187 results about "Control flow diagram" patented technology

The invention provides a static analysis method and a static analysis device for an Android application program and relates to the technical field of security detection. The static analysis method includes: S1, unzipping an application program to be detected to obtain a Smali file; S2, traversing the Smali file to acquire a source code information and structuring a control flow diagram and a data flow diagram of the source code information; S3, traversing the control flow diagram and the data flow diagram according to a malicious behavior judging engine to respectively match an API (application program interface) of the application program with another API in a predefined malicious behavior library and marking the successfully matched API of the application program as the malicious behavior API; S4, calculating the malicious measuring value of the application program to be detected; S5, matching the malicious measuring value with a predefined malicious degree index to acquire risk level of the application program to be detected. Through behavior analysis and comprehensive judgment of combined rules, misjudgment rate of virus detection upon the Android application program can be reduced.

The invention discloses a method for optimizing a unit regression test case set based on a control flow diagram. The method comprises the following steps: A, finding out modified points corresponding to a modified part from the control flow diagram of a tested unit being tested unit before and after; B, screening out test cases, of which the execution paths pass through the modified points, to serve as one part of the regression test case set, namely a selected test case set (Tselected), and running all the test cases in the set; C, calculating all the reachable successor nodes of the modified points and selecting a node subset N which is not covered in the running process of the step B; D, if the N is null, executing the step F, and if the N is not null, executing the step E; E, selecting one node from the N to serve as a coverage target generation test case, adding the coverage target generation test case into a new test case set (Tnew) and then completely running, updating the N, deleting the nodes covered in the running process and returning to the step D; and F, finishing construction of the regression test case set (TR). By application of the method, the efficiency of the regression test can be improved and the effectiveness and the sufficiency of the regression test are guaranteed.

The invention discloses a memory access abnormity detecting method and a memory access abnormity detecting device. The memory access abnormity detecting method comprises the following steps of checking source codes and analyzing the morphology, the grammar and the semanteme of the source codes to generate a control flow diagram, a data dependence diagram, a first list file and a second list file; establishing a global function invocation diagram of the source codes according to the control flow diagram; performing matching detection on dynamic memory allocation of the source codes according to the global function invocation diagram, the second list file and the data dependence diagram; and establishing a virtual executing platform; and extracting an executing path according to the first list file, the control flow diagram and the data dependence diagram so as to detect memory leakage caused by dynamic memory allocation and memory access violation during running of a program. Memory access abnormity in the source codes can be sufficiently dug by analyzing the first list file, the second list file, the control flow diagram, the data dependence diagram and the global function invocation diagram, establishing the virtual executing platform and extracting the executing path, and the memory access abnormity can be detected efficiently.

A compiler-controlled technique for scheduling threads to execute different regions of a program. A compiler analyzes program code to determine a control flow graph for the program code. The control flow graph contains regions and directed edges between regions. The regions have associated execution priorities. The directed edges indicate the direction of program control flow. Each region has a thread frontier which contains one or more regions. The compiler inserts one or more update predicate mask variable instructions at the end of a region. The compiler also inserts one or more conditional branch instructions at the end of the region. The conditional branch instructions are arranged in order of execution priority of the regions in the thread frontier of the region, to enforce execution priority of the regions at runtime.

A method and a system for constructing a control flow graph (CFG, 106) from an executable computer program (104). The solution detects data intermixed with instructions and instruction set changes. The method includes the steps of defining block leader types specifying basic block boundaries in the program (104), building a CFG structure (106) according to the basic blocks found in the program, and adding control flow and addressing information to the CFG (106) by propagating through the basic blocks and internals thereof. The CFG (106) may be then optimised (108) and a compacted executable (112) created as a result.

The invention discloses a security detection method for an android application file, and mainly solves the problem of privacy leakage vulnerability detection capability shortage of an existing android application file. The method is implemented by the steps of 1, converting a Dalvik byte code file in the android application file into a Jimple language; 2, extracting input and output functions related to sensitive data by classification from an android system file, classifying the input and output functions, and marking a source and an output; 3, generating a virtual Main function in the Jimple language and generating an interprocedural control flow diagram according to the function; 4, establishing a taint spread rule; 5, generating a taint access path according to the interprocedural control flow diagram; and 6, according to the marked source and output, executing the taint spread rule in the taint access path to find out a data leakage path. According to the method, the missing and false reporting of privacy leakage vulnerabilities is reduced and the security protection performance is improved, so that the method can be used for detecting the android application file.

The invention provides an attitude and orbit control data analysis method based on a decision tree. The method comprises the following steps: attitude and orbit control data preprocessing, i.e., finishing remote measurement data deduplicating, remote measurement data sequencing, remote measurement data extraction and remote measurement data outlier rejection through the data preprocessing; hierarchical modeling of an attitude and orbit control, i.e., establishing an information and control flow chart of the attitude and orbit control, determining remote measurement variables related to current faults of the attitude and orbit control, and taking the variables as input variables for decision tree analysis; establishing a flow chart of the decision tree analysis; and decision tree modeling, i.e., creating a decision tree C5.0 algorithm model, defining a model name in the model, boosting algorithm test frequency, and trimming attributes and a minimum recording number of each sub branch. The method provided by the invention solves the problem of difficulties in satellite attitude and orbit control complex data analysis and has a certain guidance effect on satellite fault identification, diagnosis and anticipation.

The invention discloses a static detection method for privacy information disclosure in mobile applications. The method comprises the steps as follows: firstly, the completeness of codes is checked, if the codes are incomplete, preparatory work is performed on source codes, state machine description files corresponding to the privacy disclosure are loaded, related state machine information is obtained, the source codes are compiled to obtain detailed information of classes, functions and the like, pre-analysis is performed on the source codes, basic data structures such as abstract syntax trees and the like are generated, and call relations among the functions are obtained; and then detection and analysis is performed in units of the functions, state machine instances are created for all state machines with associated methods in the state machines, state machine instance iteration is performed on control flow diagrams corresponding to the functions, when the state machine instances are in error states, errors are reported, after detection is finished, the detected errors are checked manually, and detection results are confirmed. With the adoption of the method, the privacy disclosure codes existing in application programs of different operating system platforms can be effectively detected, so that the privacy information disclosure of users can be effectively prevented.

The invention discloses a method of fully detecting null pointer reference defects. The method comprises recognizing all addressable expressions of an application to be detected based on an abstract syntax tree; carrying out conservative interval arithmetic and pointer analysis on the application to be detected according to a control flow diagram, and generating a procedural summary according to results of the interval arithmetic and the pointer analysis; recognizing all pointer reference and referred pointers according to the procedural summary and the abstract syntax tree, and creating a null pointer reference defect state machine example on each referred pointer; and running the null pointer reference defect state machine examples based on the control flow diagram, carrying out state transition on each defect state machine example on each node of the control flow diagram according to the results of the interval arithmetic and the pointer analysis, and carrying out null pointer reference detection. By adopting the method of fully detecting the null pointer reference defects, the problem of failing to report the null pointer reference defects can be effectively solved, and zero omission and low misinformation of the null pointer reference defect detection are achieved.

The invention discloses a symbolic-execution-based method for generating test cases with feedback. The method comprises the following steps of: (1) executing the conventional test cases, and collecting information covered by the test cases; (2) determining a symbolic execution covering object according to a control flow diagram of a tested program; (3) instrumenting the tested program, and implanting a symbolic execution control code; (4) selecting a proper seed test case from the conventional test case set; (5) generating a new test case for the covering object by using a symbolic execution method, and supplementing the new test case into the test case set; and (6) repeating the steps until a given test case generation aim is fulfilled. The method can be widely applied to automatic test in a software development process, and is used for automatically generating the test cases, so that the problem of constraint condition explosion of independent symbolic execution is solved, and efficiency is improved; and in addition, other generation methods can be combined, so that the problem that complex data structures cannot be processed by the symbolic execution method can be alleviated.

A technique for identifying and executing synchronized read regions and synchronized write regions is provided. The technique processes program code with a software tool to convert the code to an internal representation for the software tool and constructs a control flow graph of code blocks which also identifies the entry and exit points for each region of code subject to a lock. For each code block in the control flow graph, visibility analysis is performed. Each determined entry and exit point is moved to enclose the smallest set of code blocks subject to a lock which can be achieved without altering code semantics. A set of trees is created to represent the manner in which the synchronized regions are nested. If the tree contains at least one block previously identified, then the tree is marked a write. Otherwise, the tree is marked a read tree. A write lock is then created for the region in each tree identified as a write tree and a read lock is created for the regions in each tree identified as a read tree.

A method of validating binary code transformation in one aspect includes analyzing original program and transform program. Control flow graphs are generated for both programs. The two graphs are traversed to create respective linear invariant representations. The linear representations are compared to identify incorrect transformations.

The invention discloses a vulnerability detection method combining deep reinforcement learning and a program path instrumentation technology. The method includes: obtaining a path corresponding to input from a control flow diagram of a to-be-tested program in an instrumentation mode; calculating and obtaining a reward value according to the path and a target node in the control flow graph, using the reward value to train a neural network of deep reinforcement learning so as to select a variation action; and performing variation on the input of the to-be-tested program according to the variation action to obtain an updated input and an updated path thereof, calculating an updated reward value, training the neural network again and performing input variation processing, and performing circulating until the to-be-tested program is collapsed to obtain a corresponding input vulnerability. According to the method, the accuracy is higher, the input corresponding to the path where the vulnerability is located can be obtained more efficiently, and compared with a traditional fuzzy test, the method is higher in detection speed and has a certain code coverage amount.

The invention discloses an intrinsic function recognition method based on a sub-graph isomorphism matching algorithm in decompilation, and belongs to the technical field of decompilation. According to the method, an intrinsic function template library is established, sub-graph isomorphism matching is conducted on intrinsic function templates and target assembling files generated through decompilation on the basis of a control flow diagram, and intrinsic functions which are subjected to compiler optimization and inline expansion in target programs of the target assembling files are positioned. According to the intrinsic function recognition method, inline intrinsic functions in the decomplation process can be recognized automatically, meanwhile, the templates and prototypes of the intrinsic functions are analyzed, the function names, returned values, returned value types and function parameters of the intrinsic functions are recovered, and thus the purpose of promoting the semantics of the inline intrinsic functions is achieved. More type information is provided for type analysis in decompilation through the promoted inline intrinsic functions, the complexity of data flow analysis and control flow analysis is lowered, the level of abstraction of intermediate codes is improved, and the readability of decompilation results is enhanced.

The invention relates to static defect detecting method and system thereof. The method comprises the steps of S1, creating an abstract syntax tree and a control flow diagram of a program to be detected; S2, building a state machine instance of a defect mode according to the preset defect mode, and placing the state machine instance to a control flow inlet of the program to be detected; S3, traversing the control flow diagram according to the path, and calculating the block information of variable of each control flow joint during the traversing process; S4, updating the state of the state machine instance on real time according to the block value taking information of the variable of each control flow node until detecting the defect of the state machine instance or traversing the control flow nodes on all paths. The method is on the basis of symbolic block analyzing technology, and the infeasible path in the program can be comprehensively determined by the conflict variable value taking determining and conditional constraint verification method, so as to improve the defect detecting accuracy.

The invention discloses an android application vulnerability detection method and system based on function control flow. The method includes the steps that on the basis of an existing static analysis method, an existing dynamic analysis method and a dynamic-static combination method, a function control flow diagram is obtained through once code analysis operation; an accurate dynamic analysis testing case is made according to the function control flow diagram, and dynamic testing is automatically conducted. In this way, the defect of high loads, caused when running of data flow is simulated multiple times in an existing analysis method, of a system is overcome. According to the android application vulnerability detection method and system, the testing cast is generated through the function control flow diagram, a testing system framework suitable for the method is provided, the defect that an existing analysis technology is low in analysis speed is overcome accordingly, and testing efficiency is improved.

Program execution profile data is collected by direct measurement of some code paths, and by inferring data for unmeasured paths. The data collection process may cause errors, which are propagated by the inferencing process. The profile data thus constructed is further enhanced by detecting certain data mismatches, and adjusting inferred data to reduce the scope of errors propagated during the inferencing process. Preferably, a control flow graph of the program being measured is constructed. Mismatches in the total weights of input arcs versus output arcs are detected. For certain specific types of mismatches, it can be known or guessed which count is incorrect, and this count is accordingly corrected. Correction of arc counts proceeds recursively until it is no longer possible to correct mismatches. Additionally, certain other conditions are adjusted as presumed inaccuracies.

The invention provides a unit test method which is automatically generated based on a path coverage test case. Firstly, a lexical analysis and a syntax analysis are carried out on a code of a programto be tested, and then a control flow diagram of the program is obtained. After obtaining the control flow graph, the node table is generated according to the known number of nodes. Based on the automatically generated test cases, the execution of executable codes in the nodes is driven in the generated control flow diagram, at the same time, according to the execution result of executable codes,the fitness value is calculated and obtained, and the child nodes are selected to continue to repeat the process until the termination node in the graph is found, and finally, the path marker and thefitness value corresponding to the path marker are generated. Then the automatic test case generation algorithm is run, which automatically generates test cases according to the fitness value returneduntil the path is completely covered or exits when the set run time expires. The invention is suitable for software testing, and can be applied to actual software testing working environment throughexperimental verification.

The invention discloses a log-based complex software system abnormal behavior detection method. The problems that an existing method can only analyze log sentences when the system is abnormal, and tracking cannot be performed according to abnormal log sentences are solved. The method comprises the steps of collecting a system source code, converting the source code into a control flow diagram adopting a function as a unit, extracting a log template, and obtaining the reachable relation among log printing languages; adopting the operation logic relation among the log sentences for log message analysis; on the basis of structured log messages and the source code control flow diagram, performing log execution track extraction and processing filtering, and achieving relatively accurate and complete abnormal detection and positioning. The log template is obtained by analyzing the source code, an experiment result is more accurate, and the defect of instability of a clustering algorithm is overcome. Log tracks are extracted, on the basis of abnormal sentence tracking, root causes resulting in system abnormity can be obtained conveniently and then the abnormal problem is solved. The method is used for operating and maintaining a distributed complex software system.

The invention relates to an application permission divulgence detection method and system based on reverse symbolic execution. The method comprises the steps of S1, establishing a control flow diagram of an application to be detected; S2, according to the mapping relation between an API and a preset permission, marking a node possibly divulging the permission on the control flow diagram; S3, with the node possibly divulging the permission as a starting point, searching for all paths between the starting point and a program entry point by traversing the control flow diagram through reverse symbolic execution, wherein all the paths between the starting point and the program entry point are paths possibly divulging the permission. By adopting the reverse symbolic execution mode, it is only needed to traverse all the possible paths between a calling point of the sensitive API and the program entry point, it is avoided that paths unrelated to permission divulgence are traversed, and therefore detection efficiency is improved.

The invention discloses a function call path extracting method and device based on a control flow diagram. The method comprises the steps that a source code is processed to obtain an intermediate code with control flow information; the intermediate code is converted into the control flow diagram, and function calls are preserved in nodes in the control flow diagram; according to the number of the function calls in each node in the control flow diagram, the control flow diagram is processed, and the control flow diagram is converted into a function call relation diagram; a function call path is extracted according to the function call relation diagram. By the adoption of the function call path extracting method and device, the analysis process of the function call path can be simplified, and the accurate function call path can be more easily obtained.

The present invention discloses an automatic detection method for program unaccessible paths. The method comprises the steps of: converting a to-be-detected computer program into a control flow diagram; and converting the control flow diagram into a program model, performing accessibility analysis to obtain unaccessible states, automatically detecting the unaccessible states to obtain an unaccessible state set, and then obtaining an unaccessible path set according to the unaccessible state set. The automatic detection method for the program unaccessible paths is based on a state searching technology being simple in theory, and effectively lowers the technology application and promotion difficult when being compared with the prior art usually based on complex mathematical technology; the detection method for the program unaccessible paths is complete and has high automatization degree; the problem of accessibility detection of the control flow diagram is solved; problems of difficulties and low efficiency of a static analysis technology in processing of complex programs are solved; and the problem that the static analysis technology has difficult in expressing compound data in processing a multi-branch procedure is solved.

The invention relates to a dynamic and static combined interrupt drive program data race detection method. According to the method, through a detection technology of a shared source, a control flow diagram generation technology, a data flow analysis technology and a simulator operational control technology, static analysis is carried out on a source program with a static method so that a potential data race sequence can be obtained, dynamic execution is carried out on the result of static analysis to verify authenticity of potential races, sorting is carried out according to severity of the potential races, and a test result report is obtained. An implemented tool of the method is used for testing an interrupt drive program, the real competitive relation related to interruption can be effectively detected, a series of potential competitive relations are provided for guidance according to the severity, working efficiency of a tester can be greatly improved, data race detection of an interrupt drive is achieved, safety and stability of an embedded system are ensured, and the reliability guarantee can be provided for the key safety fields with the requirement for highly stable embedded programs such as the spaceflight field and the medical field.