How Double-Fetch Situations turn into Double-Fetch Vulnerabilities: A Study of Double Fetches in the Linux Kernel

We present the first static approach that systematically detects potential double-fetch vulnerabilities in the Linux kernel. Using a pattern-based analysis, we identified 90 double fetches in the Linux kernel. 57 of these occur in drivers, which previous dynamic approaches were unable to detect without access to the corresponding hardware. We manually investigated the 90 occurrences, and inferred three typical scenarios in which double fetches occur. We discuss each of them in detail. We further developed a static analysis, based on the Coccinelle matching engine, that detects double-fetch situations which can cause kernel vulnerabilities. When applied to the Linux, FreeBSD, and Android kernels, our approach found six previously unknown double-fetch bugs, four of them in drivers, three of which are exploitable double-fetch vulnerabilities. All of the identified bugs and vulnerabilities have been confirmed and patched by maintainers. Our approach has been adopted by the Coccinelle team and is currently being integrated into the Linux kernel patch vetting. Based on our study, we also provide practical solutions for anticipating double-fetch bugs and vulnerabilities. We also provide a solution to automatically patch detected double-fetch bugs

Real-Time Noninvasive Analysis of Biocatalytic PET Degradation

The Earth has entered the Anthropocene, which is branded by ubiquitous and devastating environmental pollution from plastics such as polyethylene terephthalate (PET). Ecofriendly and at the same time economical solutions for plastic recycling and reuse are being sought more urgently now than ever. With the possibility to recover its building blocks, the hydrolysis of PET waste by its selective biodegradation with polyester hydrolases is an appealing solution. We demonstrate how changing the dielectric properties of PET films can be used to evaluate the performance of polyester hydrolases. For this purpose, a PET film separates two reaction chambers in an impedimetric setup to quantify the film thickness- and surface area-dependent change in capacitance caused by the enzyme. The derived degradation rates determined for the polyester hydrolases PHL7 and LCC were similar to those obtained by gravimetric and vertical scanning interferometry measurements. Compared to optical methods, this technique is also insensitive to changes in the solution composition. AFM and FEM simulations further supported that impedance spectroscopy is a powerful tool for the detailed analysis of the enzymatic hydrolysis process of PET films. The developed monitoring system enabled both high-temporal resolution and parallel processing suitable for the analysis of the enzymatic degradability of polyester films and the properties of the biocatalysts.Version 2.0 is updated to include an acknowledgement of funding from the ENZYCLE projec

Python Coding Style Compliance on Stack Overflow

Software developers all over the world use Stack Overflow (SO) to interact and exchange code snippets. Research also uses SO to harvest code snippets for use with recommendation systems. However, previous work has shown that code on SO may have quality issues, such as security or license problems. We analyse Python code on SO to determine its coding style compliance. From 1,962,535 code snippets tagged with 'python', we extracted 407,097 snippets of at least 6 statements of Python code. Surprisingly, 93.87% of the extracted snippets contain style violations, with an average of 0.7 violations per statement and a huge number of snippets with a considerably higher ratio. Researchers and developers should, therefore, be aware that code snippets on SO may not representative of good coding style. Furthermore, while user reputation seems to be unrelated to coding style compliance, for posts with vote scores in the range between -10 and 20, we found a strong correlation (r = -0.87, p <; 10^-7) between the vote score a post received and the average number of violations per statement for snippets in such posts

Toxic Code Snippets on Stack Overflow

Online code clones are code fragments that are copied from software projects or online sources to Stack Overflow as examples. Due to an absence of a checking mechanism after the code has been copied to Stack Overflow, they can become toxic code snippets, e.g., they suffer from being outdated or violating the original software license. We present a study of online code clones on Stack Overflow and their toxicity by incorporating two developer surveys and a large-scale code clone detection. A survey of 201 high-reputation Stack Overflow answerers (33% response rate) showed that 131 participants (65%) have ever been notified of outdated code and 26 of them (20%) rarely or never fix the code. 138 answerers (69%) never check for licensing conflicts between their copied code snippets and Stack Overflow?s CC BY-SA 3.0. A survey of 87 Stack Overflow visitors shows that they experienced several issues from Stack Overflow answers: mismatched solutions, outdated solutions, incorrect solutions, and buggy code. 85% of them are not aware of CC BY-SA 3.0 license enforced by Stack Overflow, and 66% never check for license conflicts when reusing code snippets. Our clone detection found online clone pairs between 72,365 Java code snippets on Stack Overflow and 111 open source projects in the curated Qualitas corpus. We analysed 2,289 non-trivial online clone candidates. Our investigation revealed strong evidence that 153 clones have been copied from a Qualitas project to Stack Overflow. We found 100 of them (66%) to be outdated, of which 10 were buggy and harmful for reuse. Furthermore, we found 214 code snippets that could potentially violate the license of their original software and appear 7,112 times in 2,427 GitHub projects

Who's this? Developer identification using IDE event data

This paper presents a technique to identify a developer based on their IDE event data. We exploited the KaVE data set which recorded IDE activities from 85 developers with 11M events. We found that using an SVM with a linear kernel on raw event count outperformed k-NN in identifying developers with an accuracy of 0.52. Moreover, after setting the optimal number of events and sessions to train the classifier, we achieved a higher accuracy of 0.69 and 0.71 respectively. The findings shows that we can identify developers based on their IDE event data. The technique can be expanded further to group similar developers for IDE feature recommendations

Stigma-directed services (Stig2Health) to improve 'linkage to care' for people living with HIV in rural Tanzania: study protocol for a nested pre-post implementation study within the Kilombero and Ulanga Antiretroviral Cohort

Background: HIV-related stigma is a major barrier to the timely linkage and retention of patients in HIV care in sub-Saharan Africa, where most people living with HIV/AIDS reside. In this implementation study we aim to evaluate the effect of stigma-directed services on linkage to care and other health outcomes in newly diagnosed HIV-positive patients. Methods: In a nested project of the Kilombero and Ulanga Antiretroviral Cohort in rural Tanzania, we conduct a prospective observational pre-post study to assess the impact of a bundle of stigma-directed services for newly diagnosed HIV positive patients. Stigma-directed services, delivered by a lay person living with HIV, are i) post-test counseling, ii) post-test video-assisted teaching, iii) group support therapy and group health education, and iv) mobile health. Patients receiving stigma services (enrolled from 1 (st) February 2020 to 31 (st) August 2021) are compared to a historical control receiving the standard of care (enrolled from 1 (st) July 2017 to 1 (st) February 2019). The primary outcome is 'linkage to care'. Secondary endpoints are retention in care, viral suppression, death and clinical failure at 6-12 months (up to 31 (st) August 2022). Self-reported stigma and depression are assessed using the Berger Stigma scale and the PHQ-9 questionnaire, respectively. The sample size calculation was based on cohort data from 2018. Assuming a pre-intervention cohort of 511 newly diagnosed adults of whom 346 (68%) were in care and on antiretroviral treatment (ART) at 2 months, a 10% increase in linkage (from 70 to 80%), a two-sided type I error rate of 5%, and 90% power, 321 adults are required for the post-implementation group. Discussion: We expect that integration of stigma-directed services leads to an increase of proportions of patients in care and on ART. The findings will provide guidance on how to integrate stigma-directed services into routine care in rural sub-Saharan Africa

Vacuolar myopathy in a dog resembling human sporadic inclusion body myositis

Sporadic inclusion body myositis (sIBM) is the most common myopathy in people over the age of 50 years. While immune-mediated inflammatory myopathies are well documented in dogs, sIBM has not been described. An 11-year-old dog with chronic and progressive neuromuscular dysfunction was evaluated for evidence of sIBM using current pathologic, immunohistochemical and electron microscopic diagnostic criteria. Vacuoles and congophilic intracellular inclusions were identified in cryostat sections of multiple muscle biopsies and immunostained with antibodies against amyloid-β peptide, amyloid-β precursor protein, and proteosome 20S of the ubiquitin–proteosome system. Cellular infiltration and increased expression of MHC Class I antigen were observed. Cytoplasmic filamentous inclusions, membranous structures, and myeloid bodies were identified ultrastructurally. These observations constitute the first evidence that both the inflammatory and degenerative features of human sIBM can occur in a non-human species

Continuing Education Course #3: Current Practices and Future Trends in Neuropathology Assessment for Developmental Neurotoxicity Testing

The continuing education course on Developmental Neurotoxicity Testing (DNT) was designed to communicate current practices for DNT neuropathology, describe promising innovations in quantitative analysis and noninvasive imaging, and facilitate a discussion among experienced neuropathologists and regulatory scientists regarding suitable DNT practices. Conventional DNT neuropathology endpoints are qualitative histopathology and morphometric endpoints of particularly vulnerable sites (e.g., cerebral, cerebellar, or hippocampal thickness). Novel imaging and stereology measurements hold promise for automated analysis of factors that cannot be effectively examined in routinely processed specimens (e.g., cell numbers, fiber tract integrity). The panel recommended that dedicated DNT neuropathology data sets be acquired on a minimum of 8 sections (for qualitative assessment) or 3 sections (for quantitative linear and stereological analyses) using a small battery of stains to examine neurons and myelin. Where guidelines permit discretion, immersion fixation is acceptable for younger animals (postnatal day 22 or earlier), and peripheral nerves may be embedded in paraffin. Frequent concerns regarding DNT data sets include false-negative outcomes due to processing difficulties (e.g., lack of concordance among sections from different animals) and insensitive analytical endpoints (e.g., qualitative evaluation) as well as false-positive results arising from overinterpretation or misreading by inexperienced pathologists

DIGE Proteome Analysis Reveals Suitability of Ischemic Cardiac In Vitro Model for Studying Cellular Response to Acute Ischemia and Regeneration

Proteomic analysis of myocardial tissue from patient population is suited to yield insights into cellular and molecular mechanisms taking place in cardiovascular diseases. However, it has been limited by small sized biopsies and complicated by high variances between patients. Therefore, there is a high demand for suitable model systems with the capability to simulate ischemic and cardiotoxic effects in vitro, under defined conditions. In this context, we established an in vitro ischemia/reperfusion cardiac disease model based on the contractile HL-1 cell line. To identify pathways involved in the cellular alterations induced by ischemia and thereby defining disease-specific biomarkers and potential target structures for new drug candidates we used fluorescence 2D-difference gel electrophoresis. By comparing spot density changes in ischemic and reperfusion samples we detected several protein spots that were differentially abundant. Using MALDI-TOF/TOF-MS and ESI-MS the proteins were identified and subsequently grouped by functionality. Most prominent were changes in apoptosis signalling, cell structure and energy-metabolism. Alterations were confirmed by analysis of human biopsies from patients with ischemic cardiomyopathy