检索结果-内蒙古大学图书馆

Research on high performance web service construction method based on javaScript asynchronous programming technique

学校读者我要写书评

暂无评论

Applied Mathematics and Nonlinear Sciences 2024年第1期9卷

作者： Luo, Jing Zhou, Bo Zheng, Yan Pan, Wenxuan School of Computer Sichuan Technology and Business University Sichuan Chengdu611745 China

In the face of massive concurrent user access in the era of big data, how to build high-performance web services has become one of the difficulties to be solved by network applications. This paper utilizes *** architecture to fully utilize the event-based programming and non-blocking I/O characteristics of javaScript language to improve the CPU utilization of the web service side. It also proposes the strategy of predicting user-accessed resources for cache replacement through a Gaussian mixture model to further optimize the performance of high-concurrency web services. The performance of the high concurrency web framework constructed using *** technology plays excellent, the performance of multithreaded *** is better than single-threaded, and compared with Apache architecture, the average response time, request-response rate, and data throughput test of *** architecture in high concurrency scenarios is more advantageous than Apache architecture. The Gaussian mixture clustering model is effective in dealing with data with high-dimensional features, and the average accuracy of the four clustering processes of each algorithm is, in descending order, GMM (79.67%), BIRCH (78.09%), and K-means (77.52%). In addition, the cache replacement strategy based on Gaussian Mixture Model is more effective, with an accuracy rate of nearly 80% and a byte hit rate of nearly 45% when the cache capacity reaches 214KB, which are both higher than the traditional cache replacement strategy with the same cache capacity. © 2024 Jing Luo, Bo Zhou, Yan Zheng and Wenxuan Pan, published by Sciendo.

关键词： java programming language

Detecting Metadata-Related Bugs in Enterprise Applications

学校读者我要写书评

暂无评论

arXiv 2025年

作者： Kabir, Md. MAHIR ASEF Wang, Xiaoyin Meng, Na Virginia Tech BlacksburgVA United States The University of Texas at San Antonio San AntonioTX United States

When building enterprise applications (EAs) on java frameworks (e.g., Spring), developers often configure application components via metadata (i.e., java annotations and XML files). It is challenging for developers to correctly use metadata, because the usage rules can be complex and existing tools provide limited assistance. When developers misuse metadata, EAs become misconfigured, which defects can trigger erroneous runtime behaviors or introduce security vulnerabilities. To help developers correctly use metadata, this paper presents (1) RSL—a domain-specific language that domain experts can adopt to prescribe metadata checking rules, and (2) MeCheck—a tool that takes in RSL rules and EAs to check for rule violations. With RSL, domain experts (e.g., developers of a java framework) can specify metadata checking rules by defining content consistency among XML files, annotations, and java code. Given such RSL rules and a program to scan, MeCheck interprets rules as cross-file static analyzers, which analyzers scan java and/or XML files to gather information and look for consistency violations. For evaluation, we studied the Spring and JUnit documentation to manually define 15 rules, and created 2 datasets with 115 open-source EAs. The first dataset includes 45 EAs, and the ground truth of 45 manually injected bugs. The second dataset includes multiple versions of 70 EAs. We observed that MeCheck identified bugs in the first dataset with 100% precision, 96% recall, and 98% F-score. It reported 152 bugs in the second dataset, 49 of which bugs were already fixed by developers. Our evaluation shows that MeCheck helps ensure the correct usage of metadata. © 2025, CC BY.

关键词： java programming language

Evaluating Large language Models in Vulnerability Detection Under Variable Context Windows

学校读者我要写书评

暂无评论

arXiv 2025年

作者： Lin, Jie Mohaisen, David University of Central Florida United States

This study examines the impact of tokenized java code length on the accuracy and explicitness of ten major LLMs in vulnerability detection. Using chi-square tests and known ground truth, we found inconsistencies across models: some, like GPT-4, Mistral, and Mixtral, showed robustness, while others exhibited a significant link between tokenized length and performance. We recommend future LLM development focus on minimizing the influence of input length for better vulnerability detection. Additionally, preprocessing techniques that reduce token count while preserving code structure could enhance LLM accuracy and explicitness in these tasks. © 2025, CC BY-NC-ND.

关键词： java programming language

Universal Scalability in Declarative Program Analysis (with Choice-Based Combination Pruning)

学校读者我要写书评

暂无评论

arXiv 2025年

作者： Antoniadis, Anastasios Tsatiris, Ilias Grech, Neville Smaragdakis, Yannis University of Athens Greece Dedaub Greece Dedaub University of Malta Malta Dedaub University of Athens Greece

Datalog engines for fixpoint evaluation have brought great benefits to static program analysis over the past decades. A Datalog specification of an analysis allows a declarative, easy-to-maintain specification, without sacrificing performance, and indeed often achieving significant speedups compared to hand-coded algorithms. However, these benefits come with a certain loss of control. Datalog evaluation is bottom-up, meaning that all inferences (from a set of initial facts) are performed and all their conclusions are outputs of the computation. In practice, virtually every program analysis expressed in Datalog becomes unscalable for some inputs, due to the worst-case blowup of computing all results, even when a partial answer would have been perfectly satisfactory. In this work, we present a simple, uniform, and elegant solution to the problem, with stunning practical effectiveness and application to virtually any Datalog-based analysis. The approach consists of leveraging the choice construct, supported natively in modern Datalog engines like Soufflé. The choice construct allows the definition of functional dependencies in a relation and has been used in the past for expressing worklist algorithms. We show a near-universal construction that allows the choice construct to flexibly limit evaluation of predicates. The technique is applicable to practically any analysis architecture imaginable, since it adaptively prunes evaluation results when a (programmer-controlled) projection of a relation exceeds a desired cardinality. We apply the technique to probably the largest, pre-existing Datalog analysis frameworks in existence: Doop (for java bytecode) and the main client analyses from the Gigahorse framework (for Ethereum smart contracts). Without needing to understand the existing analysis logic and with minimal, local-only changes, the performance of each framework increases dramatically, by over 20x for the hardest inputs, with near-negligible sacrifice in completene

关键词： java programming language

Do Developers Depend on Deprecated Library Versions? A Mining Study of Log4j

学校读者我要写书评

暂无评论

arXiv 2025年

作者： Yoshioka, Haruhiko Lertbanjongngam, Sila Inaba, Masayuki Fan, Youmei Nakano, Takashi Shimari, Kazumasa Kula, Raula Gaikovina Matsumoto, Kenichi Graduate School of Science and Technology Nara Institute of Science and Technology Japan Graduate School of Information Science and Technology Osaka University Japan

Log4j has become a widely adopted logging library for java programs due to its long history and high reliability. Its widespread use is notable not only because of its maturity but also due to the complexity and depth of its features, which have made it an essential tool for many developers. However, Log4j 1.x, which reached its end of support (deprecated), poses significant security risks and has numerous deprecated features that can be exploited by attackers. Despite this, some clients may still rely on this library. We aim to understand whether clients are still using Log4j 1.x despite its official support ending. We utilized the Mining Software Repositories 2025 challenge dataset, which provides a large and representative sample of open-source software projects. We analyzed over 10,000 log entries from the Mining Software Repositories 2025 challenge dataset using the Goblin framework to identify trends in usage rates for both Log4j 1.x and Log4j-core 2.x. Specifically, our study addressed two key issues: (1) We examined the usage rates and trends for these two libraries, highlighting any notable differences or patterns in their adoption. (2) We demonstrate that projects initiated after a deprecated library has reached the end of its support lifecycle can still maintain significant popularity. These findings highlight how deprecated are still popular, with the next step being to understand the reasoning behind these adoptions. Copyright © 2025, The Authors. All rights reserved.

关键词： java programming language

Where’s the Bug? Attention Probing for Scalable Fault Localization

学校读者我要写书评

暂无评论

arXiv 2025年

作者： Stein, Adam Wayne, Arthur Naik, Aaditya Naik, Mayur Wong, Eric Department of Computer Science University of Pennsylvania PA United States

Ensuring code correctness remains a challenging problem even as large language models (LLMs) become increasingly capable at code-related tasks. While LLM-based program repair systems can propose bug fixes using only a user’s bug report, their effectiveness is fundamentally limited by their ability to perform fault localization (FL), a challenging problem for both humans and LLMs. Existing FL approaches rely on executable test cases, require training on costly and often noisy line-level annotations, or demand resource-intensive LLMs. In this paper, we present Bug Attention Probe (BAP), a method which learns state-of-the-art fault localization without any direct localization labels, outperforming traditional FL baselines and prompting of large-scale LLMs. We evaluate our approach across a variety of code settings, including real-world java bugs from the standard Defects4J dataset as well as seven other datasets which span a diverse set of bug types and languages. Averaged across all eight datasets, BAP improves by 34.6% top-1 accuracy compared to the strongest baseline and 93.4% over zero-shot prompting GPT-4o. BAP is also significantly more efficient than prompting, outperforming large open-weight models at a small fraction of the computational cost.1 © 2025, CC BY.

关键词： java programming language

Demystifying and Assessing Code Understandability in java Decompilation

学校读者我要写书评

暂无评论

arXiv 2024年

作者： Qin, Ruixin Xiong, Yifan Lu, Yifei Pan, Minxue State Key Laboratory for Novel Software Technology Software Institute Nanjing University China

Decompilation, the process of converting machine-level code into readable source code, plays a critical role in reverse engineering. Given that the main purpose of decompilation is to facilitate code comprehension in scenarios where the source code is unavailable, the understandability of decompiled code is of great importance. Unfortunately, previous researches have predominantly concentrated on the correctness of decompilation, leaving the understandability of the decompiled code largely unexplored. Do decompiler stakeholders place importance on the understandability of decompiled code? Are there any methodologies that can be used to assess this understandability? These questions, however, remain unanswered so far. Therefore, in this paper, we propose the first empirical study on the understandability of java decompiled code. This study involves a well-designed user survey to reveal the Severity and Universality of understandability issues in java decompilation, as well as a series of experiments for the understandability comparison between a total of 429 sets of source code files from 14 java projects and corresponding decompiled files provided by 3 famous java decompilers. Through an in-depth analysis of the survey results and the experiment results, we obtained the following findings: (1) Understandability of java decompilation is considered as important as its correctness, and decompilation understandability issues are even more commonly encountered than decompilation failures. (2) A notable percentage of code snippets decompiled by java decompilers exhibit significantly lower or higher levels of understandability in comparison to their original source code. (3) Unfortunately, Cognitive Complexity demonstrates relatively acceptable precision while low recall in recognizing these code snippets exhibiting diverse understandability during decompilation. (4) Even worse, perplexity demonstrates lower levels of precision and recall in recognizing such code snippets.

关键词： java programming language

Resource-Efficient & Effective Code Summarization

学校读者我要写书评

暂无评论

arXiv 2025年

作者： Afrin, Saima Call, Joseph Nguyen, Khai-Nguyen Chaparro, Oscar Mastropaolo, Antonio William & Mary Department of Computer Science WilliamsburgVA United States

Code language Models (CLMs) have demonstrated high effectiveness in automating software engineering tasks such as bug fixing, code generation, and code documentation. This progress has been driven by the scaling of large models, ranging from millions to trillions of parameters (e.g., GPT-4). However, as models grow in scale, sustainability concerns emerge, as they are extremely resource-intensive, highlighting the need for efficient, environmentally conscious solutions. GreenAI techniques, such as QLoRA (Quantized Low-Rank Adaptation), offer a promising path for dealing with large models’ sustainability as they enable resource-efficient model fine-tuning. Previous research has shown the effectiveness of QLoRA in code-related tasks, particularly those involving natural language inputs and code as the target output (NL-to-Code), such as code generation. However, no studies have explored its application to tasks that are fundamentally similar to NL-to-Code (natural language to code) but operate in the opposite direction, such as code summarization. This leaves a gap in understanding how well QLoRA can generalize to Code-to-NL tasks, which are equally important for supporting developers in understanding and maintaining code. To address this gap, we investigate the extent to which QLoRA’s capabilities in NL-to-Code tasks can be leveraged and transferred to code summarization, one representative Code-to-NL task. Our study evaluates two state-of-the-art CLMs (CodeLlama and DeepSeek-Coder) across two programming languages: Python and java. Each model was tasked with generating a meaningful description for Python and java code methods. The findings of our research confirm previous patterns that emerged when applying QLoRA to source code generation. Notably, we observe that QLoRA not only allows efficient fine-tuning of CLMs for code summarization but also achieves the best results with minimal parameter adjustment compared to full model fine-tuning, which requires expensive

关键词： java programming language

AUTOTEE: Automated Migration and Protection of Programs in Trusted Execution Environments

学校读者我要写书评

暂无评论

arXiv 2025年

作者： Han, Ruidong Yang, Zhou Ma, Chengyan Liu, Ye Niu, Yuqing Ma, Siqi Gao, Debin Lo, David School of Computing and Information Systems Singapore Management University Singapore School of Computer Science and Engineering UNSW Sydney Australia

Trusted Execution Environments (TEEs) isolate a special space within a device’s memory that is not accessible to the normal world (also known as Untrusted Environment), even when the device is compromised. Thus, developers can utilize TEEs to provide strong security guarantees for their programs, making sensitive operations like encrypted data storage, fingerprint verification, and remote attestation protected from malicious attacks. Despite the strong protections offered by TEEs, adapting existing programs to leverage such security guarantees is nontrivial, often requiring extensive domain knowledge and manual intervention, which makes TEEs less accessible to developers. This motivates us to design AUTOTEE, the first Large language Model (LLM)-enabled approach that can automatically identify, partition, transform, and port sensitive functions into TEEs with minimal developer intervention. By manually reviewing 68 repositories, we constructed a benchmark dataset consisting of 385 sensitive functions eligible for transformation, on which AUTOTEE achieves a high F1 score of 0.91. AUTOTEE effectively transforms these sensitive functions into their TEE-compatible counterparts, achieving success rates of 90% and 83% for java and Python, respectively. We further provide a mechanism to automatically port the transformed code to different TEE platforms, including Intel SGX and AMD SEV, demonstrating that the transformed programs run successfully and correctly on these platforms. © 2025, CC BY-NC-SA.

关键词： java programming language