Vulnerabilities, referred to as CLV issues, are induced by cross-language invocations of vulnerable libraries. Such issues greatly increase the attack surface of Python/Java projects due to their pervasive use of C li...
详细信息
ISBN:
(纸本)9781450394758
Vulnerabilities, referred to as CLV issues, are induced by cross-language invocations of vulnerable libraries. Such issues greatly increase the attack surface of Python/Java projects due to their pervasive use of C libraries. Existing Python/Java build tools in PyPI and Maven ecosystems fail to report the dependency on vulnerable libraries written in other languages such as C. CLV issues are easily missed by developers. In this paper, we conduct the first empirical study on the status quo of CLV issues in PyPI and Maven ecosystems. It is found that 82,951 projects in these ecosystems are directly or indirectly dependent on libraries compiled from the C project versions that are identified to be vulnerable in CVE reports. Our study arouses the awareness of CLV issues in popular ecosystems and presents related analysis results. The study also leads to the development of the first automated mechanism, Insight, which provides a turn-key solution to the identification of CLV issues in PyPI and Maven projects based on published CVE reports of vulnerable C projects. Insight automatically identifies if a PyPI or Maven project is using a C library compiled from vulnerable C project versions in published CVE reports. It also deduces the vulnerable APIs involved by analyzing the usage of various foreign function interfaces such as CFFI and JNI in the concerned PyPI or Maven project. Insight achieves a high detection rate of 88.4% on a popular CLV issue benchmark. Contributing to the open-source community, we report 226 CLV issues detected in the actively maintained PyPI and Maven projects that are directly dependent on vulnerable C library versions. Our reports are well received and appreciated by developers with queries on the availability of Insight. 127 reported issues (56.2%) were quickly confirmed by developers and 74.8% of them were fixed/under fixing by popular projects, such as Mongodb [40] and Eclipse/Sumo [19].
The development of effective diagnostic methodolo-gies for software system failures is of paramount importance. Traditional methods, which rely on specialized terminology and intricate reasoning, require users to have...
详细信息
ISBN:
(数字)9798331535100
ISBN:
(纸本)9798331535117
The development of effective diagnostic methodolo-gies for software system failures is of paramount importance. Traditional methods, which rely on specialized terminology and intricate reasoning, require users to have a technical background, resulting in reduced flexibility and decreased user-friendliness. With the rise of generative large language models, optimizing human-computer interaction has become a critical area of focus. Additionally, the inherent intelligence and extensive knowledge of large language models make them both easy and effective to employ for fault diagnosis assistance. We introduce IFKG, an advanced tool for diagnosing software system failures. IFKG integrates generative large language models with knowledge graphs, employing natural language interactions to implement fault detection and deliver solutions. IFKG enables users to upload descriptive problems, retrieve pertinent information from the knowledge graph, and present diagnostic results in natural language. Our accuracy assessments across diverse software system failures indicate that the IFKG provides targeted and actionable recommendations, effectively assisting users in ad-dressing a range of software system issues. The tool is available on GitHub at https://***/mako-xxlIFKG, and the demo video can be found on YouTube: https://***2vgZm2hk.
This study presents a sparse window-based stereo-matching algorithm that enhances the accuracy and efficiency of the semi-global matching algorithm. Unlike traditional methods, this algorithm processes pixel areas bas...
This study presents a sparse window-based stereo-matching algorithm that enhances the accuracy and efficiency of the semi-global matching algorithm. Unlike traditional methods, this algorithm processes pixel areas based on their texture features, resulting in more efficient encoding. The proposed approach systematically samples pixels within the original encoding window to reduce the number of pixels involved in the process. Additionally, using the FAST feature detection method distinguishes texture areas and applies different encoding processes for each area to obtain the feature encoding of the center pixels. Experimental results show that compared with traditional semi-global stereo matching algorithms, our proposed sparse window-based algorithm improves processing speed by 0.06 seconds and reduces average error by 10.92%.
Indoor visual localization,i.e.,6 Degree-of-Freedom camera pose estimation for a query image with respect to a known scene,is gaining increased attention driven by rapid progress of applications such as robotics and a...
详细信息
Indoor visual localization,i.e.,6 Degree-of-Freedom camera pose estimation for a query image with respect to a known scene,is gaining increased attention driven by rapid progress of applications such as robotics and augmented ***,drastic visual discrepancies between an onsite query image and prerecorded indoor images cast a significant challenge for visual *** this paper,based on the key observation of the constant existence of planar surfaces such as floors or walls in indoor scenes,we propose a novel system incorporating geometric information to address issues using only pixelated *** the system implementation,we contribute a hierarchical structure consisting of pre-scanned images and point cloud,as well as a distilled representation of the planar-element layout extracted from the original dataset.A view synthesis procedure is designed to generate synthetic images as complementary to that of a sparsely sampled ***,a global image descriptor based on the image statistic modality,called block mean,variance,and color(BMVC),was employed to speed up the candidate pose identification incorporated with a traditional convolutional neural network(CNN)*** results on a popular benchmark demonstrate that the proposed method outperforms the state-of-the-art approaches in terms of visual localization validity and accuracy.
The burgeoning robotics industry has catalyzed significant strides in the development and deployment of industrial and service robotic arms, positioning path planning as a pivotal facet for augmenting their operationa...
详细信息
The burgeoning robotics industry has catalyzed significant strides in the development and deployment of industrial and service robotic arms, positioning path planning as a pivotal facet for augmenting their operational safety and efficiency. Existing path planning algorithms, while capable of delineating feasible trajectories, often fall short of achieving optimality, particularly concerning path length, search duration, and success likelihood. This study introduces an enhanced Rapidly-Exploring Random Tree (RRT) algorithm, meticulously designed to rectify the issues of node redundancy and the compromised path quality endemic to conventional RRT approaches. Through the integration of an adaptive pruning mechanism and a dynamic elliptical search strategy within the Informed RRT* framework, our algorithm efficiently refines the search tree by discarding branches that surpass the cost of the optimal path, thereby refining the search space and significantly boosting efficiency. Extensive comparative analysis across both two-dimensional and three-dimensional simulation settings underscores the algorithm’s proficiency in markedly improving path precision and search velocity, signifying a breakthrough in the domain of robotic arm path planning.
Pre-trained models of source code have gained widespread popularity in many code intelligence tasks. Recently, with the scaling of the model and corpus size, large language models have shown the ability of in-context ...
ISBN:
(纸本)9798350329964
Pre-trained models of source code have gained widespread popularity in many code intelligence tasks. Recently, with the scaling of the model and corpus size, large language models have shown the ability of in-context learning (ICL). ICL employs task instructions and a few examples as demonstrations, and then inputs the demonstrations to the language models for making predictions. This new learning paradigm is training-free and has shown impressive performance in various natural language processing and code intelligence tasks. However, the performance of ICL heavily relies on the quality of demonstrations, e.g., the selected examples. It is important to systematically investigate how to construct a good demonstration for code-related tasks. In this paper, we empirically explore the impact of three key factors on the performance of ICL in code intelligence tasks: the selection, order, and number of demonstration examples. We conduct extensive experiments on three code intelligence tasks including code summarization, bug fixing, and program synthesis. Our experimental results demonstrate that all the above three factors dramatically impact the performance of ICL in code intelligence tasks. Additionally, we summarize our findings and provide takeaway suggestions on how to construct effective demonstrations, taking into account these three perspectives. We also show that a carefully-designed demonstration based on our findings can lead to substantial improvements over widely-used demonstration construction methods, e.g., improving BLEU-4, EM, and EM by at least 9.90%, 175.96%, and 50.81% on code summarization, bug fixing, and program synthesis, respectively.
The QUasi-Affine TRansformation Evolution (QUATRE) was first proposed by Meng et al. in 2016. It has the characteristics of few parameters and fast convergence. This paper brings two methods to improve its solution qu...
详细信息
To better regulate the speed of brushless DC motors,an improved algorithm based on the original Glowworm Swarm Optimization is *** proposed algorithm solves the problems of poor robustness,slow convergence,and low acc...
详细信息
To better regulate the speed of brushless DC motors,an improved algorithm based on the original Glowworm Swarm Optimization is *** proposed algorithm solves the problems of poor robustness,slow convergence,and low accuracy exhibited by traditional PID *** selecting the glowworm neighborhood set,an optimization scheme based on the growth and competition behavior of weeds is applied to a single glowworm to prevent falling into a local optimal *** the glowworm’s position is updated,the league selection operator is introduced to search for the global optimal *** the local search ability of the invasive weed optimization with the global search ability of the league selection operator enhances the robustness of the algorithm and also accelerates the convergence speed of the *** mathematical model of the brushless DC motor is established,the PID parameters are tuned and optimized using improved Glowworm Swarm Optimization algorithm,and the speed of the brushless DC motor is *** a Simulink environment,a double closed-loop speed control model was established to simulate the speed control of a brushless DC motor,and this simulation was compared with a traditional PID *** simulation results show that the model based on the improved Glowworm Swarm Optimization algorithm has good robustness and a steady-state response speed for motor speed control.
Recently, video deraining has become a research focus. Network-based approaches are continuously showing extrusive performance. However, they lack precise control over the motion consistency in temporal information an...
详细信息
Model Predictive Control (MPC) has been very successful in the control industries due to its ability to handle uncertainty in physical systems with some constraints. Due to its higher power density, DC servomechanism ...
详细信息
暂无评论