WANG Wei,WEI Tao,LUO Hai-ning

DOI: https://doi.org/10.3321/j.issn:1002-8331.2007.16.029

2007-01-01

Computer Engineering and Applications Journal

Abstract:The first step of directly analyzing security vulnerabilities of an executable program is to obtain a structural intermediate representation of its binary code.This paper explores application of flow analysis in assembler understanding,and introduces a lightweight prototype of assembler structural representation tool that we implemented on Linux,named BESTAR.The system uses control flow analysis and data flow analysis techniques to identify common control structures,analyzes executive flow of a program,reconstruct expressions and functions,finds data dependency,finally transforms the assembler into a structural and easy-understanding intermediate language program and makes a good preparation for further security analysis.

Christian Saad,Bernhard Bauer

DOI: https://doi.org/10.1007/978-3-642-41533-3_43

2013-01-01

Abstract:In this paper we present a data-flow based approach to static model analysis to address the problem of current methods being either limited in their expressiveness or employing formalisms which complicate seamless integration with standards and tools in the modeling domain.By applying data-flow analysis - a technique widely used for static program analysis - to models, we realize what can be considered a generic “programming language” for context-sensitive model analysis through declarative specifications. This is achieved by enriching meta models with data-flow attributes which are afterward instantiated for models. The resulting equation system is subjected to a fixed-point computation that yields a static approximation of the model’s dynamic behavior as specified by the analysis. The applicability of the approach is evaluated in the context of a running example, the examination of viable application domains and a statistical review of the algorithm’s performance.

Ju Qian,Baowen Xu,Xiaoyu Zhou,Lin Chen,Liang Shi

DOI: https://doi.org/10.1007/s11859-009-0408-1

2009-01-01

Abstract:To avoid the precision loss caused by combining dataflow facts impossible to occur in the same execution path in dependence analysis for C programs, this paper first proposes a flow-sensitive and context-insensitive points-to analysis algorithm and then presents a new dependence analysis approach based on it. The approach makes more sufficient consideration on the executable path problem and can avoid invalid combination between points-to relations and between points-to relations and reaching definitions. The results of which are therefore more precise than those of the ordinary dependence analysis approaches.

Tong Ye,Lingfei Wu,Tengfei Ma,Xuhong Zhang,Yangkai Du,Peiyu Liu,Shouling Ji,Wenhai Wang

DOI: https://doi.org/10.48550/arXiv.2310.16853

2023-10-24

Abstract:Automatically generating function summaries for binaries is an extremely valuable but challenging task, since it involves translating the execution behavior and semantics of the low-level language (assembly code) into human-readable natural language. However, most current works on understanding assembly code are oriented towards generating function names, which involve numerous abbreviations that make them still confusing. To bridge this gap, we focus on generating complete summaries for binary functions, especially for stripped binary (no symbol table and debug information in reality). To fully exploit the semantics of assembly code, we present a control flow graph and pseudo code guided binary code summarization framework called CP-BCS. CP-BCS utilizes a bidirectional instruction-level control flow graph and pseudo code that incorporates expert knowledge to learn the comprehensive binary function execution behavior and logic semantics. We evaluate CP-BCS on 3 different binary optimization levels (O1, O2, and O3) for 3 different computer architectures (X86, X64, and ARM). The evaluation results demonstrate CP-BCS is superior and significantly improves the efficiency of reverse engineering.

Programming Languages,Artificial Intelligence

ZHANG Xiao-xin,SUN Wei-jie

DOI: https://doi.org/10.3969/j.issn.1002-0802.2013.04.044

2013-01-01

Abstract:Based on study of the automatic examination method for C code structure,an automatic examination method for C code structure is proposed.Through static analysis of source code,the logic connection relation of the program and the semantic similarity relation are analyzed,the reasonable module divisions of the program extracted,and also through comparison with the design document,the judgement on reasonableness of the program structure is realized.According to this principle and based on the static analysis and clustering method,the process design of automatic examination method for program structure is implemented and verified with specific examples.Finally,a summary and outlook of this research is given in this paper.

Laune C. Harris,Barton P. Miller

DOI: https://doi.org/10.1145/1127577.1127590

2005-12-01

ACM SIGARCH Computer Architecture News

Abstract:Executable binary code is the authoritative source of information about program content and behavior. The compile, link, and optimize steps can cause a program's detailed execution behavior to differ substantially from its source code. Binary code analysis is used to provide information about a program's content and structure, and is therefore a foundation of many applications, including binary modification[3,12,22,31], binary translation[5,29], binary matching[30], performance profiling[13,16,18], debugging, extraction of parameters for performance modeling, computer security[7,8] and forensics[23,26]. Ideally, binary analysis should produce information about the content of the program's code (instructions, basic blocks, functions, and modules), structure (control and data flow), and data structures (global and stack variables). The quality and availability of this information affects applications that rely on binary analysis.

潘剑锋,刘守群,奚宏生,谭小彬

2010-01-01

Abstract:The present study proposes a method for hidden malcode detection based on the analysis of dynamic control-flow. First we recorded the malcode-related control-flow paths of program, and then the control-flow paths were analyzed, by calling tree match algorithm, to detect the hidden malcode in the system. The experiments show that this method can detect hidden malcode efficiently at a high detection rate and with low false positive, and thus it can be applied to malcode detection on operating systems.

Mizuhito OGAWA,Zhenjiang HU,Isao SASANO,Masato TAKEICHI

2002-01-01

Abstract:This paper proposes a new framework for program analysis that regards them as maximum marking problems: mark the codes of a program under a certain condition such that the number of marked nodes is maximum. We show that if one can develop an efficient checking program (in terms of a finite catamorphism) whether marked programs are correctly marked, then an efficient and incremental marking algorithm to analyze control flow of structured programs (say in C or Java with limited numbers of gotos) is obtained for free. To describe catamorphisms on control flow graphs, we present an algebraic construction, called SP Term, for graphs with bounded tree width. The transformation to SP Terms is done efficiently in linear time. We demonstrate that our framework is powerful to describe various kinds of control flow analyses. Especially, for analyses in which some optimality is required (or expected), our approach has a big advantage.

Hong Mei,Wanghong Yuan,Qiong Wu,Fuqing Yang

IF: 1.019

1997-01-01

Chinese Journal of Electronics

Abstract:BDCom-C++, a program understanding system for C++ language, is described in this paper. This system analyzes C++ programs statically by means of incremental parsing, abstracts program information according to a conceptual model formed with EER (Enhanced Entity Relationship) model and stores the information in database. Moreover, according to different requirements, it facilitates the understanding of C++ programs, creates OOD (Object-Oriented Design) documents reversely, or assists extracting reusable components.

M Ogawa,ZJ Hu,I Sasano

DOI: https://doi.org/10.1145/944746.944716

2003-01-01

Abstract:Program analysis is the heart of modern compilers. Most control flow analyses are reduced to the problem of finding a fixed point in a certain transition system, and such fixed point is commonly computed through an iterative procedure that repeats tracing until convergence.This paper proposes a new method to analyze programs through recursive graph traversals instead of iterative procedures, based on the fact that most programs (without spaghetti GOTO) have well-structured control flow graphs, graphs with bounded tree width. Our main techniques are; an algebraic construction of a control flow graph, called SP Term, which enables control flow analysis to be defined in a natural recursive form, and the Optimization Theorem, which enables us to compute optimal solution by dynamic programming.We illustrate our method with two examples; dead code detection and register allocation. Different from the traditional standard iterative solution, our dead code detection is described as a simple combination of bottom-up and top-down traversals on SP Term. Register allocation is more interesting, as it further requires optimality of the result. We show how the Optimization Theorem on SP Terms works to find an optimal register allocation as a certain dynamic programming.

SUN Wei-jie,ZHANG Xiao-xin,BI Jia-hong

DOI: https://doi.org/10.3969/j.issn.1003-3114.2013.03.025

2013-01-01

Abstract:The efficient and flexible features of C language determine the file diversity of organizational forms.In accordance with the organizational forms,based on module identification technology of C language software,this paper studies the program structure,and makes conclusion on logic correlation between elements in program,then presents the metric methods for syntactic correlation between labels of elements and proposes the algorithms to extract partitions of program structure in terms of metrics for logic correlations and syntactic similarity,so as to complete code structure detection.This paper implements the algorithm and analyzes the accuracy and availability of the algorithm through the experimentation.

文勇,蔡铭,陈刚,杨子江,金星

DOI: https://doi.org/10.16208/j.issn1000-7024.2010.11.037

2010-01-01

Abstract:To effectively carry out the object code analysis and verification,a novel method of control flow and structural coverage measurement for object code verification is presented based on CPU module extension.By branch instruction function extension,along with a new module for dynamic branch target buffer,the control flow of object code is collected effectively.And then,the algorithm for control flow construction and structural coverage measurement are given respectively.Both the overhead and computation complexity are acceptable with analysis study.Competitive advantage of this method is independent of compiler and non-incursive measurement for the object code.

Tao Wei,Runpu Wu,Tielei Wang,Xinjian Zhao,Wei Zou,Weihong Zheng

DOI: https://doi.org/10.1007/978-3-642-28798-5_19

2012-01-01

Abstract:Call graph plays an important role in interprocedural program analysis methods. However, due to the common exist of function pointers and virtual functions in large programs, call graphs used in current program analysis systems are usually incomplete and imprecise, especially in analysis systems for binary executables. In this paper, we present a scalable and effective approach to automatically resolve virtual-function calls in executables. For the benchmark used in previous studies, our approach resolved almost 100% of reachable virtual function call-sites, whereas CodeSurfer/x86 resolved about 82%. © 2012 Springer-Verlag.

Zewen Sun,Duanchen Xu,Yiyu Zhang,Yun Qi,Yueyang Wang,Zhiqiang Zuo,Zhaokang Wang,Yue Li,Xuandong Li,Qingda Lu,Wenwen Peng,Shengjian Guo

DOI: https://doi.org/10.1145/3611643.3616348

2023-01-01

Abstract:Apart from forming the backbone of compiler optimization, static dataflow analysis has been widely applied in a vast variety of applications, such as bug detection, privacy analysis, program comprehension, etc. Despite its importance, performing interprocedural dataflow analysis on large-scale programs is well known to be challenging. In this paper, we propose a novel distributed analysis framework supporting the general interprocedural dataflow analysis. Inspired by large-scale graph processing, we devise a dedicated distributed worklist algorithm tailored for interprocedural dataflow analysis. We implement the algorithm and develop a distributed framework called BigDataflow running on a large-scale cluster. The experimental results validate the promising performance of BigDataflow - it can finish analyzing the program of millions lines of code in minutes. Compared with the state-of-the-art, BigDataflow achieves much more analysis efficiency.

JIANG Shu-Juan,XU Bao-Wen,SHI Liang

DOI: https://doi.org/10.1360/jos180832

2007-01-01

Journal of Software

Abstract:Based on analyzing the effects of exception handling constructs on dependence analysis, this paper proposes a precise and efficient representation for C++ programs with exception handling constructs—improved control flow graph. It proposes a new approach to analyzing the data dependences and control dependences of intra-function and inter-function in C++ programs with exception handling constructs, and an efficient algorithm is also presented. This method overcomes the limitations of the previous incorrect analysis because of failing to account for the effects of exception handling constructs, and also provides a basis for automatic dependence analysis that contains exception propagation. Finally, it discusses the application of the dependence analysis method in program slicing.

JIN Jing,LI Meng,HUA Zhebang,SONG Huaida,ZHAO Junfeng,XIE Bing

DOI: https://doi.org/10.3778/j.issn.1002-8331.1208-0543

2013-01-01

Abstract:In recent years, with the rapid development of code reuse technology and open source projects on Internet, software developers' programming activities are gradually changed. Today, software developers increasingly rely on the functions supplied by open source projects while they're programming. However, due to the lack of documents and the complexity of code structure,the efficiency of software reuse is not high. Software developers usually only learn small parts of project's functions instead of comprehensive understanding. In order to better support the activity of code reuse, a function recognition approach based on LDA and code static analysis technology, which is an extension of traditional LDA, is proposed to help developers better learn the functions of a project.

Bin Li,Jun Liu,Jianhua Zhao

DOI: https://doi.org/10.1109/QRS-C.2015.42

2015-01-01

Abstract:This paper investigates the techniques to generate efficient code from abstract programs with abstract data types. Two techniques are used to generate efficient code. The first one is based on the properties derived through data-flow analysis to generate efficient code. The second one is based on element, which is an abstract data type and declares a variable belonging to an existing container. These techniques are used to choose efficient implementations for ADTs operations and to avoid data structure copies. To demonstrate these techniques, SimpleL, a small high level language is used in this paper. This language supports abstract data types including finite set, finite list and finite map. One can specify the data structures to implement these abstract types.

Wang Chunlei,Zhao Gang,Dai Yiqi

DOI: https://doi.org/10.1109/ICCSIT.2009.5234950

2009-01-01

Abstract:This paper proposes a control flow based security analysis approach for binary executables. Through deeply investigating the theory of control flow security, we develop the Control Flow Security Model (CFSM) which includes the formal definitions for program semantics and security properties for control flow. CFSM specifies that program execution dynamically follows only certain paths, in accordance with a statically declared security properties specified as Control Flow Constraint Specification (CFCS). We have proposed an efficient control flow security analysis algorithm for verifying that a particular control flow model satisfies the associated security properties. Our work contributes to bridging the gap between abstract specifications of control flow security properties and actual control flow security analysis for binary executables. The effectiveness and the practical usefulness of the approach are exemplified by an illustrative analysis of heap overflow vulnerability.

苏文俊,冯振明,陆明泉

DOI: https://doi.org/10.3969/j.issn.1000-7180.2004.11.003

2004-01-01

Abstract:Data flow computer can address the problem of clock flow, this kind of computer has lower power and can achieve higher parallel performance. This paper describes motivation, basic concept, design methodologies and languages of data flow computer, and some existing data flow computers. At last, emphases in the research of data flow computer are proposed. Data flow computer isn't in practice yet, but it is worth researching on.

Zhoukai Wang,Jiong Zhang,Weigang Ma,Huaijun Wang

DOI: https://doi.org/10.1117/12.2589382

2021-01-01

Abstract:The traditional control flow diagram (CFG) only displays the overall framework of the program, but ignores its detailed control information and the complex inner structure. Programmers can hardly comprehend the whole program through traditional CFG. Therefore, an algorithm is proposed to generate a new kind of CFG with abundant details and inner structure. After parsing the compilation results of Clang static analyzer, the algorithm firstly extracts the key control information of a program, and then uses the control information to build up the basic display units. Secondly, the algorithm orders and packs these basic display units to form an intermediate XML file. Finally, the Jgraphx graphics library is introduced to parse the intermediate XML file and render the new CFG. Experiment shows that when comparing with the conventional CFG, the new CFG that drawn by the proposed algorithm can demonstrate more details, states, and data flows. The CFG drawn by the proposed algorithm can also offer strong support for complex software maintenance and testing.