Formal verification of automotive embedded UML designs

Software applications are increasingly dominating safety critical domains. Safety critical domains are domains where the failure of any application could impact human lives. Software application safety has been overlooked for quite some time but more focus and attention is currently directed to this area due to the exponential growth of software embedded applications. Software systems have continuously faced challenges in managing complexity associated with functional growth, flexibility of systems so that they can be easily modified, scalability of solutions across several product lines, quality and reliability of systems, and finally the ability to detect defects early in design phases. AUTOSAR was established to develop open standards to address these challenges. ISO-26262, automotive functional safety standard, aims to ensure functional safety of automotive systems by providing requirements and processes to govern software lifecycle to ensure safety. Each functional system needs to be classified in terms of safety goals, risks and Automotive Safety Integrity Level (ASIL: A, B, C and D) with ASIL D denoting the most stringent safety level. As risk of the system increases, ASIL level increases and the standard mandates more stringent methods to ensure safety. ISO-26262 mandates that ASILs C and D classified systems utilize walkthrough, semi-formal verification, inspection, control flow analysis, data flow analysis, static code analysis and semantic code analysis techniques to verify software unit design and implementation. Ensuring software specification compliance via formal methods has remained an academic endeavor for quite some time. Several factors discourage formal methods adoption in the industry. One major factor is the complexity of using formal methods. Software specification compliance in automotive remains in the bulk heavily dependent on traceability matrix, human based reviews, and testing activities conducted on either actual production software level or simulation level. ISO26262 automotive safety standard recommends, although not strongly, using formal notations in automotive systems that exhibit high risk in case of failure yet the industry still heavily relies on semi-formal notations such as UML. The use of semi-formal notations makes specification compliance still heavily dependent on manual processes and testing efforts. In this research, we propose a framework where UML finite state machines are compiled into formal notations, specification requirements are mapped into formal model theorems and SAT/SMT solvers are utilized to validate implementation compliance to specification. The framework will allow semi-formal verification of AUTOSAR UML designs via an automated formal framework backbone. This semi-formal verification framework will allow automotive software to comply with ISO-26262 ASIL C and D unit design and implementation formal verification guideline. Semi-formal UML finite state machines are automatically compiled into formal notations based on Symbolic Analysis Laboratory formal notation. Requirements are captured in the UML design and compiled automatically into theorems. Model Checkers are run against the compiled formal model and theorems to detect counterexamples that violate the requirements in the UML model. Semi-formal verification of the design allows us to uncover issues that were previously detected in testing and production stages. The methodology is applied on several automotive systems to show how the framework automates the verification of UML based designs, the de-facto standard for automotive systems design, based on an implicit formal methodology while hiding the cons that discouraged the industry from using it. Additionally, the framework automates ISO-26262 system design verification guideline which would otherwise be verified via human error prone approaches

Generating a Shortest B-Chain using Multi-GPUs

Let B be a finite set of binary operations over the set of natural numbers N. A B-chain for a natural number n, denoted by BC(n), is a sequence of numbers 1 = c0,c1,...,cl = n such that for each i \u3e 0,ci = cj ◦ck, where 0 ≤ j,k ≤ i−1 and ◦ is an operation of B. Generating a shortest B-chain for n plays an important role in increasing the performance of some cryptosystems and protocols. This paper has two purposes. The first is to propose a generic algorithm to generate a shortest B-chain using a single CPU and a single GPU for any B. The second is to propose two strategies to improve the generation of a shortest B-chain using two (or more) GPUs. Using two GPUs, the experimental study shows that the first strategy improves the performance by about 20%, while the second strategy improves the performance by about 30 ∼ 35% in case of B = {+}. It is also possible to combine both strategies when we have at least four GPUs

A Unified Method for Private Exponent Attacks on RSA using Lattices

International audienceLet (n = pq, e = n^β) be an RSA public key with private exponent d = n^δ , where p and q are large primes of the same bit size. At Eurocrypt 96, Coppersmith presented a polynomial-time algorithm for finding small roots of univariate modular equations based on lattice reduction and then succussed to factorize the RSA modulus. Since then, a series of attacks on the key equation ed − kφ(n) = 1 of RSA have been presented. In this paper, we show that many of such attacks can be unified in a single attack using a new notion called Coppersmith's interval. We determine a Coppersmith's interval for a given RSA public key (n, e). The interval is valid for any variant of RSA, such as Multi-Prime RSA, that uses the key equation. Then we show that RSA is insecure if δ < β + 1/3 α − 1/3 √ (12αβ + 4α^2) provided that we have approximation p0 ≥ √ n of p with |p − p0| ≤ 1/2 n^α , α ≤ 1/2. The attack is an extension of Coppersmith's result

Rôle de la tomodensitométrie à double énergie/double source pour la personnalisation des traitements de radiothérapie

Le futur de la radiothérapie réside dans le développement de stratégies visant à adapter les traitements à chaque individu. La tomodensitométrie à double énergie/double source (DECT/DSCT) est une technologie d’imagerie permettant de caractériser avec précision les tissus (sains et tumoraux) et d’imager le cœur en mouvement. En raison de ses fonctionnalités, la technologie du DECT/DSCT a le potentiel de jouer un rôle important dans la personnalisation des traitements de radiothérapie. Nous avons exploré le rôle du DECT/DSCT dans 3 études cliniques prospectives, relatives à la planification des traitements de radiothérapie. Dans une première approche, nous avons évalué le rôle du DECT pour l’évaluation de la fonction du parenchyme pulmonaire en radiothérapie thoracique (conventionnelle et stéréotaxique). Nous avons émis l’hypothèse qu’une quantification précise de la concentration d’iode du parenchyme pulmonaire, dérivée du DECT, permettrait de déterminer les régions pulmonaires les plus fonctionnelles à éviter lors de la planification de la radiothérapie. Nous avons démontré la faisabilité et la validité d’une méthode de quantification de la fonction pulmonaire en utilisant la cartographie d’iode du DECT. De plus, nous avons montré que l’incorporation de cette information en planification de radiothérapie peut réduire significativement la dose aux régions pulmonaires fonctionnelles dans le but de réduire les toxicités. Dans une deuxième approche, nous avons évalué le rôle du l’imagerie à double-source (DSCT) pour une évaluation individualisée du mouvement cardiaque lors de la planification des traitements de radiothérapie. Nous avons montré que le DSCT permettait de visualiser et quantifier le mouvement des sous-structures cardiaques notamment les veines pulmonaires et les artères coronaires, et ainsi déterminer un volume cible personnalisé pour chaque patient. De plus, nous avons montré le bénéfice dosimétrique d’une irradiation du sein gauche avec synchronisation cardiaque (limitée à la phase systolique) pour épargner les sous-structures cardiaques, notamment de l’artère antérieure descendante gauche, une structure critique dans le développement des toxicités cardiaques post-radiques. Finalement, utilisant à nouveau la capacité de quantification précise de la concentration d’iode, nous avons évalué le rôle du DECT pour dériver la perfusion des tumeurs du larynx et de l’hypopharynx traitées par radiothérapie. Dans un contexte exploratoire de 25 patients, nous avons démontré que les statistiques quantitatives dérivées des cartes d’iodes tumorales étaient prédictives du contrôle locorégional chez ces patients, suggérant un rôle de ces cartes d’iode comme bio-marqueurs prédisant l’agressivité tumorale. Les résultats de nos travaux centrés sur ces 3 stratégies démontrent que le DECT/DSCT a le potentiel de jouer un rôle important à divers niveaux dans la personnalisation de la planification des traitements radiothérapie, notamment: 1) pour l’évaluation de la fonction des tissus sains; 2) pour la détermination personnalisée du mouvement cardiaque, et 3) comme outil prédictif du contrôle tumoral.The future of radiotherapy lies in the development of strategies to adapt treatments to each individual. Dual energy / dual source computed tomography (DECT/DSCT) is an imaging technology that allows for accurate tissue characterisation (organs at risk or tumors) and that can capture precisely the anatomy of the heart in motion. DECT/DSCT technology has the potential to be important player in personalized radiotherapy. We explored the role of DECT/DSCT in radiotherapy planning in the context of 3 prospective clinical studies. First, we evaluated the role of DECT imaging for the assessment of lung function in lung cancer radiotherapy planning (both conventionally fractionated and stereotaxic radiotherapy). We hypothesized that accurate quantification of DECT iodine concentration could be used in treatment planning to assesses and preserve functional parenchyma. We demonstrated the feasibility and validity of a novel lung function quantification method using DECT iodine mapping. In addition, we showed that incorporating this information into radiotherapy planning could help improve lung dosimetry, and thus potentially reduce toxicities. In a second approach, we evaluated the role of DSCT for individualized assessment of cardiac motion in radiotherapy planning. We showed that the DSCT allows visualization and quantification of motion of cardiac sub-structures, including the pulmonary veins and coronary arteries, and therefore can be used to determine personalized target volume for each patient. In addition, we quantified the dosimetric impact of cardiac-gated radiotherapy in left breast cancer radiotherapy and demonstrated significant sparing of cardiac sub-structures with this method, in particular sparing of left anterior descending artery, a critical structure involved in radiation-induced cardiovascular toxicities. Finally, we assessed the role of DECT in determining tumor perfusion in larynx/hypopharynx cancers using the iodine concentration quantification method. In an exploratory prospective cohort of 25 patients with cancer of the larynx or hypopharynx, we demonstrated that histogram statistics derived from tumor iodine maps could predict locoregional control in these patients. This finding supports the role of iodine concentration maps as functional biomarkers to predict tumor aggressiveness. The results of our work focused on these various strategies demonstrate that DECT/DSCT has the potential to play an important role in the following 3 avenues of personalized radiotherapy: 1) for the evaluation of functional healthy tissues; 2) for individualized determination of optimal margins or cardiac-gating window in radiotherapy involving the heart and, 3) for prediction of cancer control outcomes

A Comprehensive Study of Egyptian Arabic v. 1

http://deepblue.lib.umich.edu/bitstream/2027.42/94560/1/39015087418557.pd

O REGIME DE SEPARAÇÃO CONVENCIONAL DE BENS E A NÃO CONCORRÊNCIA DO CÔNJUGE SUPÉRSTITE COM OS DESCENDENTES DO “DE CUJUS”

O escopo deste trabalho é apresentar os entendimentos do Superior Tribunal de Justiça sobre o regime de separação convencional de bens. Referido Tribunal, em 2009, entendeu pela não concorrência em tal regime, com alteração oposta em 2015. A primeira parte do artigo apresenta conhecimentos sobre os regimes de bens. A segunda parte apresenta o regime de separação convencional de bens e as decisões do Superior Tribunal de Justiça e seu atual posicionamento criticado a luz da autonomia da vontade. Como fonte de pesquisa utilizou-se da doutrina, jurisprudência, legislação e periódicos na internet

Assessing the Need for Adjuvant Chemotherapy After Stereotactic Body Radiation Therapy in Early-stage Non-small Cell Lung Carcinoma.

Surgery remains the standard treatment for medically operable patients with early-stage non-small cell lung carcinoma (NSCLC). Following surgical resection, adjuvant chemotherapy is recommended for large tumors &gt;4 cm. For unfit patients, stereotactic body radiation therapy (SBRT) has emerged as an excellent alternative to surgery. This study aims to assess patterns of recurrence and discuss the role of chemotherapy after SBRT for NSCLC. We reviewed patients treated with SBRT for primary early-stage NSCLC between 2009 and 2015. Total target doses were between 50 and 60 Gy administered in three to eight fractions. All patients had a staging fluorodeoxyglucose (FDG) positron emission tomography (PET) integrated with computed tomography (CT) scan, and histologic confirmation was obtained whenever possible. Mediastinal staging was performed if lymph node involvement was suspected on CT or PET/CT. Survival outcomes were estimated using the Kaplan-Meier method. Among the 559 early-stage NSCLC patients treated with SBRT, 121 patients were stage T2N0. The one-year and three-year overall survival rates were 88% and 70%, respectively, for patients with T2 disease, compared to 95% and 81%, respectively, for the T1 patients (p&lt;0.05). The one-year and three-year local control rates were equal in both groups (98% and 91%, respectively). In T2 patients, 25 (21%) presented a relapse, among which 21 (84%) were nodal or distant. The median survival of T2N0 patients following a relapse was 11 months. Lung SBRT provides high local control rates, even for larger tumors. When patients relapse, the majority of them do so at regional or distant sites. These results raise the question as to whether adjuvant treatment should be considered following SBRT for larger tumors

Influence of respiratory motion management technique on radiation pneumonitis risk with robotic stereotactic body radiation therapy.

Purpose/objectivesFor lung stereotactic body radiation therapy (SBRT), real-time tumor tracking (RTT) allows for less radiation to normal lung compared to the internal target volume (ITV) method of respiratory motion management. To quantify the advantage of RTT, we examined the difference in radiation pneumonitis risk between these two techniques using a normal tissue complication probability (NTCP) model.Materials/method20 lung SBRT treatment plans using RTT were replanned with the ITV method using respiratory motion information from a 4D-CT image acquired at the original simulation. Risk of symptomatic radiation pneumonitis was calculated for both plans using a previously derived NTCP model. Features available before treatment planning that identified significant increase in NTCP with ITV versus RTT plans were identified.ResultsPrescription dose to the planning target volume (PTV) ranged from 22 to 60 Gy in 1-5 fractions. The median tumor diameter was 3.5 cm (range 2.1-5.5 cm) with a median volume of 14.5 mL (range 3.6-59.9 mL). The median increase in PTV volume from RTT to ITV plans was 17.1 mL (range 3.5-72.4 mL), and the median increase in PTV/lung volume ratio was 0.46% (range 0.13-1.98%). Mean lung dose and percentage dose-volumes were significantly higher in ITV plans at all levels tested. The median NTCP was 5.1% for RTT plans and 8.9% for ITV plans, with a median difference of 1.9% (range 0.4-25.5%, pairwise P &lt; 0.001). Increases in NTCP between plans were best predicted by increases in PTV volume and PTV/lung volume ratio.ConclusionsThe use of RTT decreased the risk of radiation pneumonitis in all plans. However, for most patients the risk reduction was minimal. Differences in plan PTV volume and PTV/lung volume ratio may identify patients who would benefit from RTT technique before completing treatment planning