alarming increase in the global burden of cancer in LMICs underscores the urgency and makes this an opportune time fornovel and sustainable solutions to transform cancer care globally

Guiding Dynamic Symbolic Execution Toward Unverified Program Executions

Most techniques to detect program errors, such as testing, code reviews, and static program analysis, do not fully verify all possible executions of a program. They leave executions unverified when they do not check certain properties, fail to verify properties, or check properties under certain unsound assumptions such as the absence of arithmetic overflow. In this paper, we present a technique to complement partial verification results by automatic test case generation. In contrast to existing work, our technique supports the common case that the verification results are based on unsound assumptions. We annotate programs to reflect which executions have been verified, and under which assumptions. These annotations are then used to guide dynamic symbolic execution toward unverified program executions. Our main technical contribution is a code instrumentation that causes dynamic symbolic execution to abort tests that lead to verified executions, to prune parts of the search space, and to prioritize tests that cover more properties that are not fully verified. We have implemented our technique for the .NET static analyzer Clousot and the dynamic symbolic execution tool Pex. It produces smaller test suites (by up to 19.2%), covers more unverified executions (by up to 7.1%), and reduces testing time (by up to 52.4%) compared to combining Clousot and Pex without our technique

Efficient Refinement Checking in VCC

We propose a methodology for carrying out refinement proofs across declarative abstract models and concrete implementations in C, using the VCC verification tool. The main idea is to first perform a systematic translation from the top-level abstract model to a ghost implementation in VCC. Subsequent refinement proofs between successively refined abstract models and between abstract and concrete implementations are carried out in VCC. We propose an efficient technique to carry out these refinement checks in VCC. We illustrate our methodology with a case study in which we verify a simplified C implementation of an RTOS scheduler, with respect to its abstract Z specification. Overall, our methodology leads to efficient and automatic refinement proofs for complex systems that would typically be beyond the capability of tools such as Z/Eves or Rodin