Showing 51–100 of 111 results for author: Ray, B

VELVET: a noVel Ensemble Learning approach to automatically locate VulnErable sTatements

Authors: Yangruibo Ding, Sahil Suneja, Yunhui Zheng, Jim Laredo, Alessandro Morari, Gail Kaiser, Baishakhi Ray

Abstract: Automatically locating vulnerable statements in source code is crucial to assure software security and alleviate developers' debugging efforts. This becomes even more important in today's software ecosystem, where vulnerable code can flow easily and unwittingly within and across software repositories like GitHub. Across such millions of lines of code, traditional static and dynamic approaches stru… ▽ More Automatically locating vulnerable statements in source code is crucial to assure software security and alleviate developers' debugging efforts. This becomes even more important in today's software ecosystem, where vulnerable code can flow easily and unwittingly within and across software repositories like GitHub. Across such millions of lines of code, traditional static and dynamic approaches struggle to scale. Although existing machine-learning-based approaches look promising in such a setting, most work detects vulnerable code at a higher granularity -- at the method or file level. Thus, developers still need to inspect a significant amount of code to locate the vulnerable statement(s) that need to be fixed. This paper presents VELVET, a novel ensemble learning approach to locate vulnerable statements. Our model combines graph-based and sequence-based neural networks to successfully capture the local and global context of a program graph and effectively understand code semantics and vulnerable patterns. To study VELVET's effectiveness, we use an off-the-shelf synthetic dataset and a recently published real-world dataset. In the static analysis setting, where vulnerable functions are not detected in advance, VELVET achieves 4.5x better performance than the baseline static analyzers on the real-world data. For the isolated vulnerability localization task, where we assume the vulnerability of a function is known while the specific vulnerable statement is unknown, we compare VELVET with several neural networks that also attend to local and global context of code. VELVET achieves 99.6% and 43.6% top-1 accuracy over synthetic data and real-world data, respectively, outperforming the baseline deep-learning models by 5.3-29.0%. △ Less

Submitted 12 January, 2022; v1 submitted 20 December, 2021; originally announced December 2021.

Comments: Camera Ready for Research Track of 29th IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER 2022)

A Survey on Scenario-Based Testing for Automated Driving Systems in High-Fidelity Simulation

Authors: Ziyuan Zhong, Yun Tang, Yuan Zhou, Vania de Oliveira Neves, Yang Liu, Baishakhi Ray

Abstract: Automated Driving Systems (ADSs) have seen rapid progress in recent years. To ensure the safety and reliability of these systems, extensive testings are being conducted before their future mass deployment. Testing the system on the road is the closest to real-world and desirable approach, but it is incredibly costly. Also, it is infeasible to cover rare corner cases using such real-world testing.… ▽ More Automated Driving Systems (ADSs) have seen rapid progress in recent years. To ensure the safety and reliability of these systems, extensive testings are being conducted before their future mass deployment. Testing the system on the road is the closest to real-world and desirable approach, but it is incredibly costly. Also, it is infeasible to cover rare corner cases using such real-world testing. Thus, a popular alternative is to evaluate an ADS's performance in some well-designed challenging scenarios, a.k.a. scenario-based testing. High-fidelity simulators have been widely used in this setting to maximize flexibility and convenience in testing what-if scenarios. Although many works have been proposed offering diverse frameworks/methods for testing specific systems, the comparisons and connections among these works are still missing. To bridge this gap, in this work, we provide a generic formulation of scenario-based testing in high-fidelity simulation and conduct a literature review on the existing works. We further compare them and present the open challenges as well as potential future research directions. △ Less

Submitted 1 December, 2021; originally announced December 2021.

Towards Learning (Dis)-Similarity of Source Code from Program Contrasts

Authors: Yangruibo Ding, Luca Buratti, Saurabh Pujar, Alessandro Morari, Baishakhi Ray, Saikat Chakraborty

Abstract: Understanding the functional (dis)-similarity of source code is significant for code modeling tasks such as software vulnerability and code clone detection. We present DISCO(DIS-similarity of COde), a novel self-supervised model focusing on identifying (dis)similar functionalities of source code. Different from existing works, our approach does not require a huge amount of randomly collected datas… ▽ More Understanding the functional (dis)-similarity of source code is significant for code modeling tasks such as software vulnerability and code clone detection. We present DISCO(DIS-similarity of COde), a novel self-supervised model focusing on identifying (dis)similar functionalities of source code. Different from existing works, our approach does not require a huge amount of randomly collected datasets. Rather, we design structure-guided code transformation algorithms to generate synthetic code clones and inject real-world security bugs, augmenting the collected datasets in a targeted way. We propose to pre-train the Transformer model with such automatically generated program contrasts to better identify similar code in the wild and differentiate vulnerable programs from benign ones. To better capture the structural features of source code, we propose a new cloze objective to encode the local tree-based context (e.g., parents or sibling nodes). We pre-train our model with a much smaller dataset, the size of which is only 5% of the state-of-the-art models' training datasets, to illustrate the effectiveness of our data augmentation and the pre-training approach. The evaluation shows that, even with much less data, DISCO can still outperform the state-of-the-art models in vulnerability and code clone detection tasks. △ Less

Submitted 20 March, 2022; v1 submitted 7 October, 2021; originally announced October 2021.

Comments: ACL 2022 Camera-Ready

Detecting Multi-Sensor Fusion Errors in Advanced Driver-Assistance Systems

Authors: Ziyuan Zhong, Zhisheng Hu, Shengjian Guo, Xinyang Zhang, Zhenyu Zhong, Baishakhi Ray

Abstract: Advanced Driver-Assistance Systems (ADAS) have been thriving and widely deployed in recent years. In general, these systems receive sensor data, compute driving decisions, and output control signals to the vehicles. To smooth out the uncertainties brought by sensor outputs, they usually leverage multi-sensor fusion (MSF) to fuse the sensor outputs and produce a more reliable understanding of the s… ▽ More Advanced Driver-Assistance Systems (ADAS) have been thriving and widely deployed in recent years. In general, these systems receive sensor data, compute driving decisions, and output control signals to the vehicles. To smooth out the uncertainties brought by sensor outputs, they usually leverage multi-sensor fusion (MSF) to fuse the sensor outputs and produce a more reliable understanding of the surroundings. However, MSF cannot completely eliminate the uncertainties since it lacks the knowledge about which sensor provides the most accurate data and how to optimally integrate the data provided by the sensors. As a result, critical consequences might happen unexpectedly. In this work, we observed that the popular MSF methods in an industry-grade ADAS can mislead the car control and result in serious safety hazards. We define the failures (e.g., car crashes) caused by the faulty MSF as fusion errors and develop a novel evolutionary-based domain-specific search framework, FusED, for the efficient detection of fusion errors. We further apply causality analysis to show that the found fusion errors are indeed caused by the MSF method. We evaluate our framework on two widely used MSF methods in two driving environments. Experimental results show that FusED identifies more than 150 fusion errors. Finally, we provide several suggestions to improve the MSF methods we study. △ Less

Submitted 25 May, 2022; v1 submitted 13 September, 2021; originally announced September 2021.

Neural Network Guided Evolutionary Fuzzing for Finding Traffic Violations of Autonomous Vehicles

Authors: Ziyuan Zhong, Gail Kaiser, Baishakhi Ray

Abstract: Self-driving cars and trucks, autonomous vehicles (AVs), should not be accepted by regulatory bodies and the public until they have much higher confidence in their safety and reliability -- which can most practically and convincingly be achieved by testing. But existing testing methods are inadequate for checking the end-to-end behaviors of AV controllers against complex, real-world corner cases i… ▽ More Self-driving cars and trucks, autonomous vehicles (AVs), should not be accepted by regulatory bodies and the public until they have much higher confidence in their safety and reliability -- which can most practically and convincingly be achieved by testing. But existing testing methods are inadequate for checking the end-to-end behaviors of AV controllers against complex, real-world corner cases involving interactions with multiple independent agents such as pedestrians and human-driven vehicles. While test-driving AVs on streets and highways fails to capture many rare events, existing simulation-based testing methods mainly focus on simple scenarios and do not scale well for complex driving situations that require sophisticated awareness of the surroundings. To address these limitations, we propose a new fuzz testing technique, called AutoFuzz, which can leverage widely-used AV simulators' API grammars to generate semantically and temporally valid complex driving scenarios (sequences of scenes). To efficiently search for traffic violations-inducing scenarios in a large search space, we propose a constrained neural network (NN) evolutionary search method to optimize AutoFuzz. Evaluation of our prototype on one state-of-the-art learning-based controller, two rule-based controllers, and one industrial-grade controller in five scenarios shows that AutoFuzz efficiently finds hundreds of traffic violations in high-fidelity simulation environments. For each scenario, AutoFuzz can find on average 10-39% more unique traffic violations than the best-performing baseline method. Further, fine-tuning the learning-based controller with the traffic violations found by AutoFuzz successfully reduced the traffic violations found in the new version of the AV controller software. △ Less

Submitted 21 July, 2022; v1 submitted 13 September, 2021; originally announced September 2021.

Retrieval Augmented Code Generation and Summarization

Authors: Md Rizwan Parvez, Wasi Uddin Ahmad, Saikat Chakraborty, Baishakhi Ray, Kai-Wei Chang

Abstract: Software developers write a lot of source code and documentation during software development. Intrinsically, developers often recall parts of source code or code summaries that they had written in the past while implementing software or documenting them. To mimic developers' code or summary generation behavior, we propose a retrieval augmented framework, REDCODER, that retrieves relevant code or s… ▽ More Software developers write a lot of source code and documentation during software development. Intrinsically, developers often recall parts of source code or code summaries that they had written in the past while implementing software or documenting them. To mimic developers' code or summary generation behavior, we propose a retrieval augmented framework, REDCODER, that retrieves relevant code or summaries from a retrieval database and provides them as a supplement to code generation or summarization models. REDCODER has a couple of uniqueness. First, it extends the state-of-the-art dense retrieval technique to search for relevant code or summaries. Second, it can work with retrieval databases that include unimodal (only code or natural language description) or bimodal instances (code-description pairs). We conduct experiments and extensive analysis on two benchmark datasets of code generation and summarization in Java and Python, and the promising results endorse the effectiveness of our proposed retrieval augmented framework. △ Less

Submitted 10 September, 2021; v1 submitted 26 August, 2021; originally announced August 2021.

Comments: accepted in EMNLP-Findings 2021

On Multi-Modal Learning of Editing Source Code

Authors: Saikat Chakraborty, Baishakhi Ray

Abstract: In recent years, Neural Machine Translator (NMT) has shown promise in automatically editing source code. Typical NMT based code editor only considers the code that needs to be changed as input and suggests developers with a ranked list of patched code to choose from - where the correct one may not always be at the top of the list. While NMT based code editing systems generate a broad spectrum of p… ▽ More In recent years, Neural Machine Translator (NMT) has shown promise in automatically editing source code. Typical NMT based code editor only considers the code that needs to be changed as input and suggests developers with a ranked list of patched code to choose from - where the correct one may not always be at the top of the list. While NMT based code editing systems generate a broad spectrum of plausible patches, the correct one depends on the developers' requirement and often on the context where the patch is applied. Thus, if developers provide some hints, using natural language, or providing patch context, NMT models can benefit from them. As a proof of concept, in this research, we leverage three modalities of information: edit location, edit code context, commit messages (as a proxy of developers' hint in natural language) to automatically generate edits with NMT models. To that end, we build MODIT, a multi-modal NMT based code editing engine. With in-depth investigation and analysis, we show that developers' hint as an input modality can narrow the search space for patches and outperform state-of-the-art models to generate correctly patched code in top-1 position. △ Less

Submitted 14 August, 2021; originally announced August 2021.

Comments: Accepted for publication in 36th IEEE/ACM conference on Automated Software Engineering (ASE-2021)

Unified Pre-training for Program Understanding and Generation

Authors: Wasi Uddin Ahmad, Saikat Chakraborty, Baishakhi Ray, Kai-Wei Chang

Abstract: Code summarization and generation empower conversion between programming language (PL) and natural language (NL), while code translation avails the migration of legacy code from one PL to another. This paper introduces PLBART, a sequence-to-sequence model capable of performing a broad spectrum of program and language understanding and generation tasks. PLBART is pre-trained on an extensive collect… ▽ More Code summarization and generation empower conversion between programming language (PL) and natural language (NL), while code translation avails the migration of legacy code from one PL to another. This paper introduces PLBART, a sequence-to-sequence model capable of performing a broad spectrum of program and language understanding and generation tasks. PLBART is pre-trained on an extensive collection of Java and Python functions and associated NL text via denoising autoencoding. Experiments on code summarization in the English language, code generation, and code translation in seven programming languages show that PLBART outperforms or rivals state-of-the-art models. Moreover, experiments on discriminative tasks, e.g., program repair, clone detection, and vulnerable code detection, demonstrate PLBART's effectiveness in program understanding. Furthermore, analysis reveals that PLBART learns program syntax, style (e.g., identifier naming convention), logical flow (e.g., if block inside an else block is equivalent to else if block) that are crucial to program semantics and thus excels even with limited annotations. △ Less

Submitted 10 April, 2021; v1 submitted 10 March, 2021; originally announced March 2021.

Comments: NAACL 2021 (camera ready)

Trex: Learning Execution Semantics from Micro-Traces for Binary Similarity

Authors: Kexin Pei, Zhou Xuan, Junfeng Yang, Suman Jana, Baishakhi Ray

Abstract: Detecting semantically similar functions -- a crucial analysis capability with broad real-world security usages including vulnerability detection, malware lineage, and forensics -- requires understanding function behaviors and intentions. This task is challenging as semantically similar functions can be implemented differently, run on different architectures, and compiled with diverse compiler opt… ▽ More Detecting semantically similar functions -- a crucial analysis capability with broad real-world security usages including vulnerability detection, malware lineage, and forensics -- requires understanding function behaviors and intentions. This task is challenging as semantically similar functions can be implemented differently, run on different architectures, and compiled with diverse compiler optimizations or obfuscations. Most existing approaches match functions based on syntactic features without understanding the functions' execution semantics. We present Trex, a transfer-learning-based framework, to automate learning execution semantics explicitly from functions' micro-traces and transfer the learned knowledge to match semantically similar functions. Our key insight is that these traces can be used to teach an ML model the execution semantics of different sequences of instructions. We thus train the model to learn execution semantics from the functions' micro-traces, without any manual labeling effort. We then develop a novel neural architecture to learn execution semantics from micro-traces, and we finetune the pretrained model to match semantically similar functions. We evaluate Trex on 1,472,066 function binaries from 13 popular software projects. These functions are from different architectures and compiled with various optimizations and obfuscations. Trex outperforms the state-of-the-art systems by 7.8%, 7.2%, and 14.3% in cross-architecture, optimization, and obfuscation function matching, respectively. Ablation studies show that the pretraining significantly boosts the function matching performance, underscoring the importance of learning execution semantics. △ Less

Submitted 26 April, 2021; v1 submitted 15 December, 2020; originally announced December 2020.

Point Process Modeling of Drug Overdoses with Heterogeneous and Missing Data

Authors: Xueying Liu, Jeremy Carter, Brad Ray, George Mohler

Abstract: Opioid overdose rates have increased in the United States over the past decade and reflect a major public health crisis. Modeling and prediction of drug and opioid hotspots, where a high percentage of events fall in a small percentage of space-time, could help better focus limited social and health services. In this work we present a spatial-temporal point process model for drug overdose clusterin… ▽ More Opioid overdose rates have increased in the United States over the past decade and reflect a major public health crisis. Modeling and prediction of drug and opioid hotspots, where a high percentage of events fall in a small percentage of space-time, could help better focus limited social and health services. In this work we present a spatial-temporal point process model for drug overdose clustering. The data input into the model comes from two heterogeneous sources: 1) high volume emergency medical calls for service (EMS) records containing location and time, but no information on the type of non-fatal overdose and 2) fatal overdose toxicology reports from the coroner containing location and high-dimensional information from the toxicology screen on the drugs present at the time of death. We first use non-negative matrix factorization to cluster toxicology reports into drug overdose categories and we then develop an EM algorithm for integrating the two heterogeneous data sets, where the mark corresponding to overdose category is inferred for the EMS data and the high volume EMS data is used to more accurately predict drug overdose death hotspots. We apply the algorithm to drug overdose data from Indianapolis, showing that the point process defined on the integrated data outperforms point processes that use only homogeneous EMS (AUC improvement .72 to .8) or coroner data (AUC improvement .81 to .85).We also investigate the extent to which overdoses are contagious, as a function of the type of overdose, while controlling for exogenous fluctuations in the background rate that might also contribute to clustering. We find that drug and opioid overdose deaths exhibit significant excitation, with branching ratio ranging from .72 to .98. △ Less

Submitted 12 October, 2020; originally announced October 2020.

CADET: Debugging and Fixing Misconfigurations using Counterfactual Reasoning

Authors: Rahul Krishna, Md Shahriar Iqbal, Mohammad Ali Javidian, Baishakhi Ray, Pooyan Jamshidi

Abstract: Modern computing platforms are highly-configurable with thousands of interacting configurations. However, configuring these systems is challenging. Erroneous configurations can cause unexpected non-functional faults. This paper proposes CADET (short for Causal Debugging Toolkit) that enables users to identify, explain, and fix the root cause of non-functional faults early and in a principled fashi… ▽ More Modern computing platforms are highly-configurable with thousands of interacting configurations. However, configuring these systems is challenging. Erroneous configurations can cause unexpected non-functional faults. This paper proposes CADET (short for Causal Debugging Toolkit) that enables users to identify, explain, and fix the root cause of non-functional faults early and in a principled fashion. CADET builds a causal model by observing the performance of the system under different configurations. Then, it uses casual path extraction followed by counterfactual reasoning over the causal model to: (a) identify the root causes of non-functional faults, (b) estimate the effects of various configurable parameters on the performance objective(s), and (c) prescribe candidate repairs to the relevant configuration options to fix the non-functional fault. We evaluated CADET on 5 highly-configurable systems deployed on 3 NVIDIA Jetson systems-on-chip. We compare CADET with state-of-the-art configuration optimization and ML-based debugging approaches. The experimental results indicate that CADET can find effective repairs for faults in multiple non-functional properties with (at most) 17% more accuracy, 28% higher gain, and $40\times$ speed-up than other ML-based performance debugging methods. Compared to multi-objective optimization approaches, CADET can find fixes (at most) $9\times$ faster with comparable or better performance gain. Our case study of non-functional faults reported in NVIDIA's forum show that CADET can find $14%$ better repairs than the experts' advice in less than 30 minutes. △ Less

Submitted 8 March, 2021; v1 submitted 12 October, 2020; originally announced October 2020.

Understanding Local Robustness of Deep Neural Networks under Natural Variations

Authors: Ziyuan Zhong, Yuchi Tian, Baishakhi Ray

Abstract: Deep Neural Networks (DNNs) are being deployed in a wide range of settings today, from safety-critical applications like autonomous driving to commercial applications involving image classifications. However, recent research has shown that DNNs can be brittle to even slight variations of the input data. Therefore, rigorous testing of DNNs has gained widespread attention. While DNN robustness und… ▽ More Deep Neural Networks (DNNs) are being deployed in a wide range of settings today, from safety-critical applications like autonomous driving to commercial applications involving image classifications. However, recent research has shown that DNNs can be brittle to even slight variations of the input data. Therefore, rigorous testing of DNNs has gained widespread attention. While DNN robustness under norm-bound perturbation got significant attention over the past few years, our knowledge is still limited when natural variants of the input images come. These natural variants, e.g. a rotated or a rainy version of the original input, are especially concerning as they can occur naturally in the field without any active adversary and may lead to undesirable consequences. Thus, it is important to identify the inputs whose small variations may lead to erroneous DNN behaviors. The very few studies that looked at DNN's robustness under natural variants, however, focus on estimating the overall robustness of DNNs across all the test data rather than localizing such error-producing points. This work aims to bridge this gap. To this end, we study the local per-input robustness properties of the DNNs and leverage those properties to build a white-box (DeepRobust-W) and a black-box (DeepRobust-B) tool to automatically identify the non-robust points. Our evaluation of these methods on three DNN models spanning three widely used image classification datasets shows that they are effective in flagging points of poor robustness. In particular, DeepRobust-W and DeepRobust-B are able to achieve an F1 score of up to 91.4% and 99.1%, respectively. We further show that DeepRobust-W can be applied to a regression problem in another domain. Our evaluation on three self-driving car models demonstrates that DeepRobust-W is effective in identifying points of poor robustness with F1 score up to 78.9%. △ Less

Submitted 22 January, 2021; v1 submitted 9 October, 2020; originally announced October 2020.

Effects of surface topography on low Reynolds number droplet/bubble flow through constricted passage

Authors: Aditya Singla, Bahni Ray

Abstract: This paper is an attempt to study the effects of surface topography on the flow of a droplet (or a bubble) in a low Reynolds number flow regime. Multiphase flows through a constricted passage find many interesting applications in chemistry and biology. The main parameters which determine the flow properties such as flow rate and pressure drop, and govern the complex multiphase phenomena such as dr… ▽ More This paper is an attempt to study the effects of surface topography on the flow of a droplet (or a bubble) in a low Reynolds number flow regime. Multiphase flows through a constricted passage find many interesting applications in chemistry and biology. The main parameters which determine the flow properties such as flow rate and pressure drop, and govern the complex multiphase phenomena such as drop coalescence, break-up and snap-off in a straight channel flow are the viscosity ratio, droplet size and ratio of the viscous forces to the surface tension forces (denoted by Capillary number). But in flow through a constricted passage, in addition to the above-mentioned parameters, various other geometric parameters such as constriction ratio, length and shape of the constriction, phase angle, and spacing between the constrictions also start playing an important role. Most of the studies done on the problem of drop flow through a constricted passage have aimed to understand the role of physical parameters, with some studies extending their analysis to understand the variation of one or two geometric parameters. But no study could be found which explicitly evaluates the role of surface topography. An attempt has been made to unify the current literature as well as analyze the effect of the geometric parameters by understanding the physics and mechanisms involved. The non-dimensional numbers which govern this problem are then identified using the scaling analysis. △ Less

Submitted 28 November, 2020; v1 submitted 24 September, 2020; originally announced September 2020.

Comments: 29 pages, 21 figures

Deep Learning & Software Engineering: State of Research and Future Directions

Authors: Prem Devanbu, Matthew Dwyer, Sebastian Elbaum, Michael Lowry, Kevin Moran, Denys Poshyvanyk, Baishakhi Ray, Rishabh Singh, Xiangyu Zhang

Abstract: Given the current transformative potential of research that sits at the intersection of Deep Learning (DL) and Software Engineering (SE), an NSF-sponsored community workshop was conducted in co-location with the 34th IEEE/ACM International Conference on Automated Software Engineering (ASE'19) in San Diego, California. The goal of this workshop was to outline high priority areas for cross-cutting r… ▽ More Given the current transformative potential of research that sits at the intersection of Deep Learning (DL) and Software Engineering (SE), an NSF-sponsored community workshop was conducted in co-location with the 34th IEEE/ACM International Conference on Automated Software Engineering (ASE'19) in San Diego, California. The goal of this workshop was to outline high priority areas for cross-cutting research. While a multitude of exciting directions for future work were identified, this report provides a general summary of the research areas representing the areas of highest priority which were discussed at the workshop. The intent of this report is to serve as a potential roadmap to guide future work that sits at the intersection of SE & DL. △ Less

Submitted 17 September, 2020; originally announced September 2020.

Comments: Community Report from the 2019 NSF Workshop on Deep Learning & Software Engineering, 37 pages

Deep Learning based Vulnerability Detection: Are We There Yet?

Authors: Saikat Chakraborty, Rahul Krishna, Yangruibo Ding, Baishakhi Ray

Abstract: Automated detection of software vulnerabilities is a fundamental problem in software security. Existing program analysis techniques either suffer from high false positives or false negatives. Recent progress in Deep Learning (DL) has resulted in a surge of interest in applying DL for automated vulnerability detection. Several recent studies have demonstrated promising results achieving an accuracy… ▽ More Automated detection of software vulnerabilities is a fundamental problem in software security. Existing program analysis techniques either suffer from high false positives or false negatives. Recent progress in Deep Learning (DL) has resulted in a surge of interest in applying DL for automated vulnerability detection. Several recent studies have demonstrated promising results achieving an accuracy of up to 95% at detecting vulnerabilities. In this paper, we ask, "how well do the state-of-the-art DL-based techniques perform in a real-world vulnerability prediction scenario?". To our surprise, we find that their performance drops by more than 50%. A systematic investigation of what causes such precipitous performance drop reveals that existing DL-based vulnerability prediction approaches suffer from challenges with the training data (e.g., data duplication, unrealistic distribution of vulnerable classes, etc.) and with the model choices (e.g., simple token-based models). As a result, these approaches often do not learn features related to the actual cause of the vulnerabilities. Instead, they learn unrelated artifacts from the dataset (e.g., specific variable/function names, etc.). Leveraging these empirical findings, we demonstrate how a more principled approach to data collection and model design, based on realistic settings of vulnerability prediction, can lead to better solutions. The resulting tools perform significantly better than the studied baseline: up to 33.57% boost in precision and 128.38% boost in recall compared to the best performing model in the literature. Overall, this paper elucidates existing DL-based vulnerability prediction systems' potential issues and draws a roadmap for future DL-based vulnerability prediction research. In that spirit, we make available all the artifacts supporting our results: https://git.io/Jf6IA. △ Less

Submitted 3 September, 2020; originally announced September 2020.

Comments: Under Review IEEE Transactions on Software Engineering

Patching as Translation: the Data and the Metaphor

Authors: Yangruibo Ding, Baishakhi Ray, Premkumar Devanbu, Vincent J. Hellendoorn

Abstract: Machine Learning models from other fields, like Computational Linguistics, have been transplanted to Software Engineering tasks, often quite successfully. Yet a transplanted model's initial success at a given task does not necessarily mean it is well-suited for the task. In this work, we examine a common example of this phenomenon: the conceit that "software patching is like language translation".… ▽ More Machine Learning models from other fields, like Computational Linguistics, have been transplanted to Software Engineering tasks, often quite successfully. Yet a transplanted model's initial success at a given task does not necessarily mean it is well-suited for the task. In this work, we examine a common example of this phenomenon: the conceit that "software patching is like language translation". We demonstrate empirically that there are subtle, but critical distinctions between sequence-to-sequence models and translation model: while program repair benefits greatly from the former, general modeling architecture, it actually suffers from design decisions built into the latter, both in terms of translation accuracy and diversity. Given these findings, we demonstrate how a more principled approach to model design, based on our empirical findings and general knowledge of software development, can lead to better solutions. Our findings also lend strong support to the recent trend towards synthesizing edits of code conditional on the buggy context, to repair bugs. We implement such models ourselves as "proof-of-concept" tools and empirically confirm that they behave in a fundamentally different, more effective way than the studied translation-based architectures. Overall, our results demonstrate the merit of studying the intricacies of machine learned models in software engineering: not only can this help elucidate potential issues that may be overshadowed by increases in accuracy; it can also help innovate on these models to raise the state-of-the-art further. We will publicly release our replication data and materials at https://github.com/ARiSE-Lab/Patch-as-translation. △ Less

Submitted 31 August, 2020; v1 submitted 24 August, 2020; originally announced August 2020.

Predicting Future Sales of Retail Products using Machine Learning

Authors: Devendra Swami, Alay Dilipbhai Shah, Subhrajeet K B Ray

Abstract: Techniques for making future predictions based upon the present and past data, has always been an area with direct application to various real life problems. We are discussing a similar problem in this paper. The problem statement is provided by Kaggle, which also serves as an ongoing competition on the Kaggle platform. In this project, we worked with a challenging time-series dataset consisting o… ▽ More Techniques for making future predictions based upon the present and past data, has always been an area with direct application to various real life problems. We are discussing a similar problem in this paper. The problem statement is provided by Kaggle, which also serves as an ongoing competition on the Kaggle platform. In this project, we worked with a challenging time-series dataset consisting of daily sales data, kindly provided by one of the largest Russian software firms - 1C Company. The objective is to predict the total sales for every product and store in the next month given the past data. In order to perform forecasting for next month, we have deployed eXtreme Gradient Boosting (XGBoost) and Long Short Term Memory (LSTM) based network architecture to perform learning task. Root mean squared error (RMSE) between the actual and predicted target values is used to evaluate the performance, and make comparisons between the deployed algorithms. It has been found that XGBoost fared better than LSTM over this dataset which can be attributed to its relatively higher sparsity. △ Less

Submitted 18 August, 2020; originally announced August 2020.

Comments: 6 pages, 4 images

Effect of doping on SGS and weak half-metallic properties of inverse Heusler Alloys

Authors: R. Dhakal, S. Nepal, R. B. Ray, R. Paudel, G. C. Kaphle

Abstract: Heusler alloys with Mn and Co have been found to exhibit interesting electronic and magnetic properties. Mn$_2$CoAl is well known SGS compound while Mn$_2$CoGa has weak half metallic character. By using plane wave pseudo-potential method, we studied the effect of Fe and Cr doping on half-metalicity and magnetism of these compounds. The doping destroys the SGS nature of Mn$_2$CoAl while the small-s… ▽ More Heusler alloys with Mn and Co have been found to exhibit interesting electronic and magnetic properties. Mn$_2$CoAl is well known SGS compound while Mn$_2$CoGa has weak half metallic character. By using plane wave pseudo-potential method, we studied the effect of Fe and Cr doping on half-metalicity and magnetism of these compounds. The doping destroys the SGS nature of Mn$_2$CoAl while the small-scale doping enhance the half-metallicity of Mn$_2$CoGa making it perfect half-metal. In case of Mn$_2$CoAl, the doping decrease the band gap while increase in band width is noticed for Mn$_2$CoGa. The half-metallicity is destroyed in both cases when the doping level is beyond certain degree. Moreover, we have also computed magnetic behavior of Mn$_2$CoZ alloys and we found that total magnetic moments of dopped samples have higher values than that of pristine compounds. △ Less

Submitted 11 August, 2020; originally announced August 2020.

Journal ref: Journal of Magnetism and Magnetic Materials 503 (2020), 166588

Multitask Learning Strengthens Adversarial Robustness

Authors: Chengzhi Mao, Amogh Gupta, Vikram Nitin, Baishakhi Ray, Shuran Song, Junfeng Yang, Carl Vondrick

Abstract: Although deep networks achieve strong accuracy on a range of computer vision benchmarks, they remain vulnerable to adversarial attacks, where imperceptible input perturbations fool the network. We present both theoretical and empirical analyses that connect the adversarial robustness of a model to the number of tasks that it is trained on. Experiments on two datasets show that attack difficulty in… ▽ More Although deep networks achieve strong accuracy on a range of computer vision benchmarks, they remain vulnerable to adversarial attacks, where imperceptible input perturbations fool the network. We present both theoretical and empirical analyses that connect the adversarial robustness of a model to the number of tasks that it is trained on. Experiments on two datasets show that attack difficulty increases as the number of target tasks increase. Moreover, our results suggest that when models are trained on multiple tasks at once, they become more robust to adversarial attacks on individual tasks. While adversarial defense remains an open challenge, our results suggest that deep networks are vulnerable partly because they are trained on too few tasks. △ Less

Submitted 10 September, 2020; v1 submitted 14 July, 2020; originally announced July 2020.

MTFuzz: Fuzzing with a Multi-Task Neural Network

Authors: Dongdong She, Rahul Krishna, Lu Yan, Suman Jana, Baishakhi Ray

Abstract: Fuzzing is a widely used technique for detecting software bugs and vulnerabilities. Most popular fuzzers generate new inputs using an evolutionary search to maximize code coverage. Essentially, these fuzzers start with a set of seed inputs, mutate them to generate new inputs, and identify the promising inputs using an evolutionary fitness function for further mutation. Despite their success, evolu… ▽ More Fuzzing is a widely used technique for detecting software bugs and vulnerabilities. Most popular fuzzers generate new inputs using an evolutionary search to maximize code coverage. Essentially, these fuzzers start with a set of seed inputs, mutate them to generate new inputs, and identify the promising inputs using an evolutionary fitness function for further mutation. Despite their success, evolutionary fuzzers tend to get stuck in long sequences of unproductive mutations. In recent years, machine learning (ML) based mutation strategies have reported promising results. However, the existing ML-based fuzzers are limited by the lack of quality and diversity of the training data. As the input space of the target programs is high dimensional and sparse, it is prohibitively expensive to collect many diverse samples demonstrating successful and unsuccessful mutations to train the model. In this paper, we address these issues by using a Multi-Task Neural Network that can learn a compact embedding of the input space based on diverse training samples for multiple related tasks (i.e., predicting for different types of coverage). The compact embedding can guide the mutation process by focusing most of the mutations on the parts of the embedding where the gradient is high. \tool uncovers $11$ previously unseen bugs and achieves an average of $2\times$ more edge coverage compared with 5 state-of-the-art fuzzer on 10 real-world programs. △ Less

Submitted 11 September, 2020; v1 submitted 25 May, 2020; originally announced May 2020.

Comments: ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE) 2020

Pythia: Grammar-Based Fuzzing of REST APIs with Coverage-guided Feedback and Learning-based Mutations

Authors: Vaggelis Atlidakis, Roxana Geambasu, Patrice Godefroid, Marina Polishchuk, Baishakhi Ray

Abstract: This paper introduces Pythia, the first fuzzer that augments grammar-based fuzzing with coverage-guided feedback and a learning-based mutation strategy for stateful REST API fuzzing. Pythia uses a statistical model to learn common usage patterns of a target REST API from structurally valid seed inputs. It then generates learning-based mutations by injecting a small amount of noise deviating from c… ▽ More This paper introduces Pythia, the first fuzzer that augments grammar-based fuzzing with coverage-guided feedback and a learning-based mutation strategy for stateful REST API fuzzing. Pythia uses a statistical model to learn common usage patterns of a target REST API from structurally valid seed inputs. It then generates learning-based mutations by injecting a small amount of noise deviating from common usage patterns while still maintaining syntactic validity. Pythia's mutation strategy helps generate grammatically valid test cases and coverage-guided feedback helps prioritize the test cases that are more likely to find bugs. We present experimental evaluation on three production-scale, open-source cloud services showing that Pythia outperforms prior approaches both in code coverage and new bugs found. Using Pythia, we found 29 new bugs which we are in the process of reporting to the respective service owners. △ Less

Submitted 23 May, 2020; originally announced May 2020.

A Transformer-based Approach for Source Code Summarization

Authors: Wasi Uddin Ahmad, Saikat Chakraborty, Baishakhi Ray, Kai-Wei Chang

Abstract: Generating a readable summary that describes the functionality of a program is known as source code summarization. In this task, learning code representation by modeling the pairwise relationship between code tokens to capture their long-range dependencies is crucial. To learn code representation for summarization, we explore the Transformer model that uses a self-attention mechanism and has shown… ▽ More Generating a readable summary that describes the functionality of a program is known as source code summarization. In this task, learning code representation by modeling the pairwise relationship between code tokens to capture their long-range dependencies is crucial. To learn code representation for summarization, we explore the Transformer model that uses a self-attention mechanism and has shown to be effective in capturing long-range dependencies. In this work, we show that despite the approach is simple, it outperforms the state-of-the-art techniques by a significant margin. We perform extensive analysis and ablation studies that reveal several important findings, e.g., the absolute encoding of source code tokens' position hinders, while relative encoding significantly improves the summarization performance. We have made our code publicly available to facilitate future research. △ Less

Submitted 1 May, 2020; originally announced May 2020.

Comments: This paper is accepted at ACL2020

Rebuttal to Berger et al., TOPLAS 2019

Authors: Baishakhi Ray, Prem Devanbu, Vladimir Filkov

Abstract: Berger et al., published in TOPLAS 2019, is a critique of our 2014 FSE conference abstract and its archival version, the 2017 CACM paper: A Large-Scale Study of Programming Languages and Code Quality in Github. In their paper Berger et al. make academic claims about the veracity of our work. Here, we respond to their technical and scientific critiques aimed at our work, attempting to stick with sc… ▽ More Berger et al., published in TOPLAS 2019, is a critique of our 2014 FSE conference abstract and its archival version, the 2017 CACM paper: A Large-Scale Study of Programming Languages and Code Quality in Github. In their paper Berger et al. make academic claims about the veracity of our work. Here, we respond to their technical and scientific critiques aimed at our work, attempting to stick with scientific discourse. We find that Berger et al. largely replicated our results, and agree with us in their conclusion: that the effects (in a statistical sense) found in the data are small, and should be taken with caution, and that it is possible that an absence of effect is the correct interpretation. Thus, our CACM paper's conclusions still hold, even more so now that they have been reproduced, and our paper is eminently citable. △ Less

Submitted 17 November, 2019; originally announced November 2019.

Comments: 12 pages

Towards the Avoidance of Counterfeit Memory: Identifying the DRAM Origin

Authors: B. M. S. Bahar Talukder, Vineetha Menon, Biswajit Ray, Tempestt Neal, Md Tauhidur Rahman

Abstract: Due to the globalization in the semiconductor supply chain, counterfeit dynamic random-access memory (DRAM) chips/modules have been spreading worldwide at an alarming rate. Deploying counterfeit DRAM modules into an electronic system can have severe consequences on security and reliability domains because of their sub-standard quality, poor performance, and shorter life span. Besides, studies sugg… ▽ More Due to the globalization in the semiconductor supply chain, counterfeit dynamic random-access memory (DRAM) chips/modules have been spreading worldwide at an alarming rate. Deploying counterfeit DRAM modules into an electronic system can have severe consequences on security and reliability domains because of their sub-standard quality, poor performance, and shorter life span. Besides, studies suggest that a counterfeit DRAM can be more vulnerable to sophisticated attacks. However, detecting counterfeit DRAMs is very challenging because of their nature and ability to pass the initial testing. In this paper, we propose a technique to identify the DRAM origin (i.e., the origin of the manufacturer and the specification of individual DRAM) to detect and prevent counterfeit DRAM modules. A silicon evaluation shows that the proposed method reliably identifies off-the-shelf DRAM modules from three major manufacturers. △ Less

Submitted 8 November, 2019; originally announced November 2019.

Journal ref: IEEE Hardware-Oriented Security and Trust Symposium (HOST), 2020

ConEx: Efficient Exploration of Big-Data System Configurations for Better Performance

Authors: Rahul Krishna, Chong Tang, Kevin Sullivan, Baishakhi Ray

Abstract: Configuration space complexity makes the big-data software systems hard to configure well. Consider Hadoop, with over nine hundred parameters, developers often just use the default configurations provided with Hadoop distributions. The opportunity costs in lost performance are significant. Popular learning-based approaches to auto-tune software does not scale well for big-data systems because of t… ▽ More Configuration space complexity makes the big-data software systems hard to configure well. Consider Hadoop, with over nine hundred parameters, developers often just use the default configurations provided with Hadoop distributions. The opportunity costs in lost performance are significant. Popular learning-based approaches to auto-tune software does not scale well for big-data systems because of the high cost of collecting training data. We present a new method based on a combination of Evolutionary Markov Chain Monte Carlo (EMCMC) sampling and cost reduction techniques to cost-effectively find better-performing configurations for big data systems. For cost reduction, we developed and experimentally tested and validated two approaches: using scaled-up big data jobs as proxies for the objective function for larger jobs and using a dynamic job similarity measure to infer that results obtained for one kind of big data problem will work well for similar problems. Our experimental results suggest that our approach promises to significantly improve the performance of big data systems and that it outperforms competing approaches based on random sampling, basic genetic algorithms (GA), and predictive model learning. Our experimental results support the conclusion that our approach has strongly demonstrated potential to significantly and cost-effectively improve the performance of big data systems. △ Less

Submitted 22 June, 2020; v1 submitted 17 October, 2019; originally announced October 2019.

AdvSPADE: Realistic Unrestricted Attacks for Semantic Segmentation

Authors: Guangyu Shen, Chengzhi Mao, Junfeng Yang, Baishakhi Ray

Abstract: Due to the inherent robustness of segmentation models, traditional norm-bounded attack methods show limited effect on such type of models. In this paper, we focus on generating unrestricted adversarial examples for semantic segmentation models. We demonstrate a simple and effective method to generate unrestricted adversarial examples using conditional generative adversarial networks (CGAN) without… ▽ More Due to the inherent robustness of segmentation models, traditional norm-bounded attack methods show limited effect on such type of models. In this paper, we focus on generating unrestricted adversarial examples for semantic segmentation models. We demonstrate a simple and effective method to generate unrestricted adversarial examples using conditional generative adversarial networks (CGAN) without any hand-crafted metric. The naïve implementation of CGAN, however, yields inferior image quality and low attack success rate. Instead, we leverage the SPADE (Spatially-adaptive denormalization) structure with an additional loss item to generate effective adversarial attacks in a single step. We validate our approach on the popular Cityscapes and ADE20K datasets, and demonstrate that our synthetic adversarial examples are not only realistic, but also improve the attack success rate by up to 41.0\% compared with the state of the art adversarial attack methods including PGD. △ Less

Submitted 18 November, 2019; v1 submitted 5 October, 2019; originally announced October 2019.

Metric Learning for Adversarial Robustness

Authors: Chengzhi Mao, Ziyuan Zhong, Junfeng Yang, Carl Vondrick, Baishakhi Ray

Abstract: Deep networks are well-known to be fragile to adversarial attacks. We conduct an empirical analysis of deep representations under the state-of-the-art attack method called PGD, and find that the attack causes the internal representation to shift closer to the "false" class. Motivated by this observation, we propose to regularize the representation space under attack with metric learning to produce… ▽ More Deep networks are well-known to be fragile to adversarial attacks. We conduct an empirical analysis of deep representations under the state-of-the-art attack method called PGD, and find that the attack causes the internal representation to shift closer to the "false" class. Motivated by this observation, we propose to regularize the representation space under attack with metric learning to produce more robust classifiers. By carefully sampling examples for metric learning, our learned representation not only increases robustness, but also detects previously unseen adversarial samples. Quantitative experiments show improvement of robustness accuracy by up to 4% and detection efficiency by up to 6% according to Area Under Curve score over prior work. The code of our work is available at https://github.com/columbia/Metric_Learning_Adversarial_Robustness. △ Less

Submitted 27 October, 2019; v1 submitted 2 September, 2019; originally announced September 2019.

Coexisting 1T/2H polymorphs, reentrant resistivity behavior, and charge distribution in MoS2-hBN 2D/2D composite thin films

Authors: Swati Parmar, Abhijit Biswas, Sachin Kumar Singh, Bishakha Ray, Saurabh Parmar, Suresh Gosavi, Vasant Sathe, Ram Janay Choudhary, Suwarna Datar, Satishchandra Ogale

Abstract: In view of their immensely intriguing properties, two dimensional materials are being intensely researched in search of novel phenomena and diverse application interests, however, studies on the realization of nanocomposites in the application-worthy thin-film platform are rare. Here we have grown MoS2-hBN composite thin films on different substrates by the pulsed laser deposition technique and ma… ▽ More In view of their immensely intriguing properties, two dimensional materials are being intensely researched in search of novel phenomena and diverse application interests, however, studies on the realization of nanocomposites in the application-worthy thin-film platform are rare. Here we have grown MoS2-hBN composite thin films on different substrates by the pulsed laser deposition technique and made comparative studies with the pristine MoS2 and hBN films. The Raman, XPS and HRTEM confirm the concomitant presence of both the 1T (conducting) and 2H (semiconducting) polymorphs of MoS2 in the composite film. Interestingly, a peculiar reentrant semiconductor-metal-insulator transition is seen in the composite film which is absent in the MoS2 film, and it correlates well with the signatures of phonon softening seen in temperature-dependent Raman spectroscopy. Furthermore, electrostatic force microscopy reveals the presence of three distinct regions (metallic, semiconducting, and insulating) in the composite film with differing contact potentials and enhanced propensity for charge transfer with respect to pristine MoS2. A triboelectric nanogenerator device containing biphasic composite film as an electron acceptor exhibits more than twofold (sixfold) enhancement in peak-to-peak output voltage as compared to the pristine MoS2 (hBN) film. These observations bring out the potential of nanocomposite thin films for unfolding emergent phenomena and technological applications. △ Less

Submitted 31 July, 2019; originally announced July 2019.

Comments: 9 Figures, Published in Physical Review Materials

Journal ref: Phys. Rev. Materials 3, 074007 (2019)

Symmetry-breaking signatures of multiple Majorana zero modes in one-dimensional spin-triplet superconductors

Authors: Arnab Barman Ray, Jay D. Sau, Ipsita Mandal

Abstract: We study the effects of various symmetry-breaking perturbations on the experimentally measurable signatures (such as conductance and Josephson response) of quasi-one-dimensional (quasi-1D) spin-triplet superconductors. In the first part of the paper, we numerically compute the zero and nonzero temperature conductances of the quasi-1D nanowires that host multiple Majorana zero modes. Following the… ▽ More We study the effects of various symmetry-breaking perturbations on the experimentally measurable signatures (such as conductance and Josephson response) of quasi-one-dimensional (quasi-1D) spin-triplet superconductors. In the first part of the paper, we numerically compute the zero and nonzero temperature conductances of the quasi-1D nanowires that host multiple Majorana zero modes. Following the discussion of the case of s-wave Rashba nanowires, we shift to the main focus, i.e., multichannel spin-triplet superconductors. Applying gate voltages (which changes the symmetry of the spin-orbit coupling) as well as magnetic fields to the nanowire, tunes the system between different symmetry classes by splitting the multiple Majorana zero modes. We study how the conductance tracks the topological invariants and the spectra in all these cases. In the second part of the paper, we study the effects of the symmetry-induced spectrum-breaking on the Andreev spectra of Josephson junctions. Similar to the case of the conductance studies, we find that the spectrum shows multiple zero-energy Andreev bound states in the highly symmetric case with mirror and chiral symmetries. △ Less

Submitted 30 September, 2021; v1 submitted 24 July, 2019; originally announced July 2019.

Comments: journal version published in PRB

Journal ref: Phys. Rev. B 104, 104513 (2021)

Neutaint: Efficient Dynamic Taint Analysis with Neural Networks

Authors: Dongdong She, Yizheng Chen, Abhishek Shah, Baishakhi Ray, Suman Jana

Abstract: Dynamic taint analysis (DTA) is widely used by various applications to track information flow during runtime execution. Existing DTA techniques use rule-based taint-propagation, which is neither accurate (i.e., high false positive) nor efficient (i.e., large runtime overhead). It is hard to specify taint rules for each operation while covering all corner cases correctly. Moreover, the overtaint an… ▽ More Dynamic taint analysis (DTA) is widely used by various applications to track information flow during runtime execution. Existing DTA techniques use rule-based taint-propagation, which is neither accurate (i.e., high false positive) nor efficient (i.e., large runtime overhead). It is hard to specify taint rules for each operation while covering all corner cases correctly. Moreover, the overtaint and undertaint errors can accumulate during the propagation of taint information across multiple operations. Finally, rule-based propagation requires each operation to be inspected before applying the appropriate rules resulting in prohibitive performance overhead on large real-world applications. In this work, we propose NEUTAINT, a novel end-to-end approach to track information flow using neural program embeddings. The neural program embeddings model the target's programs computations taking place between taint sources and sinks, which automatically learns the information flow by observing a diverse set of execution traces. To perform lightweight and precise information flow analysis, we utilize saliency maps to reason about most influential sources for different sinks. NEUTAINT constructs two saliency maps, a popular machine learning approach to influence analysis, to summarize both coarse-grained and fine-grained information flow in the neural program embeddings. We compare NEUTAINT with 3 state-of-the-art dynamic taint analysis tools. The evaluation results show that NEUTAINT can achieve 68% accuracy, on average, which is 10% improvement while reducing 40 times runtime overhead over the second-best taint tool Libdft on 6 real world programs. NEUTAINT also achieves 61% more edge coverage when used for taint-guided fuzzing indicating the effectiveness of the identified influential bytes. △ Less

Submitted 3 September, 2019; v1 submitted 8 July, 2019; originally announced July 2019.

Comments: To appear in the 41th IEEE Symposium on Security and Privacy, May 18--20, 2020, San Francisco, CA, USA

Testing DNN Image Classifiers for Confusion & Bias Errors

Authors: Yuchi Tian, Ziyuan Zhong, Vicente Ordonez, Gail Kaiser, Baishakhi Ray

Abstract: Image classifiers are an important component of today's software, from consumer and business applications to safety-critical domains. The advent of Deep Neural Networks (DNNs) is the key catalyst behind such wide-spread success. However, wide adoption comes with serious concerns about the robustness of software systems dependent on DNNs for image classification, as several severe erroneous behavio… ▽ More Image classifiers are an important component of today's software, from consumer and business applications to safety-critical domains. The advent of Deep Neural Networks (DNNs) is the key catalyst behind such wide-spread success. However, wide adoption comes with serious concerns about the robustness of software systems dependent on DNNs for image classification, as several severe erroneous behaviors have been reported under sensitive and critical circumstances. We argue that developers need to rigorously test their software's image classifiers and delay deployment until acceptable. We present an approach to testing image classifier robustness based on class property violations. We found that many of the reported erroneous cases in popular DNN image classifiers occur because the trained models confuse one class with another or show biases towards some classes over others. These bugs usually violate some class properties of one or more of those classes. Most DNN testing techniques focus on per-image violations, so fail to detect class-level confusions or biases. We developed a testing technique to automatically detect class-based confusion and bias errors in DNN-driven image classification software. We evaluated our implementation, DeepInspect, on several popular image classifiers with precision up to 100% (avg.~72.6%) for confusion errors, and up to 84.3% (avg.~66.8%) for bias errors. DeepInspect found hundreds of classification mistakes in widely-used models, many exposing errors indicating confusion or bias. △ Less

Submitted 11 February, 2020; v1 submitted 19 May, 2019; originally announced May 2019.

On Periodic Functions as Regularizers for Quantization of Neural Networks

Authors: Maxim Naumov, Utku Diril, Jongsoo Park, Benjamin Ray, Jedrzej Jablonski, Andrew Tulloch

Abstract: Deep learning models have been successfully used in computer vision and many other fields. We propose an unorthodox algorithm for performing quantization of the model parameters. In contrast with popular quantization schemes based on thresholds, we use a novel technique based on periodic functions, such as continuous trigonometric sine or cosine as well as non-continuous hat functions. We apply th… ▽ More Deep learning models have been successfully used in computer vision and many other fields. We propose an unorthodox algorithm for performing quantization of the model parameters. In contrast with popular quantization schemes based on thresholds, we use a novel technique based on periodic functions, such as continuous trigonometric sine or cosine as well as non-continuous hat functions. We apply these functions component-wise and add the sum over the model parameters as a regularizer to the model loss during training. The frequency and amplitude hyper-parameters of these functions can be adjusted during training. The regularization pushes the weights into discrete points that can be encoded as integers. We show that using this technique the resulting quantized models exhibit the same accuracy as the original ones on CIFAR-10 and ImageNet datasets. △ Less

Submitted 24 November, 2018; originally announced November 2018.

Comments: 11 pages, 7 figures

MSC Class: 68T05 ACM Class: I.2.6; I.5.0

CODIT: Code Editing with Tree-Based Neural Models

Authors: Saikat Chakraborty, Yangruibo Ding, Miltiadis Allamanis, Baishakhi Ray

Abstract: The way developers edit day-to-day code tends to be repetitive, often using existing code elements. Many researchers have tried to automate repetitive code changes by learning from specific change templates which are applied to limited scope. The advancement of deep neural networks and the availability of vast open-source evolutionary data opens up the possibility of automatically learning those t… ▽ More The way developers edit day-to-day code tends to be repetitive, often using existing code elements. Many researchers have tried to automate repetitive code changes by learning from specific change templates which are applied to limited scope. The advancement of deep neural networks and the availability of vast open-source evolutionary data opens up the possibility of automatically learning those templates from the wild. However, deep neural network based modeling for code changes and code in general introduces some specific problems that needs specific attention from research community. For instance, compared to natural language, source code vocabulary can be significantly larger. Further, good changes in code do not break its syntactic structure. Thus, deploying state-of-the-art neural network models without adapting the methods to the source code domain yields sub-optimal results. To this end, we propose a novel tree-based neural network system to model source code changes and learn code change patterns from the wild. Specifically, we propose a tree-based neural machine translation model to learn the probability distribution of changes in code. We realize our model with a change suggestion engine, CODIT, and train the model with more than 24k real-world changes and evaluate it on 5k patches. Our evaluation shows the effectiveness of CODITin learning and suggesting patches. CODIT can also learn specific bug fix pattern from bug fixing patches and can fix 25 bugs out of 80 bugs in Defects4J. △ Less

Submitted 25 August, 2020; v1 submitted 30 September, 2018; originally announced October 2018.

Report number: 9181462

Journal ref: IEEE Transaction of Software Engineering - 2022, Volume 48, Number 4

State-of-the-Art Flash Chips for Dosimetry Applications

Authors: Preeti Kumari, Levi Davies, Narayana P. Bhat, En Xia Zhang, Michael W. McCurdy, Daniel M. Fleetwood, Biswajit Ray

Abstract: In this paper we show that state-of-the-art commercial off-the-shelf Flash memory chip technology (20 nm technology node with multi-level cells) is quite sensitive to ionizing radiation. We find that the fail-bit count in these Flash chips starts to increase monotonically with gamma or X-ray dose at 100 rad(SiO2). Significantly more fail bits are observed in X-ray irradiated devices, most likely d… ▽ More In this paper we show that state-of-the-art commercial off-the-shelf Flash memory chip technology (20 nm technology node with multi-level cells) is quite sensitive to ionizing radiation. We find that the fail-bit count in these Flash chips starts to increase monotonically with gamma or X-ray dose at 100 rad(SiO2). Significantly more fail bits are observed in X-ray irradiated devices, most likely due to dose enhancement effects due to high-Z back-end-of-line materials. These results show promise for dosimetry application. △ Less

Submitted 22 September, 2018; originally announced September 2018.

A Case Study on the Impact of Similarity Measure on Information Retrieval based Software Engineering Tasks

Authors: Md Masudur Rahman, Saikat Chakraborty, Gail Kaiser, Baishakhi Ray

Abstract: Information Retrieval (IR) plays a pivotal role in diverse Software Engineering (SE) tasks, e.g., bug localization and triaging, code retrieval, requirements analysis, etc. The choice of similarity measure is the core component of an IR technique. The performance of any IR method critically depends on selecting an appropriate similarity measure for the given application domain. Since different SE… ▽ More Information Retrieval (IR) plays a pivotal role in diverse Software Engineering (SE) tasks, e.g., bug localization and triaging, code retrieval, requirements analysis, etc. The choice of similarity measure is the core component of an IR technique. The performance of any IR method critically depends on selecting an appropriate similarity measure for the given application domain. Since different SE tasks operate on different document types like bug reports, software descriptions, source code, etc. that often contain non-standard domain-specific vocabulary, it is essential to understand which similarity measures work best for different SE documents. This paper presents two case studies on the effect of different similarity measure on various SE documents w.r.t. two tasks: (i) project recommendation: finding similar GitHub projects and (ii) bug localization: retrieving buggy source file(s) correspond to a bug report. These tasks contain a diverse combination of textual (i.e. description, readme) and code (i.e. source code, API, import package) artifacts. We observe that the performance of IR models varies when applied to different artifact types. We find that, in general, the context-aware models achieve better performance on textual artifacts. In contrast, simple keyword-based bag-of-words models perform better on code artifacts. On the other hand, the probabilistic ranking model BM25 performs better on a mixture of text and code artifacts. We further investigate how such an informed choice of similarity measure impacts the performance of SE tools. In particular, we analyze two previously proposed tools for project recommendation and bug localization tasks, which leverage diverse software artifacts, and observe that an informed choice of similarity measure indeed leads to improved performance of the existing SE tools. △ Less

Submitted 8 August, 2018; originally announced August 2018.

Comments: 22 pages, on submission

PreLatPUF: Exploiting DRAM Latency Variations for Generating Robust Device Signatures

Authors: B. M. S. Bahar Talukder, Biswajit Ray, Domenic Forte, Md Tauhidur Rahman

Abstract: Physically Unclonable Functions (PUFs) are potential security blocks to generate unique and more secure keys in low-cost cryptographic applications. Dynamic random-access memory (DRAM) has been proposed as one of the promising candidates for generating robust keys. Unfortunately, the existing techniques of generating device signatures from DRAM is very slow, destructive (destroy the current data),… ▽ More Physically Unclonable Functions (PUFs) are potential security blocks to generate unique and more secure keys in low-cost cryptographic applications. Dynamic random-access memory (DRAM) has been proposed as one of the promising candidates for generating robust keys. Unfortunately, the existing techniques of generating device signatures from DRAM is very slow, destructive (destroy the current data), and disruptive to system operation. In this paper, we propose \textit{precharge} latency-based PUF (PreLatPUF) that exploits DRAM \textit{precharge} latency variations to generate signatures. The proposed PreLatPUF is fast, robust, least disruptive, and non-destructive. The silicon results from commercially available $DDR3$ chips from different manufacturers show that the proposed key generation technique is at least $ \sim 1,192X$ faster than the existing approaches, while reliably reproducing the key in extreme operating conditions. △ Less

Submitted 31 July, 2019; v1 submitted 7 August, 2018; originally announced August 2018.

Journal ref: IEEE Access, vol. 7, pp. 81106-81120, 2019

Exploiting DRAM Latency Variations for Generating True Random Numbers

Authors: B. M. S. Bahar Talukder, Joseph Kerns, Biswajit Ray, Thomas Morris, Md Tauhidur Rahman

Abstract: True random number generator (TRNG) plays a vital role in a variety of security applications and protocols. The security and privacy of an asset rely on the encryption, which solely depends on the quality of random numbers. Memory chips are widely used for generating random numbers because of their prevalence in modern electronic systems. Unfortunately, existing Dynamic Random-access Memory (DRAM)… ▽ More True random number generator (TRNG) plays a vital role in a variety of security applications and protocols. The security and privacy of an asset rely on the encryption, which solely depends on the quality of random numbers. Memory chips are widely used for generating random numbers because of their prevalence in modern electronic systems. Unfortunately, existing Dynamic Random-access Memory (DRAM)-based TRNGs produce random numbers with either limited entropy or poor throughput. In this paper, we propose a DRAM-latency based TRNG that generates high-quality random numbers. The silicon results from Samsung and Micron DDR3 DRAM modules show that our proposed DRAM-latency based TRNG is robust (against different operating conditions and environmental variations) and acceptably fast. △ Less

Submitted 7 November, 2018; v1 submitted 6 August, 2018; originally announced August 2018.

NEUZZ: Efficient Fuzzing with Neural Program Smoothing

Authors: Dongdong She, Kexin Pei, Dave Epstein, Junfeng Yang, Baishakhi Ray, Suman Jana

Abstract: Fuzzing has become the de facto standard technique for finding software vulnerabilities. However, even state-of-the-art fuzzers are not very efficient at finding hard-to-trigger software bugs. Most popular fuzzers use evolutionary guidance to generate inputs that can trigger different bugs. Such evolutionary algorithms, while fast and simple to implement, often get stuck in fruitless sequences of… ▽ More Fuzzing has become the de facto standard technique for finding software vulnerabilities. However, even state-of-the-art fuzzers are not very efficient at finding hard-to-trigger software bugs. Most popular fuzzers use evolutionary guidance to generate inputs that can trigger different bugs. Such evolutionary algorithms, while fast and simple to implement, often get stuck in fruitless sequences of random mutations. Gradient-guided optimization presents a promising alternative to evolutionary guidance. Gradient-guided techniques have been shown to significantly outperform evolutionary algorithms at solving high-dimensional structured optimization problems in domains like machine learning by efficiently utilizing gradients or higher-order derivatives of the underlying function. However, gradient-guided approaches are not directly applicable to fuzzing as real-world program behaviors contain many discontinuities, plateaus, and ridges where the gradient-based methods often get stuck. We observe that this problem can be addressed by creating a smooth surrogate function approximating the discrete branching behavior of target program. In this paper, we propose a novel program smoothing technique using surrogate neural network models that can incrementally learn smooth approximations of a complex, real-world program's branching behaviors. We further demonstrate that such neural network models can be used together with gradient-guided input generation schemes to significantly improve the fuzzing efficiency. Our extensive evaluations demonstrate that NEUZZ significantly outperforms 10 state-of-the-art graybox fuzzers on 10 real-world programs both at finding new bugs and achieving higher edge coverage. NEUZZ found 31 unknown bugs that other fuzzers failed to find in 10 real world programs and achieved 3X more edge coverage than all of the tested graybox fuzzers for 24 hours running. △ Less

Submitted 12 July, 2019; v1 submitted 15 July, 2018; originally announced July 2018.

Comments: To appear in the 40th IEEE Symposium on Security and Privacy, May 20--22, 2019, San Francisco, CA, USA

Obfuscation Resilient Search through Executable Classification

Authors: Fang-Hsiang Su, Jonathan Bell, Gail Kaiser, Baishakhi Ray

Abstract: Android applications are usually obfuscated before release, making it difficult to analyze them for malware presence or intellectual property violations. Obfuscators might hide the true intent of code by renaming variables and/or modifying program structures. It is challenging to search for executables relevant to an obfuscated application for developers to analyze efficiently. Prior approaches to… ▽ More Android applications are usually obfuscated before release, making it difficult to analyze them for malware presence or intellectual property violations. Obfuscators might hide the true intent of code by renaming variables and/or modifying program structures. It is challenging to search for executables relevant to an obfuscated application for developers to analyze efficiently. Prior approaches toward obfuscation resilient search have relied on certain structural parts of apps remaining as landmarks, un-touched by obfuscation. For instance, some prior approaches have assumed that the structural relationships between identifiers are not broken by obfuscators; others have assumed that control flow graphs maintain their structures. Both approaches can be easily defeated by a motivated obfuscator. We present a new approach,Macneto, to search for programs relevant to obfuscated executables leveraging deep learning and principal components on instructions. Macneto makes few assumptions about the kinds of modifications that an obfuscator might perform. We show that it has high search precision for executables obfuscated by a state-of-the-art obfuscator that changes control flow. Further, we also demonstrate the potential of Macneto to help developers understand executables, where Macneto infers keywords (which are from the relevant unobfuscated program) for obfuscated executables. △ Less

Submitted 11 June, 2018; v1 submitted 6 June, 2018; originally announced June 2018.

Comments: MAPL, 2018 (Workshop co-located with PLDI 2018)

Building Language Models for Text with Named Entities

Authors: Md Rizwan Parvez, Saikat Chakraborty, Baishakhi Ray, Kai-Wei Chang

Abstract: Text in many domains involves a significant amount of named entities. Predict- ing the entity names is often challenging for a language model as they appear less frequent on the training corpus. In this paper, we propose a novel and effective approach to building a discriminative language model which can learn the entity names by leveraging their entity type information. We also introduce two benc… ▽ More Text in many domains involves a significant amount of named entities. Predict- ing the entity names is often challenging for a language model as they appear less frequent on the training corpus. In this paper, we propose a novel and effective approach to building a discriminative language model which can learn the entity names by leveraging their entity type information. We also introduce two benchmark datasets based on recipes and Java programming codes, on which we evalu- ate the proposed model. Experimental re- sults show that our model achieves 52.2% better perplexity in recipe generation and 22.06% on code generation than the state-of-the-art language models. △ Less

Submitted 13 May, 2018; originally announced May 2018.

Evaluating How Developers Use General-Purpose Web-Search for Code Retrieval

Authors: Md Masudur Rahman, Jed Barson, Sydney Paul, Joshua Kayan, Federico Andres Lois, Sebastian Fernandez Quezada, Christopher Parnin, Kathryn T. Stolee, Baishakhi Ray

Abstract: Search is an integral part of a software development process. Developers often use search engines to look for information during development, including reusable code snippets, API understanding, and reference examples. Developers tend to prefer general-purpose search engines like Google, which are often not optimized for code related documents and use search strategies and ranking techniques that… ▽ More Search is an integral part of a software development process. Developers often use search engines to look for information during development, including reusable code snippets, API understanding, and reference examples. Developers tend to prefer general-purpose search engines like Google, which are often not optimized for code related documents and use search strategies and ranking techniques that are more optimized for generic, non-code related information. In this paper, we explore whether a general purpose search engine like Google is an optimal choice for code-related searches. In particular, we investigate whether the performance of searching with Google varies for code vs. non-code related searches. To analyze this, we collect search logs from 310 developers that contains nearly 150,000 search queries from Google and the associated result clicks. To differentiate between code-related searches and non-code related searches, we build a model which identifies the code intent of queries. Leveraging this model, we build an automatic classifier that detects a code and non-code related query. We confirm the effectiveness of the classifier on manually annotated queries where the classifier achieves a precision of 87%, a recall of 86%, and an F1-score of 87%. We apply this classifier to automatically annotate all the queries in the dataset. Analyzing this dataset, we observe that code related searching often requires more effort (e.g., time, result clicks, and query modifications) than general non-code search, which indicates code search performance with a general search engine is less effective. △ Less

Submitted 22 March, 2018; originally announced March 2018.

Comments: Accepted at MSR-2018

Entropy Guided Spectrum Based Bug Localization Using Statistical Language Model

Authors: Saikat Chakraborty, Yujian Li, Matt Irvine, Ripon Saha, Baishakhi Ray

Abstract: Locating bugs is challenging but one of the most important activities in software development and maintenance phase because there are no certain rules to identify all types of bugs. Existing automatic bug localization tools use various heuristics based on test coverage, pre-determined buggy patterns, or textual similarity with bug report, to rank suspicious program elements. However, since these t… ▽ More Locating bugs is challenging but one of the most important activities in software development and maintenance phase because there are no certain rules to identify all types of bugs. Existing automatic bug localization tools use various heuristics based on test coverage, pre-determined buggy patterns, or textual similarity with bug report, to rank suspicious program elements. However, since these techniques rely on information from single source, they often suffer when the respective source information is inadequate. For instance, the popular spectrum based bug localization may not work well under poorly written test suite. In this paper, we propose a new approach, EnSpec, that guides spectrum based bug localization using code entropy, a metric that basically represents naturalness of code derived from a statistical language model. Our intuition is that since buggy code are high entropic, spectrum based bug localization with code entropy would be more robust in discriminating buggy lines vs. non-buggy lines. We realize our idea in a prototype, and performed an extensive evaluation on two popular publicly available benchmarks. Our results demonstrate that EnSpec outperforms a state-of-the-art spectrum based bug localization technique. △ Less

Submitted 19 February, 2018; originally announced February 2018.

Comments: 13 pages

Interpreted Formalisms for Configurations

Authors: Chong Tang, Kevin Sullivan, Jian Xiang, Trent Weiss, Baishakhi Ray

Abstract: Imprecise and incomplete specification of system \textit{configurations} threatens safety, security, functionality, and other critical system properties and uselessly enlarges the configuration spaces to be searched by configuration engineers and auto-tuners. To address these problems, this paper introduces \textit{interpreted formalisms based on real-world types for configurations}. Configuration… ▽ More Imprecise and incomplete specification of system \textit{configurations} threatens safety, security, functionality, and other critical system properties and uselessly enlarges the configuration spaces to be searched by configuration engineers and auto-tuners. To address these problems, this paper introduces \textit{interpreted formalisms based on real-world types for configurations}. Configuration values are lifted to values of real-world types, which we formalize as \textit{subset types} in Coq. Values of these types are dependent pairs whose components are values of underlying Coq types and proofs of additional properties about them. Real-world types both extend and further constrain \textit{machine-level} configurations, enabling richer, proof-based checking of their consistency with real-world constraints. Tactic-based proof scripts are written once to automate the construction of proofs, if proofs exist, for configuration fields and whole configurations. \textit{Failures to prove} reveal real-world type errors. Evaluation is based on a case study of combinatorial optimization of Hadoop performance by meta-heuristic search over Hadoop configurations spaces. △ Less

Submitted 15 December, 2017; v1 submitted 13 December, 2017; originally announced December 2017.

DeepTest: Automated Testing of Deep-Neural-Network-driven Autonomous Cars

Authors: Yuchi Tian, Kexin Pei, Suman Jana, Baishakhi Ray

Abstract: Recent advances in Deep Neural Networks (DNNs) have led to the development of DNN-driven autonomous cars that, using sensors like camera, LiDAR, etc., can drive without any human intervention. Most major manufacturers including Tesla, GM, Ford, BMW, and Waymo/Google are working on building and testing different types of autonomous vehicles. The lawmakers of several US states including California,… ▽ More Recent advances in Deep Neural Networks (DNNs) have led to the development of DNN-driven autonomous cars that, using sensors like camera, LiDAR, etc., can drive without any human intervention. Most major manufacturers including Tesla, GM, Ford, BMW, and Waymo/Google are working on building and testing different types of autonomous vehicles. The lawmakers of several US states including California, Texas, and New York have passed new legislation to fast-track the process of testing and deployment of autonomous vehicles on their roads. However, despite their spectacular progress, DNNs, just like traditional software, often demonstrate incorrect or unexpected corner case behaviors that can lead to potentially fatal collisions. Several such real-world accidents involving autonomous cars have already happened including one which resulted in a fatality. Most existing testing techniques for DNN-driven vehicles are heavily dependent on the manual collection of test data under different driving conditions which become prohibitively expensive as the number of test conditions increases. In this paper, we design, implement and evaluate DeepTest, a systematic testing tool for automatically detecting erroneous behaviors of DNN-driven vehicles that can potentially lead to fatal crashes. First, our tool is designed to automatically generated test cases leveraging real-world changes in driving conditions like rain, fog, lighting conditions, etc. DeepTest systematically explores different parts of the DNN logic by generating test inputs that maximize the numbers of activated neurons. DeepTest found thousands of erroneous behaviors under different realistic driving conditions (e.g., blurring, rain, fog, etc.) many of which lead to potentially fatal crashes in three top performing DNNs in the Udacity self-driving car challenge. △ Less

Submitted 20 March, 2018; v1 submitted 28 August, 2017; originally announced August 2017.

Pressure Drop and Flow development in the Entrance Region of Micro-Channels with Second Order Slip Boundary Conditions and the Requirement for Development Length

Authors: Baibhab Ray, Franz Durst, Subhashis Ray

Abstract: In the present investigation, the development of axial velocity profile, the requirement for development length ($L^*_{fd}=L/D_{h}$) and the pressure drop in the entrance region of circular and parallel plate micro-channels have been critically analysed for a large range of operating conditions ($10^{-2}\le Re\le 10^{4}$, $10^{-4}\le Kn\le 0.2$ and $0\le C_2\le 0.5$). For this purpose, the convent… ▽ More In the present investigation, the development of axial velocity profile, the requirement for development length ($L^*_{fd}=L/D_{h}$) and the pressure drop in the entrance region of circular and parallel plate micro-channels have been critically analysed for a large range of operating conditions ($10^{-2}\le Re\le 10^{4}$, $10^{-4}\le Kn\le 0.2$ and $0\le C_2\le 0.5$). For this purpose, the conventional Navier-Stokes equations have been numerically solved using the finite volume method on non-staggered grid, while employing the second-order velocity slip condition at the wall with $C_1=1$. The results indicate that although the magnitude of local velocity slip at the wall is always greater than that for the fully-developed section, the local wall shear stress, particularly for higher $Kn$ and $C_2$, could be considerably lower than its fully-developed value. This effect, which is more prominent for lower $Re$, significantly affects the local and the fully-developed incremental pressure drop number $K(x)$ and $K_{fd}$, respectively. As a result, depending upon the operating condition, $K_{fd}$, as well as $K(x)$, could assume negative values. This never reported observation implies that in the presence of enhanced velocity slip at the wall, the pressure gradient in the developing region could even be less than that in the fully-developed section. From simulated data, it has been observed that both $L^*_{fd}$ and $K_{fd}$ are characterised by the low and the high $Re$ asymptotes, using which, extremely accurate correlations for them have been proposed for both geometries. Although owing to the complex nature, no correlation could be derived for $K(x)$ and an exact knowledge of $K(x)$ is necessary for evaluating the actual pressure drop for a duct length $L^*<L^*_{fd}$, a method has been proposed that provides a conservative estimate of the pressure drop for both $K_{fd}>0$ and $K_{fd}\le0$. △ Less

Submitted 10 June, 2018; v1 submitted 16 July, 2017; originally announced July 2017.

Combating the Cold Start User Problem in Model Based Collaborative Filtering

Authors: Sampoorna Biswas, Laks V. S. Lakshmanan, Senjuti Basu Ray

Abstract: For tackling the well known cold-start user problem in model-based recommender systems, one approach is to recommend a few items to a cold-start user and use the feedback to learn a profile. The learned profile can then be used to make good recommendations to the cold user. In the absence of a good initial profile, the recommendations are like random probes, but if not chosen judiciously, both bad… ▽ More For tackling the well known cold-start user problem in model-based recommender systems, one approach is to recommend a few items to a cold-start user and use the feedback to learn a profile. The learned profile can then be used to make good recommendations to the cold user. In the absence of a good initial profile, the recommendations are like random probes, but if not chosen judiciously, both bad recommendations and too many recommendations may turn off a user. We formalize the cold-start user problem by asking what are the $b$ best items we should recommend to a cold-start user, in order to learn her profile most accurately, where $b$, a given budget, is typically a small number. We formalize the problem as an optimization problem and present multiple non-trivial results, including NP-hardness as well as hardness of approximation. We furthermore show that the objective function, i.e., the least square error of the learned profile w.r.t. the true user profile, is neither submodular nor supermodular, suggesting efficient approximations are unlikely to exist. Finally, we discuss several scalable heuristic approaches for identifying the $b$ best items to recommend to the user and experimentally evaluate their performance on 4 real datasets. Our experiments show that our proposed accelerated algorithms significantly outperform the prior art in runnning time, while achieving similar error in the learned user profile as well as in the rating predictions. △ Less

Submitted 17 February, 2017; originally announced March 2017.

Evaluation and Ensembling of Methods for Reverse Engineering of Brain Connectivity from Imaging Data

Authors: Bisakha Ray, Alexander V. Alekseyenko, Sisi Ma, Alexander Statnikov, Constantin Aliferis

Abstract: Brain science is an evolving research area inviting great enthusiasm with its potential for providing insights and thereby, preventing, and treating multiple neuronal disorders affecting millions of patients. Discovery of relationships, such as brain connectivity, is a major goal in basic, translational, and clinical science. Algorithms for causal discovery are used in diverse fields for tackling… ▽ More Brain science is an evolving research area inviting great enthusiasm with its potential for providing insights and thereby, preventing, and treating multiple neuronal disorders affecting millions of patients. Discovery of relationships, such as brain connectivity, is a major goal in basic, translational, and clinical science. Algorithms for causal discovery are used in diverse fields for tackling problems similar to the task of reconstruction of neuronal brain connectivity. Our aim is to understand the strengths and limitations of these methods, measure performance and its determinants, and provide insights to enhance their performance and applicability. We performed extensive empirical testing and benchmarking of reconstruction performance of several state-of-the-art algorithms along with several ensemble techniques used to combine them. Our experiments used a clear and broadly relevant gold standard based on calcium fluorescence time series recordings of thousands of neurons sampled from a previously validated realistic, neuronal model. Correlation, entropy-based measures, Cross-Correlation for short time lags, and Generalized Transfer Entropy had the best performances with area under ROC curve (AUC) in the range of 0.7-0.8 even for smaller sample sizes of n = 100 to 1,000 and converged quickly (at less than n = 1,000). Ensembles of best-performing methods using random forests and neural networks generated AUC of ~0.9 with n = 10,000. Several important insights regarding parameter choice and sample size were gained for guiding the experimental design of studies. Our data are also supportive of the feasibility of reliably reconstructing complex neuronal connectivity using existing techniques. △ Less

Submitted 15 March, 2016; originally announced March 2016.

On the "Naturalness" of Buggy Code

Authors: Baishakhi Ray, Vincent Hellendoorn, Saheel Godhane, Zhaopeng Tu, Alberto Bacchelli, Premkumar Devanbu

Abstract: Real software, the kind working programmers produce by the kLOC to solve real-world problems, tends to be "natural", like speech or natural language; it tends to be highly repetitive and predictable. Researchers have captured this naturalness of software through statistical models and used them to good effect in suggestion engines, porting tools, coding standards checkers, and idiom miners. This s… ▽ More Real software, the kind working programmers produce by the kLOC to solve real-world problems, tends to be "natural", like speech or natural language; it tends to be highly repetitive and predictable. Researchers have captured this naturalness of software through statistical models and used them to good effect in suggestion engines, porting tools, coding standards checkers, and idiom miners. This suggests that code that appears improbable, or surprising, to a good statistical language model is "unnatural" in some sense, and thus possibly suspicious. In this paper, we investigate this hypothesis. We consider a large corpus of bug fix commits (ca.~8,296), from 10 different Java projects, and we focus on its language statistics, evaluating the naturalness of buggy code and the corresponding fixes. We find that code with bugs tends to be more entropic (i.e., unnatural), becoming less so as bugs are fixed. Focusing on highly entropic lines is similar in cost-effectiveness to some well-known static bug finders (PMD, FindBugs) and ordering warnings from these bug finders using an entropy measure improves the cost-effectiveness of inspecting code implicated in warnings. This suggests that entropy may be a valid language-independent and simple way to complement the effectiveness of PMD or FindBugs, and that search-based bug-fixing methods may benefit from using entropy both for fault-localization and searching for fixes. △ Less

Submitted 10 September, 2015; v1 submitted 3 June, 2015; originally announced June 2015.

Comments: 12 pages

MSC Class: 68N30

Design & Implementation Approach for Error Free Clinical Data Repository for the Medical Practitioners

Authors: Kisor Ray, Santanu Ghosh, Mridul Das, Bhaswati Ray

Abstract: The modern treatment of any disease is heavily dependent on the medical diagnosis. Clinical data obtained through the diagnostics tests need to be collected and entered into the computer database in order to make a clinical data repository. In most of the cases, manual entry is an absolute necessity. However, manual entry can cause errors also, leading to wrong diagnosis. This paper explains how d… ▽ More The modern treatment of any disease is heavily dependent on the medical diagnosis. Clinical data obtained through the diagnostics tests need to be collected and entered into the computer database in order to make a clinical data repository. In most of the cases, manual entry is an absolute necessity. However, manual entry can cause errors also, leading to wrong diagnosis. This paper explains how data could be entered free of error to reduce the chances of wrong diagnosis by designing and implementation of a simple database driven application. △ Less

Submitted 30 March, 2015; originally announced March 2015.

Comments: 04 pages, 04 Figures, International Journal of Computer Trends and Technology, Volume-21 Number-2,2015, ISSN 2231-2803

ACM Class: H.4.0

Effect of thermal and cryogenic conditioning on flexural behavior of thermally shocked Cu-Al2O3 micro- and nano-composites

Authors: Khushbu Dash, Sujata Panda, Bankim Chandra Ray

Abstract: This investigation has used flexural test to explore the effects of thermal treatments, i.e., high-temperature and cryogenic environments on the mechanical property of alumina particulate-reinforced Cu metal matrix micro and nanocomposites in ex-situ and in-situ conditions. Cu-5 vol. pct alumina micro (10 micron)- and nanocomposites (<50 nm) fabricated by powder metallurgy route were subjected to… ▽ More This investigation has used flexural test to explore the effects of thermal treatments, i.e., high-temperature and cryogenic environments on the mechanical property of alumina particulate-reinforced Cu metal matrix micro and nanocomposites in ex-situ and in-situ conditions. Cu-5 vol. pct alumina micro (10 micron)- and nanocomposites (<50 nm) fabricated by powder metallurgy route were subjected to up-thermal shock cycle [193 K to 353 K (-80C to 80C)] and down-thermal shock cycle [193 K to 353 K (from 80C to -80C)] for different time periods followed by 3-point bend test. One batch of specimens (micro and nanocomposites) was conditioned at [193 K to 353 K (from 80C to -80C)] separately followed by 3-point flexural test. High-temperature flexural test was performed at [373 K to 523 K (100C to 250C)] on the micro and nanocomposites. All the fractured samples obtained after various thermal treatments were studied under scanning electron microscope (SEM). The development of thermal stresses quite often results in concentration of residual stresses at the particle/matrix interface eventually weakening it. Enhancement of flexural strength was recorded for down- as well as for up-thermal shock in microcomposites. The high-temperature flexural strengths of micro and nanocomposites are lower than those at ambient temperature. The amelioration and declination in mechanical properties as a consequence of thermal shock, thermal conditioning, and high-temperature flexural testing have been discussed in the light of fractography. △ Less

Submitted 6 November, 2014; originally announced November 2014.

Journal ref: Metallurgical and Materials Transactions A, Volume 45, Issue 3 , pp 1567-1578, 2014