An Approach for Detecting Feasible Paths Based on Minimal SSA Representation and Symbolic Execution

Static analysis is one of the techniques used today to analyze source codes and minimize the issue of software vulnerability. Static analysis has the ability to observe all possible software paths in an application through the scrutiny of a web application’s source code. Among those paths, some may be considered feasible paths, which refer to any paths that the test cases can execute. The detection of feasible paths in the results of a static analysis helps to minimize the false positive rate. However, the detection of feasible paths can be challenging, especially for programs that have multiple conditions in the same branch. The aim is to ensure that each feasible path is detected only once (not duplicated). This paper proposes an approach based on minimal static single assignment (MSSA) form and symbolic execution to detect feasible paths. The proposed approach starts by converting the source code into an abstract syntax tree (AST), followed by converting the AST to minimal SSA representation, which helps to decrease the number of instructions in the SSA form. An algorithm was built to examine all of the instructions of the SSA form, identify whole paths in the source code, and extract constraints along each path. A path weight method (PWM) is proposed in this work to avoid detecting duplicated feasible paths. The satisfiability modulo theory (SMT) solver was used to check the satisfiability of each path condition. The proposed approach was tested on seven well-known test programs that have been used in related studies and 10 large scale programs. The experimental results indicate that the proposed method (PWM) can avoid detecting duplicated feasible paths, and the proposed approach reduced the time required for generating the paths compared to that in related studies.

Download Full-text

Identification of and Correction for Publication Bias: Comment

10.31222/osf.io/dh87m ◽

2019 ◽

Author(s):

Amanda Kvarven ◽

Eirik Strømland ◽

Magnus Johannesson

Keyword(s):

Publication Bias ◽

False Positive ◽

Large Scale ◽

Meta Analysis ◽

False Positive Rate ◽

Effect Sizes ◽

Replication Studies ◽

Moderate Reduction ◽

Positive Rate ◽

Meta Analyses

Andrews & Kasy (2019) propose an approach for adjusting effect sizes in meta-analysis for publication bias. We use the Andrews-Kasy estimator to adjust the result of 15 meta-analyses and compare the adjusted results to 15 large-scale multiple labs replication studies estimating the same effects. The pre-registered replications provide precisely estimated effect sizes, which do not suffer from publication bias. The Andrews-Kasy approach leads to a moderate reduction of the inflated effect sizes in the meta-analyses. However, the approach still overestimates effect sizes by a factor of about two or more and has an estimated false positive rate of between 57% and 100%.

Download Full-text

Statistical and machine learning models for optimizing energy in parallel applications

The International Journal of High Performance Computing Applications ◽

10.1177/1094342019842915 ◽

2019 ◽

Vol 33 (6) ◽

pp. 1079-1097 ◽

Cited By ~ 2

Author(s):

Mark Endrei ◽

Chao Jin ◽

Minh Ngoc Dinh ◽

David Abramson ◽

Heidi Poxon ◽

...

Keyword(s):

Machine Learning ◽

Energy Efficiency ◽

High Performance ◽

Large Scale ◽

Energy Use ◽

Parallel Applications ◽

Learning Models ◽

Trade Off ◽

Time Required ◽

Machine Learning Models

Rising power costs and constraints are driving a growing focus on the energy efficiency of high performance computing systems. The unique characteristics of a particular system and workload and their effect on performance and energy efficiency are typically difficult for application users to assess and to control. Settings for optimum performance and energy efficiency can also diverge, so we need to identify trade-off options that guide a suitable balance between energy use and performance. We present statistical and machine learning models that only require a small number of runs to make accurate Pareto-optimal trade-off predictions using parameters that users can control. We study model training and validation using several parallel kernels and more complex workloads, including Algebraic Multigrid (AMG), Large-scale Atomic Molecular Massively Parallel Simulator, and Livermore Unstructured Lagrangian Explicit Shock Hydrodynamics. We demonstrate that we can train the models using as few as 12 runs, with prediction error of less than 10%. Our AMG results identify trade-off options that provide up to 45% improvement in energy efficiency for around 10% performance loss. We reduce the sample measurement time required for AMG by 90%, from 13 h to 74 min.

Download Full-text

Research on Hyperpaths in the Urban Rail Transit Network

Applied Mechanics and Materials ◽

10.4028/www.scientific.net/amm.488-489.1439 ◽

2014 ◽

Vol 488-489 ◽

pp. 1439-1443

Author(s):

Jin Hai Li ◽

Jian Feng Liu

Keyword(s):

Large Scale ◽

Urban Rail Transit ◽

Rail Transit ◽

Transit Network ◽

Travel Costs ◽

Urban Rail ◽

Distinctive Structure ◽

Feasible Path ◽

Definition Of ◽

Urban Rail Transit Network

Hyperpaths enumeration is one of the basic procedures in many traffic planning issues. As a result of its distinctive structure, hyperpaths in Urban Rail Transit Network (URTN) are different from those in road network. Typically, one may never visit a station more than once and would never transfer from one line to another that has been visited in a loopless URTN, meaning that stations a hyperpath traversed cannot be repeated, neither do lines in loopless networks. This paper studies the relationships between feasible path and the shortest path in terms of travel costs. In this paper, a new definition of hyperpath in URTN is proposed and a new algorithm based on the breadth first searching (BFS) method is presented to enumerate the hyperpaths. The algorithm can safely avoid hyperpath omission and can even be applied in networks containing loops as well. The influence of parameters on hyperpaths is studied by experimentally finding hyperpaths in the subway network in Beijing. A group of suggested parameter pairs are then given. Finally, a numerical experiment is used to illustrate the validity of the proposed algorithm. The results imply the significance of the convergence of the BFS algorithm which can be used to search hyperpaths in large scale URTN even with loop.

Download Full-text

Online Judging Platform Utilizing Dynamic Plagiarism Detection Facilities

Computers ◽

10.3390/computers10040047 ◽

2021 ◽

Vol 10 (4) ◽

pp. 47

Author(s):

Fariha Iffath ◽

A. S. M. Kayes ◽

Md. Tahsin Rahman ◽

Jannatul Ferdows ◽

Mohammad Shamsul Arefin ◽

...

Keyword(s):

Source Code ◽

Large Data ◽

Large Data Sets ◽

Detection Technique ◽

Data Sets ◽

Plagiarism Detection ◽

Source Codes ◽

Efficient Detection ◽

Mathematical Problems ◽

Automatic Scoring

A programming contest generally involves the host presenting a set of logical and mathematical problems to the contestants. The contestants are required to write computer programs that are capable of solving these problems. An online judge system is used to automate the judging procedure of the programs that are submitted by the users. Online judges are systems designed for the reliable evaluation of the source codes submitted by the users. Traditional online judging platforms are not ideally suitable for programming labs, as they do not support partial scoring and efficient detection of plagiarized codes. When considering this fact, in this paper, we present an online judging framework that is capable of automatic scoring of codes by detecting plagiarized contents and the level of accuracy of codes efficiently. Our system performs the detection of plagiarism by detecting fingerprints of programs and using the fingerprints to compare them instead of using the whole file. We used winnowing to select fingerprints among k-gram hash values of a source code, which was generated by the Rabin–Karp Algorithm. The proposed system is compared with the existing online judging platforms to show the superiority in terms of time efficiency, correctness, and feature availability. In addition, we evaluated our system by using large data sets and comparing the run time with MOSS, which is the widely used plagiarism detection technique.

Download Full-text

Is Static Analysis Able to Identify Unnecessary Source Code?

ACM Transactions on Software Engineering and Methodology ◽

10.1145/3368267 ◽

2020 ◽

Vol 29 (1) ◽

pp. 1-23

Author(s):

Roman Haas ◽

Rainer Niedermayr ◽

Tobias Roehm ◽

Sven Apel

Keyword(s):

Static Analysis ◽

Source Code

Download Full-text

Model checking driven static analysis for the real world: designing and tuning large scale bug detection

Innovations in Systems and Software Engineering ◽

10.1007/s11334-012-0192-5 ◽

2012 ◽

Vol 9 (1) ◽

pp. 45-56 ◽

Cited By ~ 5

Author(s):

Ansgar Fehnker ◽

Ralf Huuck

Keyword(s):

Model Checking ◽

Static Analysis ◽

Real World ◽

Large Scale ◽

Bug Detection ◽

The Real

Download Full-text

Unobtrusive monitoring: Statistical dissemination latency estimation in Bitcoin’s peer-to-peer network

PLoS ONE ◽

10.1371/journal.pone.0243475 ◽

2020 ◽

Vol 15 (12) ◽

pp. e0243475

Author(s):

David Mödinger ◽

Jan-Hendrik Lorenz ◽

Rens W. van der Heijden ◽

Franz J. Hauck

Keyword(s):

Bayesian Model ◽

Large Scale ◽

Risk Estimation ◽

Peer To Peer ◽

Third Party ◽

Network Resources ◽

Connection Number ◽

Peer Network ◽

Time Required ◽

Peer To Peer Network

The cryptocurrency system Bitcoin uses a peer-to-peer network to distribute new transactions to all participants. For risk estimation and usability aspects of Bitcoin applications, it is necessary to know the time required to disseminate a transaction within the network. Unfortunately, this time is not immediately obvious and hard to acquire. Measuring the dissemination latency requires many connections into the Bitcoin network, wasting network resources. Some third parties operate that way and publish large scale measurements. Relying on these measurements introduces a dependency and requires additional trust. This work describes how to unobtrusively acquire reliable estimates of the dissemination latencies for transactions without involving a third party. The dissemination latency is modelled with a lognormal distribution, and we estimate their parameters using a Bayesian model that can be updated dynamically. Our approach provides reliable estimates even when using only eight connections, the minimum connection number used by the default Bitcoin client. We provide an implementation of our approach as well as datasets for modelling and evaluation. Our approach, while slightly underestimating the latency distribution, is largely congruent with observed dissemination latencies.

Download Full-text

Detection of the Hardcoded Login Information from Socket and String Compare Symbols

Annals of Emerging Technologies in Computing ◽

10.33166/aetic.2021.01.003 ◽

2021 ◽

Vol 5 (1) ◽

pp. 28-39

Author(s):

Minami Yoda ◽

Shuji Sakuraba ◽

Yuichi Sei ◽

Yasuyuki Tahara ◽

Akihiko Ohsuga

Keyword(s):

Internet Of Things ◽

Static Analysis ◽

Real World ◽

Symbolic Execution ◽

The Internet ◽

User Input ◽

Network Function ◽

Private Data ◽

String Search ◽

Iot Devices

Internet of Things (IoT) for smart homes enhances convenience; however, it also introduces the risk of the leakage of private data. TOP10 IoT of OWASP 2018 shows that the first vulnerability is ”Weak, easy to predict, or embedded passwords.” This problem poses a risk because a user can not fix, change, or detect a password if it is embedded in firmware because only the developer of the firmware can control an update. In this study, we propose a lightweight method to detect the hardcoded username and password in IoT devices using a static analysis called Socket Search and String Search to protect from first vulnerability from 2018 OWASP TOP 10 for the IoT device. The hardcoded login information can be obtained by comparing the user input with strcmp or strncmp. Previous studies analyzed the symbols of strcmp or strncmp to detect the hardcoded login information. However, those studies required a lot of time because of the usage of complicated algorithms such as symbolic execution. To develop a lightweight algorithm, we focus on a network function, such as the socket symbol in firmware, because the IoT device is compromised when it is invaded by someone via the Internet. We propose two methods to detect the hardcoded login information: string search and socket search. In string search, the algorithm finds a function that uses the strcmp or strncmp symbol. In socket search, the algorithm finds a function that is referenced by the socket symbol. In this experiment, we measured the ability of our proposed method by searching six firmware in the real world that has a backdoor. We ran three methods: string search, socket search, and whole search to compare the two methods. As a result, all methods found login information from five of six firmware and one unexpected password. Our method reduces the analysis time. The whole search generally takes 38 mins to complete, but our methods finish the search in 4-6 min.

Download Full-text

Automatic detection of Long Method and God Class code smells through neural source code embeddings

10.36227/techrxiv.17206010.v1 ◽

2021 ◽

Author(s):

Aleksandar Kovačević ◽

Jelena Slivka ◽

Dragan Vidaković ◽

Katarina-Glorija Grujić ◽

Nikola Luburić ◽

...

Keyword(s):

Machine Learning ◽

Large Scale ◽

Negative Impact ◽

Source Code ◽

Systematic Evaluation ◽

Small Scale ◽

Code Smells ◽

Code Metrics ◽

Code Smell ◽

F Measure

Code smells are structures in code that often have a negative impact on its quality. Manually detecting code smells is challenging and researchers proposed many automatic code smell detectors. Most of the studies propose detectors based on code metrics and heuristics. However, these studies have several limitations, including evaluating the detectors using small-scale case studies and an inconsistent experimental setting. Furthermore, heuristic-based detectors suffer from limitations that hinder their adoption in practice. Thus, researchers have recently started experimenting with machine learning (ML) based code smell detection. This paper compares the performance of multiple ML-based code smell detection models against multiple traditionally employed metric-based heuristics for detection of God Class and Long Method code smells. We evaluate the effectiveness of different source code representations for machine learning: traditionally used code metrics and code embeddings (code2vec, code2seq, and CuBERT). We perform our experiments on the large-scale, manually labeled MLCQ dataset. We consider the binary classification problem – we classify the code samples as smelly or non-smelly and use the F1-measure of the minority (smell) class as a measure of performance. In our experiments, the ML classifier trained using CuBERT source code embeddings achieved the best performance for both God Class (F-measure of 0.53) and Long Method detection (F-measure of 0.75). With the help of a domain expert, we perform the error analysis to discuss the advantages of the CuBERT approach. This study is the first to evaluate the effectiveness of pre-trained neural source code embeddings for code smell detection to the best of our knowledge. A secondary contribution of our study is the systematic evaluation of the effectiveness of multiple heuristic-based approaches on the same large-scale, manually labeled MLCQ dataset.

Download Full-text

Reversible logic in pipelined low power vedic multiplier

Indonesian Journal of Electrical Engineering and Computer Science ◽

10.11591/ijeecs.v16.i3.pp1265-1272 ◽

2019 ◽

Vol 16 (3) ◽

pp. 1265

Author(s):

Ansiya Eshack ◽

S. Krishnakumar

Keyword(s):

Low Power ◽

Communication Systems ◽

Large Scale ◽

Optical Computing ◽

Digital Signal ◽

Logic Gates ◽

Reversible Logic ◽

Large Scale Integration ◽

Time Required ◽

Scale Integration

With an ever growing demand for low-power devices, it is a general trend to search for ways to reduce the power consumption of a system. Multipliers are an important requirement in applications linked to Digital Signal Processing, Communication Systems, Optical Computing, Nanotechnology, Low-Power Very Large Scale Integration and Quantum Computing. Conventional mathematics makes multiplication a very long and time consuming process. The use of Vedic mathematics has led to great reduction in the time required for such calculations. The excessive use of Urdhava Tiryakbhyam sutra in multiplication surely proves its effectiveness and simplicity in this domain. This sutra supports the process of pipelining, a method employed in reduction of the power used by a system. Reversible logic has been gaining demand due to its low-power capabilities and is currently being used in many computing applications. The paper proposes two multiplier systems: one design employs the Urdhava Tiryakbhyam sutra along with pipelining and the second uses reversible logic gates into the first design. These proposed systems provide very less delay for result computation and low hardware utilization when compared to non-pipelined Vedic multipliers.

Download Full-text