The SeaHorn Verification Framework

In this paper, we present SeaHorn, a software verification framework. The key distinguishing feature of SeaHorn is its modular design that separates the concerns of the syntax of the programming language, its operational semantics, and the verification semantics. SeaHorn encompasses several novelties: it (a) encodes verification conditions using an efficient yet precise inter-procedural technique, (b) provides flexibility in the verification semantics to allow different levels of precision, (c) leverages the state-of-the-art in software model checking and abstract interpretation for verification, and (d) uses Horn-clauses as an intermediate language to represent verification conditions which simplifies interfacing with multiple verification tools based on Horn-clauses. SeaHorn provides users with a powerful verification tool and researchers with an extensible and customizable framework for experimenting with new software verification techniques. The effectiveness and scalability of SeaHorn are demonstrated by an extensive experimental evaluation using benchmarks from SV-COMP 2015 and real avionics code

Tapping into rhythm generation circuitry in humans during simulated weightlessness conditions

An ability to produce rhythmic activity is ubiquitous for locomotor pattern generation and modulation. The role that the rhythmogenesis capacity of the spinal cord plays in injured populations has become an area of interest and systematic investigation among researchers in recent years, despite its importance being long recognized by neurophysiologists and clinicians. Given that each individual interneuron, as a rule, receives a broad convergence of various supraspinal and sensory inputs and may contribute to a vast repertoire of motor actions, the importance of assessing the functional state of the spinal locomotor circuits becomes increasingly evident. Air-stepping can be used as a unique and important model for investigating human rhythmogenesis since its manifestation is largely facilitated by a reduction of external resistance. This article aims to provide a review on current issues related to the ‘locomotor’ state and interactions between spinal and supraspinal influences on the central pattern generator circuitry in humans, which may be important for developing gait rehabilitation strategies in individuals with spinal cord and brain injuries

Expressiveness and Completeness in Abstraction

We study two notions of expressiveness, which have appeared in abstraction theory for model checking, and find them incomparable in general. In particular, we show that according to the most widely used notion, the class of Kripke Modal Transition Systems is strictly less expressive than the class of Generalised Kripke Modal Transition Systems (a generalised variant of Kripke Modal Transition Systems equipped with hypertransitions). Furthermore, we investigate the ability of an abstraction framework to prove a formula with a finite abstract model, a property known as completeness. We address the issue of completeness from a general perspective: the way it depends on certain abstraction parameters, as well as its relationship with expressiveness.Comment: In Proceedings EXPRESS/SOS 2012, arXiv:1208.244

Single pulse avalanche robustness and repetitive stress ageing of SiC power MOSFETs

This paper presents an extensive electro-thermal characterisation of latest generation silicon carbide (SiC) Power MOSFETs under unclamped inductive switching (UIS) conditions. Tests are carried out to thoroughly understand the single pulse avalanche ruggedness limits of commercial SiC MOSFETs and assess their aging under repetitive stress conditions. Both a functional and a structural characterisation of the transistors is presented, with the aim of informing future device technology development for robust and reliable power system development

Socio economic crisis and mortality. Epidemiological testimony of the financial collapse of Argentina

BACKGROUND: Natural disasters, war, and terrorist attacks, have been linked to cardiac mortality. We sought to investigate whether a major financial crisis may impact on the medical management and outcomes of acute coronary syndromes. METHODS: We analyzed the Argentine cohort of the international multicenter Global Registry of Acute Coronary Events (GRACE). The primary objective was to estimate if there was an association between the financial crisis period (April 1999 to December 2002) and in- hospital cardiovascular mortality, with the post-crisis period (January 2003 to September 2004) as the referent. Each period was defined according to the evolution of the Gross Domestic Product. We investigated the demographic characteristics, diagnostic and therapeutic procedures, morbidity and mortality. RESULTS: We analyzed data from 3220 patients, 2246 (69.8%) patients in the crisis period and 974 (30.2%) in the post-crisis frame. The distribution of demographic and clinical baseline characteristics were not significantly different between both periods. During the crisis period the incidence of in-hospital myocardial infarction was higher (6.9% Vs 2.9%; p value \u3c 0.0001), as well as congestive heart failure (16% Vs 11%; p value \u3c 0.0001). Time to intervention with angioplasty was longer during the crisis, especially among public sites (median 190 min Vs 27 min). The incidence proportion of mortality during hospitalization was 6.2% Vs 5.1% after crisis. The crude OR for mortality was 1.2 (95% C.I. 0.87, 1.7). The odds for mortality were higher among private institutions {1.9 (95% C.I. 0.9, 3.8)} than for public centers {1.2 (95% C.I. 0.83, 1.79)}. We did not observe a significant interaction between type of hospital and crisis. CONCLUSION: Our findings suggest that the financial crisis may have had a negative impact on cardiovascular mortality during hospitalization, and higher incidence of medical complications

assessment of blood capillaries and structural proteins localization

The papillary dermis of human skin is responsible for its biomechanical properties and for supply of epidermis with chemicals. Dermis is mainly composed of structural protein molecules, including collagen and elastin, and contains blood capillaries. Connective tissue diseases, as well as cardiovascular complications have manifestations on the molecular level in the papillary dermis (e.g. alteration of collagen I and III content) and in the capillary structure. In this paper we assessed the molecular structure of internal and external regions of skin capillaries using two-photon fluorescence lifetime imaging (FLIM) of endogenous compounds. It was shown that the capillaries are characterized by a fast fluorescence decay, which is originated from red blood cells and blood plasma. Using the second harmonic generation signal, FLIM segmentation was performed, which provided for spatial localization and fluorescence decay parameters distribution of collagen I and elastin in the dermal papillae. It was demonstrated that the lifetime distribution was different for the inner area of dermal papillae around the capillary loop that was suggested to be due to collagen III. Hence, we propose a generalized approach to two-photon imaging of the papillary dermis components, which extends the capabilities of this technique in skin diagnosis

SMT-based Model Checking for Recursive Programs

We present an SMT-based symbolic model checking algorithm for safety verification of recursive programs. The algorithm is modular and analyzes procedures individually. Unlike other SMT-based approaches, it maintains both "over-" and "under-approximations" of procedure summaries. Under-approximations are used to analyze procedure calls without inlining. Over-approximations are used to block infeasible counterexamples and detect convergence to a proof. We show that for programs and properties over a decidable theory, the algorithm is guaranteed to find a counterexample, if one exists. However, efficiency depends on an oracle for quantifier elimination (QE). For Boolean Programs, the algorithm is a polynomial decision procedure, matching the worst-case bounds of the best BDD-based algorithms. For Linear Arithmetic (integers and rationals), we give an efficient instantiation of the algorithm by applying QE "lazily". We use existing interpolation techniques to over-approximate QE and introduce "Model Based Projection" to under-approximate QE. Empirical evaluation on SV-COMP benchmarks shows that our algorithm improves significantly on the state-of-the-art.Comment: originally published as part of the proceedings of CAV 2014; fixed typos, better wording at some place

Rich Counter-Examples for Temporal-Epistemic Logic Model Checking

Model checking verifies that a model of a system satisfies a given property, and otherwise produces a counter-example explaining the violation. The verified properties are formally expressed in temporal logics. Some temporal logics, such as CTL, are branching: they allow to express facts about the whole computation tree of the model, rather than on each single linear computation. This branching aspect is even more critical when dealing with multi-modal logics, i.e. logics expressing facts about systems with several transition relations. A prominent example is CTLK, a logic that reasons about temporal and epistemic properties of multi-agent systems. In general, model checkers produce linear counter-examples for failed properties, composed of a single computation path of the model. But some branching properties are only poorly and partially explained by a linear counter-example. This paper proposes richer counter-example structures called tree-like annotated counter-examples (TLACEs), for properties in Action-Restricted CTL (ARCTL), an extension of CTL quantifying paths restricted in terms of actions labeling transitions of the model. These counter-examples have a branching structure that supports more complete description of property violations. Elements of these counter-examples are annotated with parts of the property to give a better understanding of their structure. Visualization and browsing of these richer counter-examples become a critical issue, as the number of branches and states can grow exponentially for deeply-nested properties. This paper formally defines the structure of TLACEs, characterizes adequate counter-examples w.r.t. models and failed properties, and gives a generation algorithm for ARCTL properties. It also illustrates the approach with examples in CTLK, using a reduction of CTLK to ARCTL. The proposed approach has been implemented, first by extending the NuSMV model checker to generate and export branching counter-examples, secondly by providing an interactive graphical interface to visualize and browse them.Comment: In Proceedings IWIGP 2012, arXiv:1202.422

Sharper and Simpler Nonlinear Interpolants for Program Verification

Interpolation of jointly infeasible predicates plays important roles in various program verification techniques such as invariant synthesis and CEGAR. Intrigued by the recent result by Dai et al.\ that combines real algebraic geometry and SDP optimization in synthesis of polynomial interpolants, the current paper contributes its enhancement that yields sharper and simpler interpolants. The enhancement is made possible by: theoretical observations in real algebraic geometry; and our continued fraction-based algorithm that rounds off (potentially erroneous) numerical solutions of SDP solvers. Experiment results support our tool's effectiveness; we also demonstrate the benefit of sharp and simple interpolants in program verification examples

A Framework for Compositional Verification of Multi-valued Systems via Abstraction-Refinement

We present a framework for fully automated compositional verification of µ-calculus specifications over multi-valued systems, based on multivalued abstraction and refinement. Multi-valued models are widely used in many applications of model checking. They enable a more precise modeling of systems by distinguishing several levels of uncertainty and inconsistency. Successful verification tools such as STE (for hardware) and YASM (for software) are based on multi-valued models. Our compositional approach model checks individual components of a system. Only if all individual checks return indefinite values, the parts of the components which are responsible for these values, are composed and checked. Thus the construction of the full system is avoided. If the latter check is still indefinite, then a refinement is needed. We formalize our framework based on bilattices, consisting of a truth lattice and an information lattice. Formulas interpreted over a multi-valued model are evaluated w.r.t. to the truth lattice. On the other hand, refinement is now aimed at increasing the information level of model details, thus also increasing the information level of the model checking result. Based on the two lattices, we suggest how multi-valued models should be composed, checked, and refined