Capturing and exploiting abstract views of states in OO verification

In this thesis, we study several implementation, specification and verification techniques for Object-Oriented (OO) programs. Our focus is on capturing conceptual structures in OO states in abstractions, and then exploiting such an abstract view of the state in specification and implementation approaches in a way that allows for formal verification. Generally, an OO state consists of many objects that reference each other in possibly complicated ways. At the same time, at any one point in the execution of the program, we can often reason about what is happening using an abstract view of the state that is much less complicated. To further improve the quality of implementations, better techniques must be developed for 1) specification of the abstract views that are used by the client and the programmer, and 2) the verification that an implementation satisfies its specification. This thesis contributes to that effort. We distinguish between client-level and programmer-level specification. A client-level specification acts as a contract between the client and the implementer. A programmer-level specification allows to reason formally about the implementation. We consider two specification formalisms that differ in the basic abstract view that is used: Algebraic Specification and OO Specification. We consider both client-level and programmer-level specifications based on algebraic specification. We contribute a novel syntax and semantics for the former, and we contribute an implementation approach for OO implementations based on the latter. We show that the implementation approach is suitable for problem-independent verification. We propose the programmer-level OO specification constructs inc and coop. The inc construct allows method specification to make explicit that a certain enumeration of invariants does not have to hold when that method is executed. The coop construct allows a field specification to make explicit that a certain enumeration of invariants might be invalidated when the field is updated. This allows for the specification and verification of OO designs in which in the process of updating one object, other objects with which it together implements a common purpose must be updated as well. We then generalize the inc and coop constructs by removing a restriction to enumerations of invariants. For instance, this is needed in the well-known Observer Pattern, where a Subject can have an arbitrary and dynamically changing number of Observers. A more general interpretation of invariants and accompanying proof system are provided as well. We contribute a programmer-level OO specification technique to capture layers in OO architectures, and we exploit these layers by providing a more liberal semantics of class invariants. We also provide a verification technique for the semantics. Layers are an abstraction at the architectural level in OO implementations that designate certain object structures in the design as sub-structures that are shared by other structures. An object in a higher layer is not relevant to the purpose of an object in the sub-structure. Given this intuition, an object in a higher layer is not part of the abstract view from an object in a lower layer. Therefore, the invariant of a higher layer object does not have to hold when a method of a lower-layer object is executing. Finally, we contribute a verification technique for pure methods and model fields, which are existing specification techniques for capturing an abstract view of the state in OO specifications. A method that is pure can be used as a function in predicates in class specifications. The function is axiomatized using the pre- and postcondition that are specified for the method. A model field abstracts part of the concrete state of an object into an abstract value. This too introduces an additional axiom in the underlying reasoning. The technique contributed establishes that such additional axioms do no introduce inconsistencies into the formal reasoning. It comes with heuristics that that make it amenable to automatic verification

Flexible Invariants Through Semantic Collaboration

Modular reasoning about class invariants is challenging in the presence of dependencies among collaborating objects that need to maintain global consistency. This paper presents semantic collaboration: a novel methodology to specify and reason about class invariants of sequential object-oriented programs, which models dependencies between collaborating objects by semantic means. Combined with a simple ownership mechanism and useful default schemes, semantic collaboration achieves the flexibility necessary to reason about complicated inter-object dependencies but requires limited annotation burden when applied to standard specification patterns. The methodology is implemented in AutoProof, our program verifier for the Eiffel programming language (but it is applicable to any language supporting some form of representation invariants). An evaluation on several challenge problems proposed in the literature demonstrates that it can handle a variety of idiomatic collaboration patterns, and is more widely applicable than the existing invariant methodologies.Comment: 22 page

A proof system for invariants in layered OO designs

Although invariants have a long history, their meaning in OO designs is still under discussion. OO designs often include functionality that is used by different otherwise unrelated objects (shared functionality). We identify a problem with current interpretations of invariants in such designs. OO designs are often layered, where a layer uses functionality of a lower layer (in particular, shared functionality) but has little or no involvement with higher layers. As a result, higher layers can rely on lower layer invariants and lower layers do not rely on higher layer invariants. This is not reflected by current interpretations of invariants. We propose to make layers explicit in specifications and introduce a new interpretation of invariants that exploits these layers. Furthermore, we present a sound, modular verification technique that ensures the new interpretation is satisfied

Indoor Social Networks in a South African Township: Potential Contribution of Location to Tuberculosis Transmission

CITATION: Wood, R. et al. 2012. Indoor social networks in a South African township : potential contribution of location to tuberculosis transmission. PLoS ONE, 7(6): e39246, doi:10.1371/journal.pone.0039246.The original publication is available at http://journals.plos.org/plosoneBackground We hypothesized that in South Africa, with a generalized tuberculosis (TB) epidemic, TB infection is predominantly acquired indoors and transmission potential is determined by the number and duration of social contacts made in locations that are conducive to TB transmission. We therefore quantified time spent and contacts met in indoor locations and public transport by residents of a South African township with a very high TB burden. Methods A diary-based community social mixing survey was performed in 2010. Randomly selected participants (n = 571) prospectively recorded numbers of contacts and time spent in specified locations over 24-hour periods. To better characterize age-related social networks, participants were stratified into ten 5-year age strata and locations were classified into 11 types. Results Five location types (own-household, other-households, transport, crèche/school, and work) contributed 97.2% of total indoor time and 80.4% of total indoor contacts. Median time spent indoors was 19.1 hours/day (IQR:14.3–22.7), which was consistent across age strata. Median daily contacts increased from 16 (IQR:9–40) in 0–4 year-olds to 40 (IQR:18–60) in 15–19 year-olds and declined to 18 (IQR:10–41) in ≥45 year-olds. Mean daily own-household contacts was 8.8 (95%CI:8.2–9.4), which decreased with increasing age. Mean crèche/school contacts increased from 6.2/day (95%CI:2.7–9.7) in 0–4 year-olds to 28.1/day (95%CI:8.1–48.1) in 15–19 year-olds. Mean transport contacts increased from 4.9/day (95%CI:1.6–8.2) in 0–4 year-olds to 25.5/day (95%CI:12.1–38.9) in 25–29 year-olds. Conclusions A limited number of location types contributed the majority of indoor social contacts in this community. Increasing numbers of social contacts occurred throughout childhood, adolescence, and young adulthood, predominantly in school and public transport. This rapid increase in non-home socialization parallels the increasing TB infection rates during childhood and young adulthood reported in this community. Further studies of the environmental conditions in schools and public transport, as potentially important locations for ongoing TB infection, are indicated.http://journals.plos.org/plosone/article?id=10.1371/journal.pone.0039246Publisher's versio

Chromospheric CaII Emission in Nearby F, G, K, and M stars

We present chromospheric CaII activity measurements, rotation periods and ages for ~1200 F-, G-, K-, and M- type main-sequence stars from ~18,000 archival spectra taken at Keck and Lick Observatories as a part of the California and Carnegie Planet Search Project. We have calibrated our chromospheric S values against the Mount Wilson chromospheric activity data. From these measurements we have calculated median activity levels and derived R'HK, stellar ages, and rotation periods for 1228 stars, ~1000 of which have no previously published S values. We also present precise time series of activity measurements for these stars.Comment: 62 pages, 7 figures, 1 table. Second (extremely long) table is available at http://astro.berkeley.edu/~jtwright/CaIIdata/tab1.tex Accepted by ApJ

Childhood tuberculosis infection and disease: A spatial and temporal transmission analysis in a South African township

Background. Tuberculosis (TB) remains a leading cause of mortality and morbidity in South Africa. While adult TB results from both recent and past infection, childhood TB results from recent infection and reflects ongoing transmission despite current TB control strategies.Setting. A South African community with high rates of TB and HIV disease.Outcomes. A Geographic Information System was used to spatially and temporally define the relationships between TB exposure, infection and disease in childre

Increase in national intravenous thrombolysis rates for ischaemic stroke between 2005 and 2012: Is bigger better?

Background: Intravenous thrombolytic therapy after ischaemic stroke significantly reduces mortality and morbidity. Actual thrombolysis rates are disappointingly low in many western countries. It has been suggested that higher patient volume is related to shorter door-to-needle-time (DNT) and increased thrombolysis rates. We address a twofold research question: a) What are trends in national thrombolysis rates and door-to-needle times in the Netherlands between 2005-2012? and b) Is there a relationship between stroke patient volume per hospital, thrombolysis rates and DNT? Methods: We used data from the Stroke Knowledge Network Netherlands dataset. Information on volume, intravenous thrombolysis rates, and admission characteristics per hospital is acquired through yearly surveys, in up to 65 hospitals between January 2005 and December 2012. We used linear regression to determine a possible relationship between hospital stroke admission volume, hospital thrombolysis rates and mean hospital DNT, adjusted for patient characteristics. Results: Information on 121.887 stroke admissions was available, ranging from 7.393 admissions in 2005 to 24.067 admissions in 2012. Mean national thrombolysis rate increased from 6.4 % in 2005 to 14.6 % in 2012. Patient characteristics (mean age, gender, type of stroke) remained stable. Mean DNT decreased from 72.7 min in 2005 to 41.4 min in 2012. Volume of stroke admissions was not an independent predictor for mean thrombolysis rate nor for mean DNT. Conclusion: Intravenous thrombolysis rates in the Netherlands more than doubled between 2005 and 2012, in parallel with a large decline in mean DNT. We found no convincing evidence for a relationship between stroke patient volume per hospital and thrombolysis rate or DNT

Searching for Planets in the Hyades II: Some Implications of Stellar Magnetic Activity

The Hyades constitute a homogeneous sample of stars ideal for investigating the dependence of planet formation on the mass of the central star. Due to their youth, Hyades members are much more chromospherically active than stars traditionally surveyed for planets using high precision radial velocity (RV) techniques. Therefore, we have conducted a detailed investigation of whether magnetic activity of our Hyades target stars will interfere with our ability to make precise RV searches for substellar companions. We measure chromospheric activity (which we take as a proxy for magnetic activity) by computing the equivalent of the R'HK activity index from the Ca II K line. is not constant in the Hyades: we confirm that it decreases with increasing temperature in the F stars, and also find it decreases for stars cooler than mid-K. We examine correlations between simultaneously measured R'HK and RV using both a classical statistical test and a Bayesian odds ratio test. We find that there is a significant correlation between R'HK and the RV in only 5 of the 82 stars in this sample. Thus, simple Rprime HK-RV correlations will generally not be effective in correcting the measured RV values for the effects of magnetic activity in the Hyades. We argue that this implies long timescale activity variations (of order a few years; i.e., magnetic cycles or growth and decay of plage regions) will not significantly hinder our search for planets in the Hyades if the stars are closely monitored for chromospheric activity. The trends in the RV scatter (sigma'_v) with , vsini, and P_rot for our stars is generally consistent with those found in field stars in the Lick planet search data, with the notable exception of a shallower dependence of sigma'_v on for F stars.Comment: 15 pages, 7 figures, 3 tables; To appear in the July 2002 issue of The Astronomical Journa

Fosfaatevenwichtsbemesting op grasland

Verlaging van een landbouwkundig 'optimaal' fosfaatoverschot naar fosfaatevenwichtsbemesting laat na twee jaar nog geen diepe sporen na. Het P-AL getal van de bodem nam af, maar bleef nog in de klasse 'ruim voldoende'. De droge-stofopbrengst van het grasland bleef op peil, terwijl het fosforgehalte in het gras licht daalde