162 results about "Call graph" patented technology

Call history data is sampled at fixed intervals during run-time, each sample representing only a limited portion of the stack. These data samples are subsequently automatically analyzed by merging overlapping sampled call history sequences to build larger call graphs, according to some pre-specified merge criterion. Preferably, the call history graphs are annotated with counts of the execution frequency (number of times a particular procedure was executing when the sample was collected) and the stack frequency (number of times the procedure appeared in the sampled stack portion) associated with each respective called procedure. Preferably, a graphical user interface presents the user with a graphical representation of the call graph(s) and annotations.

Methods and devices for executing scripts written in a dynamic scripting language include parsing scripts in two stages, a pre-parse using a simplified grammar to generate script metadata regarding the high level structure of the script, and a full parse using the grammar and syntax of the dynamic scripting language and generated script metadata. The generated metadata may describe the high level structure that is present in the language of the script such as functions, object methods, and a top level call graph. The script metadata may be used during the full parse to determine the parts of the code to be fully parsed. The aspects minimize processing time spent in the parsing at run-time, and may eliminate processing required to interpret or compile sections of code that will not be executed. Script metadata as well as results of full parsing may also be cached to provide further processing efficiencies.

The invention discloses a code static analysis-based data race detecting method and a system of the detecting method. The method comprises the following steps of: reading software to be detected, statically analyzing a source program of the software to be detected, and generating an abstract syntax tree, a control flow graph and a global function call graph of the software to be detected; on thatbasis, computing alias information in each function, outlet alias information among functions, lock assembly information, an access link of an access escapable variable quantity in each function and a thread building relational graph; computing a plurality of initialized sentence pair sets of a plurality of access nodes in every two threads; and gradually eliminating the sets according to the alias information, the lock assembly information and a concurrency relation to obtain a sentence pair which can finally have the data race. The detecting method and the detecting system can effectively detect the data race of a multi-thread program compiled by C/C++, thereby having the characteristics of high test precision and high automaticity, and being applied to detecting the data race caused bytwo threads or multiple threads.

The invention relates to a computer software security test method, and in particular relates to a dynamic and static combined software security test method. The test method comprises the following steps: firstly carrying out disassembly and intermediate language transformation on an executable program so as to generate a function call graph (CG) and a control flow graph (CFG) of a file; finding out a vulnerable point of a system by means of static analysis of the function CG, and constructing a test case generation execution path by virtue of a dynamic analysis method; searching a called function based on the function CG, finding out a specific path for triggering the vulnerable point on a first-grade basic block according to the CFG if the function is located on the generated execution path, and then ending the loophole mining process corresponding to the sensitive point; and if the path can not be found, reconfiguring the test case generation execution path and then searching the called function in a cyclic manner. The dynamic and static combined software security test method has the advantages of better solving the problem of path state space blast caused by single Fuzz dynamic test, and greatly improving the path coverage hit rate and the software test analysis efficiency.

Systems and methods are provided for statically analyzing a software application that is based on at least one framework. According to the method, source code of the software application and a specification associated with the software application are analyzed. The specification includes a list of synthetic methods that model framework-related behavior of the software application, and a list of entry points indicating the synthetic methods and/or application methods of the software application that can be invoked by the framework. Based on the source code and the specification, intermediate representations for the source code and the synthetic methods are generated. Based on the intermediate representations and the specification, call graphs are generated to model which application methods of the software application invoke synthetic methods or other application methods of the software application. The software application is statically analyzed based on the call graphs and the intermediate representations so as to generate analysis results for the software application.

The invention relates to a parallelization security hole detecting method based on a function call graph, which is characterized in that a function set to be detected is determined by analyzing the function call relation in a C language module, instrumentation and assert analysis are performed for the function set by means of the preprocessing technology, and then security holes of a program are detected by the aid of model checking and the parallelization technology. The method mainly includes the steps: generating the function relation call graph, and determining C function information to be detected by analyzing the function relation call graph; extracting attribute information of a buffer area related to C program source codes by the aid of the constraint analysis technology, and inserting corresponding ASSERT statement information in a variable declaration, an assignment and a function call point by means of the attribute information of the buffer area; and performing accessibility judgment for the instrumented codes, and analyzing whether a dangerous point in the program includes an accessible path to discover the security holes in the source codes or not. The method detects the security holes such as buffer area overflow and the like by combining the constraint analysis static detecting technology, model checking and the parallelization technology, and the detecting precision of the method is higher than that of the general static detecting technology.

A technique for feedback-directed call graph expansion includes performing symbolic analysis on an interprocedural control flow graph representation of software code, skipping over a virtual method call in the control flow graph, using information obtained from the symbolic analysis as feedback to identify a target of the virtual method call, and iterating the symbolic analysis on a modified version of the control flow graph that associates the target with the virtual method.

A process transforms compiled software into a semantic form. The process transforms the code into a semantic form. The process analyzes behavior functionality by processing precise programming behavior abstractions stored in a memory and classifies the code as malware based on the code behavior. Another method identifies the starting point of execution of a compiled program. The method calculates a complexity measure by calculating the number of potential execution paths of local functions; identifies the number of arguments passed to local functions; and identifies the starting point of execution of the compiled program. Another method provides interactive, dynamic visualization of a group of related functions wherein a user can explore the rendered graph and select a specific function and display functions that are color coded by their ancestral relation and their function call distance to the selected function.

A method for static code analyzing customizations to a pre-packaged computing solution can include establishing a communicative connection from a recommendation generation module to a pre-packaged computing solution and authenticating into the pre-packaged computing solution. Customized program code can be extracted from the pre-packaged computing solution and a call graph of the customized program code can be constructed such that the call graph indicates method calls to different interfaces for program code of the pre-packaged computing solution. Finally, a report can be generated identifying customized program code to be adapted to a new version of the pre-packaged computing solution based upon changes in the different interfaces shown by the call graph to be used in the new version of the pre-packaged computing solution and modifications required for the customized program code to call the different interfaces in the new version of the pre-packaged computing solution.

The invention provides an Android malicious software detection method based on a method call graph. A heterogeneous method call graph for constructing Android application Apk software is adopted, a sensitivity function is calibrated, and malicious codes are subjected to location and family classification by using the connectivity of the graph. The specific flow comprises the following steps: scanning the connectivity of the graph on the heterogeneous method call graph to obtain each sub-graph; grading the sensitivity function of each sub-graph, wherein the sub-graphs surpassing a threshold value are determined as malicious code modules, and similar malicious code sub-graph structures in different Android software are determined as malicious code families. According to the Android malicious software detection method, unknown malicious software can be found heuristically, families of the unknown malicious software are calibrated, and safe scanning and protection are provided for broad Android third-party markets and personal users.

A method and apparatus for frequency-updating for procedure inlining. The frequency-updating scheme assumes the call graph of a program has no cycles. It keeps the frequency for each procedure as accurate as that before inlining. Using the present invention, the runtime performance of a source program by a compiler is improved. A source program is analyzed to generate a call graph of the source program, wherein each of the procedures has a first known execution frequency. The call graph is used in conjunction with inlining plans by an inlining algorithm to generate an inlined version of the source program wherein selected call sites have been inlined. An updated execution frequency is generated for each of the procedures and the updated execution frequency for each of the procedures is used to generate optimized executable code for the source program. In various embodiments of the invention, heuristics can be used to calculate cost/benefit ratios for calls in the procedures of the source program to generate a ranking of the call sites and to select calls in the subroutines for inlining. The selected calls are inlined until a predetermined resource limit has been reached. An updated execution frequency is computed each time any of the call sites is inlined. In an embodiment of the invention, the updated execution frequency of the procedures determined by proportional adjustment, wherein the ratio between a procedure's frequency and its statement frequency remains unchanged.

Software Managed Manycore (SMM) architectures with scratch pad memory for reach core are a promising solution for scaling memory. In these architectures the code and data of the tasks mapped to the cores is explicitly managed by the compiler and often require inter-procedural information and analysis. But, a call graph of the program does not have enough information, and the Global CFG has too much information. Most new techniques informally define and use GCCFG (Global Call Control Flow Graph)—a whole program representation that succinctly captures the control-flow and function call information—to perform inter-procedural analysis. Constructing GCCFGs for several cases in common applications. The present disclosure provides unique graph transformations to formally and correctly construct GCCFGs for optimal compiler management of manycore systems.

The disclosed embodiments provide a system for processing data. During operation, the system obtains a component of a time-series performance metric associated with a server-side root cause of an anomaly in the time-series performance metric. Next, the system obtains a call graph representation of the component, wherein the call graph representation includes a parent node having a parent value of the component and a set of child nodes of the parent node, each child node having a corresponding child value of the component. The system then analyzes the call graph representation to identify one or more of the child nodes as sources of the anomaly. Finally, the system outputs an alert that identifies the sources of the anomaly.

A system for optimizing computer code generation by carrying out interprocedural dead store elimination. The system carries out a top down traversal of a call graph in an intermediate representation of the code being compiled. Live on exit (LOE) sets are defined for variables at call points for functions in the code being compiled. Bit vectors representing the LOE sets for call points for functions are stored in an LOE table indexed or hashed by call graph edges. For each function definition reached in the call graph traversal, a LOE set for the function itself is generated by taking the union of the LOE call point sets. The entries in the LOE table for the LOE call point sets are then removed. The LOE set for each function is used to determine if variables that are the subject of a store operation in a function may be subject to a dead store elimination optimization.

The invention provides a malicious software API (Application Program Interface) call sequence detection method based on graph convolution. The method comprises the following steps: acquiring and recording API call sequence information of processes and sub-processes when a large number of software samples run; performing vectorization processing on the API calling sequence information; extracting aparameter relationship, a dependency relationship and a sequence relationship of the API function; establishing an API call graph; inputting the API call graph into a graph convolutional neural network for training to obtain a malicious software detection network model; collecting API calling sequence information of processes and sub-processes when the executable file to be detected runs; constructing an API call graph of the executable file to be detected, then inputting the API call graph of the executable file to be detected into the malicious software detection network model, If the output result of the malicious software detection network model is 1, indicating that the judgment result is malicious software; If the output result of the malicious software detection network model is 0,indicating that the judgment result is normal software.

The invention discloses a C-program parallel region detecting method. The C-program parallel region detecting method is characterized by comprising the following steps of 1 pre-compiling the portion except system header files in source files, 2 compiling pre-compiled source codes and the system header files and performing dynamic analysis, 3 inserting dynamic analysis results into the source codes obtained after pre-compiling to obtain intermediate files, 4 conducting static analysis on the intermediate files to generate a program calling graph, and 5 detecting a task parallel region, a pipelining task parallel region and a data parallel region in a C-program according to the program calling graph. The C-program parallel region detecting method is a dynamic state and static state combined method. By means of the C-program parallel region detecting method, the parallel possibility of various particle sizes of all portions of the program is further dynamically analyzed on the basis that the program calling graph using functions and loops as units can be obtained.

The invention discloses a graph theoretical method MalZero for quickly and accurately detecting zero-day malicious software. The method is characterized in that features are extracted from API calling graphs to establish a classifier model, benign software and malicious software have different graph theoretical properties in respective API calling graphs, and the graph theoretical features extracted from the API calling graphs can be used for distinguishing the malicious software from the benign software effectively and efficiently. Three modules, namely a graph construction module, a feature extraction module and a graph classification module are involved in the method. Through the MalZero, the malicious software can be quickly and accurately detected on a terminal host, high efficiency is achieved in terms of storage space and detection time, and the MalZero can supplement an existing malicious software detection scheme of the terminal host due to low overhead.

The invention provides a function call graph fingerprint based malicious software detection method, comprising: judging whether a known malicious software sample is packed; performing disassembly processing to obtain an assembly code of the malicious software sample; by taking a function as a node and inter-function call as an edge, generating a function call graph; adding the function call graph as a fingerprint of the sample into a graph fingerprint library; judging whether the to-be-detected sample is packed; performing disassembly processing to obtain an assembly code of the to-be-detected sample; based on the assembly code, generating the function call graph of the to-be-detected sample, wherein the graph serves as the fingerprint of the detected sample; and performing isomorphism judgment on the function call graph fingerprint of the to-be-detected sample and each graph in the graph fingerprint library. According to the method, the function call graph is used as the fingerprint of the software, and most malicious software and malicious software variants are identified by fully utilizing a characteristic that the functional call graph is a special graph, so that the identification time is short and the efficiency is high.

The invention provides an Apk security risk automatic static auditing system and method. The method comprises the steps that S101, an AndroidManifest.xml file, a classes.dex file and a resource file of an Apk are decompiled, and a basic function call graph is generated according to Dalvik byte codes and the AndroidManifest.xml file; S102, an asynchronous call function and a life cycle relevant function in an Android bank are both added into the basic function call graph to obtain a spread function call graph; S103, code paths in the spread function call graph are filtered to obtain a suspicious path set containing possible taint data propagation behaviors; and S104, a taint analyzer performs simulation execution on a byte code instruction of a function of each suspicious path in the suspicious path set, taint analysis is performed based on a memory object model, and taint data information and a taint data propagation behavior are accurately detected. Through the Apk security risk automatic static auditing system and method, security auditing analysis can be performed on an Apk application comprehensively, quickly and effectively, and high practicability is achieved.

The invention discloses a method for displaying a method call relation graph when a java bytecode is viewed, which comprises the following steps of: 1, decompressing a jar file, and disassembling a class file in the jar file to generate a corresponding code text file; 2, performing text analysis on the code text file, analyzing all methods in all classes, and setting each method as a node in a topological structure; 3, analyzing the method calling code in each method, finding out the calling method, and establishing association in the topological graph; 4, according to the topological graph, drawing each node in the image by using a unified graph, and connecting the nodes; And 5, adding a mouse click trigger event processing function to each node graph in the image, and when a user clicksthe graph, automatically opening a file where the method is located by the processing function and jumping to the method to define a corresponding line number. And decompiling byte codes of the classfile of java to realize automatic logic analysis and generate a function relationship call graph, and presenting the function relationship call graph to a developer in a graphical manner.