Code Segments Research Articles

IDENTIFICATION AND LOCALIZATION OF VULNERABILITIES IN SMART CONTRACTS USING ATTENTION VECTORS ANALYSIS IN A BERT-BASED MODEL

Context. With the development of blockchain technology and the increasing use of smart contracts, which are automatically executed in blockchain networks, the significance of securing these contracts has become extremely relevant. Traditional code auditing methods often prove ineffective in identifying complex vulnerabilities, which can lead to significant financial losses. For example, the reentrancy vulnerability that led to the DAO attack in 2016 resulted in the loss of 3.6 million ethers and the split of the Ethereum blockchain network. This underscores the necessity for early detection of vulnerabilities. Objective. The objective of this work is to develop and test an innovative approach for identifying and localizing vulnerabilities in smart contracts based on the analysis of attention vectors in a model using BERT architecture. Method. The methodology described includes data preparation and training a transformer-based model for analyzing smart contract code. The proposed attention vector analysis method allows for the precise identification of vulnerable code segments. The use of the CodeBERT model significantly improves the accuracy of vulnerability identification compared to traditional methods. Specifically, three types of vulnerabilities are considered: reentrancy, timestamp dependence, and tx.origin vulnerability. The data is preprocessed, which includes the standardization of variables and the simplification of functions. Results. The developed model demonstrated a high F-score of 95.51%, which significantly exceeds the results of contemporary approaches, such as the BGRU-ATT model with an F-score of 91.41%. The accuracy of the method in the task of localizing reentrancy vulnerabilities was 82%. Conclusions. The experiments conducted confirmed the effectiveness of the proposed solution. Prospects for further research include the integration of more advanced deep learning models, such as GPT-4 or T5, to improve the accuracy and reliability of vulnerability detection, as well as expanding the dataset to cover other smart contract languages, such as Vyper or LLL, to enhance the applicability and efficiency of the model across various blockchain platforms. Thus, the developed CodeBERT-based model demonstrates high results in detecting and localizing vulnerabilities in smart contracts, which opens new opportunities for research in the field of blockchain platform security.

Leveraging Partially Context-Sensitive Profiles for Enhanced AOT Compilation: A Review

In the realm of compiler optimization, just-in-time (JIT) compilation dynamically adjusts code execution based on runtime profiling, contrasting with the static approach of ahead-of-time (AOT) compilation. While JIT benefits from real-time profiling data, AOT lacks this advantage, necessitating innovative strategies to enhance performance without runtime feedback. This review article explores the integration of partially context-sensitive profiles into AOT compilation, offering insights into optimizing statically compiled programs through advanced profiling techniques. Also, it explores the utilization of partially context-sensitive profiles in ahead-of-time (AOT) compilation to enhance program performance. It delves into the challenges of AOT optimization without runtime profiling, contrasting it with the dynamic optimization capabilities of just-in-time (JIT) compilation. The proposed algorithm strategically leverages partial profiles to identify and optimize hot code segments, presenting a promising avenue for improving AOT compilation efficiency. Through empirical evaluation of diverse benchmarks, the article validates the technique's effectiveness, underscoring its significance in advancing compiler optimization strategies for statically compiled programs.

Refining software defect prediction through attentive neural models for code understanding

Identifying defects through manual software testing is a resource-intensive task in software development. To alleviate this, software defect prediction identifies code segments likely to contain faults using data-driven methods. Traditional techniques rely on static code metrics, which often fail to reflect the deeper syntactic and semantic features of the code. This paper introduces a novel framework that utilizes transformer-based networks with attention mechanisms to predict software defects. The framework encodes input vectors to develop meaningful representations of software modules. A bidirectional transformer encoder is employed to model programming languages, followed by fine-tuning with labeled data to detect defects. The performance of the framework is assessed through experiments across various software projects and compared against baseline techniques. Additionally, statistical hypothesis testing and an ablation study are performed to assess the impact of different parameter choices. The empirical findings indicate that the proposed approach can increase classification accuracy by an average of 15.93% and improve the F1 score by up to 44.26% compared to traditional methods.

Codepickle: Portable Python Grid Computing

We present Codepickle, a groundbreaking solution designed to overcome Python version constraints and enhance portability, especially within distributed Python grids and volunteer computing environments. Unlike existing serialization libraries such as Cloudpickle and Dill, which rely on Python bytecode and are prone to version conflicts, Codepickle offers a robust alternative. Our methodology includes innovative adjustments for function serialization and shared variable management. Experimental results reveal challenges like code sourcing and nonlocal variable handling. Performance benchmarks highlight Codepickle's significant advantages over Cloudpickle, including better portability and reduced message sizes. Notably, Codepickle achieves message sizes that are 84% of those produced by Cloudpickle especially for small code segments, with comparable execution performance. Proposed enhancements target critical issues such as lambda functions and cross-version compatibility. This comprehensive study not only demonstrates Codepickle's transformative potential but also underscores the ongoing quest for advanced serialization techniques in Python's distributed computing landscape.

Comparison of Large Language Models in Generating Machine Learning Curricula in High Schools

With the rapid advancement of artificial intelligence technologies, the integration of AI concepts into educational curricula represents an increasingly important issue. This paper presents a comparative analysis of four AI large language models, ChatGPT (now GPT-4o), Bard (now Gemini), Copilot, and Auto-GPT, in the last year, progressing from the previous into the newer versions, thus also revealing the progress over time. Tasks were selected from the Valence project, which aims to advance machine learning in high school education with material designed by human experts. The four LLMs were assessed across 13 topics, 35 units, and 12 code segments, focusing on their code generation, definition formulation, and textual task capabilities. The results were analyzed using various metrics to conduct a comprehensive evaluation. Each LLM was allowed up to five attempts to produce outputs closely aligned with human-written materials, with experts providing iterative feedback. This study evaluated the effectiveness and accuracy of these LLMs in educational content creation, offering insights into their potential roles in shaping current and future AI-centric education systems.

Identifying shader sub-patterns for GPU performance tuning and architecture design

GPUs are increasingly playing vital roles in the modern technology industry. Improving the GPU performance involves optimizing its architectural design and fine-tuning its software code. However, to achieve this, engineers must investigate codes from as many GPU-related applications as possible to identify code portions that need fine-tuning. Moreover, this effort requires engineers to have good domain knowledge, and their work is made more arduous because the source codes of applications are normally confidential. To this end, we introduce ShaderAnalyzer, a solution leveraging graph mining and machine learning to analyze GPU-executed low-level machine codes and identify their fine-tuning opportunities. Our approach includes representing machine code with graph structure and subsequently identifying frequently occurring substructures within the codes. Optimizing the execution of these substructures can enhance the overall performance of the GPU. In addition, our model leverages these frequent patterns to further facilitate engineers’ tasks by selecting representative patterns to predict and investigate low-efficiency ones. We conduct comprehensive experiments to evaluate the performance of our solution, and the results have been validated by our industry partners. ShaderAnalyzer is an end-to-end framework that helps engineers identify code segments with the highest potential for performance gains after fine-tuning and offers valuable insights for hardware architects in future products design.

A Transformer-based approach to highly granular source code authorship attribution

Traditional source code authorship identification methods often rely on features such as textual similarity, programming style or metadata, however, these methods often struggle to extract the precise source code authoring style when dealing with large-scale code bases or complex programming patterns, resulting in poor performance. Therefore, this paper proposes a Transformer-based high fine-grained source code author attribution method.Aiming at the problem of roughness of existing literature on word segmentation, this paper proposes a high fine-grained source code segmentation method to extract higher fine-grained features. Aiming at the problem of feature dimension redundancy, this paper adopts the Transformer network to locate sensitive features that can characterise the author's style.To verify the effectiveness of the model, it was tested on GCJ-C++ and GCJ-Java datasets. The experimental results show that the proposed method model achieves higher recognition accuracy in the source code authorship attribution problem compared to the traditional methods.

A Transformer-based approach to highly granular source code authorship attribution

Traditional source code authorship identification methods often rely on features such as textual similarity, programming style or metadata, however, these methods often struggle to extract the precise source code authoring style when dealing with large-scale code bases or complex programming patterns, resulting in poor performance. Therefore, this paper proposes a Transformer-based high fine-grained source code author attribution method.Aiming at the problem of roughness of existing literature on word segmentation, this paper proposes a high fine-grained source code segmentation method to extract higher fine-grained features. Aiming at the problem of feature dimension redundancy, this paper adopts the Transformer network to locate sensitive features that can characterise the author's style.To verify the effectiveness of the model, it was tested on GCJ-C++ and GCJ-Java datasets. The experimental results show that the proposed method model achieves higher recognition accuracy in the source code authorship attribution problem compared to the traditional methods.

A Novel Source Code Representation Approach Based on Multi-Head Attention

Code classification and code clone detection are crucial for understanding and maintaining large software systems. Although deep learning surpasses traditional techniques in capturing the features of source code, existing models suffer from low processing power and high complexity. We propose a novel source code representation method based on the multi-head attention mechanism (SCRMHA). SCRMHA captures the vector representation of entire code segments, enabling it to focus on different positions of the input sequence, capture richer semantic information, and simultaneously process different aspects and relationships of the sequence. Moreover, it can calculate multiple attention heads in parallel, speeding up the computational process. We evaluate SCRMHA on both the standard dataset and an actual industrial dataset, and analyze the differences between these two datasets. Experiment results in code classification and clone detection tasks show that SCRMHA consumes less time and reduces complexity by about one-third compared with traditional source code feature representation methods. The results demonstrate that SCRMHA reduces the computational complexity and time consumption of the model while maintaining accuracy.

A Survey of Binary Code Similarity Detection Techniques

Binary Code Similarity Detection is a method that involves comparing two or more binary code segments to identify their similarities and differences. This technique plays a crucial role in areas such as software security, vulnerability detection, and software composition analysis. With the extensive use of binary code in software development and system optimization, binary code similarity detection has become an important area of research. Traditional methods of source code similarity detection face challenges when dealing with the unreadable and complex nature of binary code, necessitating specialized techniques and algorithms. This review compares and summarizes various techniques and methods of binary code similarity detection, highlighting their strengths and limitations in handling different characteristics of binary code. Additionally, the article suggests potential future research directions. As research and innovation in this technology continue to advance, binary code similarity detection is expected to play an increasingly significant role in fields like software security.

Forward-Oriented Programming: A meta-DSL for fast development of component libraries

Libraries that implement Domain-Specific Language (DSL) components keep gaining traction when it comes to developing software for specific application domains. However, creating components that can be organically weaved into use cases is an extremely complex task. In this work, we introduce a meta-DSL to assist library development, called Forward-Oriented Programming (FOP). This combines lazy evaluation and aspect-oriented programming principles to align crosscutting component configurations and alter their execution outcomes depending on usage in subsequent code. Theoretical analysis shows that FOP simplifies component development and makes their combination logic learnable by library users. We realize the paradigm with a Python package, called pyfop, and conduct a case study that compares it with purely functional and object-oriented library implementations. In the study, source code quality metrics demonstrate reduced time and effort to write library components, and increased comprehensibility. Configurations are shared without modifying distant code segments.

Innovative Firmware Update Method to Microcontrollers during Runtime

This article presents a new firmware update paradigm for optimising the procedure in microcontrollers. The aim is to allow updating during program execution, without interruptions or restarts, replacing only specific code segments. The proposed method uses static and absolute addresses to locate and isolate the code segment to be updated. The work focuses on Microchip’s PIC18F27K42 microcontroller and includes an example of updating functionality without affecting ongoing applications. This approach is ideal for band limited channels, reducing the amount of data transmitted during the update process. It also allows incremental changes to the program code, preserving network capacity, and reduces the costs associated with data transfer, especially in firmware update scenarios using cellular networks. This ability to update the normal operation of the device, avoiding service interruption and minimising downtime, is of remarkable value.

An empirical investigation of the relationship between pattern grime and code smells

AbstractDevelopers are encouraged to adopt good design practices to maintain good software quality during the system's evolution. However, some modifications and changes to the system could cause code smells and pattern grime, which might incur more maintenance effort. As the presence of both code smells and pattern grime is considered a bad sign and raises a flag at code segments that need more careful examination, a potential connection between them may exist. Therefore, the main objective of this paper is to (1) empirically investigate the potential relationship between the accumulation of pattern grime and the presence of code smells and (2) evaluate the significance of individual code smells when they appear in a specific pattern grime category. To achieve this goal, we performed an empirical study using six‐grime metrics and 10 code smells on five Java open‐source projects ranging from 217 to 563 classes. Our statistical results indicate that, in general, the growth of grime is more likely to co‐occur with code smells using Spearman's correlation and Odd Ratio test. Specifically, there is a strong positive association between the growth of pattern grime at the class level and the presence of Shotgun Surgery smell according to the result of applying the Apriori algorithm, which gives conviction values equal to 1.66. The findings in this paper are helpful for developers and researchers as the presence of pattern grime could be considered a factor in improving the performance of existing smell detection methods. Furthermore, the link between grime and smells can be exploited as a hint for smell distribution in the system.

Exploring ChatGPT’s code refactoring capabilities: An empirical study

ChatGPT has shown great potential in the field of software engineering with its ability to generate code. Yet, ChatGPT’s ability to interpret code has been deemed unreliable and faulty, which causes concern for the platform’s ability to properly refactor code. To confront this concern, we carried out a study to assess ChatGPT’s abilities and limitations in refactoring code. We divided the study into three parts: if ChatGPT can refactor the code, if the refactored code preserves the behavior of the original code segments, and if ChatGPT is capable of providing documentation for the refactored code to provide insights into intent, instructions, and impact. We focused our research specifically on eight quality attributes to use when prompting ChatGPT to refactor our dataset of 40 Java code segments. After collecting the refactored code segments from ChatGPT, as well as data on whether the behavior was preserved, we ran the refactored code through PMD, a source code analyzer, to find programming flaws. We also tested ChatGPT’s accuracy in generating documentation for the refactored code and analyzed the difference between the results of each quality attribute. We conclude that ChatGPT can provide many useful refactoring changes that can improve the code quality which is crucial. ChatGPT offered improved versions of the provided code segments 39 out of 40 times even if it is as simple as suggesting clearer names for variables or better formatting. ChatGPT was able to recommend numerous options ranging from minor changes such as renaming methods and variables to major changes such as modifying the data structure. ChatGPT’s strengths and accuracy were in suggesting minor changes because it had difficulty addressing and understanding complex errors and operations. Although most of the changes were minor, they made significant improvements because converting loops, simplifying calculations, and removing redundant statements have a crucial effect on runtime, memory, and readability. However, our results also indicate how ChatGPT can be unpredictable in its responses which threatens the reliability of ChatGPT. Asking ChatGPT the same prompt often yields different results, so some outputs were more accurate than others. This makes it difficult to fully access ChatGPT’s capabilities due to its variation and inconsistency. Due to ChatGPT’s limitations of its reliance on its data set, it lacks understanding of the broader context so it may occasionally make errors and suggest alternations that are neither applicable nor necessary. Overall, ChatGPT has proved to be a beneficial tool for programming as it is capable of providing advantageous suggestions, even if it is on a small scale. However, human programmers are still needed to oversee these changes and determine their significance. ChatGPT should be used as an aid to programmers since we cannot completely depend on it yet.

MAlign: Explainable static raw-byte based malware family classification using sequence alignment

For a long time, malware classification and analysis have been an arms-race between antivirus systems and malware authors. Though static analysis is vulnerable to evasion techniques, it is still popular as the first line of defense in antivirus systems. But most of the static analyzers failed to gain the trust of practitioners due to their black-box nature. We propose MAlign, a novel static malware family classification approach inspired by genome sequence alignment that can not only classify malware families but can also provide explanations for its decision. MAlign encodes raw bytes using nucleotides and adopts genome sequence alignment approaches to create a signature of a malware family based on the conserved code segments in that family, without any human labor or expertise. We evaluate MAlign on two malware datasets, and it outperforms other state-of-the-art machine learning-based malware classifiers (by 4.49%∼0.07%), especially on small datasets (by 19.48%∼1.2%). Furthermore, we explain the generated signatures by MAlign on different malware families illustrating the kinds of insights it can provide to analysts, and show its efficacy as an analysis tool. Additionally, we evaluate its theoretical and empirical robustness against some common attacks. In this paper, we approach static malware analysis from a unique perspective, aiming to strike a delicate balance among performance, interpretability, and robustness.

A novel approach to source code assembling in the field of algorithmic complexity

Computational complexity analysis plays an essential part in the education of computer and software engineers. For that reason, it is carefully studied in programming courses, as well as in the algorithms and data structures courses. The number of students who learn programming is rapidly growing, but the number of teachers cannot keep up with that trend. Therefore, it is necessary to develop tools that can ease and accelerate the daily tasks of teachers, especially for learning purposes and in the context of automating the processes of exam preparation. We propose a novel template- and rule-based approach and a corresponding software system for assembling synthetic source code segments of defined time complexity. Based on the developed grammar, the system can produce source code segments with a broad scope of different time complexities while guaranteeing the complexity of the generated segment. The system can be used for generating questions for exams as it can assemble a large number of different code segments that can be given as questions that have similar difficulty levels. The system was evaluated both by human experts and ChatGPT tool.

Deep learning-based solution for smart contract vulnerabilities detection

This paper aims to explore the application of deep learning in smart contract vulnerabilities detection. Smart contracts are an essential part of blockchain technology and are crucial for developing decentralized applications. However, smart contract vulnerabilities can cause financial losses and system crashes. Static analysis tools are frequently used to detect vulnerabilities in smart contracts, but they often result in false positives and false negatives because of their high reliance on predefined rules and lack of semantic analysis capabilities. Furthermore, these predefined rules quickly become obsolete and fail to adapt or generalize to new data. In contrast, deep learning methods do not require predefined detection rules and can learn the features of vulnerabilities during the training process. In this paper, we introduce a solution called Lightning Cat which is based on deep learning techniques. We train three deep learning models for detecting vulnerabilities in smart contract: Optimized-CodeBERT, Optimized-LSTM, and Optimized-CNN. Experimental results show that, in the Lightning Cat we propose, Optimized-CodeBERT model surpasses other methods, achieving an f1-score of 93.53%. To precisely extract vulnerability features, we acquire segments of vulnerable code functions to retain critical vulnerability features. Using the CodeBERT pre-training model for data preprocessing, we could capture the syntax and semantics of the code more accurately. To demonstrate the feasibility of our proposed solution, we evaluate its performance using the SolidiFI-benchmark dataset, which consists of 9369 vulnerable contracts injected with vulnerabilities from seven different types.

A review on statistical language and neural network based code completion

Code completion, also referred to as intellisense, is a prevalent feature of Integrated Development Environments (IDEs) and code editors. It aids developers by automatically recommending and inserting code segments, variable names, and method names, among other things. With the accelerated growth of the software industry and the process of digitalization in recent years, the demand for software engineers has reached a record-high level. Thus, the advancement of code completion is encouraged and has become a popular topic in software engineering. This paper examines and summarizes the development of a statistical language and neural network-based code completion system. The main contents consist of introducing the concepts of code completion system, summarizing the general process of code completion and the evaluation metrics used for performance benchmarking, reviewing and summarizing the existing work conducted on statistical language approach and neural network approach respectively, as well as the limitations and challenges of existing code completion method, and finally forecasting the future development of code completion techniques.

Exploring differences in self-regulated learning strategy use between high- and low-performing students in introductory programming: An analysis of eye-tracking and retrospective think-aloud data from program comprehension

Previous studies have reported mixed results regarding the relationship between students’ use of self-regulated learning (SRL) strategies and their performance in introductory programming courses. These studies were constrained by their reliance on self-report questionnaires as a means of collecting and analysing data. To address this limitation, this study aimed to employ eye-tracking and retrospective think-aloud techniques to identify differences in SRL strategy use for program comprehension tasks between high-performing students (N = 31) and low-performing students (N = 31) in an undergraduate programming course. All participants attended individual eye-tracking sessions to comprehend two Python program codes with different constructs. Their eye-tracking data and video-recalled retrospective think-aloud data were captured and recorded for analysis. The findings reveal that higher-order cognitive skills, such as elaboration and critical thinking, were mostly adopted by high-performing students, while basic cognitive and resource management strategy, such as rehearsal and help-seeking, were mostly employed by low-performing students when comprehending the program codes. This study not only demonstrates the design of combining eye-tracking and retrospective think-aloud data to explore students’ use of SRL strategies but also provides evidence to support the notion that program comprehension is a complex process that cannot be effectively addressed by employing merely rudimentary strategies, such as repetitively reading the same code segment. In the future, researchers could explore the possibility of using a webcam to monitor and assess students’ online programming processes and provide feedback based on their eye movements. They could also examine the effects of SRL strategies training on students’ motivation, engagement, and performance in various types of programming activities.

A New Approach to Web Application Security: Utilizing GPT Language Models for Source Code Inspection

Due to the proliferation of large language models (LLMs) and their widespread use in applications such as ChatGPT, there has been a significant increase in interest in AI over the past year. Multiple researchers have raised the question: how will AI be applied and in what areas? Programming, including the generation, interpretation, analysis, and documentation of static program code based on promptsis one of the most promising fields. With the GPT API, we have explored a new aspect of this: static analysis of the source code of front-end applications at the endpoints of the data path. Our focus was the detection of the CWE-653 vulnerability—inadequately isolated sensitive code segments that could lead to unauthorized access or data leakage. This type of vulnerability detection consists of the detection of code segments dealing with sensitive data and the categorization of the isolation and protection levels of those segments that were previously not feasible without human intervention. However, we believed that the interpretive capabilities of GPT models could be explored to create a set of prompts to detect these cases on a file-by-file basis for the applications under study, and the efficiency of the method could pave the way for additional analysis tasks that were previously unavailable for automation. In the introduction to our paper, we characterize in detail the problem space of vulnerability and weakness detection, the challenges of the domain, and the advances that have been achieved in similarly complex areas using GPT or other LLMs. Then, we present our methodology, which includes our classification of sensitive data and protection levels. This is followed by the process of preprocessing, analyzing, and evaluating static code. This was achieved through a series of GPT prompts containing parts of static source code, utilizing few-shot examples and chain-of-thought techniques that detected sensitive code segments and mapped the complex code base into manageable JSON structures.Finally, we present our findings and evaluation of the open source project analysis, comparing the results of the GPT-based pipelines with manual evaluations, highlighting that the field yields a high research value. The results show a vulnerability detection rate for this particular type of model of 88.76%, among others.