Many false positives are generated when an Android application is detected by static taint analysis to discover potential privacy-leak bugs. For that, a context-sensitive, path-sensitive and field-sensitive semi-auto analysis method was proposed to verify if a potential bug is a true positive by only traversing a few executable paths. Firstly, a seed Trace covering both Source and Sink was obtained manually by running the instrumented application. Then, a Trace-based taint analysis method was used to verify if there was a taint propagating path in the Trace. If there was a taint propagating path, it meaned a real privacy leak bug existed. If not, the conditioin set and taint information of the Trace were further collected, and by combining the live-variable analysis and the program transformation approach based on conditional inversion, a constraint selection policy was designed to prune most executable paths irrelevant to taint propagation. Finally, remaining executable paths were traversed and corresponding Traces were analyzed to verify if the bug is a false positive. Seventy-five applications of DroidBench and ten real applications were tested by a prototype system implemented on FlowDroid. Results show that only 15.09% paths traversed averagely in each application, the false positive rate decreases 58.17% averagely. Experimental results demonstrate the analysis can effectively reduce the false positives generated by static taint analysis.

Focusing on the causality problem of conjunctive queries with inequalities in databases, the resilience computation was introduced and implemented. In order to reduce the computational time complexity in path conjunctive queries with inequalities, a Dynamic Programming for Resilience (DPResi) algorithm was proposed. Firstly, according to the properties of path conjunctive queries with inequalities and the max-flow Min-Cut theorem, the Min-Cut algorithm with polynomial time complexity was implemented. Then by compiling the lineage expression of a Boolean conjunctive query with inequality into a lineage graph, the problem of resilience was transformed into the computation of the shortest distance in lineage graph. Combining inclusion property with optimal substructure of the lineage graph, DPResi algorithm with linear time complexity was implemented by applying the idea of dynamic programming. Extensive experiments were carried out on the TPC-H datasets. The experimental results show that DPResi algorithm greatly improves the efficiency of resilience computation and has good scalability compared with Min-Cut algorithm.

It is difficult for entity search and question answering over text corpora to join cues from multiple documents to process relationship-centric search tasks, although structured querying over knowledge base can resolve such problem, but it still suffers from poor recall because of the heterogeneity and incompleteness of knowledge base. To address these problems, the knowledge graph was extended with information from textual corpora and a corresponding triple pattern with textual phrases was designed for uniform query of knowledge graph and textual corpora. Accordingly, a model for automatic query relaxation and scoring query answers (tuples of entities) was proposed, and an efficient top- k query processing strategy was put forward. Comparison experiments were conducted with two classical methods on three different benchmarks including entity search, entity-relationship search and complex entity-relationship queries using a combination of the Yago knowledge graph and the entity-annotated ClueWeb '09 corpus. The experimental results show that the entity-relationship search system with query relaxation over extended knowledge base outperforms the comparison systems with a big margin, the Mean Average Precision (MAP) are improved by more than 27%, 37%, 64% respectively on the three benchmarks.