OpenJML: Software verification for Java 7 using JML, OpenJDK, and Eclipse

OpenJML is a tool for checking code and specifications of Java programs. We describe our experience building the tool on the foundation of JML, OpenJDK and Eclipse, as well as on many advances in specification-based software verification. The implementation demonstrates the value of integrating specification tools directly in the software development IDE and in automating as many tasks as possible. The tool, though still in progress, has now been used for several college-level courses on software specification and verification and for small-scale studies on existing Java programs.Comment: In Proceedings F-IDE 2014, arXiv:1404.578

SPEEDY: An Eclipse-based IDE for invariant inference

SPEEDY is an Eclipse-based IDE for exploring techniques that assist users in generating correct specifications, particularly including invariant inference algorithms and tools. It integrates with several back-end tools that propose invariants and will incorporate published algorithms for inferring object and loop invariants. Though the architecture is language-neutral, current SPEEDY targets C programs. Building and using SPEEDY has confirmed earlier experience demonstrating the importance of showing and editing specifications in the IDEs that developers customarily use, automating as much of the production and checking of specifications as possible, and showing counterexample information directly in the source code editing environment. As in previous work, automation of specification checking is provided by back-end SMT solvers. However, reducing the effort demanded of software developers using formal methods also requires a GUI design that guides users in writing, reviewing, and correcting specifications and automates specification inference.Comment: In Proceedings F-IDE 2014, arXiv:1404.578

Inferring Concise Specifications of APIs

Modern software relies on libraries and uses them via application programming interfaces (APIs). Correct API usage as well as many software engineering tasks are enabled when APIs have formal specifications. In this work, we analyze the implementation of each method in an API to infer a formal postcondition. Conventional wisdom is that, if one has preconditions, then one can use the strongest postcondition predicate transformer (SP) to infer postconditions. However, SP yields postconditions that are exponentially large, which makes them difficult to use, either by humans or by tools. Our key idea is an algorithm that converts such exponentially large specifications into a form that is more concise and thus more usable. This is done by leveraging the structure of the specifications that result from the use of SP. We applied our technique to infer postconditions for over 2,300 methods in seven popular Java libraries. Our technique was able to infer specifications for 75.7% of these methods, each of which was verified using an Extended Static Checker. We also found that 84.6% of resulting specifications were less than 1/4 page (20 lines) in length. Our technique was able to reduce the length of SMT proofs needed for verifying implementations by 76.7% and reduced prover execution time by 26.7%

Applying SMT Solvers to the Test Template Framework

The Test Template Framework (TTF) is a model-based testing method for the Z notation. In the TTF, test cases are generated from test specifications, which are predicates written in Z. In turn, the Z notation is based on first-order logic with equality and Zermelo-Fraenkel set theory. In this way, a test case is a witness satisfying a formula in that theory. Satisfiability Modulo Theory (SMT) solvers are software tools that decide the satisfiability of arbitrary formulas in a large number of built-in logical theories and their combination. In this paper, we present the first results of applying two SMT solvers, Yices and CVC3, as the engines to find test cases from TTF's test specifications. In doing so, shallow embeddings of a significant portion of the Z notation into the input languages of Yices and CVC3 are provided, given that they do not directly support Zermelo-Fraenkel set theory as defined in Z. Finally, the results of applying these embeddings to a number of test specifications of eight cases studies are analysed.Comment: In Proceedings MBT 2012, arXiv:1202.582

Alternative splicing of TIA-1 in human colon cancer regulates VEGF isoform expression, angiogenesis, tumour growth and bevacizumab resistance

© 2014 The Authors. The angiogenic capability of colorectal carcinomas (CRC), and their susceptibility to anti-angiogenic therapy, is determined by expression of vascular endothelial growth factor (VEGF) isoforms. The intracellular protein T-cell Intracellular Antigen (TIA-1) alters post-transcriptional RNA processing and binds VEGF-A mRNA. We therefore tested the hypothesis that TIA-1 could regulate VEGF-A isoform expression in colorectal cancers. TIA-1 and VEGF-A isoform expression was measured in colorectal cancers and cell lines. We discovered that an endogenous splice variant of TIA-1 encoding a truncated protein, short TIA-1 (sTIA-1) was expressed in CRC tissues and invasive K-Ras mutant colon cancer cells and tissues but not in adenoma cell lines. sTIA-1 was more highly expressed in CRC than in normal tissues and increased with tumour stage. Knockdown of sTIA-1 or over-expression of full length TIA-1 (flTIA-1) induced expression of the anti-angiogenic VEGF isoform VEGF-A 165 b. Whereas flTIA-1 selectively bound VEGF-A 165 mRNA and increased translation of VEGF-A 165 b, sTIA-1 prevented this binding. In nude mice, xenografted colon cancer cells over-expressing flTIA-1 formed smaller, less vascular tumours than those expressing sTIA-1, but flTIA-1 expression inhibited the effect of anti-VEGF antibodies. These results indicate that alternative splicing of an RNA binding protein can regulate isoform specific expression of VEGF providing an added layer of complexity to the angiogenic profile of colorectal cancer and their resistance to anti-angiogenic therapy

RNA Binding Protein CUGBP2/CELF2 Mediates Curcumin-Induced Mitotic Catastrophe of Pancreatic Cancer Cells

Curcumin inhibits the growth of pancreatic cancer tumor xenografts in nude mice; however, the mechanism of action is not well understood. It is becoming increasingly clear that RNA binding proteins regulate posttranscriptional gene expression and play a critical role in RNA stability and translation. Here, we have determined that curcumin modulates the expression of RNA binding protein CUGBP2 to inhibit pancreatic cancer growth.In this study, we show that curcumin treated tumor xenografts have a significant reduction in tumor volume and angiogenesis. Curcumin inhibited the proliferation, while inducing G2-M arrest and apoptosis resulting in mitotic catastrophe of various pancreatic cancer cells. This was further confirmed by increased phosphorylation of checkpoint kinase 2 (Chk2) protein coupled with higher levels of nuclear cyclin B1 and Cdc-2. Curcumin increased the expression of cyclooxygenase-2 (COX-2) and vascular endothelial growth factor (VEGF) mRNA, but protein levels were lower. Furthermore, curcumin increased the expression of RNA binding proteins CUGBP2/CELF2 and TIA-1. CUGBP2 binding to COX-2 and VEGF mRNA was also enhanced, thereby increasing mRNA stability, the half-life changing from 30 min to 8 h. On the other hand, silencer-mediated knockdown of CUGBP2 partially restored the expression of COX-2 and VEGF even with curcumin treatment. COX-2 and VEGF mRNA levels were reduced to control levels, while proteins levels were higher.Curcumin inhibits pancreatic tumor growth through mitotic catastrophe by increasing the expression of RNA binding protein CUGBP2, thereby inhibiting the translation of COX-2 and VEGF mRNA. These data suggest that translation inhibition is a novel mechanism of action for curcumin during the therapeutic intervention of pancreatic cancers

Reasoning with specifications containing method calls in JML and First-Order Provers

Allowing method invocations in program specifications increases modularity and comprehensibility and is as important in specifications as it is in the program itself. However, method invocations do not map neatly into the first-order logics that are often used for assuring the correctness of specifications. One problem is translating specifications in a way that acknowledges the potential for exceptional behavior. The ESC/Java2 tool has been able to achieve a practical translation of method invocations within the design constraints of its parent tool, ESC/Java. Furthermore, the techniques used are applicable to other specification constructs such as quantifiers and model variables