Abstract

AbstractAbstract syntax trees (ASTs), control flow graphs (CFGs), and data flow analysis (DFA) are prerequisites for static and dynamic analysis and vulnerability detection for programs; thus, obtaining them is significant. Recently, many tools related to generating ASTs, CFGs, and DFA have been proposed. However, most tools can only construct ASTs, very few can construct ASTs and CFGs, and almost none can construct all three. The vast majority of AST, CFG, and DFA tools are for other languages (e.g., Java and Python), and while a few are for C/C++, they are implemented in other languages, creating complex working environments, and overreliance on other language‐related libraries. To address these shortcomings, we present a DFA tool, DFlow, for C/C++. First, a lexical/grammatical analyzer generated by Flex and Bison is used to analyze the program. Second, an AST is constructed from the results; then, a CFG is obtained from the analysis results and the information from the AST. Finally, based on the AST and CFG, DFA is performed, and the vulnerabilities of simple programs are determined. We test some common vulnerable code and common weakness enumeration slicing code, which show the effectiveness of DFlow in program data flow analysis and vulnerability checking. The results show that our tool can implement ASTs, CFGs, and DFA, and we add some rules to the tool for vulnerability detection. © 2021 Institute of Electrical Engineers of Japan. Published by Wiley Periodicals LLC.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.