Domain-Type-Guided Refinement Selection Based on Sliced Path Prefixes

Abstraction is a successful technique in software verification, and interpolation on infeasible error paths is a successful approach to automatically detect the right level of abstraction in counterexample-guided abstraction refinement. Because the interpolants have a significant influence on the quality of the abstraction, and thus, the effectiveness of the verification, an algorithm for deriving the best possible interpolants is desirable. We present an analysis-independent technique that makes it possible to extract several alternative sequences of interpolants from one given infeasible error path, if there are several reasons for infeasibility in the error path. We take as input the given infeasible error path and apply a slicing technique to obtain a set of error paths that are more abstract than the original error path but still infeasible, each for a different reason. The (more abstract) constraints of the new paths can be passed to a standard interpolation engine, in order to obtain a set of interpolant sequences, one for each new path. The analysis can then choose from this set of interpolant sequences and select the most appropriate, instead of being bound to the single interpolant sequence that the interpolation engine would normally return. For example, we can select based on domain types of variables in the interpolants, prefer to avoid loop counters, or compare with templates for potential loop invariants, and thus control what kind of information occurs in the abstraction of the program. We implemented the new algorithm in the open-source verification framework CPAchecker and show that our proof-technique-independent approach yields a significant improvement of the effectiveness and efficiency of the verification process.Comment: 10 pages, 5 figures, 1 table, 4 algorithm

Generalized quadrangles with a regular point and association schemes

AbstractThere is a new method of constructing generalized quadrangles (GQs) which is based on covering of nets; all GQs with a regular point can be represented in this way. Here we first construct from a generalized quadrangle Q with a regular point a four-class association scheme A(Q) called in brief geometric. It is then natural to call pseudo-geometric any association scheme A with the same parameters as A(Q). We use eigenvalue techniques and the above method of construction to give a characterization of pseudo-geometric association schemes which are geometric

Smooth stable planes and the moduli spaces of locally compact translation planes

Erworben im Rahmen der Schweizer Nationallizenzen (http://www.nationallizenzen.ch

Risikofaktoren in Trinkwasser-Installationen für das Vorkommen von Legionellen

Nach der Erneuerung der Trinkwasserverordnung im Jahr 2011 sind die Anforderungen an die hygienisch-mikrobiologische Überwachung von Trinkwasser-Installationen nochmals erheblich gestiegen. Für die Genusstauglichkeit des Trinkwassers müssen gewisse mikrobiologische und chemische Anforderungen sowie Indikatorparameter eingehalten werden. Legionella spec. darf hierbei den technischen Maßnahmenwert von 100 KBE/100 ml nicht überschreiten. Des Weiteren muss für die rechtliche Genusstauglichkeit des Trinkwassers die allgemein anerkannten Regeln der Technik bei Planung, Errichtung, Betrieb, Instandhaltung, Wartung und Überwachung von Trinkwasser-Installationen eingehalten werden. In den letzten Jahren führten weltweit zahlreiche Untersuchungen und Experimente zu neuen Erkenntnissen über das Bakterium Legionella pneumophila und dessen gefährlichen Auswirkungen auf den Menschen. Meistens konzentrierten sich diese Forschungen auf große Gebäude wie z. B. Krankenhäuser oder Hotelanlagen in denen große Mengen Warmwasser gespeichert werden und die über ein langes und komplexes Leitungsnetz verfügen. Epidemiologische Untersuchungen über Legionellen in privaten Wohnhäusern sind dagegen viel seltener. Im Rahmen dieser Dissertation sollen Risikofaktoren in Trinkwasser-Installationen für das Vorkommen von Legionellen bestimmt werden. Durch Auswertung eines großes Datensatzes, in dem vor allem private Mehrfamilienhäuser untersucht wurden, soll ermittelt werden, ob es signifikante Auffälligkeiten zwischen der Legionellenanzahl und verschiedenen Parametern, wie z. B. der Wassertemperatur, der Wassertrübheit und der Entnahmestelle gibt

Effective Approaches to Abstraction Refinement for Automatic Software Verification

This thesis presents various techniques that aim at enabling more effective and more efficient approaches for automatic software verification. After a brief motivation why automatic software verification is getting ever more relevant, we continue with detailing the formalism used in this thesis and on the concepts it is built on. We then describe the design and implementation of the value analysis, an analysis for automatic software verification that tracks state information concretely. From a thorough evaluation based on well over 4 000 verification tasks from the latest edition of the International Competition on Software Verification (SV-COMP), we learn that this plain value analysis leads to an efficient verification process for many verification tasks, but at the same time, fails to solve other verification tasks due to state-space explosion. From this insight we infer that some form of abstraction technique must be added to the value analysis in order to also allow the successful verification of large and complex verification tasks. As a solution, we propose to incorporate counterexample-guided abstraction refinement (CEGAR) and interpolation into the value domain. To this end, we design a novel interpolation procedure, that extracts from infeasible counterexamples interpolants for the value domain, allowing to form a precision strong enough to exclude these infeasible counterexamples, and to make progress in the CEGAR loop. We then describe several optimizations and extensions to these concepts, such that the value analysis with CEGAR becomes competitive for automatic software verification. As the next step, we combine the value analysis with CEGAR with a predicate analysis, to obtain a more precise and efficient composite analysis based on CEGAR. This composite analysis is indeed on a par with the world’s leading software verification tools, as witnessed by the results of SV-COMP’13 where this approach achieved the 2 nd place in the overall ranking. After having available competitive CEGAR-based analyses for the value domain, the predicate domain, and the combination thereof, we then turn our attention to techniques that have the goal to make all these CEGAR-based approaches more successful. Our first novel idea in this regard is based on the concept of infeasible sliced prefixes, which allow the computation of different precisions from a single infeasible counterexample. This adds choice to the CEGAR loop, while without this enhancement, no choice for a specific precision, i. e., a specific refinement, is possible. In our evaluation we show, for both the value analysis and the predicate analysis, that choosing different infeasible sliced prefixes during the refinement step leads to major differences in verification effectiveness and verification efficiency. Extending on the concept of infeasible sliced prefixes, we define several heuristics in order to precisely select a single refinement from a set of possible refinements. We make this new concept, which we refer to as guided refinement selection, available to both the value and predicate analysis, and in a large-scale evaluation we try to answer the question which selection technique leads to well suited abstractions and thus, to a more effective verification process. Additionally, we present the idea of inter-analysis refinement selection, where the refinement component of a composite analysis may decide which of its component analyses is best to be refined, and in yet another evaluation we highlight the positive effects of this technique. Finally, we present the results of SV-COMP’16, where the verifier we contributed and which is based on the concepts and ideas presented in this thesis achieved the 1 st place in the category DeviceDriversLinux64

Humanized Mouse Model Mimicking Pathology of Human Tuberculosis for in vivo Evaluation of Drug Regimens

Human immune system mice are highly valuable for in vivo dissection of human immune responses. Although they were employed for analyzing tuberculosis (TB) disease, there is little data on the spatial organization and cellular composition of human immune cells in TB granuloma pathology in this model. We demonstrate that human immune system mice, generated by transplanted human fetal liver derived hematopoietic stem cells develop a continuum of pulmonary lesions upon Mycobacterium tuberculosis aerosol infection. In particular, caseous necrotic granulomas, which contribute to prolonged TB treatment time, developed, and had cellular phenotypic spatial-organization similar to TB patients. By comparing two recommended drug regimens, we confirmed observations made in clinical settings: Adding Moxifloxacin to a classical chemotherapy regimen had no beneficial effects on bacterial eradication. We consider this model instrumental for deeper understanding of human specific features of TB pathogenesis and of particular value for the pre-clinical drug development pipeline

Three v-SNAREs and Two t-SNAREs, Present in a Pentameric cis-SNARE Complex on Isolated Vacuoles, Are Essential for Homotypic Fusion

Vacuole SNAREs, including the t-SNAREs Vam3p and Vam7p and the v-SNARE Nyv1p, are found in a multisubunit “cis” complex on isolated organelles. We now identify the v-SNAREs Vti1p and Ykt6p by mass spectrometry as additional components of the immunoisolated vacuolar SNARE complex. Immunodepletion of detergent extracts with anti-Vti1p removes all the Ykt6p that is in a complex with Vam3p, immunodepletion with anti-Ykt6p removes all the Vti1p that is complexed with Vam3p, and immunodepletion with anti-Nyv1p removes all the Ykt6p in complex with other SNAREs, demonstrating that they are all together in the same cis multi-SNARE complex. After priming, which disassembles the cis-SNARE complex, antibodies to any of the five SNARE proteins still inhibit the fusion assay until the docking stage is completed, suggesting that each SNARE plays a role in docking. Furthermore, vti1 temperature-sensitive alleles cause a synthetic fusion-defective phenotype in our reaction. Our data show that vacuole-vacuole fusion requires a cis-SNARE complex of five SNAREs, the t-SNAREs Vam3p and Vam7p and the v-SNAREs Nyv1p, Vti1p, and Ykt6p

Molecular mechanism by which the nucleoid occlusion factor, SlmA, keeps cytokinesis in check

Nucleoid occlusion (NO) restricts bacterial cell division to prevent chromosome guillotining in the cell midzone when replication or segregation is delayed. Structural work suggests that the NO factor SlmA (synthetic lethal with a defective Min system) interferes with formation of the cytokinetic Z-ring by altering associations between FtsZ protofilaments

Characterization of ftsZ Mutations that Render Bacillus subtilis Resistant to MinC

Background: Cell division in Bacillus subtilis occurs precisely at midcell. Positional control of cell division is exerted by two mechanisms: nucleoid occlusion, through Noc, which prevents division through nucleoids, and the Min system, where the combined action of the MinC, D and J proteins prevents formation of the FtsZ ring at cell poles or recently completed division sites. Methodology/Principal Findings: We used a genetic screen to identify mutations in ftsZ that confer resistance to the lethal overexpression of the MinC/MinD division inhibitor. The FtsZ mutants were purified and found to polymerize to a similar or lesser extent as wild type FtsZ, and all mutants displayed reduced GTP hydrolysis activity indicative of a reduced polymerization turnover. We found that even though the mutations conferred in vivo resistance to MinC/D, the purified FtsZ mutants did not display strong resistance to MinC in vitro. Conclusions/Significance: Our results show that in B. subtilis, overproduction of MinC can be countered by mutations that alter FtsZ polymerization dynamics. Even though it would be very likely that the FtsZ mutants found depend on other Z-ring stabilizing proteins such as ZapA, FtsA or SepF, we found this not to be the case. This indicates that the cell division process in B. subtilis is extremely robust.