Control Flow Graphs(CFGs)are essential for understanding the execution and data flow within software,serving as foundational structures in program analysis.Traditional CFG construction methods,such as bytecode analysi...Control Flow Graphs(CFGs)are essential for understanding the execution and data flow within software,serving as foundational structures in program analysis.Traditional CFG construction methods,such as bytecode analysis and Abstract Syntax Trees(ASTs),often face challenges due to the complex syntax of programming languages like Java and Python.This paper introduces a novel approach that leverages Large Language Models(LLMs)to generate CFGs through a methodical Chain of Thought(CoT)process.By employing CoT,the proposed approach systematically interprets code semantics directly from natural language,enhancing the adaptability across various programming languages and simplifying the CFG construction process.By implementing a modular AI chain strategy that adheres to the single responsibility principle,our approach breaks down CFG generation into distinct,manageable steps handled by separate AI and non-AI units,which can significantly improve the precision and coverage of CFG nodes and edges.The experiments with 245 Java and 281 Python code snippets from Stack Overflow demonstrate that our method achieves efficient performance on different programming languages and exhibits strong robustness.展开更多
With the rapid development of software technology, software vulnerability has become a major threat to computer security. The timely detection and repair of potential vulnerabilities in software, are of great signific...With the rapid development of software technology, software vulnerability has become a major threat to computer security. The timely detection and repair of potential vulnerabilities in software, are of great significance in reducing system crashes and maintaining system security and integrity. This paper focuses on detecting three common types of vulnerabilities: Unused_Variable, Use_of_Uninitialized_Variable, and Use_After_ Free. We propose a method for software vulnerability detection based on an improved control flow graph(ICFG) and several predicates of vulnerability properties for each type of vulnerability. We also define a set of grammar rules for analyzing and deriving the three mentioned types of vulnerabilities, and design three vulnerability detection algorithms to guide the process of vulnerability detection. In addition, we conduct cases studies of the three mentioned types of vulnerabilities with real vulnerability program segments from Common Weakness Enumeration(CWE). The results of the studies show that the proposed method can detect the vulnerability in the tested program segments. Finally, we conduct manual analysis and experiments on detecting the three types of vulnerability program segments(30 examples for each type) from CWE, to compare the vulnerability detection effectiveness of the proposed method with that of the existing detection tool Cpp Check. The results show that the proposed method performs better. In summary, the method proposed in this paper has certain feasibility and effectiveness in detecting the three mentioned types of vulnerabilities, and it will also have guiding significance for the detection of other common vulnerabilities.展开更多
After a code-table has been established by means of node association information from signal flow graph, the totally coded method (TCM) is applied merely in the domain of code operation beyond any figure-earching algo...After a code-table has been established by means of node association information from signal flow graph, the totally coded method (TCM) is applied merely in the domain of code operation beyond any figure-earching algorithm. The code-series (CS) have the holo-information nature, so that both the content and the sign of each gain-term can be determined via the coded method. The principle of this method is simple and it is suited for computer programming. The capability of the computer-aided analysis for switched current network (SIN) can be enhanced.展开更多
A novel inverse scattering method to reconstruct the permittivity profile of one-dimensional multi-layered media is proposed in this paper.Based on the equivalent network ofthe medium,a concept of time domain signal f...A novel inverse scattering method to reconstruct the permittivity profile of one-dimensional multi-layered media is proposed in this paper.Based on the equivalent network ofthe medium,a concept of time domain signal flow graph and its basic principles are introduced,from which the reflection coefficient of the medium in time domain can be shown to be a series ofDirac δ-functions(pulse responses).In terms of the pulse responses,we will reconstruct both thepermittivity and the thickness of each layer will accurately be reconstructed.Numerical examplesverify the applicability of this展开更多
A more automated graphic user interface (GUI) test model, which is based on the event-flow graph, is proposed. In the model, a user interface automation API tool is first used to carry out reverse engineering for a GU...A more automated graphic user interface (GUI) test model, which is based on the event-flow graph, is proposed. In the model, a user interface automation API tool is first used to carry out reverse engineering for a GUI test sample so as to obtain the event-flow graph. Then two approaches are adopted to create GUI test sample cases. That is to say, an improved ant colony optimization (ACO) algorithm is employed to establish a sequence of testing cases in the course of the daily smoke test. The sequence goes through all object event points in the event-flow graph. On the other hand, the spanning tree obtained by deep breadth-first search (BFS) approach is utilized to obtain the testing cases from goal point to outset point in the course of the deep regression test. Finally, these cases are applied to test the new GUI. Moreover, according to the above-mentioned model, a corresponding prototype system based on Microsoft UI automation framework is developed, thus giving a more effective way to improve the GUI automation test in Windows OS.展开更多
In this work a method called “signal flow graph (SFG)” is presented. A signal-flow graph describes a system by its signal flow by directed and weighted graph;the signals are applied to nodes and functions on edges. ...In this work a method called “signal flow graph (SFG)” is presented. A signal-flow graph describes a system by its signal flow by directed and weighted graph;the signals are applied to nodes and functions on edges. The edges of the signal flow graph are small processing units, through which the incoming signals are processed in a certain form. In this case, the result is sent to the outgoing node. The SFG allows a good visual inspection into complex feedback problems. Furthermore such a presentation allows for a clear and unambiguous description of a generating system, for example, a netview. A Signal Flow Graph (SFG) allows a fast and practical network analysis based on a clear data presentation in graphic format of the mathematical linear equations of the circuit. During creation of a SFG the Direct Current-Case (DC-Case) was observed since the correct current and voltage directions was drawn from zero frequency. In addition, the mathematical axioms, which are based on field algebra, are declared. In this work we show you in addition: How we check our SFG whether it is a consistent system or not. A signal flow graph can be verified by generating the identity of the signal flow graph itself, illustrated by the inverse signal flow graph (SFG−1). Two signal flow graphs are always generated from one circuit, so that the signal flow diagram already presented in previous sections corresponds to only half of the solution. The other half of the solution is the so-called identity, which represents the (SFG−1). If these two graphs are superposed with one another, so called 1-edges are created at the node points. In Boolean algebra, these 1-edges are given the value 1, whereas this value can be identified with a zero in the field algebra.展开更多
Malware is emerging day by day.To evade detection,many malware obfuscation techniques have emerged.Dynamicmalware detectionmethods based on data flow graphs have attracted much attention since they can deal with the o...Malware is emerging day by day.To evade detection,many malware obfuscation techniques have emerged.Dynamicmalware detectionmethods based on data flow graphs have attracted much attention since they can deal with the obfuscation problem to a certain extent.Many malware classification methods based on data flow graphs have been proposed.Some of them are based on userdefined features or graph similarity of data flow graphs.Graph neural networks have also recently been used to implement malware classification recently.This paper provides an overview of current data flow graph-based malware classification methods.Their respective advantages and disadvantages are summarized as well.In addition,the future trend of the data flow graph-based malware classification method is analyzed,which is of great significance for promoting the development of malware detection technology.展开更多
Abstract Single event upset (SEU) effect, caused by highly energized particles in aerospace, threatens the reliability and security of small satellites composed of commercialofftheshelves (COTS). SEU induced contr...Abstract Single event upset (SEU) effect, caused by highly energized particles in aerospace, threatens the reliability and security of small satellites composed of commercialofftheshelves (COTS). SEU induced control flow errors (CFEs) may cause unpredictable behavior or crashes of COTSbased small satellites. This paper proposes a generic softwarebased control flow checking technique (CFC) and bipartite graphbased control flow checking (BGCFC). To simplify the types of illegal branches, it transforms the conventional control flow graph into the equivalent bipartite graph. It checks the legal ity of control flow at runtime by comparing a global signature with the expected value and introduces consecutive IDs and bitmaps to reduce the time and memory overhead. Theoretical analysis shows that BGCFC can detect all types of internode CFEs with constant time and memory overhead. Practical tests verify the result of theoretical analysis. Compared with previous techniques, BGCFC achieves the highest error detection rate, lower time and memory overhead; the composite result in evaluation fac tor shows that BGCFC is the most effective one among all these techniques. The results in both theory and practice verify the applicability of BGCFC for COTSbased small satellites.展开更多
This paper proposes a generic high-performance and low-time-overhead software control flow checking solution, graph-tree-based control flow checking (GTCFC) for space-borne commercial-off-the-shelf (COTS) processo...This paper proposes a generic high-performance and low-time-overhead software control flow checking solution, graph-tree-based control flow checking (GTCFC) for space-borne commercial-off-the-shelf (COTS) processors. A graph tree data structure with a topology similar to common trees is introduced to transform the control flow graphs of target programs. This together with design of IDs and signatures of its vertices and edges allows for an easy check of legality of actual branching during target program execution. As a result, the algorithm not only is capable of detecting all single and multiple branching errors with low latency and time overheads along with a linear-complexity space overhead, but also remains generic among arbitrary instruction sets and independent of any specific hardware. Tests of the algorithm using a COTS-processor-based onboard computer (OBC) of in-service ZDPS-1A pico-satellite products show that GTCFC can detect over 90% of the randomly injected and all-pattern-covering branching errors for different types of target programs, with performance and overheads consistent with the theoretical analysis; and beats well-established preeminent control flow checking algorithms in these dimensions. Furthermore, it is validated that GTCGC not only can be accommodated in pico-satellites conveniently with still sufficient system margins left, but also has the ability to minimize the risk of control flow errors being undetected in their space missions. Therefore, due to its effectiveness, efficiency, and compatibility, the GTCFC solution is ready for applications on COTS processors on pico-satellites in their real space missions.展开更多
Based on the idea that modules are independent of machines, different combinations of modules and machines result in different configurations and the system performances differ under different configurations, a kind o...Based on the idea that modules are independent of machines, different combinations of modules and machines result in different configurations and the system performances differ under different configurations, a kind of cyclic reconfigurable flow shops are proposed for the new manufacturing paradigm-reconfigurable manufacturing system. The cyclic reconfigurable flow shop is modeled as a timed event graph. The optimal configuration is defined as the one under which the cyclic reconfigurable flow shop functions with the minimum cycle time and the minimum number of pallets. The optimal configuration, the minimum cycle time and the minimum number of pallets can be obtained in two steps.展开更多
Blockage is a kind of phenomenon occurring frequently in modern transportation network. This paper deals with the research work on the blocking now in a network with the help of network flow theory. The blockage pheno...Blockage is a kind of phenomenon occurring frequently in modern transportation network. This paper deals with the research work on the blocking now in a network with the help of network flow theory. The blockage phenomena can be divided intO local blockage and network blockage. In this paper, which deals mainly with the latter, the fundamental concepts and definitions of network blocking flow, blocking outset are presented and the related theorems are proved. It is proved that the sufficient and necessary condition for the emergence of a blocking now in a network is the existence of the blocking outset. The necessary conditions for the existence of the blocking outset in a network are analysed and the characteristic cutset of blockage which reflects the all possible situation of blocking nows in the network is defined.In the last part of the paper the mathematical model of the minimum blocking now is developed and the solution to a small network is given.展开更多
In order to guarantee the correctness of business processes, not only control-flow errors but also data-flow errors should be considered. The control-flow errors mainly focus on deadlock, livelock, soundness, and so o...In order to guarantee the correctness of business processes, not only control-flow errors but also data-flow errors should be considered. The control-flow errors mainly focus on deadlock, livelock, soundness, and so on. However, there are not too many methods for detecting data-flow errors. This paper defines Petri nets with data operations(PN-DO) that can model the operations on data such as read, write and delete. Based on PN-DO, we define some data-flow errors in this paper. We construct a reachability graph with data operations for each PN-DO, and then propose a method to reduce the reachability graph. Based on the reduced reachability graph, data-flow errors can be detected rapidly. A case study is given to illustrate the effectiveness of our methods.展开更多
This paper deals with the research work on the phenomena of local blockage in a transportation network. Onthe basis of introducing the research results in [1], theminimum now capacity problem of a network in the mosts...This paper deals with the research work on the phenomena of local blockage in a transportation network. Onthe basis of introducing the research results in [1], theminimum now capacity problem of a network in the mostseriously blocked situation is studied. With the conceptof complete outset presented in [1], the relationship between the minimum now capacity of a network and its minimum complete cut capacity is discussed, and the reasons for the difference betweent the minimum now capacity of a network and its minimum complete cut capa-city are analysed. In order to get the solution to the problem, the concepts of normalization of a network and its blocking path graph are presented. In the paper it is proved that the necessary and sufficient conditions for the equality between the minumum now capacity and its minumum complete cut capacity are the existence of a feasible flow in the blocking path graph. For the reason that there are some dependent production points in the blocking path graph of a network, the proof about the tenability of the Gale's Theorm for the planat normalized network without circuit is made.展开更多
基金Supported by the National Natural Science Foundation of China(62462036,62262031)Jiangxi Provincial Natural Science Foundation(20242BAB26017,20232BAB202010)+1 种基金Distinguished Youth Fund Project of the Natural Science Foundation of Jiangxi Province(20242BAB23011)the Jiangxi Province Graduate Innovation Found Project(YJS2023032)。
文摘Control Flow Graphs(CFGs)are essential for understanding the execution and data flow within software,serving as foundational structures in program analysis.Traditional CFG construction methods,such as bytecode analysis and Abstract Syntax Trees(ASTs),often face challenges due to the complex syntax of programming languages like Java and Python.This paper introduces a novel approach that leverages Large Language Models(LLMs)to generate CFGs through a methodical Chain of Thought(CoT)process.By employing CoT,the proposed approach systematically interprets code semantics directly from natural language,enhancing the adaptability across various programming languages and simplifying the CFG construction process.By implementing a modular AI chain strategy that adheres to the single responsibility principle,our approach breaks down CFG generation into distinct,manageable steps handled by separate AI and non-AI units,which can significantly improve the precision and coverage of CFG nodes and edges.The experiments with 245 Java and 281 Python code snippets from Stack Overflow demonstrate that our method achieves efficient performance on different programming languages and exhibits strong robustness.
基金Supported by the National Natural Science Foundation of China(61202110 and 61502205)the Project of Jiangsu Provincial Six Talent Peaks(XYDXXJS-016)
文摘With the rapid development of software technology, software vulnerability has become a major threat to computer security. The timely detection and repair of potential vulnerabilities in software, are of great significance in reducing system crashes and maintaining system security and integrity. This paper focuses on detecting three common types of vulnerabilities: Unused_Variable, Use_of_Uninitialized_Variable, and Use_After_ Free. We propose a method for software vulnerability detection based on an improved control flow graph(ICFG) and several predicates of vulnerability properties for each type of vulnerability. We also define a set of grammar rules for analyzing and deriving the three mentioned types of vulnerabilities, and design three vulnerability detection algorithms to guide the process of vulnerability detection. In addition, we conduct cases studies of the three mentioned types of vulnerabilities with real vulnerability program segments from Common Weakness Enumeration(CWE). The results of the studies show that the proposed method can detect the vulnerability in the tested program segments. Finally, we conduct manual analysis and experiments on detecting the three types of vulnerability program segments(30 examples for each type) from CWE, to compare the vulnerability detection effectiveness of the proposed method with that of the existing detection tool Cpp Check. The results show that the proposed method performs better. In summary, the method proposed in this paper has certain feasibility and effectiveness in detecting the three mentioned types of vulnerabilities, and it will also have guiding significance for the detection of other common vulnerabilities.
文摘After a code-table has been established by means of node association information from signal flow graph, the totally coded method (TCM) is applied merely in the domain of code operation beyond any figure-earching algorithm. The code-series (CS) have the holo-information nature, so that both the content and the sign of each gain-term can be determined via the coded method. The principle of this method is simple and it is suited for computer programming. The capability of the computer-aided analysis for switched current network (SIN) can be enhanced.
文摘A novel inverse scattering method to reconstruct the permittivity profile of one-dimensional multi-layered media is proposed in this paper.Based on the equivalent network ofthe medium,a concept of time domain signal flow graph and its basic principles are introduced,from which the reflection coefficient of the medium in time domain can be shown to be a series ofDirac δ-functions(pulse responses).In terms of the pulse responses,we will reconstruct both thepermittivity and the thickness of each layer will accurately be reconstructed.Numerical examplesverify the applicability of this
文摘A more automated graphic user interface (GUI) test model, which is based on the event-flow graph, is proposed. In the model, a user interface automation API tool is first used to carry out reverse engineering for a GUI test sample so as to obtain the event-flow graph. Then two approaches are adopted to create GUI test sample cases. That is to say, an improved ant colony optimization (ACO) algorithm is employed to establish a sequence of testing cases in the course of the daily smoke test. The sequence goes through all object event points in the event-flow graph. On the other hand, the spanning tree obtained by deep breadth-first search (BFS) approach is utilized to obtain the testing cases from goal point to outset point in the course of the deep regression test. Finally, these cases are applied to test the new GUI. Moreover, according to the above-mentioned model, a corresponding prototype system based on Microsoft UI automation framework is developed, thus giving a more effective way to improve the GUI automation test in Windows OS.
文摘In this work a method called “signal flow graph (SFG)” is presented. A signal-flow graph describes a system by its signal flow by directed and weighted graph;the signals are applied to nodes and functions on edges. The edges of the signal flow graph are small processing units, through which the incoming signals are processed in a certain form. In this case, the result is sent to the outgoing node. The SFG allows a good visual inspection into complex feedback problems. Furthermore such a presentation allows for a clear and unambiguous description of a generating system, for example, a netview. A Signal Flow Graph (SFG) allows a fast and practical network analysis based on a clear data presentation in graphic format of the mathematical linear equations of the circuit. During creation of a SFG the Direct Current-Case (DC-Case) was observed since the correct current and voltage directions was drawn from zero frequency. In addition, the mathematical axioms, which are based on field algebra, are declared. In this work we show you in addition: How we check our SFG whether it is a consistent system or not. A signal flow graph can be verified by generating the identity of the signal flow graph itself, illustrated by the inverse signal flow graph (SFG−1). Two signal flow graphs are always generated from one circuit, so that the signal flow diagram already presented in previous sections corresponds to only half of the solution. The other half of the solution is the so-called identity, which represents the (SFG−1). If these two graphs are superposed with one another, so called 1-edges are created at the node points. In Boolean algebra, these 1-edges are given the value 1, whereas this value can be identified with a zero in the field algebra.
文摘Malware is emerging day by day.To evade detection,many malware obfuscation techniques have emerged.Dynamicmalware detectionmethods based on data flow graphs have attracted much attention since they can deal with the obfuscation problem to a certain extent.Many malware classification methods based on data flow graphs have been proposed.Some of them are based on userdefined features or graph similarity of data flow graphs.Graph neural networks have also recently been used to implement malware classification recently.This paper provides an overview of current data flow graph-based malware classification methods.Their respective advantages and disadvantages are summarized as well.In addition,the future trend of the data flow graph-based malware classification method is analyzed,which is of great significance for promoting the development of malware detection technology.
基金support from the National Natural Science Foundation of Chinathe Fundamental Research Funds for the Central Universities of China
文摘Abstract Single event upset (SEU) effect, caused by highly energized particles in aerospace, threatens the reliability and security of small satellites composed of commercialofftheshelves (COTS). SEU induced control flow errors (CFEs) may cause unpredictable behavior or crashes of COTSbased small satellites. This paper proposes a generic softwarebased control flow checking technique (CFC) and bipartite graphbased control flow checking (BGCFC). To simplify the types of illegal branches, it transforms the conventional control flow graph into the equivalent bipartite graph. It checks the legal ity of control flow at runtime by comparing a global signature with the expected value and introduces consecutive IDs and bitmaps to reduce the time and memory overhead. Theoretical analysis shows that BGCFC can detect all types of internode CFEs with constant time and memory overhead. Practical tests verify the result of theoretical analysis. Compared with previous techniques, BGCFC achieves the highest error detection rate, lower time and memory overhead; the composite result in evaluation fac tor shows that BGCFC is the most effective one among all these techniques. The results in both theory and practice verify the applicability of BGCFC for COTSbased small satellites.
基金supported by National Natural Science Foundation of China (No. 60904090)
文摘This paper proposes a generic high-performance and low-time-overhead software control flow checking solution, graph-tree-based control flow checking (GTCFC) for space-borne commercial-off-the-shelf (COTS) processors. A graph tree data structure with a topology similar to common trees is introduced to transform the control flow graphs of target programs. This together with design of IDs and signatures of its vertices and edges allows for an easy check of legality of actual branching during target program execution. As a result, the algorithm not only is capable of detecting all single and multiple branching errors with low latency and time overheads along with a linear-complexity space overhead, but also remains generic among arbitrary instruction sets and independent of any specific hardware. Tests of the algorithm using a COTS-processor-based onboard computer (OBC) of in-service ZDPS-1A pico-satellite products show that GTCFC can detect over 90% of the randomly injected and all-pattern-covering branching errors for different types of target programs, with performance and overheads consistent with the theoretical analysis; and beats well-established preeminent control flow checking algorithms in these dimensions. Furthermore, it is validated that GTCGC not only can be accommodated in pico-satellites conveniently with still sufficient system margins left, but also has the ability to minimize the risk of control flow errors being undetected in their space missions. Therefore, due to its effectiveness, efficiency, and compatibility, the GTCFC solution is ready for applications on COTS processors on pico-satellites in their real space missions.
基金Supported by National Key Fundamental Research and Development Project of P. R. China (2002CB312200)
文摘Based on the idea that modules are independent of machines, different combinations of modules and machines result in different configurations and the system performances differ under different configurations, a kind of cyclic reconfigurable flow shops are proposed for the new manufacturing paradigm-reconfigurable manufacturing system. The cyclic reconfigurable flow shop is modeled as a timed event graph. The optimal configuration is defined as the one under which the cyclic reconfigurable flow shop functions with the minimum cycle time and the minimum number of pallets. The optimal configuration, the minimum cycle time and the minimum number of pallets can be obtained in two steps.
文摘Blockage is a kind of phenomenon occurring frequently in modern transportation network. This paper deals with the research work on the blocking now in a network with the help of network flow theory. The blockage phenomena can be divided intO local blockage and network blockage. In this paper, which deals mainly with the latter, the fundamental concepts and definitions of network blocking flow, blocking outset are presented and the related theorems are proved. It is proved that the sufficient and necessary condition for the emergence of a blocking now in a network is the existence of the blocking outset. The necessary conditions for the existence of the blocking outset in a network are analysed and the characteristic cutset of blockage which reflects the all possible situation of blocking nows in the network is defined.In the last part of the paper the mathematical model of the minimum blocking now is developed and the solution to a small network is given.
基金supported in part by the National Key R&D Program of China(2017YFB1001804)Shanghai Science and Technology Innovation Action Plan Project(16511100900)
文摘In order to guarantee the correctness of business processes, not only control-flow errors but also data-flow errors should be considered. The control-flow errors mainly focus on deadlock, livelock, soundness, and so on. However, there are not too many methods for detecting data-flow errors. This paper defines Petri nets with data operations(PN-DO) that can model the operations on data such as read, write and delete. Based on PN-DO, we define some data-flow errors in this paper. We construct a reachability graph with data operations for each PN-DO, and then propose a method to reduce the reachability graph. Based on the reduced reachability graph, data-flow errors can be detected rapidly. A case study is given to illustrate the effectiveness of our methods.
文摘This paper deals with the research work on the phenomena of local blockage in a transportation network. Onthe basis of introducing the research results in [1], theminimum now capacity problem of a network in the mostseriously blocked situation is studied. With the conceptof complete outset presented in [1], the relationship between the minimum now capacity of a network and its minimum complete cut capacity is discussed, and the reasons for the difference betweent the minimum now capacity of a network and its minimum complete cut capa-city are analysed. In order to get the solution to the problem, the concepts of normalization of a network and its blocking path graph are presented. In the paper it is proved that the necessary and sufficient conditions for the equality between the minumum now capacity and its minumum complete cut capacity are the existence of a feasible flow in the blocking path graph. For the reason that there are some dependent production points in the blocking path graph of a network, the proof about the tenability of the Gale's Theorm for the planat normalized network without circuit is made.
