Abstract:As core programmable components of blockchain, smart contracts are responsible for asset management and the execution of complex business logic, forming the foundation of decentralized finance (DeFi) protocols. However, with the rapid advancement of blockchain technology, security issues related to smart contracts and DeFi protocols have become increasingly prominent, attracting numerous attackers seeking to exploit vulnerabilities for illicit gains. In recent years, several major security incidents involving smart contracts and DeFi protocols have highlighted the importance of vulnerability detection research, making it a critical area for security defense. This study systematically reviews existing literature and proposes a comprehensive framework for research on vulnerability detection in smart contracts and DeFi protocols. Specifically, vulnerabilities and detection techniques are categorized and analyzed for both domains. For smart contracts, the study focuses on the application of large language models (LLM) as primary detection engines and their integration with traditional methods. For DeFi protocols, it categorizes and details various protocol-level vulnerabilities and their detection methods, analyzing the strengths and limitations of detection strategies before and after attacks, addressing gaps in existing reviews on DeFi vulnerability detection. Finally, this study summarizes the challenges faced by current detection approaches and outlines future research directions, aiming to provide new insights and theoretical support for the security detection of smart contracts and DeFi protocols.

Abstract:As the foundation of AI, deep learning frameworks play a vital role in driving the rapid progress of AI technologies. However, due to the lack of unified standards, compatibility across different frameworks remains limited. Faithful model transformation enhances interoperability by converting a source model into an equivalent model in the target framework. However, the large number and diversity of deep learning frameworks, combined with the increasing demand for custom frameworks, lead to high conversion costs. To address this issue, this study proposes an automatic AI source code migration method between frameworks based on a domain knowledge graph. The method integrates domain knowledge graphs and abstract syntax trees to systematically manage migration challenges. First, the source code is transformed into a framework-specific abstract syntax tree, from which general dependency information and operator-specific details are extracted. By applying the operator and parameter mappings stored in the domain knowledge graph, the code is migrated to the target framework, generating equivalent target model code while significantly reducing engineering complexity. Compared with existing code migration tools, the proposed method supports mutual migration among widely used deep learning frameworks, such as PyTorch, PaddlePaddle, and MindSpore. The approach has proven to be both mature and reliable, with part of its implementation open-sourced in Baidu’s official migration tool, PaConvert.

Abstract:With the rapid development of merchant review websites, the volume of content on these websites has increased significantly, making it challenging for users to quickly find valuable reviews. This study introduces a new task, “multimodal customized review generation”. The task aims to generate customized reviews for specific users about products they have not yet reviewed, thus providing valuable insights into these products. To achieve this goal, this study explores a multimodal review generation framework based on a pre-trained language model. Specifically, a multimodal pre-trained language model is employed, which takes product images and user preferences as inputs. The visual and textual features are then fused to generate customized reviews. Experimental results demonstrate that the proposed model is effective in generating high-quality customized reviews.

Abstract:Code comments serve as natural-language descriptions of the source code functionality, helping developers quickly understand the code’s semantics and functionality, thus improving software development and maintenance efficiency. However, writing and maintaining code comments is time-consuming and labor-intensive, often leading to issues such as absence, inconsistency, and obsolescence. Therefore, the automatic generation of comments for source code has attracted significant attention. Existing methods typically use information retrieval techniques or deep learning techniques for automatic code comment generation, but both have their limitations. Some research has integrated these two techniques, but such approaches often fail to effectively leverage the advantages of both methods. To address these issues, this study proposes a semantic reranking-based code comment generation method, SRBCS. SRBCS employs a semantic reranking model to rank and select comments generated by various approaches, thus integrating multiple methods and maximizing their respective strengths in the comment generation process. We compared SRBCS with 11 code comment generation approaches on two subject datasets. Experimental results demonstrate that SRBCS effectively integrates different approaches and outperforms existing methods in code comment generation.

Abstract:The safety of autonomous driving systems (ADSs) is crucial for the implementation of autonomous vehicles (AVs). Therefore, ADSs must undergo thorough evaluation before being released and deployed publicly. Generating diverse, safety-critical test scenarios is a key task for ADS testing. Existing methods for generating ADS test scenarios include reproducing real-world traffic accidents or using search-based techniques. However, the accident-based scenario often fails to uncover safety violations in ADSs due to the gap between human driving and ADSs. The search-based approach tends to produce scenarios with high similarity because of the limitations of the search algorithm. To address these issues, this study proposes LEADE, a road network modeling-based safety-critical scenario generation and adaptive evolution method for ADSs. Specifically, it constructs abstract scenarios from user test requirements and generates concrete scenarios through road network modeling. LEADE then employs an improved adaptive evolutionary search to generate diverse safety-critical scenarios for testing the ADS. LEADE is implemented and evaluated on an industrial-grade full-stack ADS platform, Baidu Apollo. Experimental results demonstrate that LEADE can effectively and efficiently generate safety-critical scenarios and expose 10 diverse safety violations of Apollo. LEADE outperforms two state-of-the-art search-based ADS testing techniques by identifying 4 new types of safety-critical scenarios on the same roads.

Abstract:Key classes are a crucial starting point for understanding complex software, contributing to the optimization of documentation and the compression of reverse-engineered class diagrams. Although many effective key class identification methods have been proposed, three major limitations remain: 1) software networks, which are graphs representing software elements and their dependencies, often include elements that are never or rarely executed at runtime; 2) networks constructed through dynamic analysis are frequently incomplete, potentially omitting truly key classes; and 3) most existing approaches consider only the effect of direct coupling between classes, while ignoring the influence of indirect (non-contact) coupling and the diversity of degree distribution among neighboring nodes. To address these issues, a key class identification approach is proposed that integrates dynamic analysis with a gravitational formula. First, a class coupling network (CCN) is constructed using static analysis to represent classes and their coupling relationships. Second, a gravitational entropy (GEN) metric is introduced to quantify class importance by jointly considering direct and indirect couplings in the CCN and the degree-distribution diversity of neighboring nodes. Third, classes are ranked in descending order based on their GEN values to obtain a preliminary ranking. Finally, dynamic analysis is performed to capture actual runtime interactions between classes, which are used to refine the preliminary results. A threshold is applied to filter out non-key classes, producing a final set of candidate key classes. Experimental results on eight open-source Java projects demonstrate that the proposed method significantly outperforms eleven baseline approaches when considering no more than the top 15% (or top 25) of nodes. The integration of dynamic analysis notably improves the performance of the proposed method. Moreover, the choice of weighting schemes for coupling types has a minimal impact on performance, and the overall computational efficiency is acceptable.

Abstract:Contrastive learning is a self-supervised learning technique widely used in various fields such as computer vision and natural language processing. Graph contrastive learning (GCL) refers to methods that apply contrastive learning techniques to graph data. A review is presented on the basic concepts, methods, and applications of graph contrastive learning. First, the background and significance of GCL, as well as its basic concepts on graph data, are introduced. Then, the mainstream GCL methods are elaborated in detail, including methods with different graph data augmentation strategies, methods with different graph neural network (GNN) encoder structures, and methods with different contrastive loss objectives. Finally, three research ideas for GCL are proposed. Research findings demonstrate that graph contrastive learning is an effective approach for addressing various downstream tasks, including node classification and graph classification.

Abstract:Geo-distributed consortium blockchains leverage the characteristics of decentralization, immutability, and traceability to support large-scale applications such as e-commerce, supply chain management, and finance by distributing nodes across multiple data centers. However, traditional consortium blockchains face challenges in performance, scalability, and elasticity in large-scale deployment. Existing blockchains have proposed various approaches in consensus algorithms, concurrency control, and ledger sharding to address the above challenges. First, consensus algorithms are categorized based on network topology, the number of primary nodes, and network models, and different communication optimization strategies during consensus are explored. Second, the advantages and disadvantages of optimistic concurrency control, dependency graph, deterministic concurrency control, and coordination-free consistency in geo-distributed scenarios are discussed. Next, cross-shard commit protocols for blockchain are categorized, and their cross-region coordination overheads are analyzed. Finally, the technical challenges of existing geo-distributed consortium blockchains are highlighted, and future research directions are provided.

Abstract:Side-channel analysis is a technique that extracts leaked information generated during hardware or software execution to compromise cryptographic keys. Among various approaches, profiling side-channel analysis has been proven to be a powerful method for attacking cryptographic systems. In recent years, the integration of artificial intelligence technology into profiling side-channel analysis has significantly enriched attack strategies and improved efficiency. During the profiling phase, leakage information related to the target device is typically collected by accessing a cloned device. However, practical scenarios often involve discrepancies between the cloned and target devices. Most existing studies rely on a single device for training and validation, resulting in methods that are highly environment-dependent, with limited applicability and poor portability. This study focuses on the portability challenges encountered in complex application scenarios. Challenges arising from variations in parameter settings, algorithm implementations, and hardware differences are analyzed in detail. Solutions and analysis results proposed in recent years are systematically reviewed. Based on this survey, current limitations in portability research on side-channel analysis are summarized, and potential future directions are discussed.

Abstract:In recent years, cryptographic chips have developed rapidly. However, they are also facing a significant threat from non-invasive attacks. Although both international and domestic standards provide testing methods for non-invasive attacks, these standards are formulated for public algorithms and are not applicable to private algorithms, which still present considerable security risks. This study proposes a detection framework for private-algorithm cryptographic chips, which includes three components: timing analysis tests, simple power/electromagnetic analysis tests, and differential power/electromagnetic analysis tests. For the timing analysis test, a method based on average denoising is adopted, which significantly improves the accuracy of execution time measurements. Methods based on visual observation and cross-correlation analysis are presented for simple power/electromagnetic analysis tests. Finally, for differential power analysis, TVLA-1 and TVLA-2 are employed to detect leakages from various sources and evaluate the vulnerabilities of private-algorithm cryptographic chips to differential power attacks. The proposed framework serves as an effective supplement to traditional non-invasive attack detection, significantly expanding its application range. To verify the effectiveness of the framework, black-box experiments are conducted on several cryptographic chips. The results demonstrate that the framework can effectively assess the resilience of private-algorithm cryptographic chips against non-invasive attacks.