Demystifying Compiler Unstable Feature Usage and Impacts in the Rust Ecosystem

Rust programming language is gaining popularity rapidly in building reliable and secure systems due to its security guarantees and outstanding performance. To provide extra functionalities, the Rust compiler introduces Rust unstable features (RUF) to extend compiler functionality, syntax, and standard library support. However, these features are unstable and may get removed, introducing compilation failures to dependent packages. Even worse, their impacts propagate through transitive dependencies, causing large-scale failures in the whole ecosystem. Although RUF is widely used in Rust, previous research has primarily concentrated on Rust code safety, with the usage and impacts of RUF from the Rust compiler remaining unexplored. Therefore, we aim to bridge this gap by systematically analyzing the RUF usage and impacts in the Rust ecosystem. We propose novel techniques for extracting RUF precisely, and to assess its impact on the entire ecosystem quantitatively, we accurately resolve package dependencies. We have analyzed the whole Rust ecosystem with 590K package versions and 140M transitive dependencies. Our study shows that the Rust ecosystem uses 1000 different RUF, and at most 44% of package versions are affected by RUF, causing compiling failures for at most 12%. To mitigate wide RUF impacts, we further design and implement a RUF-compilation-failure recovery tool that can recover up to 90% of the failure. We believe our techniques, findings, and tools can help to stabilize the Rust compiler, ultimately enhancing the security and reliability of the Rust ecosystem.Comment: Published in ICSE'2024 Conference: https://conf.researchr.org/details/icse-2024/icse-2024-research-track/6/Demystifying-Compiler-Unstable-Feature-Usage-and-Impacts-in-the-Rust-Ecosystem. Project webiste: https://sites.google.com/view/ruf-study/home. Released Source Code Zonodo: https://zenodo.org/records/828937

Ambush from All Sides: Understanding Security Threats in Open-Source Software CI/CD Pipelines

The continuous integration and continuous deployment (CI/CD) pipelines are widely adopted on Internet hosting platforms, such as GitHub. With the popularity, the CI/CD pipeline faces various security threats. However, current CI/CD pipelines suffer from malicious code and severe vulnerabilities. Even worse, people have not been fully aware of its attack surfaces and the corresponding impacts. Therefore, in this paper, we conduct a large-scale measurement and a systematic analysis to reveal the attack surfaces of the CI/CD pipeline and quantify their security impacts. Specifically, for the measurement, we collect a data set of 320,000+ CI/CD pipeline-configured GitHub repositories and build an analysis tool to parse the CI/CD pipelines and extract security-critical usages. Besides, current CI/CD ecosystem heavily relies on several core scripts, which may lead to a single point of failure. While the CI/CD pipelines contain sensitive information/operations, making them the attacker's favorite targets. Inspired by the measurement findings, we abstract the threat model and the attack approach toward CI/CD pipelines, followed by a systematic analysis of attack surfaces, attack strategies, and the corresponding impacts. We further launch case studies on five attacks in real-world CI/CD environments to validate the revealed attack surfaces. Finally, we give suggestions on mitigating attacks on CI/CD scripts, including securing CI/CD configurations, securing CI/CD scripts, and improving CI/CD infrastructure

Development and external validation of a nomogram for predicting postoperative pneumonia in aneurysmal subarachnoid hemorrhage

BackgroundPostoperative pneumonia (POP) is a common complication after aneurysmal subarachnoid hemorrhage (aSAH) associated with increased mortality rates, prolonged hospitalization, and high medical costs. It is currently understood that identifying pneumonia early and implementing aggressive treatment can significantly improve patients' outcomes. The primary objective of this study was to explore risk factors and develop a logistic regression model that assesses the risks of POP.MethodsAn internal cohort of 613 inpatients with aSAH who underwent surgery at the Neurosurgical Department of First Affiliated Hospital of Wenzhou Medical University was retrospectively analyzed to develop a nomogram for predicting POP. We assessed the discriminative power, accuracy, and clinical validity of the predictions by using the area under the receiver operating characteristic curve (AUC), the calibration curve, and decision curve analysis (DCA). The final model was validated using an external validation set of 97 samples from the Medical Information Mart for Intensive Care IV (MIMIC-IV) database.ResultsAmong patients in our internal cohort, 15.66% (n = 96/613) of patients had POP. The least absolute shrinkage and selection operator (LASSO) regression analysis identified the Glasgow Coma Scale (GCS), mechanical ventilation time (MVT), albumin, C-reactive protein (CRP), smoking, and delayed cerebral ischemia (DCI) as potential predictors of POP. We then used multivariable logistic regression analysis to evaluate the effects of these predictors and create a final model. Eighty percentage of patients in the internal cohort were randomly assigned to the training set for model development, while the remaining 20% of patients were allocated to the internal validation set. The AUC values for the training, internal, and external validation sets were 0.914, 0.856, and 0.851, and the corresponding Brier scores were 0.084, 0.098, and 0.143, respectively.ConclusionWe found that GCS, MVT, albumin, CRP, smoking, and DCI are independent predictors for the development of POP in patients with aSAH. Overall, our nomogram represents a reliable and convenient approach to predict POP in the patient population

Deep learning models for preoperative T-stage assessment in rectal cancer using MRI: exploring the impact of rectal filling

BackgroundThe objective of this study was twofold: firstly, to develop a convolutional neural network (CNN) for automatic segmentation of rectal cancer (RC) lesions, and secondly, to construct classification models to differentiate between different T-stages of RC. Additionally, it was attempted to investigate the potential benefits of rectal filling in improving the performance of deep learning (DL) models.MethodsA retrospective study was conducted, including 317 consecutive patients with RC who underwent MRI scans. The datasets were randomly divided into a training set (n = 265) and a test set (n = 52). Initially, an automatic segmentation model based on T2-weighted imaging (T2WI) was constructed using nn-UNet. The performance of the model was evaluated using the dice similarity coefficient (DSC), the 95th percentile Hausdorff distance (HD95), and the average surface distance (ASD). Subsequently, three types of DL-models were constructed: Model 1 trained on the total training dataset, Model 2 trained on the rectal-filling dataset, and Model 3 trained on the non-filling dataset. The diagnostic values were evaluated and compared using receiver operating characteristic (ROC) curve analysis, confusion matrix, net reclassification index (NRI), and decision curve analysis (DCA).ResultsThe automatic segmentation showed excellent performance. The rectal-filling dataset exhibited superior results in terms of DSC and ASD (p = 0.006 and 0.017). The DL-models demonstrated significantly superior classification performance to the subjective evaluation in predicting T-stages for all test datasets (all p < 0.05). Among the models, Model 1 showcased the highest overall performance, with an area under the curve (AUC) of 0.958 and an accuracy of 0.962 in the filling test dataset.ConclusionThis study highlighted the utility of DL-based automatic segmentation and classification models for preoperative T-stage assessment of RC on T2WI, particularly in the rectal-filling dataset. Compared with subjective evaluation, the models exhibited superior performance, suggesting their noticeable potential for enhancing clinical diagnosis and treatment practices

The Ninth Visual Object Tracking VOT2021 Challenge Results

acceptedVersionPeer reviewe

Removal Of Molybdenum (Vi) From Mine Tailing Effluents With The Aid Of Loessial Soil And Slag Waste

Removal of heavy metals from mine tailing effluent has been a long-standing environmental management issue in the mining industry. This article aims to investigate molybdenum [Mo(VI)] removal by waste slag, which has not been fully tested. In this study, the removal efficiencies of Mo(VI) from aqueous solutions by desulfurization steel slag (DSS), converter steel slag (CSS), and cinder (CI) were examined and compared against that of loessial soil (LS). Results showed that the sorption isotherms fitted the Langmuir model well, and the Langmuir adsorption capacity (Q0) of the four sorption media generally complied with the following order: DSS\u3eCSS\u3eCI\u3eLS. Adsorption reaction was found to follow the pseudo-second-order rate, and the adsorption of Mo(VI) was sensitive to pH values. The four adsorbents exhibited a significant Mo(VI) removal at low pH values (e.g., pH 3-4.5), but such adsorption decreased rapidly when pH was \u3e5; little adsorption occurred when the pH value was \u3e8. The competitive effect of PO43- and SO 42- with Mo(VI) for adsorption associated with the four sorption media followed the order LS\u3eCI\u3eCSS\u3eDSS, and moreover, the effect of PO43- on the adsorption of Mo(VI) was observed to be stronger than that of SO42-. Desorption capacity of the four sorption media generally complied with the following order: LS\u3eCI\u3eCSS\u3eDSS. © Copyright 2013, Mary Ann Liebert, Inc

Passive Initialization Method Based on Motion Characteristics for Monocular SLAM

Visual SLAM techniques have proven to be effective methods for estimating robust position and attitude in the field of robotics. However, current monocular SLAM algorithms cannot guarantee timeliness of system startup due to the problematic initialization time and the low success rates. This paper introduces a rectilinear platform motion hypothesis and thereby converts the estimation problem into a verification problem to achieve fast monocular SLAM initialization. The proposed method is simulation tested on a fixed-wing UAV. Tests show that the proposed method can produce faster initialization of visual SLAM and that the advantages are more profound on systems with sparse image features