• Journal of KIISE:Software and Applications
• /
• v.31 no.5
• /
• pp.643-650
• /
• 2004

Control flow graph is used for Performing many Program-analysis techniques, such as data-flow and control-dependence analysis, and software-engineering techniques, such as program slicing and testings. For these analyses to be safe and useful, the CFG should incorporate the exception flows that are induced by exceptions. In previous research to construct control flow graph, normal flows and exception flows are computed at the same time, since these two flows are known to be mutually dependent. By investigating realistic Java programs, we found that the cases when these two flows are mutually dependent rarely happen. So, we can decouple exception flow analysis from normal flow analysis. In this paper we propose an analysis that estimates exception flows. We also propose exception flow graph to represent exception flows. And we show that the control flow graph that accounts for exception flows can be constructed by merging exception flow graph onto normal control flow graph.

• Journal of KIISE:Computer Systems and Theory
• /
• v.29 no.12
• /
• pp.655-664
• /
• 2002

In many data-parallel applications massive parallelism can be easily extracted through data distribution. But it often causes very long communication latency. This paper shows that task parallelism, which is extracted from data-parallel programs, can be exploited to hide such communication latency Unlike the most previous researches over exploitation of task parallelism which has not been considered together with data parallelism, this paper describes exploitation of task parallelism in the context of data parallelism. PCFG(Parallel Control Flow Graph) is proposed to represent a multithreaded program consisting of a few task threads each of which can include a few data-parallel loops. It is also described how a PCFG is constructed from a source data-parallel program through HDG(Hierarchical Dependence Graph) and how the multithreaded program can be constructed from the PCFG.

• Journal of the Korea Society of Computer and Information
• /
• v.18 no.7
• /
• pp.111-123
• /
• 2013

To verify software vulnerability, the method of conjecturing software structure and then testing the software based on the conjectured structure has been highlighted. To utilize the method, an efficient way to conjecture software structure is required. The popular graph and tree methods such as DFG(Data Flow Graph), CFG(Control Flow Graph) and CFA(Control Flow Automata) have a serious drawback. That is, they cannot express software in a hierarchical fashion. In this paper, we propose a method to overcome the drawback. The proposed method applies various input data to a binary code, generate CFG's based on the code output and construct a HCFG (Hierarchical Control Flow Graph) to express the generated CFG's in a hierarchical structure. The components required for HCFG and progressive algorithm to construct HCFG are also proposed. The proposed method is verified through constructing the software architecture of an open SMTP(Simple Mail Transfer Protocol) server program. The structure generated by the proposed method and the real program structure are compared and analyzed.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.30 no.3
• /
• pp.493-501
• /
• 2020

For the obfuscation of Flow Analysis on the Android operating system, the size of the Flow Graph can be large enough to make analysis difficult. To this end, a library in the form of aar was implemented so that it could be inserted into the application in the form of an external library. The library is designed to have up to five child nodes from the entry point in the dummy code, and for each depth has 2n+1 numbers of methods from 100 to 900 for each node, so it consists of a total of 2,500 entry points. In addition, entry points consist of a total of 150 views in XML, each of which is connected via asynchronous interface. Thus, the process of creating a Inter-procedural Control Flow Graph has a maximum of 14,175E+11 additional cases. As a result of applying this to application, the Inter Procedure Control Flow Analysis too generates an average of 10,931 edges and 3,015 nodes with an average graph size increase of 36.64%. In addition, in the APK analyzing process showed that up to average 76.33MB of overhead, but only 0.88MB of execution overhead in the user's ART environment.

• Journal of KIISE:Computing Practices and Letters
• /
• v.15 no.11
• /
• pp.876-880
• /
• 2009

A control flow graph(CFG) is an essential data structure for program analyses based on graph theory or control-/data- flow analyses. Esterel is an imperative synchronous language and its synchronous parallelism makes it difficult to construct a CFG of an Esterel program. In this work, we present a method to construct over-approximated CFGs for Esterel. Our method is very intuitive and generated CFGs include not only exposed paths but also invisible ones. Though the CFGs may contain some inexecutable paths due to complex combinations of parallelism and exception handling, they are very useful for other program analyses.

• Proceedings of the Korean Information Science Society Conference
• /
• 2003.04a
• /
• pp.217-219
• /
• 2003

최근 반도체 설계 및 생산 공정의 급속한 발달로 내장형 시스템이 대중화되는 추세이고 비용이나 제품 출시 기간에 있어서 내장형 소프트웨어는 중요한 하나의 요소로 대두되고 있다. 내장형 시스템은 일반 PC와는 다르게 메모리 크기. 전력 소비, 신뢰성, 사이즈. 비용 등과 같은 제약사항들을 내포하기 때문에 제한된 자원의 효율적인 이용과 소프트웨어의 최적화를 위해 소프트웨어의 성능을 분석하기 위한 필요성이 대두된다. 본 논문에서는 소프트웨어 성능분석 도구인 'Cinderella'를 확장하기 위하여 현재 가장 널리 사용되고 있는 이진 실행 파일인 ELF파일에서 성능을 측정하기 위한 기본 요소로서 Control flow graph를 추출하기 위한 알고리즘을 제안한다. 본 논문에서 제안한 알고리즘은 향후 ARM기반의 머신에서 ELF파일의 내장형 소프트웨어의 시간분석에 필요한 요소이다.

• Journal of KIISE:Computing Practices and Letters
• /
• v.15 no.11
• /
• pp.871-875
• /
• 2009

A software birthmark is inherent characteristics that can be used to identify a program. In this paper, we propose a new Java birthmark based on control flow graph (CFG) matching. The CFG matching consists of node matching and edge matching. To get similarities of nodes and edges of two CFGs, we apply a sequence alignment algorithm and a shortest path algorithm, respectively. To evaluate the proposed birthmark, we perform experiments on Java programs that implement various algorithms. In the experiments, the proposed birthmark shows not only high credibility and resilience but also fast runtime performance.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2019.10a
• /
• pp.475-478
• /
• 2019

웹어플리케이션의 발전에 따라 자바스크립트 런타임 플랫폼인 Node.js 의 사용도 증가하고 있다. 개발자들은 Node.js 의 다양한 모듈을 활용하여 프로그래밍을 하게 되는데, Node.js 모듈 보안의 중요성에 비하여 모듈 취약점 분석은 충분히 이루어지지 않고 있다. 본 논문에서는 소스코드의 구조를 트리 형태로 표현하는 Abstract Syntax Tree 와 소스코드의 실행 흐름 및 변수의 흐름을 그래프로 나타내는 Control Flow Graph/Data Flow Graph 가 Node.js 모듈 취약점 분석에 효율적으로 활용될 수 있음을 서술하고자 한다. Node.js 모듈은 여러 스크립트 파일로 나누어져 있다는 점과 사용자의 입력이 분명하다는 특징이 있다. 또한 자바스크립트 언어를 사용하므로 선언된 변수들의 타입에 따라 적용되는 범위인 scope 가 다르게 적용된다는 특징이 있다. 본 논문에서는 이러한 Node.js 모듈의 특징을 고려하여 Abstract Syntax Tree 및 Control Flow Graph/Data Flow Graph 을 어떻게 생성하고 취약점 분석에 활용할 것인지에 대한 방법론을 제안하고, 실제 분석에 활용할 수 있는 코드 구현을 통하여 구체화시키고자 한다.

• The Journal of the Korea Contents Association
• /
• v.6 no.1
• /
• pp.160-169
• /
• 2006

This paper describes the data structure for program analysis and optimization of bytecode level. First we create an extended CFG(Control Flow Graph). Because of the special properties of bytecode, we must adaptively extend the existing control flow analysis techniques. We build basic blocks to create the CFG and create various data that can be used for optimization. The created CFG can be tested for comprehension and maintenance of Java bytecode, and can also be used for other analyses such as data flow analysis. This paper implements CTOC's CTOC-BR(CTOC-Bytecode tRanslator) for control flow analysis of bytecode level. CTOC(Classes To Optimized Classes) is a Java bytecode framework for optimization and analysis. This paper covers the first part of the CTOC framework. CTOC-BR is a tool that converts the bytecode into tree form for easy optimization and analysis of bytecode in CTOC.

• KIPS Transactions on Computer and Communication Systems
• /
• v.2 no.8
• /
• pp.317-326
• /
• 2013

In this paper, we present an effective method for comparing control flow graphs which represent static structures of binary programs. To compare control flow graphs, we measure similarities by comparing instructions and syntactic information contained in basic blocks. In addition, we also consider similarities of edges, which represent control flows between basic blocks, by edge extension. Based on the comparison results of basic blocks and edges, we match most similar basic blocks in two control flow graphs, and then calculate the similarity between control flow graphs. We evaluate the proposed edge extension method in real world Java programs with respect to structural similarities of their control flow graphs. To compare the performance of the proposed method, we also performed experiments with a previous structural comparison for control flow graphs. From the experimental results, the proposed method is evaluated to have enough distinction ability between control flow graphs which have different structural characteristics. Although the method takes more time than previous method, it is evaluated to be more resilient than previous method in comparing control flow graphs which have similar structural characteristics. Control flow graph can be effectively used in program analysis and understanding, and the proposed method is expected to be applied to various areas, such as code optimization, detection of similar code, and detection of code plagiarism.