摘要:
Pointer analysis is used for different applications, e.g., compilers, debugging tools and programs understanding tools, each having different requirements. A framework for pointer analysis is provided that defines a multidimensional space, for example a three-dimensional space, containing an order sensitivity dimension, a predicate sensitivity dimension and a value persistence dimension. A point in the three-dimensional space is identified. This point yields values for order sensitivity, predicate sensitivity and value persistence. Pointer analysis is then conducted on a computer program in accordance with the identified values for order sensitivity, predicate sensitivity and value persistence.
摘要:
A method of recommending an assignment for a work order includes receiving the work order, retrieving information from the work order, identifying a skill set needed to complete the work order using the information retrieved from the work order, extracting, automatically, a first set of evidences from a first data source based on the identified skill set, and a second set of evidences from a second data source based on the identified skill set, combining a first inference and a second inference, by a processor, wherein the first inference is determined using the first set of evidences, the second inference is determined using the second set of evidences, and the first and second set of evidences comprise dissimilar data, and generating a work order assignment recommendation based on the combined inferences.
摘要:
A method and several variants for using information about the scope of access of objects acted upon by mutual exclusion, or mutex, locks to transform a computer program by eliminating locking operations from the program or simplifying the locking operations, while strictly performing the semantics of the original program. In particular, if it can be determined by a compiler that the object locked can only be accessed by a single thread it is not necessary to perform the “acquire” or “release” part of the locking operation, and only its side effects must be performed. Likewise, if it can be determined that the side effects of a locking operation acting on a variable which is locked in multiple threads are not needed, then only the locking operation, and not the side effects, needs to be performed. This simplifies the locking operation, and leads to faster programs which use fewer computer processor resources to execute; and programs which perform fewer shared memory accesses, which in turn not only causes the optimized program, but also other programs executing on the same computing machine to execute faster. The method also describes how information about the semantics of the locking operation side effects and the information about the scope of access can also be used to eliminate performing the side effect parts of the locking operation, thereby completely eliminating the locking operation. The method also describes how to analyze the program to compute the necessary information about the scope of access. Variants of the method show how one or several of the features of the method may be performed.
摘要:
At least one of an HTTP request message and an HTTP response message is intercepted. A corresponding HTTP message model is identified. The HTTP message model includes a plurality of message model sections. Additional steps include parsing a representation of the at least one of an HTTP request message and an HTTP response message into message sections in accordance with the message model sections of the HTTP message model; and binding a plurality of security rules to the message model sections. The plurality of security rules each specify at least one action to be taken in response to a given condition. The given condition is based, at least in part, on a corresponding given one of the message sections. A further step includes processing the at least one of an HTTP request message and an HTTP response message in accordance with the plurality of security rules. Techniques for developing rules for a web application server firewall are also provided.
摘要:
A method and apparatus are disclosed for programming software components that treats software components as the basic unit of abstraction and computation. A software component is encapsulated and classes and other program entities, such as data fields and methods, within a given component do not exist beyond a component boundary. A component interacts with other components only by means of a defined set of input and output ports. A component can inherit and implement ports declared in a template and can declare and implement new ports. A component can only access the external environment through its output ports. An output port of one component can only be connected to a conforming input port of another component. A connect statement is an explicit plumbing operation for connecting components together. Interactions between components are loosely coupled. A related set of templates can be grouped together to form a group.
摘要:
A method is provided for characterizing objects generated during an initial run of a program, each object being characterized by a number of alternative properties which can be chosen. The method includes steps of instrumenting an initial run of program to determine characterization information about each of objects, then determining a desirable property for each object, then determining a correlation between the desirable property and the characterization information for each of the objects. This correlation is then used to select a property for an object that is subsequently created during a run of the program based only upon characterization information about the subsequently created object.
摘要:
A method, system and article are provide for treating consistency checking of a configuration of an information technology system by developing a model of the configuration based on common criteria functional requirements, extending the common criteria to model the configuration, imposing a set of constraints on the configuration model, converting the system configuration to a model instance, and verifying that the model instance satisfies the set of constraints.
摘要:
A method for minimizing total cost of interaction among components of a computer program, each of the components being characterized by at least one implementation property includes steps of: a) carrying out at least a partial run of the program; b) monitoring the at least partial run of the program to measure an amount of interaction between each pair of components; c) determining a cost of interaction between each pair of interacting components; d) determining a choice of implementation properties which minimizes total cost of the at least partial run; and e) assigning that choice of implementation properties to the components for a subsequent at least partial run of the program.
摘要:
Mechanisms are provided for handling client computing device requests with adaptive rule loading and session control. The mechanisms partition a set of rules, into a plurality of filter sets with each filter set having a different subset of the set of rules and being directed to identifying a different type of attack on a backend application or service. A subset of filter sets is selected to be used to validate client computing device requests received from client computing devices. The selected filter sets are applied to requests and/or responses to requests. The mechanisms dynamically modify which filter sets are included in the subset of filter sets based on an adaptive reinforcement learning operation on results of applying the selected filter sets to the requests and/or responses to requests.
摘要:
A method for minimizing total cost of interaction among components of a computer program, each of the components being characterized by at least one implementation property includes steps of: a) carrying out at least a partial run of the program; b) monitoring the at least partial run of the program to measure an amount of interaction between each pair of components; c) determining a cost of interaction between each pair of interacting components; d) determining a choice of implementation properties which minimizes total cost of the at least partial run; and e) assigning that choice of implementation properties to the components for a subsequent at least partial run of the program.