During long-term operation,the performance of obstacles would be changed due to the material accumulating upslope the obstacle.However,the effects of retained material on impact,overflow and landing dynamics of granul...During long-term operation,the performance of obstacles would be changed due to the material accumulating upslope the obstacle.However,the effects of retained material on impact,overflow and landing dynamics of granular flow have not yet been elucidated.To address this gap,physical flume tests and discrete element simulations are conducted considering a range of normalized deposition height h0/H from 0 to 1,where h0 and H represent the deposition height and obstacle height,respectively.An analytical model is modified to evaluate the flow velocity and flow depth after interacting with the retained materials,which further serve to calculate the peak impact force on the obstacle.Notably,the computed impact forces successfully predict the experimental results when a≥25°.In addition,the results indicate that a higher h0/H leads to a lower dynamic impact force,a greater landing distance L,and a larger landing coefficient Cr,where Cr is the ratio of slope-parallel component of landing velocity to flow velocity just before landing.Compared to the existing overflow model,the measured landing distance L is underestimated by up to 30%,and therefore it is insufficient for obstacle design when there is retained material.Moreover,the recommended Cr in current design practice is found to be nonconservative for estimating the landing velocity of geophysical flow.This study provides insightful scientific basis for designing obstacles with deposition.展开更多
Different abnormalities are commonly encountered in computer network systems.These types of abnormalities can lead to critical data losses or unauthorized access in the systems.Buffer overflow anomaly is a prominent i...Different abnormalities are commonly encountered in computer network systems.These types of abnormalities can lead to critical data losses or unauthorized access in the systems.Buffer overflow anomaly is a prominent issue among these abnormalities,posing a serious threat to network security.The primary objective of this study is to identify the potential risks of buffer overflow that can be caused by functions frequently used in the PHP programming language and to provide solutions to minimize these risks.Static code analyzers are used to detect security vulnerabilities,among which SonarQube stands out with its extensive library,flexible customization options,and reliability in the industry.In this context,a customized rule set aimed at automatically detecting buffer overflows has been developed on the SonarQube platform.The memoization optimization technique used while creating the customized rule set enhances the speed and efficiency of the code analysis process.As a result,the code analysis process is not repeatedly run for code snippets that have been analyzed before,significantly reducing processing time and resource utilization.In this study,a memoization-based rule set was utilized to detect critical security vulnerabilities that could lead to buffer overflow in source codes written in the PHP programming language.Thus,the analysis process is not repeatedly run for code snippets that have been analyzed before,leading to a significant reduction in processing time and resource utilization.In a case study conducted to assess the effectiveness of this method,a significant decrease in the source code analysis time was observed.展开更多
A simplified integer overflow detection method based on path relaxation is described for avoiding buffer overflow triggered by integer overflow. When the integer overflow refers to the size of the buffer allocated dyn...A simplified integer overflow detection method based on path relaxation is described for avoiding buffer overflow triggered by integer overflow. When the integer overflow refers to the size of the buffer allocated dynamically, this kind of integer overflow is most likely to trigger buffer overflow. Based on this discovery, through lightly static program analysis, the solution traces the key variables referring to the size of a buffer allocated dynamically and it maintains the upper bound and lower bound of these variables. After the constraint information of these traced variables is inserted into the original program, this method tests the program with test cases through path relaxation, which means that it not only reports the errors revealed by the current runtime value of traced variables contained in the test case, but it also examines the errors possibly occurring under the same execution path with all the possible values of the traced variables. The effectiveness of this method is demonstrated in a case study. Compared with the traditional buffer overflow detection methods, this method reduces the burden of detection and improves efficiency.展开更多
Integer overflow vulnerability will cause buffer overflow. The research on the relationship between them will help us to detect integer overflow vulnerability. We present a dynamic analysis methods RICB (Run-time Int...Integer overflow vulnerability will cause buffer overflow. The research on the relationship between them will help us to detect integer overflow vulnerability. We present a dynamic analysis methods RICB (Run-time Integer Checking via Buffer overflow). Our approach includes decompile execute file to assembly language; debug the execute file step into and step out; locate the overflow points and checking buffer overflow caused by integer overflow. We have implemented our approach in three buffer overflow types: format string overflow, stack overflow and heap overflow. Experiments results show that our approach is effective and efficient. We have detected more than 5 known integer overflow vulnerabilities via buffer overflow.展开更多
At the late stage of solidification with ultrasonic treatment (UST) in Al-Si alloys, a part of semisolid overflows and climbs along the probe. The interesting phenomenon and its influence on the solidification micro...At the late stage of solidification with ultrasonic treatment (UST) in Al-Si alloys, a part of semisolid overflows and climbs along the probe. The interesting phenomenon and its influence on the solidification microstructure were investigated in order to better study the mechanism of UST. It is considered that the overflowing phenomenon occurs due to the changes of vibration and flow in the remaining semisolid. Because the overflowed portion comes from the region with intense UST effect and vibrates with the probe during solidification, great modification of primary and euteetic Si (about 10 pm in length) and refinement of primary a(Al) (about 70 μm in size) are observed in this portion.展开更多
Floodwater and debris flow caused by glacial lake burst is an important land process and a serious mountain disaster in glacial area of Xizang (Tibet) Autonomous Region, and the overflow burst is mainly caused by glac...Floodwater and debris flow caused by glacial lake burst is an important land process and a serious mountain disaster in glacial area of Xizang (Tibet) Autonomous Region, and the overflow burst is mainly caused by glacial landslide falling into moraine lake. On the premise that moraine lake is full, instantaneous burst in part of the lake bank happens, as flow velocity at burst mouth caused by overflow head is higher than threshold flow velocity of glacial till. Under some supposes, d(90) and d(10) of the glacial till in the hank were used as the threshold sizes of coarse and fine grains respectively. Thus, the formula of calculating threshold flow velocity of uniform sand was simplified, and threshold flow velocity of glacial till was calculated with the formula. Then, with synthesis formula calculating flow velocity of instantaneous part burst, flow velocity at overflow burst mouth was calculated, and calculation formula of critical height (H(0)) of overflow head was derived. Overflow head was caused by volume and surge of glacial landslide falling into moraine lake, calculation formulas of ascendant height (H(1)) of lake water surface and surge height (H(2)) on burst mouth caused by glacial landslide falling into moraine lake were derived. To sum up, critical hydrologic conditions of moraine lake burst with overflow form are: the burst is inevitable as H(1) > H(0); the burst is possible as H(1) < H(0) and (H(1)+H(2)) > H(0); the burst is impossible as (H(1)+H(2)) < H(0). In the factors influencing the burst critical conditions, it is advantageous for the burst that scale of the lake is 10(5)m(2) range; terminal glacial till is more fine and is even more uniform; the width of overflow mouth is even smaller than the length of the bank; the landslide has large scale and steep slip surface; and glacial end is close to the lake. With burst of Guangxiecuo Lake in Midui Valley of the Polongzangbu River in Xizang as an example, the burst critical conditions were tested.展开更多
On the basis of the latest version of a U.S. Navy generalized digital environment model (GDEM-V3.0) and World Ocean Atlas (WOA13), the hydraulic theory is revisited and applied to the Luzon Strait, providing a fre...On the basis of the latest version of a U.S. Navy generalized digital environment model (GDEM-V3.0) and World Ocean Atlas (WOA13), the hydraulic theory is revisited and applied to the Luzon Strait, providing a fresh look at the deepwater overflow there. The result reveals that: (1) the persistent density difference between two sides of the Luzon Strait sustains an all year round deepwater overflow from the western Pacific to the South China Sea (SCS); (2) the seasonal variability of the deepwater overflow is influenced not only by changes in the density difference between two sides of the Luzon Strait, but also by changes in its upstream layer thickness; (3) the deepwater overflow in the Luzon Strait shows a weak semiannual variability; (4) the seasonal mean circulation pattern in the SCS deep basin does not synchronously respond to the seasonality of the deepwater overflow in the Luzon Strait. Moreover, the deepwater overflow reaches its seasonal maximum in December (based on GDEM-V3.0) or in fall (October-December, based on the WOA13), accompanied by the lowest temperature of the year on the Pacific side of the Luzon Strait. The seasonal variability of the deepwater overflow is consistent with the existing longest (3.5 a) continuous observation along the major deepwater passage of the Luzon Strait.展开更多
Most solutions for detecting buffer overflow are based on source code. But the requirement tor source code is not always practical especially for business software. A new approach was presented to detect statically th...Most solutions for detecting buffer overflow are based on source code. But the requirement tor source code is not always practical especially for business software. A new approach was presented to detect statically the potential buffer overflow vulnerabilities in the binary code of software. The binary code was translated into assembly code without the lose of the information of string operation functions. The feature code abstract graph was constructed to generate more accurate constraint statements, and analyze the assembly code using the method of integer range constraint. After getting the elementary report on suspicious code where buffer overflows possibly happen, the control flow sensitive analysis using program dependence graph was done to decrease the rate of false positive. A prototype was implemented which demonstrates the feasibility and efficiency of the new approach.展开更多
An inverse reduced-gravity model is used to simulate the deep South China Sea(SCS)circulation.A set of experiments are conducted using this model to study the influence of the Luzon overflow through the two inlets on ...An inverse reduced-gravity model is used to simulate the deep South China Sea(SCS)circulation.A set of experiments are conducted using this model to study the influence of the Luzon overflow through the two inlets on the deep circulation in the northern SCS.Model results suggest that the relative contribution of these inlets largely depends on the magnitude of the input transport of the overflow,but the northern inlet is more efficient than the southern inlet in driving the deep circulation in the northern SCS.When all of the Luzon overflow occurs through the northern inlet the deep circulation in the northern SCS is enhanced.Conversely,when all of the Luzon overflow occurs through the southern inlet the circulation in the northern SCS is weakened.A Lagrangian trajectory model is also developed and applied to these cases.The Lagrangian results indicate that the location of the Luzon overflow likely has impacts upon the sediment transport into the northern SCS.展开更多
The homogenous Poisson process is often used to describe the event arrivals. Such Poisson process has been applied in various areas. This study focuses on the arrival pattern of storm water overflows. A set of overflo...The homogenous Poisson process is often used to describe the event arrivals. Such Poisson process has been applied in various areas. This study focuses on the arrival pattern of storm water overflows. A set of overflow data was obtained from the storm water pipeline of a municipality. The aim is to verify the overflow arrival pattern and check whether the Poisson process can be applied. The adopted method is the analysis over the inter-arrival times. The exponential distribution test is conducted on the annual data set as well as the entire data set. The results show that all data sets follow the exponential distribution. With the verification of Poisson process, specific examples are also given to show how the Poisson process properties can be used in the management of storm water pipeline management. For other data that are featured with various heterogeneities, the homogenous Poisson process might not be able to be verified and used. Under such circumstances, non-homogenous survival model can be used to simulate the arrival process.展开更多
Nowadays,more and more Android developers prefer to seek help from Q&A website like Stack Overflow,despite the rich official documentation.Several researches have studied the limitations of the official applicatio...Nowadays,more and more Android developers prefer to seek help from Q&A website like Stack Overflow,despite the rich official documentation.Several researches have studied the limitations of the official application programming interface(API)documentations and proposed approaches to improve them.However,few of them digged into the requirements of the third-party developers to study this.In this work,we gain insight into this question from multidimensional perspectives of API developers and API users by a kind of cross-validation.We propose a hybrid approach,which combines manual inspection on artifacts and online survey on corresponding developers,to explore the different focus between these two types of stakeholders.In our work,we manually inspect 1000 posts and receive 319 questionnaires in total.Through the mutual verification of the inspection and survey process,we found that the users are more concerned with the usage of API,while the official documentation mainly provides functional description.Furthermore,we identified 9 flaws of the official documentation and summarized 12 aspects(from the content to the representation)for promotion to improve the official API documentations.展开更多
基金funded by the National Natural Science Foundation of China(Grant Nos.42120104002,41941019)the Research Grants Council of the Hong Kong Special Administrative Region,China(Grant No.AoE/E-603/18).
文摘During long-term operation,the performance of obstacles would be changed due to the material accumulating upslope the obstacle.However,the effects of retained material on impact,overflow and landing dynamics of granular flow have not yet been elucidated.To address this gap,physical flume tests and discrete element simulations are conducted considering a range of normalized deposition height h0/H from 0 to 1,where h0 and H represent the deposition height and obstacle height,respectively.An analytical model is modified to evaluate the flow velocity and flow depth after interacting with the retained materials,which further serve to calculate the peak impact force on the obstacle.Notably,the computed impact forces successfully predict the experimental results when a≥25°.In addition,the results indicate that a higher h0/H leads to a lower dynamic impact force,a greater landing distance L,and a larger landing coefficient Cr,where Cr is the ratio of slope-parallel component of landing velocity to flow velocity just before landing.Compared to the existing overflow model,the measured landing distance L is underestimated by up to 30%,and therefore it is insufficient for obstacle design when there is retained material.Moreover,the recommended Cr in current design practice is found to be nonconservative for estimating the landing velocity of geophysical flow.This study provides insightful scientific basis for designing obstacles with deposition.
文摘Different abnormalities are commonly encountered in computer network systems.These types of abnormalities can lead to critical data losses or unauthorized access in the systems.Buffer overflow anomaly is a prominent issue among these abnormalities,posing a serious threat to network security.The primary objective of this study is to identify the potential risks of buffer overflow that can be caused by functions frequently used in the PHP programming language and to provide solutions to minimize these risks.Static code analyzers are used to detect security vulnerabilities,among which SonarQube stands out with its extensive library,flexible customization options,and reliability in the industry.In this context,a customized rule set aimed at automatically detecting buffer overflows has been developed on the SonarQube platform.The memoization optimization technique used while creating the customized rule set enhances the speed and efficiency of the code analysis process.As a result,the code analysis process is not repeatedly run for code snippets that have been analyzed before,significantly reducing processing time and resource utilization.In this study,a memoization-based rule set was utilized to detect critical security vulnerabilities that could lead to buffer overflow in source codes written in the PHP programming language.Thus,the analysis process is not repeatedly run for code snippets that have been analyzed before,leading to a significant reduction in processing time and resource utilization.In a case study conducted to assess the effectiveness of this method,a significant decrease in the source code analysis time was observed.
基金The National Natural Science Foundation of China (No.60873050,60703086)the Opening Foundation of State Key Laboratory of Software Engineering in Wuhan University (No.SKLSE20080717)
文摘A simplified integer overflow detection method based on path relaxation is described for avoiding buffer overflow triggered by integer overflow. When the integer overflow refers to the size of the buffer allocated dynamically, this kind of integer overflow is most likely to trigger buffer overflow. Based on this discovery, through lightly static program analysis, the solution traces the key variables referring to the size of a buffer allocated dynamically and it maintains the upper bound and lower bound of these variables. After the constraint information of these traced variables is inserted into the original program, this method tests the program with test cases through path relaxation, which means that it not only reports the errors revealed by the current runtime value of traced variables contained in the test case, but it also examines the errors possibly occurring under the same execution path with all the possible values of the traced variables. The effectiveness of this method is demonstrated in a case study. Compared with the traditional buffer overflow detection methods, this method reduces the burden of detection and improves efficiency.
基金Supported by the National Natural Science Foundation of China (60903188), Shanghai Education Commission Innovation Foundation (11YZ192) and World Expo Science and Technology Special Fund of Shanghai Science and Technology Commission (08dz0580202).
文摘Integer overflow vulnerability will cause buffer overflow. The research on the relationship between them will help us to detect integer overflow vulnerability. We present a dynamic analysis methods RICB (Run-time Integer Checking via Buffer overflow). Our approach includes decompile execute file to assembly language; debug the execute file step into and step out; locate the overflow points and checking buffer overflow caused by integer overflow. We have implemented our approach in three buffer overflow types: format string overflow, stack overflow and heap overflow. Experiments results show that our approach is effective and efficient. We have detected more than 5 known integer overflow vulnerabilities via buffer overflow.
基金Project(50874022)supported by the National Natural Science Foundation of China
文摘At the late stage of solidification with ultrasonic treatment (UST) in Al-Si alloys, a part of semisolid overflows and climbs along the probe. The interesting phenomenon and its influence on the solidification microstructure were investigated in order to better study the mechanism of UST. It is considered that the overflowing phenomenon occurs due to the changes of vibration and flow in the remaining semisolid. Because the overflowed portion comes from the region with intense UST effect and vibrates with the probe during solidification, great modification of primary and euteetic Si (about 10 pm in length) and refinement of primary a(Al) (about 70 μm in size) are observed in this portion.
基金Foundation term: Under the auspices of the Knowledge Innovation Program of Chinese Academy of Sciences(KZCX2-306)
文摘Floodwater and debris flow caused by glacial lake burst is an important land process and a serious mountain disaster in glacial area of Xizang (Tibet) Autonomous Region, and the overflow burst is mainly caused by glacial landslide falling into moraine lake. On the premise that moraine lake is full, instantaneous burst in part of the lake bank happens, as flow velocity at burst mouth caused by overflow head is higher than threshold flow velocity of glacial till. Under some supposes, d(90) and d(10) of the glacial till in the hank were used as the threshold sizes of coarse and fine grains respectively. Thus, the formula of calculating threshold flow velocity of uniform sand was simplified, and threshold flow velocity of glacial till was calculated with the formula. Then, with synthesis formula calculating flow velocity of instantaneous part burst, flow velocity at overflow burst mouth was calculated, and calculation formula of critical height (H(0)) of overflow head was derived. Overflow head was caused by volume and surge of glacial landslide falling into moraine lake, calculation formulas of ascendant height (H(1)) of lake water surface and surge height (H(2)) on burst mouth caused by glacial landslide falling into moraine lake were derived. To sum up, critical hydrologic conditions of moraine lake burst with overflow form are: the burst is inevitable as H(1) > H(0); the burst is possible as H(1) < H(0) and (H(1)+H(2)) > H(0); the burst is impossible as (H(1)+H(2)) < H(0). In the factors influencing the burst critical conditions, it is advantageous for the burst that scale of the lake is 10(5)m(2) range; terminal glacial till is more fine and is even more uniform; the width of overflow mouth is even smaller than the length of the bank; the landslide has large scale and steep slip surface; and glacial end is close to the lake. With burst of Guangxiecuo Lake in Midui Valley of the Polongzangbu River in Xizang as an example, the burst critical conditions were tested.
基金The National Natural Science Foundation of China(NSFC)-Shandong Joint Fund for Marine Science Research Centers of China under contract No.U1606405the National Basic Research Program(973 Program) of China under contract No.2011CB403502+2 种基金the National High Technology Research and Development Program(863 Program) of China under contract No.2013AA09A506the National Program on Global Change and Air-Sea Interaction under contract Nos GASI-IPOVAI-01-02 and GASI-03-01-01-04the National Natural Science Foundation of China under contract No.41606040
文摘On the basis of the latest version of a U.S. Navy generalized digital environment model (GDEM-V3.0) and World Ocean Atlas (WOA13), the hydraulic theory is revisited and applied to the Luzon Strait, providing a fresh look at the deepwater overflow there. The result reveals that: (1) the persistent density difference between two sides of the Luzon Strait sustains an all year round deepwater overflow from the western Pacific to the South China Sea (SCS); (2) the seasonal variability of the deepwater overflow is influenced not only by changes in the density difference between two sides of the Luzon Strait, but also by changes in its upstream layer thickness; (3) the deepwater overflow in the Luzon Strait shows a weak semiannual variability; (4) the seasonal mean circulation pattern in the SCS deep basin does not synchronously respond to the seasonality of the deepwater overflow in the Luzon Strait. Moreover, the deepwater overflow reaches its seasonal maximum in December (based on GDEM-V3.0) or in fall (October-December, based on the WOA13), accompanied by the lowest temperature of the year on the Pacific side of the Luzon Strait. The seasonal variability of the deepwater overflow is consistent with the existing longest (3.5 a) continuous observation along the major deepwater passage of the Luzon Strait.
文摘Most solutions for detecting buffer overflow are based on source code. But the requirement tor source code is not always practical especially for business software. A new approach was presented to detect statically the potential buffer overflow vulnerabilities in the binary code of software. The binary code was translated into assembly code without the lose of the information of string operation functions. The feature code abstract graph was constructed to generate more accurate constraint statements, and analyze the assembly code using the method of integer range constraint. After getting the elementary report on suspicious code where buffer overflows possibly happen, the control flow sensitive analysis using program dependence graph was done to decrease the rate of false positive. A prototype was implemented which demonstrates the feasibility and efficiency of the new approach.
基金The Foundation of China Ocean Mineral Resources R&D Association under contract No.DY135-E2-2-02the National Natural Science Foundation of China under contract Nos 9142820641976028 and 41806019。
文摘An inverse reduced-gravity model is used to simulate the deep South China Sea(SCS)circulation.A set of experiments are conducted using this model to study the influence of the Luzon overflow through the two inlets on the deep circulation in the northern SCS.Model results suggest that the relative contribution of these inlets largely depends on the magnitude of the input transport of the overflow,but the northern inlet is more efficient than the southern inlet in driving the deep circulation in the northern SCS.When all of the Luzon overflow occurs through the northern inlet the deep circulation in the northern SCS is enhanced.Conversely,when all of the Luzon overflow occurs through the southern inlet the circulation in the northern SCS is weakened.A Lagrangian trajectory model is also developed and applied to these cases.The Lagrangian results indicate that the location of the Luzon overflow likely has impacts upon the sediment transport into the northern SCS.
文摘The homogenous Poisson process is often used to describe the event arrivals. Such Poisson process has been applied in various areas. This study focuses on the arrival pattern of storm water overflows. A set of overflow data was obtained from the storm water pipeline of a municipality. The aim is to verify the overflow arrival pattern and check whether the Poisson process can be applied. The adopted method is the analysis over the inter-arrival times. The exponential distribution test is conducted on the annual data set as well as the entire data set. The results show that all data sets follow the exponential distribution. With the verification of Poisson process, specific examples are also given to show how the Poisson process properties can be used in the management of storm water pipeline management. For other data that are featured with various heterogeneities, the homogenous Poisson process might not be able to be verified and used. Under such circumstances, non-homogenous survival model can be used to simulate the arrival process.
基金Project(2018-YFB1004202)supported by the National Key R&D Program of ChinaProject(61702534)supported by the National Natural Science Foundation of China
文摘Nowadays,more and more Android developers prefer to seek help from Q&A website like Stack Overflow,despite the rich official documentation.Several researches have studied the limitations of the official application programming interface(API)documentations and proposed approaches to improve them.However,few of them digged into the requirements of the third-party developers to study this.In this work,we gain insight into this question from multidimensional perspectives of API developers and API users by a kind of cross-validation.We propose a hybrid approach,which combines manual inspection on artifacts and online survey on corresponding developers,to explore the different focus between these two types of stakeholders.In our work,we manually inspect 1000 posts and receive 319 questionnaires in total.Through the mutual verification of the inspection and survey process,we found that the users are more concerned with the usage of API,while the official documentation mainly provides functional description.Furthermore,we identified 9 flaws of the official documentation and summarized 12 aspects(from the content to the representation)for promotion to improve the official API documentations.
