Kaixuan Li

Kaixuan Li, Jian Zhang, Sen Chen et al.

Open-source software (OSS) vulnerabilities are increasingly prevalent, emphasizing the importance of security patches. However, in widely used security platforms like NVD, a substantial number of CVE records still lack trace links to patches. Although rank-based approaches have been proposed for security patch tracing, they heavily rely on handcrafted features in a single-step framework, which limits their effectiveness. In this paper, we propose PatchFinder, a two-phase framework with end-to-end correlation learning for better-tracing security patches. In the **initial retrieval** phase, we employ a hybrid patch retriever to account for both lexical and semantic matching based on the code changes and the description of a CVE, to narrow down the search space by extracting those commits as candidates that are similar to the CVE descriptions. Afterwards, in the **re-ranking** phase, we design an end-to-end architecture under the supervised fine-tuning paradigm for learning the semantic correlations between CVE descriptions and commits. In this way, we can automatically rank the candidates based on their correlation scores while maintaining low computation overhead. We evaluated our system against 4,789 CVEs from 532 OSS projects. The results are highly promising: PatchFinder achieves a Recall@10 of 80.63% and a Mean Reciprocal Rank (MRR) of 0.7951. Moreover, the Manual Effort@10 required is curtailed to 2.77, marking a 1.94 times improvement over current leading methods. When applying PatchFinder in practice, we initially identified 533 patch commits and submitted them to the official, 482 of which have been confirmed by CVE Numbering Authorities.

Han Liu, Jian Zhang, Cen Zhang et al.

Static analysis tools have evolved over time to assist in detecting bugs. However, the excessive false warnings can impede developers' productivity and confidence in the tools. Previous research efforts have explored learning-based approaches to identify bug warnings. Nevertheless, their coarse granularity, focusing on either long-term warnings or function-level alerts, is insensitive to individual bugs. Also, they rely on manually crafted features or solely on source code semantics, which is inadequate for effective learning. In this paper, we propose DeepFWI, a learning-based approach that identifies bug-sensitive warnings at a fine-grained granularity. Specifically, we design a novel LSTM-based model that captures multi-modal semantics of source code and warnings from automated static analysis tools (ASATs) and highlights their correlations with cross-attention. To tackle the data scarcity of training and evaluation, we collected a large-scale dataset of 280,273 warnings. We conducted extensive experiments on the dataset to evaluate DeepFWI. The experimental results demonstrate the effectiveness of our approach, with an F1-score 67.06% for confirming true warnings in a finer-grained manner, significantly outperforming all baselines. Additionally, to validate the practicality of DeepFWI from the perspective of developers, we applied DeepFWI to four popular open-source projects. Our approach filtered out the vast majority of warnings, while still successfully surfacing 25 true bug-related warnings that were confirmed through manual analysis.

Kan Yu, Kaixuan Li, Yujia Zhao et al.

The rapid proliferation of unmanned aerial vehicle (UAV) applications imposes stringent requirements on continuous and reliable communication coverage in low-altitude airspace. Conventional cellular systems built upon fixed-position antennas (FPAs) are inherently constrained by static array geometries and limited mechanical degrees of freedom, which severely restrict their ability to adapt to highly dynamic three-dimensional (3D) propagation environments. Movable antenna (MA) technology has recently emerged as a promising paradigm to overcome these limitations by actively reconfiguring electromagnetic radiation characteristics through controllable antenna positioning and array orientation, thereby enabling flexible spatial coverage adaptation. To systematically quantify the airspace coverage capability of MA-enabled systems, this paper formulates a spatial coverage maximization problem over a discretized 3D voxel space. For each voxel, the received signal-to-noise ratio (SNR) is maximized via joint optimization of the MA's 3D positions and beamforming matrices. To efficiently solve the resulting non-convex problem, a hybrid particle swarm optimization and simulated annealing framework is developed to search for high-quality antenna configurations. Simulation results demonstrate that the proposed MA design framework substantially outperforms conventional FPA-based schemes in terms of spatial coverage, achieving coverage rates of 26.8% and 29.65% for airspace below 300m and 600m, respectively. Moreover, further coverage enhancement can be attained by incorporating mechanical tilt adjustment, highlighting the strong potential of MA technology for reliable low-altitude communication coverage.