• Journal of the Korea Society of Computer and Information
• /
• v.18 no.7
• /
• pp.111-123
• /
• 2013

To verify software vulnerability, the method of conjecturing software structure and then testing the software based on the conjectured structure has been highlighted. To utilize the method, an efficient way to conjecture software structure is required. The popular graph and tree methods such as DFG(Data Flow Graph), CFG(Control Flow Graph) and CFA(Control Flow Automata) have a serious drawback. That is, they cannot express software in a hierarchical fashion. In this paper, we propose a method to overcome the drawback. The proposed method applies various input data to a binary code, generate CFG's based on the code output and construct a HCFG (Hierarchical Control Flow Graph) to express the generated CFG's in a hierarchical structure. The components required for HCFG and progressive algorithm to construct HCFG are also proposed. The proposed method is verified through constructing the software architecture of an open SMTP(Simple Mail Transfer Protocol) server program. The structure generated by the proposed method and the real program structure are compared and analyzed.

• Journal of KIISE:Computing Practices and Letters
• /
• v.15 no.11
• /
• pp.876-880
• /
• 2009

A control flow graph(CFG) is an essential data structure for program analyses based on graph theory or control-/data- flow analyses. Esterel is an imperative synchronous language and its synchronous parallelism makes it difficult to construct a CFG of an Esterel program. In this work, we present a method to construct over-approximated CFGs for Esterel. Our method is very intuitive and generated CFGs include not only exposed paths but also invisible ones. Though the CFGs may contain some inexecutable paths due to complex combinations of parallelism and exception handling, they are very useful for other program analyses.

• The Journal of the Korea Contents Association
• /
• v.6 no.1
• /
• pp.160-169
• /
• 2006

This paper describes the data structure for program analysis and optimization of bytecode level. First we create an extended CFG(Control Flow Graph). Because of the special properties of bytecode, we must adaptively extend the existing control flow analysis techniques. We build basic blocks to create the CFG and create various data that can be used for optimization. The created CFG can be tested for comprehension and maintenance of Java bytecode, and can also be used for other analyses such as data flow analysis. This paper implements CTOC's CTOC-BR(CTOC-Bytecode tRanslator) for control flow analysis of bytecode level. CTOC(Classes To Optimized Classes) is a Java bytecode framework for optimization and analysis. This paper covers the first part of the CTOC framework. CTOC-BR is a tool that converts the bytecode into tree form for easy optimization and analysis of bytecode in CTOC.

• The KIPS Transactions:PartD
• /
• v.15D no.2
• /
• pp.197-206
• /
• 2008

The CTOC framework was implemented to efficiently perform analysis and optimization of the Java bytecode that is often being used lately. In order to analyze and optimize the bytecode from the CTOC, the eCFG was first generated. Due to the bytecode characteristics of difficult analysis, the existing bytecode was expanded to be suitable for control flow analysis, and the control flow graph was drawn. We called eCFG(extended Control Flow Graph). Furthermore, the eCFG was converted into the SSA Form for a static analysis. Many loops were found in the conversion program. The previous CTOC performed conversion directly into the SSA Form without processing the loops. However, processing the loops prior to the SSA Form conversion allows more efficient generation of the SSA Form. This paper examines the process of finding the loops prior to converting the eCFG into the SSA Form in order to efficiently process the loops, and exhibits the procedures for generating the loop tree.

• Journal of the Korea Society of Computer and Information
• /
• v.13 no.5
• /
• pp.27-35
• /
• 2008

The CTOC framework was implemented to efficiently perform analysis and optimization of the Java bytecode that is often being used lately. In order to analyze and optimize the bytecode from the CTOC, the eCFG was first generated. Due to the bytecode characteristics of difficult analysis, the existing bytecode was expanded to be suitable for control flow analysis. and the control flow graph was drawn. We called eCFG(extended Control Flow Graph). Furthermore, the eCFG was converted into the SSA Form for a static analysis. Many loops were found in the conversion program. The previous CTOC performed conversion directly into the SSA Form without processing the loops. However, processing the loops prior to the SSA Form conversion allows more efficient generation of the SSA Form. This paper examines the process of finding the loops prior to converting the eCFG into the SSA Form In order to efficiently process the loops, and exhibits the procedures for generating the loop tree.

• Journal of the Semiconductor & Display Technology
• /
• v.20 no.3
• /
• pp.113-116
• /
• 2021

As artificial intelligence technologies, including deep learning, develop, these technologies are being introduced to code similarity analysis. In the traditional analysis method of calculating the graph edit distance (GED) after converting the source code into a control flow graph (CFG), there are studies that calculate the GED through a trained graph neural network (GNN) with the converted CFG, Methods for analyzing code similarity through CNN by imaging CFG are also being studied. In this paper, to determine which approach will be effective and efficient in researching code similarity analysis methods using artificial intelligence in the future, code similarity is measured through funcGNN, which measures code similarity using GNN, and Siamese Network, which is an image similarity analysis model. The accuracy was compared and analyzed. As a result of the analysis, the error rate (0.0458) of the Siamese network was bigger than that of the funcGNN (0.0362).

• Journal of KIISE:Computing Practices and Letters
• /
• v.15 no.11
• /
• pp.871-875
• /
• 2009

A software birthmark is inherent characteristics that can be used to identify a program. In this paper, we propose a new Java birthmark based on control flow graph (CFG) matching. The CFG matching consists of node matching and edge matching. To get similarities of nodes and edges of two CFGs, we apply a sequence alignment algorithm and a shortest path algorithm, respectively. To evaluate the proposed birthmark, we perform experiments on Java programs that implement various algorithms. In the experiments, the proposed birthmark shows not only high credibility and resilience but also fast runtime performance.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2019.10a
• /
• pp.475-478
• /
• 2019

웹어플리케이션의 발전에 따라 자바스크립트 런타임 플랫폼인 Node.js 의 사용도 증가하고 있다. 개발자들은 Node.js 의 다양한 모듈을 활용하여 프로그래밍을 하게 되는데, Node.js 모듈 보안의 중요성에 비하여 모듈 취약점 분석은 충분히 이루어지지 않고 있다. 본 논문에서는 소스코드의 구조를 트리 형태로 표현하는 Abstract Syntax Tree 와 소스코드의 실행 흐름 및 변수의 흐름을 그래프로 나타내는 Control Flow Graph/Data Flow Graph 가 Node.js 모듈 취약점 분석에 효율적으로 활용될 수 있음을 서술하고자 한다. Node.js 모듈은 여러 스크립트 파일로 나누어져 있다는 점과 사용자의 입력이 분명하다는 특징이 있다. 또한 자바스크립트 언어를 사용하므로 선언된 변수들의 타입에 따라 적용되는 범위인 scope 가 다르게 적용된다는 특징이 있다. 본 논문에서는 이러한 Node.js 모듈의 특징을 고려하여 Abstract Syntax Tree 및 Control Flow Graph/Data Flow Graph 을 어떻게 생성하고 취약점 분석에 활용할 것인지에 대한 방법론을 제안하고, 실제 분석에 활용할 수 있는 코드 구현을 통하여 구체화시키고자 한다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2008.11a
• /
• pp.582-585
• /
• 2008

제어 흐름 그래프(CFG : Control Flow Graph)는 제어 흐름상의 오류나 문제점을 찾아내고 흐름에 대해 한눈에 파악할 수 있기 때문에 소프트웨어공학 분야에서 많이 사용되고 있다. 현재 여러 테스팅 분야에서 다양한 제어 흐름 분석 기법들이 연구, 소개되고 있는데 본 논문에서는 XML 문서를 이용하여 CFG를 나타내고자 한다. XML은 트리구조를 가진 문서 모델로 C 언어 소스 코드를 구조적으로 나타냄으로써 좀 더 쉽게 코드를 분석하고, 제어 흐름 요소를 추출하여 제어 흐름 그래프를 나타내는 데에 유용하다. 따라서 중간 분석 파일로 XML을 이용하여 보다 빠르고 쉽게 CFG를 나타내는 기법을 제안한다.

• Journal of KIISE:Software and Applications
• /
• v.31 no.5
• /
• pp.643-650
• /
• 2004

Control flow graph is used for Performing many Program-analysis techniques, such as data-flow and control-dependence analysis, and software-engineering techniques, such as program slicing and testings. For these analyses to be safe and useful, the CFG should incorporate the exception flows that are induced by exceptions. In previous research to construct control flow graph, normal flows and exception flows are computed at the same time, since these two flows are known to be mutually dependent. By investigating realistic Java programs, we found that the cases when these two flows are mutually dependent rarely happen. So, we can decouple exception flow analysis from normal flow analysis. In this paper we propose an analysis that estimates exception flows. We also propose exception flow graph to represent exception flows. And we show that the control flow graph that accounts for exception flows can be constructed by merging exception flow graph onto normal control flow graph.