scholarly journals Memory-Safety Challenge Considered Solved? An In-Depth Study with All Rust CVEs

2022 ◽  
Vol 31 (1) ◽  
pp. 1-25
Author(s):  
Hui Xu ◽  
Zhuangbin Chen ◽  
Mingshen Sun ◽  
Yangfan Zhou ◽  
Michael R. Lyu
Keyword(s):  
Best Practices ◽  
Programming Language ◽  
Real World ◽  
Side Effect ◽  
Memory Safety ◽  
Safety Issues ◽  
Bug Reports ◽  
Management Scheme ◽  
Depth Study ◽  
Automatic Memory

Rust is an emerging programming language that aims at preventing memory-safety bugs without sacrificing much efficiency. The claimed property is very attractive to developers, and many projects start using the language. However, can Rust achieve the memory-safety promise? This article studies the question by surveying 186 real-world bug reports collected from several origins, which contain all existing Rust common vulnerability and exposures (CVEs) of memory-safety issues by 2020-12-31. We manually analyze each bug and extract their culprit patterns. Our analysis result shows that Rust can keep its promise that all memory-safety bugs require unsafe code, and many memory-safety bugs in our dataset are mild soundness issues that only leave a possibility to write memory-safety bugs without unsafe code. Furthermore, we summarize three typical categories of memory-safety bugs, including automatic memory reclaim, unsound function, and unsound generic or trait. While automatic memory claim bugs are related to the side effect of Rust newly-adopted ownership-based resource management scheme, unsound function reveals the essential challenge of Rust development for avoiding unsound code, and unsound generic or trait intensifies the risk of introducing unsoundness. Based on these findings, we propose two promising directions toward improving the security of Rust development, including several best practices of using specific APIs and methods to detect particular bugs involving unsafe code. Our work intends to raise more discussions regarding the memory-safety issues of Rust and facilitate the maturity of the language.

scholarly journals The Fairness of Solidarity Bills under the Solidarity Value of Nowak and Radzik

Game Theory ◽  
2015 ◽  
Vol 2015 ◽  
pp. 1-12
Author(s):  
Lawrence Diffo Lambo ◽  
Pierre Wambo
Keyword(s):  
Shapley Value ◽  
Real World ◽  
Side Effect ◽  
Tu Games ◽  
Unwanted Side Effect ◽  
The Disabled ◽  
Threshold Position ◽  
To Receive

The solidarity value is a variant of the well-known Shapley value in which some sense of solidarity between the players is implemented allowing the disabled to receive help from the fortunate ones. We investigate on how fairly solidarity expenses are shared. We discuss the unwanted side effect of someone paying undue solidarity contributions as far as reversing his condition from a privileged to a needy person. A deeper case study is conducted for two classes of TU games that we obtain by modeling two real world business contexts. Here, we trace all player to player transfers of funds that arise when solidarity actions are processed, and we answer the question of who settles the solidarity bills. Also, we obtain the threshold position of a player below which he gets solidarity help, but above which he instead pays out donation.

scholarly journals Analyzing and Estimating the Performance of Concurrent Kernels Execution on GPUs

2017 ◽  
Author(s):  
Rommel Cruz ◽  
Lucia Drummond ◽  
Esteban Clua ◽  
Cristiana Bentes
Keyword(s):  
Resource Utilization ◽  
Real World ◽  
Power Efficiency ◽  
Necessary Conditions ◽  
Performance Degradation ◽  
Computing Power ◽  
Concurrent Execution ◽  
Depth Study ◽  
New Generation

GPUs have established a new baseline for power efficiency and computing power, delivering larger bandwidth and more computing units in each new generation. Modern GPUs support the concurrent execution of kernels to maximize resource utilization, allowing other kernels to better exploit idle resources. However, the decision on the simultaneous execution of different kernels is made by the hardware, and sometimes GPUs do not allow the execution of blocks from other kernels, even with the availability of resources. In this work, we present an in-depth study on the simultaneous execution of kernels on the GPU. We present the necessary conditions for executing kernels simultaneously, we define the factors that influence competition, and describe a model that can determine performance degradation. Finally, we validate the model using synthetic and real-world kernels with different computation and memory requirements.

Cloud solutions for GxP laboratories: considerations for data storage

Bioanalysis ◽  
2021 ◽  
Author(s):  
Scott Davis ◽  
Joel Usansky ◽  
Shibani Mitra-Kaushik ◽  
John Kellie ◽  
Kimberly Honrine ◽  
...  
Keyword(s):  
Pharmaceutical Industry ◽  
Best Practices ◽  
Drug Development ◽  
Data Storage ◽  
Real World ◽  
Cloud Storage ◽  
Low Cost ◽  
Cloud Services ◽  
Significant Shift ◽  
On Demand

Challenges for data storage during drug development have become increasingly complex as the pharmaceutical industry expands in an environment that requires on-demand availability of data and resources for users across the globe. While the efficiency and relative low cost of cloud services have become increasingly attractive, hesitancy toward the use of cloud services has decreased and there has been a significant shift toward real-world implementation. Within GxP laboratories, the considerations for cloud storage of data include data integrity and security, as well as access control and usage for users around the globe. In this review, challenges and considerations when using cloud storage options for the storage of laboratory-based GxP data are discussed and best practices are defined.

Serverless, FaaS and why organizations need them

2021 ◽  
pp. 1-14
Author(s):  
Irina Astrova ◽  
Arne Koschel ◽  
Marc Schaaf ◽  
Samuel Klassen ◽  
Kerim Jdiya
Keyword(s):  
Real World ◽  
Cloud Service ◽  
Software Architectures ◽  
Service Platform ◽  
New Approach ◽  
The Real ◽  
Operational Costs ◽  
The Future ◽  
Depth Study ◽  
Cloud Service Platform

This paper is aimed at helping organizations to understand what they can expect from a serverless architecture in the future and how they can make sound decisions about the choice between microservice and serverless architectures in the present. A serverless architecture is a new approach to offering services in the cloud. It was invented as a solution to the problem that many organizations are facing today – about 85% of their servers have underutilized capacity, which is proved to be costly and wasteful. By employing the serverless architecture, the organizations get a way to eliminate idle, underutilized servers and thus, to reduce their operational costs. Many cloud providers are now jumping to the serverless world because they know it is going to be the future of software architectures. However, being a new approach, the serverless architecture is still relatively immature – it is in the early stages of its support by cloud service platform providers. This paper provides an in-depth study about the serverless architecture and how to apply FaaS in the real world.

How Do We Take Real-World Action?

We the Gamers ◽  
2021 ◽  
pp. 65-80
Author(s):  
Karen Schrier
Keyword(s):  
Best Practices ◽  
Public Sphere ◽  
Real World ◽  
The Real ◽  
The Public ◽  
Bay Area ◽  
The Public Sphere ◽  
Black Friday ◽  
The Revolution

Chapter 5 describes how games can support real-world action and change. How can knowledge be applied to the public sphere and serve communities? Why and how should games be used to enable ethics- and civics-in-action? What are the best practices and strategies for supporting connections among civics, ethics, and the real world using games? The chapter includes an overview of why it is necessary to engage in real-world action. It describes the benefits of applying learning to real-world contexts and processes, and why games may support this. It also includes the limitations of using games to apply knowledge, and how to minimize those limitations. Finally, it reviews strategies that teachers can take to use games to take action and make change. It opens with the example EteRNA, and also shares five examples-in-action: Reliving the Revolution, 1979 Revolution: Black Friday, Community PlanIt, Bay Area Regional Planner, and Thunderbird Strike.

Sign in / Sign up

Export Citation Format

Share Document