Requirements Analysis of a Quad-Redundant Flight Control System

In this paper we detail our effort to formalize and prove requirements for the Quad-redundant Flight Control System (QFCS) within NASA's Transport Class Model (TCM). We use a compositional approach with assume-guarantee contracts that correspond to the requirements for software components embedded in an AADL system architecture model. This approach is designed to exploit the verification effort and artifacts that are already part of typical software verification processes in the avionics domain. Our approach is supported by an AADL annex that allows specification of contracts along with a tool, called AGREE, for performing compositional verification. The goal of this paper is to show the benefits of a compositional verification approach applied to a realistic avionics system and to demonstrate the effectiveness of the AGREE tool in performing this analysis.Comment: Accepted to NASA Formal Methods 201

Towards Realizability Checking of Contracts using Theories

Virtual integration techniques focus on building architectural models of systems that can be analyzed early in the design cycle to try to lower cost, reduce risk, and improve quality of complex embedded systems. Given appropriate architectural descriptions and compositional reasoning rules, these techniques can be used to prove important safety properties about the architecture prior to system construction. Such proofs build from "leaf-level" assume/guarantee component contracts through architectural layers towards top-level safety properties. The proofs are built upon the premise that each leaf-level component contract is realizable; i.e., it is possible to construct a component such that for any input allowed by the contract assumptions, there is some output value that the component can produce that satisfies the contract guarantees. Without engineering support it is all too easy to write leaf-level components that can't be realized. Realizability checking for propositional contracts has been well-studied for many years, both for component synthesis and checking correctness of temporal logic requirements. However, checking realizability for contracts involving infinite theories is still an open problem. In this paper, we describe a new approach for checking realizability of contracts involving theories and demonstrate its usefulness on several examples.Comment: 15 pages, to appear in NASA Formal Methods (NFM) 201

Reduction of Interpolants for Logic Synthesis

Abstract—Craig Interpolation is a state-of-the-art technique for logic synthesis and verification, based on Boolean Satisfiability (SAT). Leveraging the efficacy of SAT algorithms, Craig Interpolation produces solutions quickly to challenging problems such as synthesizing functional dependencies and performing bounded model-checking. Unfortunately, the quality of the solutions is often poor. When interpolants are used to synthesize functional dependencies, the resulting structure of the functions may be unnecessarily complex. In most applications to date, interpolants have been generated directly from the proofs of unsatisfiability that are provided by SAT solvers. In this work, we propose efficient methods based on incremental SAT solving for modifying resolution proofs in order to obtain more compact interpolants. This, in turn, reduces the cost of the logic that is generated for functional dependencies. I

Phoenix Y6

The mission of this project is to design and fabricate a vertical take-off and landing (VTOL) fixed-wing drone for use by firefighters and other emergency services. This vehicle will be designed for uses that include surveying wildfires, as well as spotting vehicular accidents, urban fires, and floods. Current drones available on the market are expensive or not designed specifically for emergency response. Our goal is to develop a working prototype of a vehicle that will be able to collect and relay important data such as live video and thermal images in addition to other measurements such as air velocity and humidity

Spectroscopic size and thickness metrics for liquid-exfoliated h-BN

For many 2D materials, optical and Raman spectra are richly structured, and convey information on a range of parameters including nanosheet size and defect content. By contrast, the equivalent spectra for h-BN are relatively simple, with both the absorption and Raman spectra consisting of a single feature each, disclosing relatively little information. Here, the ability to size-select liquid-exfoliated h-BN nanosheets has allowed us to comprehensively study the dependence of h-BN optical spectra on nanosheet dimensions. We find the optical extinction coefficient spectrum to vary systematically with nanosheet lateral size due to the presence of light scattering. Conversely, once light scattering has been decoupled to give the optical absorbance spectra, we find the size dependence to be mostly removed save for a weak but well-defined variation in energy of peak absorbance with nanosheet thickness. This finding is corroborated by our ab initio GW and Bethe-Salpeter equation calculations, which include electron correlations and quasiparticle self-consistency (QSGW). In addition, while we find the position of the sole h-BN Raman line to be invariant with nanosheet dimensions, the linewidth appears to vary weakly with nanosheet thickness. These size-dependent spectroscopic properties can be used as metrics to estimate nanosheet thickness from spectroscopic data.Comment: Accepted in Chemistry Materials (In press

Fellows as teachers: a model to enhance pediatric resident education

Pressures on academic faculty to perform beyond their role as educators has stimulated interest in complementary approaches in resident medical education. While fellows are often believed to detract from resident learning and experience, we describe our preliminary investigations utilizing clinical fellows as a positive force in pediatric resident education. Our objectives were to implement a practical approach to engage fellows in resident education, evaluate the impact of a fellow-led education program on pediatric resident and fellow experience, and investigate if growth of a fellowship program detracts from resident procedural experience.This study was conducted in a neonatal intensive care unit (NICU) where fellows designed and implemented an education program consisting of daily didactic teaching sessions before morning clinical rounds. The impact of a fellow-led education program on resident satisfaction with their NICU experience was assessed via anonymous student evaluations. The potential value of the program for participating fellows was also evaluated using an anonymous survey.The online evaluation was completed by 105 residents. Scores were markedly higher after the program was implemented in areas of teaching excellence (4.44 out of 5 versus 4.67, p<0.05) and overall resident learning (3.60 out of 5 versus 4.61, p<0.001). Fellows rated the acquisition of teaching skills and enhanced knowledge of neonatal pathophysiology as the most valuable aspects of their participation in the education program. The anonymous survey revealed that 87.5% of participating residents believed that NICU fellows were very important to their overall training and education.While fellows are often believed to be a detracting factor to residency training, we found that pediatric resident attitudes toward the fellows were generally positive. In our experience, in the specialty of neonatology a fellow-led education program can positively contribute to both resident and fellow learning and satisfaction. Further investigation into the value of utilizing fellows as a positive force in resident education in other medical specialties appears warranted

Reachability analysis for AWS-based networks

Cloud services provide the ability to provision virtual networked infrastructure on demand over the Internet. The rapid growth of these virtually provisioned cloud networks has increased the demand for automated reasoning tools capable of identifying misconfigurations or security vulnerabilities. This type of automation gives customers the assurance they need to deploy sensitive workloads. It can also reduce the cost and time-to-market for regulated customers looking to establish compliance certification for cloud-based applications. In this industrial case-study, we describe a new network reachability reasoning tool, called Tiros, that uses off-the-shelf automated theorem proving tools to fill this need. Tiros is the foundation of a recently introduced network security analysis feature in the Amazon Inspector service now available to millions of customers building applications in the cloud. Tiros is also used within Amazon Web Services (AWS) to automate the checking of compliance certification and adherence to security invariants for many AWS services that build on existing AWS networking features

Isolation and fine mapping of Rps6: An intermediate host resistance gene in barley to wheat stripe rust

A plant may be considered a nonhost of a pathogen if all known genotypes of a plant species are resistant to all known isolates of a pathogen species. However, if a small number of genotypes are susceptible to some known isolates of a pathogen species this plant maybe considered an intermediate host. Barley (Hordeum vulgare) is an intermediate host for Puccinia striiformis f. sp. tritici (Pst), the causal agent of wheat stripe rust. We wanted to understand the genetic architecture underlying resistance to Pst and to determine whether any overlap exists with resistance to the host pathogen, Puccinia striiformis f. sp. hordei (Psh). We mapped Pst resistance to chromosome 7H and show that host and intermediate host resistance is genetically uncoupled. Therefore, we designate this resistance locus Rps6. We used phenotypic and genotypic selection on F2:3 families to isolate Rps6 and fine mapped the locus to a 0.1 cM region. Anchoring of the Rps6 locus to the barley physical map placed the region on two adjacent fingerprinted contigs. Efforts are now underway to sequence the minimal tiling path and to delimit the physical region harbouring Rps6. This will facilitate additional marker development and permit identification of candidate genes in the region

Surgical-pathological findings in type 1 and 2 endometrial cancer: An NRG Oncology/Gynecologic Oncology Group study on GOG-210 protocol

To report clinical and pathologic relationships with disease spread in endometrial cancer patients