Science of Computer Programming最新文献_第3页

Detecting duplicate vulnerability records across databases 检测跨数据库的重复漏洞记录

IF 1.5 4区计算机科学

Science of Computer Programming Pub Date : 2025-07-07 DOI: 10.1016/j.scico.2025.103357

Kangliang Zhu , Wenhua Yang , Minxue Pan , Yu Zhou

{"title":"Detecting duplicate vulnerability records across databases","authors":"Kangliang Zhu , Wenhua Yang , Minxue Pan , Yu Zhou","doi":"10.1016/j.scico.2025.103357","DOIUrl":"10.1016/j.scico.2025.103357","url":null,"abstract":"<div><div>Vulnerability databases are critical repositories that aggregate information about known security vulnerabilities across various software products. However, the existence of multiple, heterogeneous databases often leads to duplicate vulnerability records, necessitating significant manual effort by maintainers to identify and consolidate these duplicates. This study addresses the challenge of detecting duplicate vulnerabilities across different databases by proposing a combined method that integrates cosine similarity measures with a fine-tuned BERT-based language model. We constructed a comprehensive duplicate vulnerability dataset by analyzing records from prominent databases such as CVE, OSV, and the GitHub Advisory Database. Our method was evaluated against several baseline techniques, including similarity-based and deep learning-based approaches, demonstrating superior performance across multiple metrics, including Hit Rate@N, Mean Reciprocal Rank (MRR), Mean Rank, and Median Rank. Additionally, our method proved effective in practical scenarios involving ongoing database maintenance, showcasing its ability to generalize to unseen data. The findings highlight the potential of integrating traditional similarity measures with advanced language models to enhance the accuracy and efficiency of duplicate vulnerability detection, thereby facilitating more reliable vulnerability management.</div></div>","PeriodicalId":49561,"journal":{"name":"Science of Computer Programming","volume":"247 ","pages":"Article 103357"},"PeriodicalIF":1.5,"publicationDate":"2025-07-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144571314","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Safe and infinite resource scheduling using energy timed automata 基于能量时间自动机的安全无限资源调度

IF 1.5 4区计算机科学

Science of Computer Programming Pub Date : 2025-07-04 DOI: 10.1016/j.scico.2025.103358

Pieter J.L. Cuijpers , Jonas Hansen , Kim G. Larsen

{"title":"Safe and infinite resource scheduling using energy timed automata","authors":"Pieter J.L. Cuijpers , Jonas Hansen , Kim G. Larsen","doi":"10.1016/j.scico.2025.103358","DOIUrl":"10.1016/j.scico.2025.103358","url":null,"abstract":"<div><div>We study the existence of infinite and safe schedules for resource-dependent real-time systems, in the setting of multiple continuous resources. Specifically, we explore the multi-variable extension of Energy Timed Automata, where variables are bounded by polyhedra in <span><math><msup><mrow><mi>R</mi></mrow><mrow><mi>n</mi></mrow></msup></math></span>. We ask the question of whether there exist infinite runs satisfying such boundary constraints and show how schedules can be synthesized by characterising these runs as limit sets using quantifier elimination for linear real arithmetic. We show that for linear limit sets, it is possible to characterise such infinite runs.</div><div>Additionally, we relate this to an earlier decidability result for single-variable Energy Timed Automata that are flat and segmented, and show constructively that there exist flat and segmented multi-variable Energy Timed Automata that give rise to non-linear limit sets.</div><div>Lastly, we solidify our framework and method with a case study. Specifically, a multi-agent extension of an industrial case concerned with oil tanks, originally provided by the HYDAC company.</div></div>","PeriodicalId":49561,"journal":{"name":"Science of Computer Programming","volume":"247 ","pages":"Article 103358"},"PeriodicalIF":1.5,"publicationDate":"2025-07-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144571313","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Random test generators demystified: Differences and potential for compiler reliability 揭秘随机测试生成器：编译器可靠性的差异和潜力

IF 1.5 4区计算机科学

Science of Computer Programming Pub Date : 2025-07-03 DOI: 10.1016/j.scico.2025.103359

Yang Wang, Zeyu Lu, Beining Wu, Yibiao Yang, Hongmin Lu, Yuming Zhou

{"title":"Random test generators demystified: Differences and potential for compiler reliability","authors":"Yang Wang, Zeyu Lu, Beining Wu, Yibiao Yang, Hongmin Lu, Yuming Zhou","doi":"10.1016/j.scico.2025.103359","DOIUrl":"10.1016/j.scico.2025.103359","url":null,"abstract":"<div><div>Compiler testing requires diverse programs as inputs. Various random program generators that can produce programs from scratch have been developed for this purpose. However, there is a gap in understanding (1) the differences among the generated programs and (2) how to make better use of these generators. To fill this gap, we selected five C random program generators and conducted the first comprehensive empirical analysis. For generated programs, our study focuses on three key areas: comparing the variations in features from multiple perspectives, analyzing the impact of compiling these programs on open-source compilers, and exploring their application potential in non-traditional testing scenarios. Programs from different generators show distinctive differences in various program features. Each has unique abilities to increase coverage of specific compiler components. Moreover, they can spot inconsistencies in the coverage statistics provided by different compilers, indicating promising application potential. Our study demonstrates that existing generators involve trade-offs in their design, making it challenging for any single implementation to balance efficiency, usability, and diversity for all scenarios. This motivates us to both maximize the potential of current generators and innovate to create more high-quality test programs for modern compiler quality assurance.</div></div>","PeriodicalId":49561,"journal":{"name":"Science of Computer Programming","volume":"247 ","pages":"Article 103359"},"PeriodicalIF":1.5,"publicationDate":"2025-07-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144563540","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Low-code design of collective systems with ScaFi-Blocks 基于ScaFi-Blocks的集合系统的低代码设计

IF 1.5 4区计算机科学

Science of Computer Programming Pub Date : 2025-06-30 DOI: 10.1016/j.scico.2025.103356

Gianluca Aguzzi, Matteo Cerioni, Mirko Viroli

引用次数: 0

PN2CCS: A tool to encode Petri nets into calculus of communicating systems PN2CCS：一个将Petri网编码为通信系统微积分的工具

IF 1.5 4区计算机科学

Science of Computer Programming Pub Date : 2025-06-27 DOI: 10.1016/j.scico.2025.103355

Benjamin Bogø , Andrea Burattin , Alceste Scalas

引用次数: 0

Fossil 2.0: Design, usage and impact of a software tool for verification and control of dynamical models 化石2.0：用于验证和控制动态模型的软件工具的设计、使用和影响

IF 1.5 4区计算机科学

Science of Computer Programming Pub Date : 2025-06-23 DOI: 10.1016/j.scico.2025.103354

Alec Edwards , Andrea Peruffo , Alessandro Abate

引用次数: 0

An adaptive pairwise testing algorithm based on deep reinforcement learning 一种基于深度强化学习的自适应成对测试算法

IF 1.5 4区计算机科学

Science of Computer Programming Pub Date : 2025-06-23 DOI: 10.1016/j.scico.2025.103353

Linlin Wen , Chengying Mao , Dave Towey , Jifu Chen

{"title":"An adaptive pairwise testing algorithm based on deep reinforcement learning","authors":"Linlin Wen , Chengying Mao , Dave Towey , Jifu Chen","doi":"10.1016/j.scico.2025.103353","DOIUrl":"10.1016/j.scico.2025.103353","url":null,"abstract":"<div><div>Pairwise testing is an important branch of combinatorial testing that focuses on finding a minimum test suite that satisfies pairwise coverage. However, most existing methods fail to achieve a good balance between exploration and exploitation capabilities when searching for the test suite, or may not fully utilize the information related to the already-generated test cases: This can lead to unsatisfactory performance in combination coverage. To address these limitations, we propose an adaptive pairwise testing framework based on deep reinforcement learning, APT-DRL. Using this, a deep reinforcement learning model for pairwise testing based on the Proximal Policy Optimization (PPO) method is developed. We design the pairwise coverage vector as the state space, and use neural networks to solve the search problem in this huge state space. To reduce the size of the Markov decision space, we also design a masking technique to avoid repeated generation of actions (test cases) that have already been used. We conducted experiments using APT-DRL and eight other baseline algorithms (representing three categories): The results show that APT-DRL, as a novel pairwise testing method, significantly outperforms four random-based pairwise testing methods (RT, ARTsum, FSCS-HD, and FSCS-SD); is comparable to, or surpasses, the two heuristic algorithms (IPOG and AETG); and has better test-suite-generation efficiency and superior effectiveness than the two swarm-intelligence-based algorithms (GSTG and DPSO).</div></div>","PeriodicalId":49561,"journal":{"name":"Science of Computer Programming","volume":"247 ","pages":"Article 103353"},"PeriodicalIF":1.5,"publicationDate":"2025-06-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144490705","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

DEScMaker: A tool for automated code generation for discrete event systems controllers 为离散事件系统控制器自动生成代码的工具

IF 1.5 4区计算机科学

Science of Computer Programming Pub Date : 2025-06-16 DOI: 10.1016/j.scico.2025.103350

Tiago Possato , João H. Valentini , Luiz F.P. Southier , Marco A.C. Barbosa , Marcelo Teixeira

{"title":"DEScMaker: A tool for automated code generation for discrete event systems controllers","authors":"Tiago Possato , João H. Valentini , Luiz F.P. Southier , Marco A.C. Barbosa , Marcelo Teixeira","doi":"10.1016/j.scico.2025.103350","DOIUrl":"10.1016/j.scico.2025.103350","url":null,"abstract":"<div><div>The <em>Supervisory Control Theory</em> (SCT ) is a formal approach that allows computing correct-by-construction controllers for <em>Discrete Event Systems</em> (DESs ), having <em>Finite State Machines</em> (FSMs ) as its basic building block. Usually, tools that implement SCT operations over FSMs have resources for the design, processing, simulation, synthesis, and verification, but not for implementation, including code generation resources. Without them, designers still must manually code the control solution, shedding the practical appeal of SCT. This paper claims that SCT can more smoothly meet automated implementation via the proposed <em>DEScMaker</em> tool. It receives an FSM representing the output of the SCT synthesis and converts it into <em>C</em> or <span><math><mi>P</mi><mi>y</mi><mi>t</mi><mi>h</mi><mi>o</mi><mi>n</mi></math></span> code that preserves the idea of event controllability, maximum permissiveness within a set of specifications, and non-blockingness. The tool handles both centralized and modular architectures, and its output is a generic implementation structured in layers, with supervisors, an event handler, and the interface between software and hardware, which requires minimal effort to be customized for each target platform. Examples illustrate the approach and allow for quantifying its gains compared with empirical programming.</div></div>","PeriodicalId":49561,"journal":{"name":"Science of Computer Programming","volume":"247 ","pages":"Article 103350"},"PeriodicalIF":1.5,"publicationDate":"2025-06-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144312701","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Auto-active verification of distributed systems and specification refinements with Why3-do 使用Why3-do对分布式系统和规范进行自动验证

IF 1.5 4区计算机科学

Science of Computer Programming Pub Date : 2025-06-13 DOI: 10.1016/j.scico.2025.103352

Cláudio Belo Lourenço , Jorge Sousa Pinto

{"title":"Auto-active verification of distributed systems and specification refinements with Why3-do","authors":"Cláudio Belo Lourenço , Jorge Sousa Pinto","doi":"10.1016/j.scico.2025.103352","DOIUrl":"10.1016/j.scico.2025.103352","url":null,"abstract":"<div><div>In this paper, we introduce a novel approach for rigorously verifying safety properties of state machine specifications. Our method leverages an auto-active verifier and centers around the use of action functions annotated with contracts. These contracts facilitate inductive invariant checking, ensuring correctness during system execution. Our approach is further supported by the Why3-do library, which extends the Why3 tool's capabilities to verify concurrent and distributed algorithms using state machines.</div><div>Two distinctive features of Why3-do are: (i) it supports <em>specification refinement</em> through refinement mappings, enabling hierarchical reasoning about distributed algorithms; and (ii) it can be easily extended to make verifying specific classes of systems more convenient. In particular, the library contains models allowing for message-passing algorithms to be described with programmed <em>handlers</em>, assuming different network semantics.</div><div>A gallery of examples, all verified with Why3 using SMT solvers as proof tools, is also described in the paper. It contains several auto-actively verified concurrent and distributed algorithms, including the Paxos consensus algorithm.</div></div>","PeriodicalId":49561,"journal":{"name":"Science of Computer Programming","volume":"247 ","pages":"Article 103352"},"PeriodicalIF":1.5,"publicationDate":"2025-06-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144312699","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

A Haskell-embedded DSL for secure information-flow 用于安全信息流的haskell嵌入式DSL

IF 1.5 4区计算机科学

Science of Computer Programming Pub Date : 2025-06-13 DOI: 10.1016/j.scico.2025.103351

Cecilia Manzino, Gonzalo de Latorre

{"title":"A Haskell-embedded DSL for secure information-flow","authors":"Cecilia Manzino, Gonzalo de Latorre","doi":"10.1016/j.scico.2025.103351","DOIUrl":"10.1016/j.scico.2025.103351","url":null,"abstract":"<div><div>This paper presents a domain-specific language, embedded in Haskell (EDSL), for enforcing the information flow property <em>Delimited Release</em>. To build this language we use Haskell extensions that will allow some kind of dependently-typed programming.</div><div>Considering the effort it takes to build a language from scratch, we decided to provide an information-flow security language as an EDSL, using the infrastructure of the host language to support it.</div><div>The decision to use Haskell as the implementation language was driven by its powerful type system that makes it possible to encode the security type system of the embedded language at the type level, as well as by its nature as a general-purpose language.</div><div>The implementation follows an approach in which the type of the abstract syntax of the embedded language is decorated with security type information. In this way, typed programs will correspond to secure programs, and the verification of the security invariants of programs will be reduced to type-checking.</div><div>The embedded security language is designed in a way that is easy to use. We illustrate its use through three examples: an electronic purchase, secure reading of database information, and a password checker.</div></div>","PeriodicalId":49561,"journal":{"name":"Science of Computer Programming","volume":"247 ","pages":"Article 103351"},"PeriodicalIF":1.5,"publicationDate":"2025-06-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144312700","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0