TY - JOUR AB - We combine topological and geometric methods to construct a multiresolution representation for a function over a two-dimensional domain. In a preprocessing stage, we create the Morse-Smale complex of the function and progressively simplify its topology by cancelling pairs of critical points. Based on a simple notion of dependency among these cancellations, we construct a hierarchical data structure supporting traversal and reconstruction operations similarly to traditional geometry-based representations. We use this data structure to extract topologically valid approximations that satisfy error bounds provided at runtime. AU - Bremer, Peer-Timo AU - Herbert Edelsbrunner AU - Hamann, Bernd AU - Pascucci, Valerio ID - 3984 IS - 4 JF - IEEE Transactions on Visualization and Computer Graphics TI - A topological hierarchy for functions on triangulated surfaces VL - 10 ER - TY - JOUR AB - We consider scientific data sets that describe density functions over three-dimensional geometric domains. Such data sets are often large and coarsened representations are needed for visualization and analysis. Assuming a tetrahedral mesh representation, we construct such representations with a simplification algorithm that combines three goals: the approximation of the function, the preservation of the mesh topology, and the improvement of the mesh quality. The third goal is achieved with a novel extension of the well-known quadric error metric. We perform a number of computational experiments to understand the effect of mesh quality improvement on the density map approximation. In addition, we study the effect of geometric simplification on the topological features of the function by monitoring its critical points. AU - Natarajan, Vijay AU - Herbert Edelsbrunner ID - 3987 IS - 5 JF - IEEE Transactions on Visualization and Computer Graphics TI - Simplification of three-dimensional density maps VL - 10 ER - TY - JOUR AB - Given a Morse function f over a 2-manifold with or without boundary, the Reeb graph is obtained by contracting the connected components of the level sets to points. We prove tight upper and lower bounds on the number of loops in the Reeb graph that depend on the genus, the number of boundary components, and whether or not the 2-manifold is orientable. We also give an algorithm that constructs the Reeb graph in time O(n log n), where n is the number of edges in the triangulation used to represent the 2-manifold and the Morse function. AU - Cole-McLaughlin, Kree AU - Herbert Edelsbrunner AU - Harer, John AU - Natarajan, Vijay AU - Pascucci, Valerio ID - 3985 IS - 2 JF - Discrete & Computational Geometry TI - Loops in Reeb graphs of 2-manifolds VL - 32 ER - TY - CONF AB - We introduce local and global comparison measures for a collection of k less than or equal to d real-valued smooth functions on a common d-dimensional Riemannian manifold. For k = d = 2 we relate the measures to the set of critical points of one function restricted to the level sets of the other. The definition of the measures extends to piecewise linear functions for which they ace easy to compute. The computation of the measures forms the centerpiece of a software tool which we use to study scientific datasets. AU - Herbert Edelsbrunner AU - Harer, John AU - Natarajan, Vijay AU - Pascucci, Valerio ID - 3989 TI - Local and global comparison of continuous functions ER - TY - JOUR AB - During vertebrate gastrulation, a relatively limited number of blastodermal cells undergoes a stereotypical set of cellular movements that leads to formation of the three germ layers: ectoderm, mesoderm and endoderm. Gastrulation, therefore, provides a unique developmental system in which to study cell movements in vivo in a fairly simple cellular context. Recent advances have been made in elucidating the cellular and molecular mechanisms that underlie cell movements during zebrafish gastrulation. These findings can be compared with observations made in other model systems to identify potential general mechanisms of cell migration during development. AU - Montero, Juan AU - Heisenberg, Carl-Philipp J ID - 4172 IS - 11 JF - Trends in Cell Biology TI - Gastrulation dynamics: cells move into focus VL - 14 ER - TY - JOUR AB - The dynamical basis of tumoral growth has been controversial. Many models have been proposed to explain cancer development. The descriptions employ exponential, potential, logistic or Gompertzian growth laws. Some of these models are concerned with the interaction between cancer and the immunological, system. Among other properties, these models are concerned with the microscopic behavior of tumors and the emergence of cancer. We propose a modification of a previous model by Stepanova, which describes the specific immunological response against cancer. The modification consists of the substitution of a Gompertian law for the exponential rate used for tumoral growth. This modification is motivated by the numerous works confirming that Gompertz's equation correctly describes solid tumor growth. The modified model predicts that near zero, tumors always tend to grow. Immunological contraposition never suffices to induce a complete regression of the tumor. Instead, a stable microscopic equilibrium between cancer and immunological activity can be attained. In other words, our model predicts that the theory of immune surveillance is plausible. A macroscopic equilibrium in which the system develops cancer is also possible. In this case, immunological activity is depleted. This is consistent with the phenomena of cancer tolerance. Both equilibrium points can coexist or can exist without the other. In all cases the fixed point at zero tumor size is unstable. Since immunity cannot induce a complete tumor regression, a therapy is required. We include constant-dose therapies and show that they are insufficient. Final levels of immunocompetent cells and tumoral cells are finite, thus post-treatment regrowth of the tumor is certain. We also evaluate late-intensification therapies which are successful. They induce an asymptotic regression to zero tumor size. Immune response is also suppressed by the therapy, and thus plays a negligible role in the remission. We conclude that treatment evaluation should be successful without taking into account immunological effects. (C) 2003 Elsevier Ltd. All rights reserved. AU - de Vladar, Harold AU - González, J. ID - 4238 IS - 3 JF - Journal of Theoretical Biology TI - Dynamic response of cancer under the influence of immunological activity and therapy VL - 227 ER - TY - CHAP AU - Harold Vladar AU - Cipriani, Roberto AU - Scharifker, Benjamin AU - Bubis, Jose ED - Hanslmeier,A. ED - Kempe,S. ED - Seckbach,J. ID - 4230 T2 - Life in the Universe From the Miller Experiment to the Search for Life on Other Worlds TI - A mechanism for the prebiotic emergence of proteins ER - TY - THES AU - de Vladar, Harold ID - 4236 TI - Métodos no lineales y sus aplicaciones en dinámicas aleatorias de poblaciones celulares ER - TY - CONF AU - Maler, Oded AU - Dejan Nickovic ID - 4372 TI - Monitoring Temporal Properties of Continuous Signals ER - TY - THES AB - The enormous cost and ubiquity of software errors necessitates the need for techniques and tools that can precisely analyze large systems and prove that they meet given specifications, or if they don't, return counterexample behaviors showing how the system fails. Recent advances in model checking, decision procedures, program analysis and type systems, and a shift of focus to partial specifications common to several systems (e.g., memory safety and race freedom) have resulted in several practical verification methods. However, these methods are either precise or they are scalable, depending on whether they track the values of variables or only a fixed small set of dataflow facts (e.g., types), and are usually insufficient for precisely verifying large programs. We describe a new technique called Lazy Abstraction (LA) which achieves both precision and scalability by localizing the use of precise information. LA automatically builds, explores and refines a single abstract model of the program in a way that different parts of the model exhibit different degrees of precision, namely just enough to verify the desired property. The algorithm automatically mines the information required by partitioning mechanical proofs of unsatisfiability of spurious counterexamples into Craig Interpolants. For multithreaded systems, we give a new technique based on analyzing the behavior of a single thread executing in a context which is an abstraction of the other (arbitrarily many) threads. We define novel context models and show how to automatically infer them and analyze the full system (thread + context) using LA. LA is implemented in BLAST. We have run BLAST on Windows and Linux Device Drivers to verify API conformance properties, and have used it to find (or guarantee the absence of) data races in multithreaded Networked Embedded Systems (NESC) applications. BLAST is able to prove the absence of races in several cases where earlier methods, which depend on lock-based synchronization, fail. AU - Jhala, Ranjit ID - 4424 TI - Program verification by lazy abstraction ER - TY - CONF AB - We present a type system for E code, which is an assembly language that manages the release, interaction, and termination of real-time tasks. E code specifies a deadline for each task, and the type system ensures that the deadlines are path-insensitive. We show that typed E programs allow, for given worst-case execution times of tasks, a simple schedulability analysis. Moreover, the real-time programming language Giotto can be compiled into typed E~code. This shows that typed E~code identifies an easily schedulable yet expressive class of real-time programs. We have extended the Giotto compiler to generate typed E code, and enabled the run-time system for E code to perform a type and schedulability check before executing the code. AU - Thomas Henzinger AU - Kirsch, Christoph M ID - 4445 TI - A typed assembly language for real-time programs ER - TY - CONF AB - The success of model checking for large programs depends crucially on the ability to efficiently construct parsimonious abstractions. A predicate abstraction is parsimonious if at each control location, it specifies only relationships between current values of variables, and only those which are required for proving correctness. Previous methods for automatically refining predicate abstractions until sufficient precision is obtained do not systematically construct parsimonious abstractions: predicates usually contain symbolic variables, and are added heuristically and often uniformly to many or all control locations at once. We use Craig interpolation to efficiently construct, from a given abstract error trace which cannot be concretized, a parsominous abstraction that removes the trace. At each location of the trace, we infer the relevant predicates as an interpolant between the two formulas that define the past and the future segment of the trace. Each interpolant is a relationship between current values of program variables, and is relevant only at that particular program location. It can be found by a linear scan of the proof of infeasibility of the trace.We develop our method for programs with arithmetic and pointer expressions, and call-by-value function calls. For function calls, Craig interpolation offers a systematic way of generating relevant predicates that contain only the local variables of the function and the values of the formal parameters when the function was called. We have extended our model checker Blast with predicate discovery by Craig interpolation, and applied it successfully to C programs with more than 130,000 lines of code, which was not possible with approaches that build less parsimonious abstractions. AU - Thomas Henzinger AU - Jhala, Ranjit AU - Majumdar, Ritankar S AU - McMillan, Kenneth L ID - 4458 TI - Abstractions from proofs ER - TY - CHAP AB - One of the central axioms of extreme programming is the disciplined use of regression testing during stepwise software development. Due to recent progress in software model checking, it has become possible to supplement this process with automatic checks for behavioral safety properties of programs, such as conformance with locking idioms and other programming protocols and patterns. For efficiency reasons, all checks must be incremental, i.e., they must reuse partial results from previous checks in order to avoid all unnecessary repetition of expensive verification tasks. We show that the lazy-abstraction algorithm, and its implementation in Blast, can be extended to support the fully automatic and incremental checking of temporal safety properties during software development. AU - Thomas Henzinger AU - Jhala, Ranjit AU - Majumdar, Ritankar S AU - Sanvido, Marco A ID - 4461 T2 - Verification: Theory and Practice TI - Extreme model checking VL - 2772 ER - TY - CONF AB - Software model checking has been successful for sequential programs, where predicate abstraction offers suitable models, and counterexample-guided abstraction refinement permits the automatic inference of models. When checking concurrent programs, we need to abstract threads as well as the contexts in which they execute. Stateless context models, such as predicates on global variables, prove insufficient for showing the absence of race conditions in many examples. We therefore use richer context models, which combine (1) predicates for abstracting data state, (2) control flow quotients for abstracting control state, and (3) counters for abstracting an unbounded number of threads. We infer suitable context models automatically by a combination of counterexample-guided abstraction refinement, bisimulation minimization, circular assume-guarantee reasoning, and parametric reasoning about an unbounded number of threads. This algorithm, called CIRC, has been implemented in BLAST and succeeds in checking many examples of NESC code for data races. In particular, BLAST proves the absence of races in several cases where previous race checkers give false positives. AU - Thomas Henzinger AU - Jhala, Ranjit AU - Majumdar, Ritankar S ID - 4459 TI - Race checking by context inference ER - TY - CONF AB - We present a new high-level programming language, called xGiotto, for programming applications with hard real-time constraints. Like its predecessor, xGiotto is based on the LET (logical execution time) assumption: the programmer specifies when the outputs of a task become available, and the compiler checks if the specification can be implemented on a given platform. However, while the predecessor language xGiotto was purely time-triggered, xGiotto accommodates also asynchronous events. Indeed, through a mechanism called event scoping, events are the main structuring principle of the new language. The xGiotto compiler and run-time system implement event scoping through a tree-based event filter. The compiler also checks programs for determinism (absence of race conditions). AU - Ghosal, Arkadeb AU - Thomas Henzinger AU - Kirsch, Christoph M AU - Sanvido, Marco A ID - 4525 TI - Event-driven programming with logical execution times VL - 2993 ER - TY - CONF AB - Strategies in repeated games can be classified as to whether or not they use memory and/or randomization. We consider Markov decision processes and 2-player graph games, both of the deterministic and probabilistic varieties. We characterize when memory and/or randomization are required for winning with respect to various classes of w-regular objectives, noting particularly when the use of memory can be traded for the use of randomization. In particular, we show that Markov decision processes allow randomized memoryless optimal strategies for all M?ller objectives. Furthermore, we show that 2-player probabilistic graph games allow randomized memoryless strategies for winning with probability 1 those M?ller objectives which are upward-closed. Upward-closure means that if a set α of infinitely repeating vertices is winning, then all supersets of α are also winning. AU - Krishnendu Chatterjee AU - de Alfaro, Luca AU - Thomas Henzinger ID - 4555 TI - Trading memory for randomness ER - TY - CONF AB - We study perfect-information stochastic parity games. These are two-player nonterminating games which are played on a graph with turn-based probabilistic transitions. A play results in an infinite path and the conflicting goals of the two players are ω-regular path properties, formalized as parity winning conditions. The qualitative solution of such a game amounts to computing the set of vertices from which a player has a strategy to win with probability 1 (or with positive probability). The quantitative solution amounts to computing the value of the game in every vertex, i.e., the highest probability with which a player can guarantee satisfaction of his own objective in a play that starts from the vertex.For the important special case of one-player stochastic parity games (parity Markov decision processes) we give polynomial-time algorithms both for the qualitative and the quantitative solution. The running time of the qualitative solution is O(d · m3/2) for graphs with m edges and d priorities. The quantitative solution is based on a linear-programming formulation.For the two-player case, we establish the existence of optimal pure memoryless strategies. This has several important ramifications. First, it implies that the values of the games are rational. This is in contrast to the concurrent stochastic parity games of de Alfaro et al.; there, values are in general algebraic numbers, optimal strategies do not exist, and ε-optimal strategies have to be mixed and with infinite memory. Second, the existence of optimal pure memoryless strategies together with the polynomial-time solution forone-player case implies that the quantitative two-player stochastic parity game problem is in NP ∩ co-NP. This generalizes a result of Condon for stochastic games with reachability objectives. It also constitutes an exponential improvement over the best previous algorithm, which is based on a doubly exponential procedure of de Alfaro and Majumdar for concurrent stochastic parity games and provides only ε-approximations of the values. AU - Krishnendu Chatterjee AU - Jurdziński, Marcin AU - Thomas Henzinger ID - 4558 TI - Quantitative stochastic parity games ER - TY - JOUR AB - We study the problem of determining stack boundedness and the exact maximum stack size for three classes of interrupt-driven programs. Interrupt-driven programs are used in many real-time applications that require responsive interrupt handling. In order to ensure responsiveness, programmers often enable interrupt processing in the body of lower-priority interrupt handlers. In such programs a programming error can allow interrupt handlers to be interrupted in a cyclic fashion to lead to an unbounded stack, causing the system to crash. For a restricted class of interrupt-driven programs, we show that there is a polynomial-time procedure to check stack boundedness, while determining the exact maximum stack size is PSPACE-complete. For a larger class of programs, the two problems are both PSPACE-complete, and for the largest class of programs we consider, the two problems are PSPACE-hard and can be solved in exponential time. While the complexities are high, our algorithms are exponential only in the number of handlers, and polynomial in the size of the program. AU - Krishnendu Chatterjee AU - Ma, Di AU - Majumdar, Ritankar S AU - Zhao, Tian AU - Thomas Henzinger AU - Palsberg, Jens ID - 4556 IS - 2 JF - Information and Computation TI - Stack size analysis for interrupt-driven programs VL - 194 ER - TY - CONF AB - BLAST is an automatic verification tool for checking temporal safety properties of C programs. Blast is based on lazy predicate abstraction driven by interpolation-based predicate discovery. In this paper, we present the Blast specification language. The language specifies program properties at two levels of precision. At the lower level, monitor automata are used to specify temporal safety properties of program executions (traces). At the higher level, relational reachability queries over program locations are used to combine lower-level trace properties. The two-level specification language can be used to break down a verification task into several independent calls of the model-checking engine. In this way, each call to the model checker may have to analyze only part of the program, or part of the specification, and may thus succeed in a reduction of the number of predicates needed for the analysis. In addition, the two-level specification language provides a means for structuring and maintaining specifications. AU - Beyer, Dirk AU - Chlipala, Adam J AU - Thomas Henzinger AU - Jhala, Ranjit AU - Majumdar, Ritankar S ID - 4578 TI - The BLAST query language for software verification VL - 3148 ER - TY - CONF AB - While model checking has been successful in uncovering subtle bugs in code, its adoption in software engineering practice has been hampered by the absence of a simple interface to the programmer in an integrated development environment. We describe an integration of the software model checker BLAST into the Eclipse development environment. We provide a verification interface for practical solutions for some typical program analysis problems - assertion checking, reachability analysis, dead code analysis, and test generation - directly on the source code. The analysis is completely automatic, and assumes no knowledge of model checking or formal notation. Moreover, the interface supports incremental program verification to support incremental design and evolution of code. AU - Beyer, Dirk AU - Thomas Henzinger AU - Jhala, Ranjit AU - Majumdar, Ritankar S ID - 4577 TI - An eclipse plug-in for model checking ER -