Science of Computer Programming最新文献

英文中文

Design patterns applied in the development of serious games for cognitive-affective training 设计模式在认知情感训练严肃游戏开发中的应用

IF 1.4 4区计算机科学 Q3 COMPUTER SCIENCE, SOFTWARE ENGINEERING

Science of Computer Programming

Pub Date : 2025-08-05 DOI: 10.1016/j.scico.2025.103378

Claudia Gómez Llanez , Paola Vallejo , Jose Aguilar

Game developers have been widely adopting software design patterns (SDPs) for their usefulness in providing maintainability, scalability, and adaptability to their software products. Nevertheless, their systematic application to cognitive-affective training in the context of Serious Games (SG) has not been explored. In turn, the definition of a Cognitive-Affective model (COGAF) for SGs facilitates their use in training cognitive and affective aspects in users. This article focuses on integrating SDPs into the COGAF model to facilitate the development of SGs. The paper presents four design patterns to simplify SG development based on the COGAF model. The SDPs used in the COGAF model create a set of Java classes, which embody the architectural principles of Serious Game Design Patterns (SGDP) for cognitive-affective training. Integrating design patterns (Template Method, Factory Method, Composite, and Strategy) in COGAF contributes to the organization, reuse and maintenance of code in SGs, reducing development complexity. We validate our proposal in four ways, the first with a case study involving user interaction in SGs, the second by implementing competency questions, the third, by assessing the usability and subjective player experience, and the fourth is a statistical evaluation to assess the development times of SG developers using extended and classic COGAF. The results show that integrating design patterns into COGAF improves code organization, which translates into improved development times for SG developers. In turn, the quality and effectiveness of cognitive-affective training with the generated SGs are not affected, ensuring the coherence and completeness of the proposal.

游戏开发者一直在广泛采用软件设计模式（sdp），因为它们在为软件产品提供可维护性、可伸缩性和适应性方面非常有用。然而，它们在严肃游戏（SG）背景下的认知情感训练中的系统应用尚未被探索。反过来，认知-情感模型（COGAF）的定义有助于他们在训练用户认知和情感方面的使用。本文的重点是将sdp集成到COGAF模型中，以促进SGs的开发。本文提出了基于COGAF模型的四种简化SG开发的设计模式。COGAF模型中使用的sdp创建了一组Java类，这些类体现了用于认知情感训练的严肃游戏设计模式（Serious Game Design Patterns， SGDP）的架构原则。在COGAF中集成设计模式（模板方法、工厂方法、组合和策略）有助于在SGs中组织、重用和维护代码，从而降低开发复杂性。我们通过四种方式来验证我们的建议，第一种是关于《SGs》用户互动的案例研究，第二种是执行能力问题，第三种是通过评估可用性和主观玩家体验，第四种是使用扩展和经典COGAF来评估《SGs》开发者的开发时间。结果表明，将设计模式集成到COGAF中可以改善代码组织，从而改善SG开发人员的开发时间。反过来，生成的认知情感训练的质量和有效性不受影响，确保了建议的连贯性和完整性。

{"title":"Design patterns applied in the development of serious games for cognitive-affective training","authors":"Claudia Gómez Llanez , Paola Vallejo , Jose Aguilar","doi":"10.1016/j.scico.2025.103378","DOIUrl":"10.1016/j.scico.2025.103378","url":null,"abstract":"<div><div>Game developers have been widely adopting software design patterns (SDPs) for their usefulness in providing maintainability, scalability, and adaptability to their software products. Nevertheless, their systematic application to cognitive-affective training in the context of Serious Games (SG) has not been explored. In turn, the definition of a Cognitive-Affective model (COGAF) for SGs facilitates their use in training cognitive and affective aspects in users. This article focuses on integrating SDPs into the COGAF model to facilitate the development of SGs. The paper presents four design patterns to simplify SG development based on the COGAF model. The SDPs used in the COGAF model create a set of Java classes, which embody the architectural principles of Serious Game Design Patterns (SGDP) for cognitive-affective training. Integrating design patterns (Template Method, Factory Method, Composite, and Strategy) in COGAF contributes to the organization, reuse and maintenance of code in SGs, reducing development complexity. We validate our proposal in four ways, the first with a case study involving user interaction in SGs, the second by implementing competency questions, the third, by assessing the usability and subjective player experience, and the fourth is a statistical evaluation to assess the development times of SG developers using extended and classic COGAF. The results show that integrating design patterns into COGAF improves code organization, which translates into improved development times for SG developers. In turn, the quality and effectiveness of cognitive-affective training with the generated SGs are not affected, ensuring the coherence and completeness of the proposal.</div></div>","PeriodicalId":49561,"journal":{"name":"Science of Computer Programming","volume":"248 ","pages":"Article 103378"},"PeriodicalIF":1.4,"publicationDate":"2025-08-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144867124","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Typing tensor calculus in 2-categories (I) 2类张量微积分的类型化(I)

IF 1.4 4区计算机科学 Q3 COMPUTER SCIENCE, SOFTWARE ENGINEERING

Science of Computer Programming

Pub Date : 2025-07-29 DOI: 10.1016/j.scico.2025.103376

Fatimah Rita Ahmadi

To formalize calculations in linear algebra for the development of efficient algorithms and a framework suitable for functional programming languages and faster parallel computations, we adopt an approach that treats linear algebraic structures, such as matrices, as morphisms in the category of matrices,

Ma t_{k}

. We further generalize this framework to arbitrary monoidal semiadditive categories. To extend this perspective and incorporate higher-rank matrices (tensors), we introduce the notion of semiadditive 2-categories, where matrices

T_{i j}

are interpreted as 1-morphisms and tensors with four indices

T_{i j k l}

as 2-morphisms. This formalization provides an index-free, typed framework for linear algebra that naturally accommodates matrices and tensors with up to four indices. Moreover, we extend the framework to monoidal semiadditive 2-categories and demonstrate explicit operations and vectorization techniques within the 2-category of 2Vec, as introduced by Kapranov and Voevodsky.

为了形式化线性代数中的计算，以开发有效的算法和适合函数式编程语言和更快的并行计算的框架，我们采用了一种方法，将线性代数结构（如矩阵）视为矩阵（Matk）类别中的态射。我们进一步将这个框架推广到任意一元半加性范畴。为了扩展这一观点并纳入高秩矩阵（张量），我们引入了半加性2-范畴的概念，其中矩阵Tij被解释为1-态射，具有四指标的张量Tijkl被解释为2-态射。这种形式化为线性代数提供了一个无索引的类型化框架，它可以自然地容纳具有最多四个指标的矩阵和张量。此外，我们将框架扩展到一元半可加的2范畴，并演示了由Kapranov和Voevodsky引入的2Vec的2范畴内的显式运算和向量化技术。

{"title":"Typing tensor calculus in 2-categories (I)","authors":"Fatimah Rita Ahmadi","doi":"10.1016/j.scico.2025.103376","DOIUrl":"10.1016/j.scico.2025.103376","url":null,"abstract":"<div><div>To formalize calculations in linear algebra for the development of efficient algorithms and a framework suitable for functional programming languages and faster parallel computations, we adopt an approach that treats linear algebraic structures, such as matrices, as morphisms in the category of matrices, <span><math><mi>Ma</mi><msub><mrow><mi>t</mi></mrow><mrow><mi>k</mi></mrow></msub></math></span>. We further generalize this framework to arbitrary monoidal semiadditive categories. To extend this perspective and incorporate higher-rank matrices (tensors), we introduce the notion of semiadditive 2-categories, where matrices <span><math><msub><mrow><mi>T</mi></mrow><mrow><mi>i</mi><mi>j</mi></mrow></msub></math></span> are interpreted as 1-morphisms and tensors with four indices <span><math><msub><mrow><mi>T</mi></mrow><mrow><mi>i</mi><mi>j</mi><mi>k</mi><mi>l</mi></mrow></msub></math></span> as 2-morphisms. This formalization provides an index-free, typed framework for linear algebra that naturally accommodates matrices and tensors with up to four indices. Moreover, we extend the framework to monoidal semiadditive 2-categories and demonstrate explicit operations and vectorization techniques within the 2-category of <strong>2Vec</strong>, as introduced by Kapranov and Voevodsky.</div></div>","PeriodicalId":49561,"journal":{"name":"Science of Computer Programming","volume":"248 ","pages":"Article 103376"},"PeriodicalIF":1.4,"publicationDate":"2025-07-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144723774","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

A programming framework for distributed computing continuum systems 分布式计算连续体系统的编程框架

IF 1.4 4区计算机科学 Q3 COMPUTER SCIENCE, SOFTWARE ENGINEERING

Science of Computer Programming

Pub Date : 2025-07-24 DOI: 10.1016/j.scico.2025.103366

Zhehao Zhao, Yifeng Chen

Distributed Computing Continuum Systems (DCCS) integrate a large-scale cloud side and a wide-area heterogeneous edge side within the same network environment and is therefore a more general computing paradigm than cloud or edge computing. There are currently no programming technologies suitable for the support of DCCS application development. In this paper, we introduce a programming framework called Wolfs, which uses only basic programming constructs from programming-language theories. The framework is communication-centric in the sense that high-level communication models and lower-level communication protocols are organised in a hierarchy. Data-processing computations are inserted in the hierarchy as actions. This design allows application-level information to influence network routing and connection management. Wolfs programming is demonstrated in two case studies.

分布式计算连续系统（DCCS）在相同的网络环境中集成了大规模的云计算端和广域异构边缘计算端，因此是比云计算或边缘计算更通用的计算范式。目前还没有适合支持DCCS应用程序开发的编程技术。在本文中，我们介绍了一个称为Wolfs的编程框架，它只使用编程语言理论中的基本编程结构。该框架是以通信为中心的，因为高层通信模型和低层通信协议在层次结构中组织。数据处理计算作为操作插入到层次结构中。这种设计允许应用程序级信息影响网络路由和连接管理。Wolfs编程在两个案例研究中进行了演示。

引用次数: 0

Optimization of Farkas' Lemma-based linear invariant generation using divide-and-conquer with pruning 基于Farkas引理的线性不变生成方法的分治与剪枝优化

IF 1.5 4区计算机科学 Q3 COMPUTER SCIENCE, SOFTWARE ENGINEERING

Science of Computer Programming

Pub Date : 2025-07-16 DOI: 10.1016/j.scico.2025.103361

Ruibang Liu, Hongming Liu, Guoqiang Li

Formal verification plays a critical role in contemporary computer science, offering mathematically rigorous methods to ensure the correctness, reliability, and security of programs. Loops, due to their complexity and uncertainty, have become a major challenge in program verification. Loop invariants are often employed to abstract the properties of loops within a program, making the automatic generation of such invariants a pivotal challenge. Among the various methods, template-based frameworks grounded in Farkas' Lemma are recognized for their effectiveness in generating tight invariants in the realm of constraint solving. Recent advances have identified the conversion from conjunctive normal form (CNF) to disjunctive normal form (DNF) as a major bottleneck, leading to a combinatorial explosion. In this study, we introduce an optimized algorithm to address the combinatorial explosion by trading off space for time efficiency. Our approach employs two key strategies, divide-and-conquer, and pruning, to boost speed. First, we apply a divide-and-conquer strategy to decompose a complex problem into smaller, more manageable subproblems that can be solved quickly and in parallel. Second, we intelligently apply a pruning strategy, navigating the depth-first search process to avoid unnecessary checks. These improvements maintain the accuracy and speed up the analysis. We constructed a small dataset to showcase the superiority of our tool, which achieved an average speedup of 9.27x on this dataset. The experiments demonstrate that our method provides significant acceleration while maintaining accuracy and indicate that our approach outperforms the state-of-the-art methods.

形式验证在当代计算机科学中起着至关重要的作用，它提供了数学上严格的方法来确保程序的正确性、可靠性和安全性。循环由于其复杂性和不确定性，已成为程序验证的主要挑战。循环不变量经常被用来抽象程序中循环的属性，这使得自动生成这种不变量成为一个关键的挑战。在各种方法中，基于Farkas引理的基于模板的框架因其在约束求解领域生成紧密不变量的有效性而得到认可。最近的进展已经确定了从合取范式（CNF）到析取范式（DNF）的转换是导致组合爆炸的主要瓶颈。在本研究中，我们引入了一种优化算法来解决组合爆炸，通过权衡空间和时间效率。我们的方法采用了两个关键策略，分而治之和修剪，以提高速度。首先，我们采用分而治之的策略将复杂问题分解为更小、更易于管理的子问题，这些子问题可以快速并行地解决。其次，我们智能地应用修剪策略，导航深度优先搜索过程以避免不必要的检查。这些改进保持了准确性并加快了分析速度。我们构建了一个小数据集来展示我们的工具的优越性，它在这个数据集上实现了9.27倍的平均加速。实验表明，我们的方法在保持精度的同时提供了显著的加速，并表明我们的方法优于最先进的方法。

{"title":"Optimization of Farkas' Lemma-based linear invariant generation using divide-and-conquer with pruning","authors":"Ruibang Liu, Hongming Liu, Guoqiang Li","doi":"10.1016/j.scico.2025.103361","DOIUrl":"10.1016/j.scico.2025.103361","url":null,"abstract":"<div><div>Formal verification plays a critical role in contemporary computer science, offering mathematically rigorous methods to ensure the correctness, reliability, and security of programs. Loops, due to their complexity and uncertainty, have become a major challenge in program verification. Loop invariants are often employed to abstract the properties of loops within a program, making the automatic generation of such invariants a pivotal challenge. Among the various methods, template-based frameworks grounded in Farkas' Lemma are recognized for their effectiveness in generating tight invariants in the realm of constraint solving. Recent advances have identified the conversion from conjunctive normal form (CNF) to disjunctive normal form (DNF) as a major bottleneck, leading to a combinatorial explosion. In this study, we introduce an optimized algorithm to address the combinatorial explosion by trading off space for time efficiency. Our approach employs two key strategies, divide-and-conquer, and pruning, to boost speed. First, we apply a divide-and-conquer strategy to decompose a complex problem into smaller, more manageable subproblems that can be solved quickly and in parallel. Second, we intelligently apply a pruning strategy, navigating the depth-first search process to avoid unnecessary checks. These improvements maintain the accuracy and speed up the analysis. We constructed a small dataset to showcase the superiority of our tool, which achieved an average speedup of 9.27x on this dataset. The experiments demonstrate that our method provides significant acceleration while maintaining accuracy and indicate that our approach outperforms the state-of-the-art methods.</div></div>","PeriodicalId":49561,"journal":{"name":"Science of Computer Programming","volume":"247 ","pages":"Article 103361"},"PeriodicalIF":1.5,"publicationDate":"2025-07-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144656371","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Intrathread method orders based adaptive testing of concurrent objects 基于线程内方法顺序的并发对象自适应测试

IF 1.5 4区计算机科学 Q3 COMPUTER SCIENCE, SOFTWARE ENGINEERING

Science of Computer Programming

Pub Date : 2025-07-15 DOI: 10.1016/j.scico.2025.103362

Yibo Dai , Li Xie , Peng Wu , Shecheng Cui , Linhai Ma

Concurrent data structures or classes are designed to provide safe accesses and simultaneous updates by multiple threads to shared objects in a concurrent environment, with the goal of enhancing parallelism and throughput. However, testing concurrent objects poses significant challenges due to the potential explosion of concurrency test spaces, the variety of programming vulnerabilities, and the inherent nondeterminism of concurrent test executions. In this paper, we propose an Intrathread Method Orders based Adaptive Concurrency Testing (IMOACT) framework for concurrent objects. IMOACT can capture diverse behaviors of interthread method pairs through characterizing concurrent execution contexts with intrathread method orders. Moreover, IMOACT can adaptively optimize concurrent test executions by generating scheduling sequences based on the key scheduling points visited so far, streamlining test generation and execution organically across multiple tests. Experimental case studies with typical C/C++ concurrent classes demonstrate that IMOACT outperforms baseline approaches. On average, IMOACT promotes the effectiveness of detecting concurrency bugs by 65%, and achieves a speedup of 2.43x compared to the underlying state-of-the-art concurrency testing approach.

并发数据结构或类旨在为多线程对并发环境中的共享对象提供安全访问和同步更新，其目标是增强并行性和吞吐量。然而，由于并发测试空间的潜在爆炸、编程漏洞的多样性以及并发测试执行固有的不确定性，测试并发对象带来了重大挑战。本文提出了一种基于线程内方法顺序的自适应并发测试（IMOACT）框架。IMOACT可以通过用线程内方法顺序描述并发执行上下文来捕获线程间方法对的各种行为。此外，IMOACT可以通过基于目前访问的关键调度点生成调度序列来自适应地优化并发测试执行，从而跨多个测试有机地简化测试生成和执行。典型C/ c++并发类的实验案例研究表明，IMOACT优于基线方法。平均而言，IMOACT将并发bug检测的效率提高了65%，与底层最先进的并发测试方法相比，速度提高了2.43倍。

{"title":"Intrathread method orders based adaptive testing of concurrent objects","authors":"Yibo Dai , Li Xie , Peng Wu , Shecheng Cui , Linhai Ma","doi":"10.1016/j.scico.2025.103362","DOIUrl":"10.1016/j.scico.2025.103362","url":null,"abstract":"<div><div>Concurrent data structures or classes are designed to provide safe accesses and simultaneous updates by multiple threads to shared objects in a concurrent environment, with the goal of enhancing parallelism and throughput. However, testing concurrent objects poses significant challenges due to the potential explosion of concurrency test spaces, the variety of programming vulnerabilities, and the inherent nondeterminism of concurrent test executions. In this paper, we propose an Intrathread Method Orders based Adaptive Concurrency Testing (IMOACT) framework for concurrent objects. IMOACT can capture diverse behaviors of interthread method pairs through characterizing concurrent execution contexts with intrathread method orders. Moreover, IMOACT can adaptively optimize concurrent test executions by generating scheduling sequences based on the key scheduling points visited so far, streamlining test generation and execution organically across multiple tests. Experimental case studies with typical C/C++ concurrent classes demonstrate that IMOACT outperforms baseline approaches. On average, IMOACT promotes the effectiveness of detecting concurrency bugs by 65%, and achieves a speedup of 2.43x compared to the underlying state-of-the-art concurrency testing approach.</div></div>","PeriodicalId":49561,"journal":{"name":"Science of Computer Programming","volume":"248 ","pages":"Article 103362"},"PeriodicalIF":1.5,"publicationDate":"2025-07-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144663008","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

WEST: Interactive validation of Mission-time Linear Temporal Logic (MLTL) 任务时间线性时间逻辑（MLTL）的交互验证

IF 1.5 4区计算机科学 Q3 COMPUTER SCIENCE, SOFTWARE ENGINEERING

Science of Computer Programming

Pub Date : 2025-07-15 DOI: 10.1016/j.scico.2025.103365

Wang Zili, Gamboa Guzman Laura P., Rozier Kristin Y.

Mission-time Linear Temporal Logic (MLTL) is a finite, discrete, closed-interval-bounded variant of Metric Temporal Logic (MTL) that formal methods practitioners use to specify requirements for safety-critical systems, such as aircraft and spacecraft. Our tool addresses the specification bottleneck of formal verification by providing an interactive visualization tool for MLTL that allows practitioners to validate that their MLTL specifications do indeed match the intended requirements. We provide an overview of the functionalities of the command-line interface and the graphical user interface of the WEST tool. Additionally, we provide five independent methods used to validate the tool's correctness, as well as experimental results demonstrating the tool's scalability on three suites of randomly generated MLTL formulas.

任务时间线性时间逻辑（MLTL）是度量时间逻辑（MTL）的一种有限的、离散的、闭区间有界的变体，正式方法实践者使用它来指定安全关键系统（如飞机和航天器）的需求。我们的工具通过为MLTL提供一个交互式可视化工具来解决正式验证的规范瓶颈，该工具允许从业者验证他们的MLTL规范确实符合预期的需求。我们概述了WEST工具的命令行界面和图形用户界面的功能。此外，我们提供了五种独立的方法来验证工具的正确性，以及实验结果，证明了该工具在三组随机生成的MLTL公式上的可扩展性。

引用次数: 0

Formal Techniques for Safety-Critical Systems (FTSCS 2023) 安全关键系统的正式技术（FTSCS 2023）

IF 1.4 4区计算机科学 Q3 COMPUTER SCIENCE, SOFTWARE ENGINEERING

Science of Computer Programming

Pub Date : 2025-07-11 DOI: 10.1016/j.scico.2025.103363

Cyrille Artho , Peter Csaba Ölveczky

引用次数: 0

Preface Special Issue SCICO on HSCC2024-software 特别发行SCICO on HSCC2024-software

IF 1.4 4区计算机科学 Q3 COMPUTER SCIENCE, SOFTWARE ENGINEERING

Science of Computer Programming

Pub Date : 2025-07-11 DOI: 10.1016/j.scico.2025.103364

Erika Abraham (The Guest Editor) , Manuel Mazo Espinosa (The Guest Editor)

引用次数: 0

Grits: A message-passing programming language based on the semi-axiomatic sequent calculus Grits：一种基于半公理序列演算的消息传递编程语言

IF 1.5 4区计算机科学 Q3 COMPUTER SCIENCE, SOFTWARE ENGINEERING

Science of Computer Programming

Pub Date : 2025-07-08 DOI: 10.1016/j.scico.2025.103360

Adrian Francalanza , Gerard Tabone , Frank Pfenning

This paper introduces Grits, a channel-based message-passing concurrent language based on the semi-axiomatic sequent calculus, a logical foundation underpinning intuitionistic session types. The language leverages modalities from adjoint logic to express a number of programming idioms such as broadcast communication and message cancellation. The Grits interpreter is developed using Go, and consists primarily of two components: a type-checker and an evaluator.

Grits是一种基于信道的消息传递并发语言，它基于半公理序列演算，是支持直觉会话类型的逻辑基础。该语言利用伴随逻辑的模态来表达许多编程习惯用法，如广播通信和消息取消。Grits解释器是用Go语言开发的，主要由两个组件组成：类型检查器和求值器。

引用次数: 0

Detecting duplicate vulnerability records across databases 检测跨数据库的重复漏洞记录

IF 1.5 4区计算机科学 Q3 COMPUTER SCIENCE, SOFTWARE ENGINEERING

Science of Computer Programming

Pub Date : 2025-07-07 DOI: 10.1016/j.scico.2025.103357

Kangliang Zhu , Wenhua Yang , Minxue Pan , Yu Zhou

Vulnerability databases are critical repositories that aggregate information about known security vulnerabilities across various software products. However, the existence of multiple, heterogeneous databases often leads to duplicate vulnerability records, necessitating significant manual effort by maintainers to identify and consolidate these duplicates. This study addresses the challenge of detecting duplicate vulnerabilities across different databases by proposing a combined method that integrates cosine similarity measures with a fine-tuned BERT-based language model. We constructed a comprehensive duplicate vulnerability dataset by analyzing records from prominent databases such as CVE, OSV, and the GitHub Advisory Database. Our method was evaluated against several baseline techniques, including similarity-based and deep learning-based approaches, demonstrating superior performance across multiple metrics, including Hit Rate@N, Mean Reciprocal Rank (MRR), Mean Rank, and Median Rank. Additionally, our method proved effective in practical scenarios involving ongoing database maintenance, showcasing its ability to generalize to unseen data. The findings highlight the potential of integrating traditional similarity measures with advanced language models to enhance the accuracy and efficiency of duplicate vulnerability detection, thereby facilitating more reliable vulnerability management.

漏洞数据库是汇集各种软件产品中已知安全漏洞信息的关键存储库。然而，多个异构数据库的存在通常会导致重复的漏洞记录，这就需要维护人员进行大量的手工工作来识别和整合这些重复的漏洞。本研究通过提出一种将余弦相似性度量与微调的基于bert的语言模型集成在一起的组合方法，解决了在不同数据库中检测重复漏洞的挑战。我们通过分析CVE、OSV和GitHub Advisory Database等知名数据库的记录，构建了一个全面的重复漏洞数据集。我们的方法根据几种基线技术进行了评估，包括基于相似性和基于深度学习的方法，在多个指标上表现出卓越的性能，包括Hit Rate@N、Mean Reciprocal Rank （MRR）、Mean Rank和Median Rank。此外，我们的方法在涉及正在进行的数据库维护的实际场景中被证明是有效的，展示了它泛化到不可见数据的能力。研究结果表明，将传统的相似度度量与先进的语言模型相结合，可以提高重复漏洞检测的准确性和效率，从而促进更可靠的漏洞管理。

{"title":"Detecting duplicate vulnerability records across databases","authors":"Kangliang Zhu , Wenhua Yang , Minxue Pan , Yu Zhou","doi":"10.1016/j.scico.2025.103357","DOIUrl":"10.1016/j.scico.2025.103357","url":null,"abstract":"<div><div>Vulnerability databases are critical repositories that aggregate information about known security vulnerabilities across various software products. However, the existence of multiple, heterogeneous databases often leads to duplicate vulnerability records, necessitating significant manual effort by maintainers to identify and consolidate these duplicates. This study addresses the challenge of detecting duplicate vulnerabilities across different databases by proposing a combined method that integrates cosine similarity measures with a fine-tuned BERT-based language model. We constructed a comprehensive duplicate vulnerability dataset by analyzing records from prominent databases such as CVE, OSV, and the GitHub Advisory Database. Our method was evaluated against several baseline techniques, including similarity-based and deep learning-based approaches, demonstrating superior performance across multiple metrics, including Hit Rate@N, Mean Reciprocal Rank (MRR), Mean Rank, and Median Rank. Additionally, our method proved effective in practical scenarios involving ongoing database maintenance, showcasing its ability to generalize to unseen data. The findings highlight the potential of integrating traditional similarity measures with advanced language models to enhance the accuracy and efficiency of duplicate vulnerability detection, thereby facilitating more reliable vulnerability management.</div></div>","PeriodicalId":49561,"journal":{"name":"Science of Computer Programming","volume":"247 ","pages":"Article 103357"},"PeriodicalIF":1.5,"publicationDate":"2025-07-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"144571314","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

首页上一页

下一页尾页

类型

全部化学•材料生命科学医学物理工程技术环境•农林材料科学地球科学法学管理学化学环境科学与生态学计算机科学教育学经济学农林科学人文科学生物学数学物理与天体物理心理学综合性期刊其他工业工程理学历史学农学文学信息工程

数据库

全部 ACS Publications Elsevier ieeexplore Springer The Royal Society of Chemistry Wiley

期刊

Science of Computer Programming

全部 Acc. Chem. Res. ACS Applied Bio Materials ACS Appl. Electron. Mater. ACS Appl. Energy Mater. ACS Appl. Mater. Interfaces ACS Appl. Nano Mater. ACS Appl. Polym. Mater. ACS BIOMATER-SCI ENG ACS Catal. ACS Cent. Sci. ACS Chem. Biol. ACS Chemical Health & Safety ACS Chem. Neurosci. ACS Comb. Sci. ACS Earth Space Chem. ACS Energy Lett. ACS Infect. Dis. ACS Macro Lett. ACS Mater. Lett. ACS Med. Chem. Lett. ACS Nano ACS Omega ACS Photonics ACS Sens. ACS Sustainable Chem. Eng. ACS Synth. Biol. Anal. Chem. BIOCHEMISTRY-US Bioconjugate Chem. BIOMACROMOLECULES Chem. Res. Toxicol. Chem. Rev. Chem. Mater. CRYST GROWTH DES ENERG FUEL Environ. Sci. Technol. Environ. Sci. Technol. Lett. Eur. J. Inorg. Chem. IND ENG CHEM RES Inorg. Chem. J. Agric. Food. Chem. J. Chem. Eng. Data J. Chem. Educ. J. Chem. Inf. Model. J. Chem. Theory Comput. J. Med. Chem. J. Nat. Prod. J PROTEOME RES J. Am. Chem. Soc. LANGMUIR MACROMOLECULES Mol. Pharmaceutics Nano Lett. Org. Lett. ORG PROCESS RES DEV ORGANOMETALLICS J. Org. Chem. J. Phys. Chem. J. Phys. Chem. A J. Phys. Chem. B J. Phys. Chem. C J. Phys. Chem. Lett. Analyst Anal. Methods Biomater. Sci. Catal. Sci. Technol. Chem. Commun. Chem. Soc. Rev. CHEM EDUC RES PRACT CRYSTENGCOMM Dalton Trans. Energy Environ. Sci. ENVIRON SCI-NANO ENVIRON SCI-PROC IMP ENVIRON SCI-WAT RES Faraday Discuss. Food Funct. Green Chem. Inorg. Chem. Front. Integr. Biol. J. Anal. At. Spectrom. J. Mater. Chem. A J. Mater. Chem. B J. Mater. Chem. C Lab Chip Mater. Chem. Front. Mater. Horiz. MEDCHEMCOMM Metallomics Mol. Biosyst. Mol. Syst. Des. Eng. Nanoscale Nanoscale Horiz. Nat. Prod. Rep. New J. Chem. Org. Biomol. Chem. Org. Chem. Front. PHOTOCH PHOTOBIO SCI PCCP Polym. Chem.

﹀