Source Program Research Articles

SNIP: Speculative Execution and Non-Interference Preservation for Compiler Transformations

We address the problem of preserving non-interference across compiler transformations under speculative semantics . We develop a proof method that ensures the preservation uniformly across all source programs. The basis of our proof method is a new form of simulation relation. It operates over directives that model the attacker’s control over the micro-architectural state, and it accounts for the fact that the compiler transformation may change the influence of the micro-architectural state on the execution (and hence the directives). Using our proof method, we show the correctness of dead code elimination. When we tried to prove register allocation correct, we identified a previously unknown weakness that introduces violations to non-interference. We have confirmed the weakness for a mainstream compiler on code from the libsodium cryptographic library. To reclaim security once more, we develop a novel static analysis that operates on a product of source program and register-allocated program. Using the analysis, we present an automated fix to existing register allocation implementations. We prove the correctness of the fixed register allocations with our proof method.

DDoS Attacks on Cloud Computing and IoT Devices: Strategies for Mitigation

This study has the goal of developing security model that detected and prevented the risks of Distributed Denial of Service (DDoS) attacks in cloud computing systems and IoT devices which are gravely potent and on the increase today, especially with the rapid growth of internet during the last one and a half decades. This is more prevalent because of the several benefits that an organization enjoys after adopting cloud computing and Internet of Things (IoT). However, the harm that may result after a DDoS attack on a cloud computing infrastructure or service and IoT devices can be very huge, and all efforts must be made to secure it. Therefore, the traditional security mechanism cannot satisfy the security requirements of cloud computing and IoT. While several models exist on tackling this menace which operate on a particular layer (mostly layer 3) of the Open System Interconnection (OSI), we have developed a cloud-based hybrid defense and detection mechanism to prevent DDoS attacks in cloud computing environment and IoT that operates in layers 3 (network), 4 (transport) and 7 (application) of the OSI model. This was done using two approaches: analyzing Transmission Control Protocol/Internet Protocol (TCP/IP) header features of incoming packets in cloud computing environment in order to detect and classify spoofed IP address during DDoS attack via a custom-made Web Application Firewall (WAF); and the integration of the cloud resources with Cloudflare. In the first instance, TCP syn flood attacks were targeted to a particular webserver on port 80 through an attacking lab machine. This machine did not have this custom-made WAF (prevention/detection mechanism) against these attacks. There was 100% packet loss as no replies were received, overwhelming the system. The result shows that a total of 1,625,192 packets were transmitted in a short period which were captured and analyzed via Wireshark. Several TCP errors were observed over a very short time interval which indicated successful DDoS attack effectively crashing the system. The result varied when the custom-made WAF was put in place, and the attacking lab machine launched a TCP syn flood attack against the web server on port http port 80. A total of 2,353,585 packets were transmitted in a short period which were captured and analyzed using Wireshark and contained less TCP errors indicating successful mitigation of DDoS attacks. When the resources were hosted online and integrated with Cloudflare, integrity checks were successful before the resources were loaded, indicating complete mitigation of attacks. In the end, an enhanced, cloud-based, hybrid (WAF + Cloudflare) security model that prevented the risks of DDoS attacks on cloud computing and IoT devices was designed and implemented. The methodology adopted for this research work is Open Source Security Testing Methodology Manual (OSSTMM) and programming language used is batch script. The model will be useful in education, healthcare, ecommerce, financial, political/electoral, web hosting providers/ISPs offices, homes and online gaming sites. However, these advancements also make IoT and cloud applications vulnerable to a variety of security threats. To broaden the scope of this research, it is recommended to extend the study to include Man-in-the-Middle (MitM) attacks and routing attacks targeting IoT devices and cloud applications.

Open Source Program Offices

Open Source Program Offices

Rancang Bangun Aplikasi Edukasi Reproduksi Manusia Pada Pelajar SMPN 187 Jakarta Berbasis Android

The implementation of education at SMPN 187 Jakarta is often limited to the use of PPT and RPP,causing the material to become monotonous and less interesting for students. Reproductioneducation is also often not delivered comprehensively, resulting in less than optimal studentunderstanding. To overcome this, an Android-based application was developed which aims toincrease students' understanding of reproductive health. This application provides educationalmaterial covering secondary and primary aspects as well as a test feature to measure studentunderstanding, making learning more effective and interactive. This application uses Flutter as amulti-platformframework andDart as an open source programming languagewithOOPconceptsthat are easy to understand. The application backend is managed with Laravel, functioning asBackendAPImanagement of themobile application.The prototypemethod is used in development,starting from collecting user needs to creating a design/prototype. The results of this research areas an educational application and learning support media for students at SMPN 187 Jakarta bymaking learning media flexible and efficient, with features for characters that help improvestudents' and female students' understanding of educational reproduction.

Multi-Objective Optimization Design of a Mooring System Based on the Surrogate Model

As the development of floating offshore wind turbines (FOWTs) progresses from offshore to deeper sea, the demands on mooring systems to ensure the safety of the structure have become increasingly stringent, leading to a concomitant rise in costs. A parameter optimization method for the mooring system of FOWTs is proposed, with the mooring line length and anchor radial spacing as the optimization variables, and the minimization of surge, yaw, and nacelle acceleration as the objectives. A series of mooring system configuration samples are generated by the fully analytical factorial design method, and the open source program OpenFAST is employed to simulate the global responses in the time domain. To enhance the efficiency of the optimization process, a multi-objective evolutionary algorithm, Non-dominated Sorting Genetic Algorithm II (NSGA-II), is utilized to find the Pareto-optimal solutions, alongside a Kriging model, which serves as a surrogate model for the FOWTs. This approach was applied to an IEC 15MW FOWT to demonstrate the optimization procedure. The results indicate that the integration of the genetic algorithm and the surrogate model achieved rapid convergence and high accuracy. Through this optimization process, the longitudinal motion response of FOWTs is reduced by a maximum of 6.46%, the yaw motion by 2.87%, and the nacelle acceleration by 11.55%.

Fabrication and high-power testing of an X-band high-power phase shifter for the very compact inverse Compton scattering gamma-ray source.

This paper proposed an X-band phase shifter for the very compact inverse Compton scattering gamma-ray source program at Tsinghua University and conducted its structure design, numerical simulation, fabrication, cold test, and high-power testing. This phase shifter is composed of a polarizer, circular waveguide, and a piston with a choke structure. The simulation results show that the reflection coefficient of the phase shifter is under -40 dB and the insertion coefficient exceeds -0.06 dB at the operating frequency of 11.424GHz. The phase variation is 20°/mm, and a linear phase change from 0° to 360° can be achieved with a piston displacement of 18mm. The manufactured phase shifter has exhibited good performance in the cold test by using the vector network analyzer. After 16h conditioning in the Tsinghua X-band high-power test stand, the phase shifter reached a peak power of 72MW at 230ns pulse width and a peak power of 82MW at 130ns pulse width. After processing signals from the high-speed oscilloscope, it was found that the transmission phase variations were in good agreement with the simulation results.

Improving Source Code Quality by Minimizing Refactoring Effort

Software maintenance is a time-consuming and costly endeavor. As a part of maintenance, refactoring is aimed at enhancing quality. Due to project deadlines and limited resources, developers need to prioritize refactoring activities. In this paper, we present a livestock management-inspired approach for identifying and prioritizing classes to refactor within an object-oriented program. This approach empowers developers to enhance the time/quality ratio. The novelty of our approach lies in utilizing established metrics for detecting code defects to prioritize each class. To validate its effectiveness, the approach was tested on four distinct Pharo-based open source programs. The results demonstrate the approach's efficacy in improving software quality, reducing development time, and enhancing team productivity

Enthalpic Classification of Water Molecules in Target-Ligand Binding.

Water molecules play various roles in target-ligand binding. For example, they can be replaced by the ligand and leave the surface of the binding pocket or stay conserved in the interface and form bridges with the target. While experimental techniques supply target-ligand complex structures at an increasing rate, they often have limitations in the measurement of a detailed water structure. Moreover, measurements of binding thermodynamics cannot distinguish between the different roles of individual water molecules. However, such a distinction and classification of the role of individual water molecules would be key to their application in drug design at atomic resolution. In this study, we investigate a quantitative approach for the description of the role of water molecules during ligand binding. Starting from complete hydration structures of the free and ligand-bound target molecules, binding enthalpy scores are calculated for each water molecule using quantum mechanical calculations. A statistical evaluation showed that the scores can distinguish between conserved and displaced classes of water molecules. The classification system was calibrated and tested on more than 1000 individual water positions. The practical tests of the enthalpic classification included important cases of antiviral drug research on HIV-1 protease inhibitors and the Influenza A ion channel. The methodology of classification is based on open source program packages, Gromacs, Mopac, and MobyWat, freely available to the scientific community.

A Systematic Translation Validation Framework for MLIR-Based Compilers

This paper introduces an innovative translation validation framework designed for MLIR-based compilers, which has garnered considerable prominence in fields such as machine learning, high-performance computing and hardware design. Despite rigorous testing, compilers based on MLIR might still induce incorrect results and undefined behaviors, necessitating verification work. Our framework first takes a pair of MLIR programs as inputs and check their function signature’s compatibility before encoding them into SMT expressions. Then it uses the Z3 SMT solver to check whether the target program refines the source program. Our framework transcends the dialect limitations of past solutions, thereby providing validation support to a wider range of MLIR-based compilers. We demonstrate its effectiveness through evaluations on prominent open-source MLIR-based compilers, where we identified bugs and undefined behaviors. We further demonstrate the capability of this framework by validating two practical deep-learning accelerator designs.

Analysis Testing Black Box and White Box on Application To-Do List Based Web

The rapid development of information technology has led to the creation of numerous web-based applications designed to assist human activities and work. One such application is the To-Do List, which helps users manage their tasks and increase productivity. This study aims to analyze the quality of web-based To-Do List applications through black box and white box testing. The research focuses on the login and main pages of the application, where various scenarios are tested to ensure that the system functions as intended. The testing process includes designing test scenarios, creating test cases, executing the test cases, and collecting and processing test result data. The study also includes an analysis of the program's source code using flowcharts and flowgraphs to identify the number of independent logic execution paths and design test cases for white box testing. The results of the testing will help identify errors and weaknesses in the application, ensuring that the final product is of high quality.

A Pure Demand Operational Semantics with Applications to Program Analysis

This paper develops a novel minimal-state operational semantics for higher-order functional languages that uses only the call stack and a source program point or a lexical level as the complete state information: there is no environment, no substitution, no continuation, etc. We prove this form of operational semantics equivalent to standard presentations. We then show how this approach can open the door to potential new applications: we define a program analysis as a direct finitization of this operational semantics. The program analysis that naturally emerges has a number of novel and interesting properties compared to standard program analyses for higher-order programs: for example, it can infer recurrences and does not need value widening. We both give a formal definition of the analysis and describe our current implementation.

Prevalence and severity of design anti-patterns in open source programs—A large-scale study

Context:Design anti-patterns can be symptoms of problems that lead to long-term maintenance difficulty. How should development teams prioritize their treatment? Which ones are more severe and deserve more attention? Does the impact of anti-patterns and general maintenance efforts differ with different programming languages? Objective:In this study, we assess the prevalence and severity of anti-patterns in different programming languages and the impact of dynamic typing in Python, as well as the impact scopes of prevalent anti-patterns that manifest the violation of design principles. Method:We conducted a large-scale study of anti-patterns using 1717 open-source projects written in Java, C/C++, and Python. For the 288 Python projects, we extracted both explicit and dynamic dependencies and compared how the detected anti-patterns and maintenance costs changed. Finally, we removed anti-patterns involving five or fewer files to assess the impact of trivial anti-patterns. Results:The results reveal that 99.55% of these projects contain anti-patterns. Modularity Violation – frequent co-changes among seemingly unrelated files – is most prevalent (detected in 83.54% of all projects) and costly (incurred 61.55% of maintenance effort on average). Unstable Interface and Crossing, caused by influential but unstable files, although not as prevalent, tend to incur severe maintenance costs. Duck typing in Python incurs more anti-patterns, and the churn spent on Python files multiplies that of C/C++ and Java files. Several prevalent anti-patterns have a large portion of trivial instances, meaning that these common symptoms are usually not harmful. Conclusion:Implicit and visible dependencies are the most expensive to maintain, and dynamic typing in Python exacerbates the issue. Influential but unstable files need to be monitored and rectified early to prevent the accumulation of high maintenance costs. The violations of design principles are widespread, but many are not high-maintenance.

Vulnerable JavaScript functions detection using stacking of convolutional neural networks.

System security for web-based applications is paramount, and for the avoidance of possible cyberattacks it is important to detect vulnerable JavaScript functions. Developers and security analysts have long relied upon static analysis to investigate vulnerabilities and faults within programs. Static analysis tools are used for analyzing a program's source code and identifying sections of code that need to be further examined by a human analyst. This article suggests a new approach for identifying vulnerable code in JavaScript programs by using ensemble of convolutional neural networks (CNNs) models. These models use vulnerable information and code features to detect related vulnerable code. For identifying different vulnerabilities in JavaScript functions, an approach has been tested which involves the stacking of CNNs with misbalancing, random under sampler, and random over sampler. Our approach uses these CNNs to detect vulnerable code and improve upon current techniques' limitations. Previous research has introduced several approaches to identify vulnerable code in JavaScript programs, but often have their own limitations such as low accuracy rates and high false-positive or false-negative results. Our approach addresses this by using the power of convolutional neural networks and is proven to be highly effective in the detection of vulnerable functions that could be used by cybercriminals. The stacked CNN approach has an approximately 98% accuracy, proving its robustness and usability in real-world scenarios. To evaluate its efficacy, the proposed method is trained using publicly available JavaScript blocks, and the results are assessed using various performance metrics. The research offers a valuable insight into better ways to protect web-based applications and systems from potential threats, leading to a safer online environment for all.

Using model-driven engineering to automate software language translation

The porting or translation of software applications from one programming language to another is a common requirement of organisations that utilise software, and the increasing number and diversity of programming languages makes this capability as relevant today as in previous decades. Several approaches have been used to address this challenge, including machine learning and the manual definition of direct language-to-language translation rules, however the accuracy of these approaches remains unsatisfactory. In this paper we describe a new approach to program translation using model-driven engineering techniques: reverse-engineering source programs into specifications in the UML and OCL formalisms, and then forward-engineering the specifications to the required target language. This approach can provide assurance of semantic preservation, and additionally has the advantage of extracting precise specifications of software from code. We provide an evaluation based on a comprehensive dataset of examples, including industrial cases, and compare our results to those of other approaches and tools. Our specific contributions are: (1) Reverse-engineering source programs to detailed semantic models of software behaviour, to enable semantically-correct translations and reduce re-testing costs; (2) Program abstraction processes defined by precise and explicit rules, which can be edited and configured by users; (3) A set of reusable OCL library components appropriate for representing program semantics, and which can also be used for OCL specification of new applications; (4) A systematic procedure for building program abstractors based on language grammars and semantics.

Comparing programming languages for data analytics: Accuracy of estimation in Python and R

AbstractSeveral open‐source programming languages, particularly R and Python, are utilized in industry and academia for statistical data analysis, data mining, and machine learning. While most commercial software programs and programming languages provide a single way to deliver a statistical procedure, open‐source programming languages have multiple libraries and packages offering many ways to complete the same analysis, often with varying results. Applying the same statistical method across these different libraries and packages can lead to entirely different solutions due to the differences in their implementations. Therefore, reliability and accuracy should be essential considerations when making library and package usage decisions while conducting statistical analysis using open source programming languages. Instead, most users take this for granted, assuming that their chosen libraries and packages produce accurate results for their statistical analysis. To this extent, this study assesses the estimation accuracy and reliability of Python and R's various libraries and packages by evaluating the univariate summary statistics, analysis of variance (ANOVA), and linear regression procedures using benchmarking data from the National Institutes of Standards and Technology (NIST). Further, experimental results are presented comparing machine learning methods for classification and regression. The libraries and packages assessed in this study include the stats package in R and Pandas, Statistics, NumPy, statsmodels, SciPy, statsmodels, scikit‐learn, and pingouin in Python. The results show that the stats package in R and statsmodels library in Python are reliable for univariate summary statistics. In contrast, Python's scikit‐learn library produces the most accurate results and is recommended for ANOVA. Among the libraries and packages assessed for linear regression, the results demonstrated that the stats package in R is more reliable, accurate, and flexible; thus, it is recommended for linear regression analysis. Further, we present results and recommendations for machine learning using R and Python.This article is categorized under: Algorithmic Development > Statistics Application Areas > Data Mining Software Tools

An open source platform addressing structural stability risk assessment in historical centres

The management of stability risk assessment in historical centres in a project that aims to design and develop an open platform where blocks of buildings and large structures may be represented in damage maps before the event occurs, addressing damage forecasts for seismic movements impacting on the structural stability of the CH. The structural stability is calculated using a Matlab code developed at the National Technical University of Athens, translated to an open source programming language (Python)using the software tool GeoPandas to enable operations that would normally require spatial database software (PostGIS). Furthermore, the use of open source technologies like QGIS desktop software will provide open and free access to view and contribute in the future.

Wasm-Mutate: Fast and effective binary diversification for WebAssembly

WebAssembly is the fourth officially endorsed Web language. It is recognized because of its efficiency and design, focused on security. Yet, its swiftly expanding ecosystem lacks robust software diversification systems. We introduce Wasm-Mutate, a diversification engine specifically designed for WebAssembly. Our engine meets several essential criteria: 1) To quickly generate functionally identical, yet behaviorally diverse, WebAssembly variants, 2) To be universally applicable to any WebAssembly program, irrespective of the source programming language, and 3) Generated variants should counter side-channels. By leveraging an e-graph data structure, Wasm-Mutate is implemented to meet both speed and efficacy. We evaluate Wasm-Mutate by conducting experiments on 404 programs, which include real-world applications. Our results highlight that Wasm-Mutate can produce tens of thousands of unique and efficient WebAssembly variants within minutes. Significantly, Wasm-Mutate can safeguard WebAssembly binaries against timing side-channel attacks, especially those of the Spectre type.

Versatile and automated workflow for the analysis of oligodendroglial calcium signals.

Although intracellular Ca2+ signals of oligodendroglia, the myelin-forming cells of the central nervous system, regulate vital cellular processes including myelination, few studies on oligodendroglia Ca2+ signal dynamics have been carried out and existing software solutions are not adapted to the analysis of the complex Ca2+ signal characteristics of these cells. Here, we provide a comprehensive solution to analyze oligodendroglia Ca2+ imaging data at the population and single-cell levels. We describe a new analytical pipeline containing two free, open source and cross-platform software programs, Occam and post-prOccam, that enable the fully automated analysis of one- and two-photon Ca2+ imaging datasets from oligodendroglia obtained by either ex vivo or in vivo Ca2+ imaging techniques. Easily configurable, our software solution is optimized to obtain unbiased results from large datasets acquired with different imaging techniques. Compared to other recent software, our solution proved to be fast, low memory demanding and faithful in the analysis of oligodendroglial Ca2+ signals in all tested imaging conditions. Our versatile and accessible Ca2+ imaging data analysis tool will facilitate the elucidation of Ca2+-mediated mechanisms in oligodendroglia. Its configurability should also ensure its suitability with new use cases such as other glial cell types or even cells outside the CNS.

Answer Refinement Modification: Refinement Type System for Algebraic Effects and Handlers

Algebraic effects and handlers are a mechanism to structure programs with computational effects in a modular way. They are recently gaining popularity and being adopted in practical languages, such as OCaml. Meanwhile, there has been substantial progress in program verification via refinement type systems . While a variety of refinement type systems have been proposed, thus far there has not been a satisfactory refinement type system for algebraic effects and handlers. In this paper, we fill the void by proposing a novel refinement type system for languages with algebraic effects and handlers. The expressivity and usefulness of algebraic effects and handlers come from their ability to manipulate delimited continuations , but delimited continuations also complicate programs’ control flow and make their verification harder. To address the complexity, we introduce a novel concept that we call answer refinement modification (ARM for short), which allows the refinement type system to precisely track what effects occur and in what order when a program is executed, and reflect such information as modifications to the refinements in the types of delimited continuations. We formalize our type system that supports ARM (as well as answer type modification, or ATM) and prove its soundness. Additionally, as a proof of concept, we have extended the refinement type system to a subset of OCaml 5 which comes with a built-in support for effect handlers, implemented a type checking and inference algorithm for the extension, and evaluated it on a number of benchmark programs that use algebraic effects and handlers. The evaluation demonstrates that ARM is conceptually simple and practically useful. Finally, a natural alternative to directly reasoning about a program with delimited continuations is to apply a continuation passing style (CPS) transformation that transforms the program to a pure program without delimited continuations. We investigate this alternative in the paper, and show that the approach is indeed possible by proposing a novel CPS transformation for algebraic effects and handlers that enjoys bidirectional (refinement-)type-preservation. We show that there are pros and cons with this approach, namely, while one can use an existing refinement type checking and inference algorithm that can only (directly) handle pure programs, there are issues such as needing type annotations in source programs and making the inferred types less informative to a user.

Fusing Direct Manipulations into Functional Programs

Bidirectional live programming systems (BLP) enable developers to modify a program by directly manipulating the program output, so that the updated program can produce the manipulated output. One state-of-the-art approach to BLP systems is operation-based, which captures the developer's intention of program modifications by taking how the developer manipulates the output into account. The program modifications are usually hard coded for each direct manipulation in these BLP systems, which are difficult to extend. Moreover, to reflect the manipulations to the source program, these BLP systems trace the modified output to appropriate code fragments and perform corresponding code transformations. Accordingly, they require direct manipulation users be aware of the source code and how it is changed, making "direct" manipulation (on output) be "indirect". In this paper, we resolve this problem by presenting a novel operation-based framework for bidirectional live programming, which can automatically fuse direct manipulations into the source code, thus supporting code-insensitive direct manipulations. Firstly, we design a simple but expressive delta language DM capable of expressing common direct manipulations for output values. Secondly, we present a fusion algorithm that propagates direct manipulations into the source functional programs and applies them to the constants whenever possible; otherwise, the algorithm embeds manipulations into the "proper positions" of programs. We prove the correctness of the fusion algorithm that the updated program executes to get the manipulated output. To demonstrate the expressiveness of DM and the effectiveness of our fusion algorithm, we have implemented FuseDM, a prototype SVG editor that supports GUI-based operations for direct manipulation, and successfully designed 14 benchmark examples starting from blank code using FuseDM.