Abstract

AbstractAbstract syntax trees (ASTs), control flow graphs (CFGs), and data flow analysis (DFA) are prerequisites for static and dynamic analysis and vulnerability detection for programs; thus, obtaining them is significant. Recently, many tools related to generating ASTs, CFGs, and DFA have been proposed. However, most tools can only construct ASTs, very few can construct ASTs and CFGs, and almost none can construct all three. The vast majority of AST, CFG, and DFA tools are for other languages (e.g., Java and Python), and while a few are for C/C++, they are implemented in other languages, creating complex working environments, and overreliance on other language‐related libraries. To address these shortcomings, we present a DFA tool, DFlow, for C/C++. First, a lexical/grammatical analyzer generated by Flex and Bison is used to analyze the program. Second, an AST is constructed from the results; then, a CFG is obtained from the analysis results and the information from the AST. Finally, based on the AST and CFG, DFA is performed, and the vulnerabilities of simple programs are determined. We test some common vulnerable code and common weakness enumeration slicing code, which show the effectiveness of DFlow in program data flow analysis and vulnerability checking. The results show that our tool can implement ASTs, CFGs, and DFA, and we add some rules to the tool for vulnerability detection. © 2021 Institute of Electrical Engineers of Japan. Published by Wiley Periodicals LLC.

Full Text
Paper version not known

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Similar Papers

Paper Title
Journal
Date
Author
Constructing More Complete Control Flow Graphs Utilizing Directed Gray-Box Fuzzing
Kailong Zhu ... Jiazhen Zhao
Applied Sciences | VOL. 11
Kailong Zhu, et. al.Kailong Zhu ... Jiazhen Zhao
02 Feb 2021
Practical dynamic reconstruction of control flow graphs
Andrei Rimsa ... José Nelson Amaral
Software: Practice and Experience | VOL. 51
Andrei Rimsa, et. al.Andrei Rimsa ... José Nelson Amaral
11 Oct 2020
Computing partially path-sensitive MFP solutions in data flow analyses
Komal Pathade ... Uday P. Khedker
-
Komal Pathade, et. al.Komal Pathade ... Uday P. Khedker
24 Feb 2018
Position Distribution Matters: A Graph-Based Binary Function Similarity Analysis Method
Zulie Pan ... Taiyan Wang
Electronics | VOL. 11
Zulie Pan, et. al.Zulie Pan ... Taiyan Wang
05 Aug 2022
View more papers

More From: IEEJ Transactions on Electrical and Electronic Engineering

Paper Title
Journal
Date
Author
String‐Like Self‐Capacitance‐Based Proximity and Tactile Sensor that Can be Wrapped Around Robotic Arms
Satoshi Tsuji
IEEJ Transactions on Electrical and Electronic Engineering | VOL. -
Satoshi TsujiSatoshi Tsuji
13 Sep 2024
Analysis of Electromagnetic Buffer Characteristics of DC Fast Vacuum Switch
Jiang Wentao ... Li Peiyuan
IEEJ Transactions on Electrical and Electronic Engineering | VOL. -
Jiang Wentao, et. al.Jiang Wentao ... Li Peiyuan
11 Sep 2024
An Adaptive Eccentricity Correction Method for Arrayed Single‐Axis TMR Current Sensors
Shenwang Li ... Thomas Wu
IEEJ Transactions on Electrical and Electronic Engineering | VOL. -
Shenwang Li, et. al.Shenwang Li ... Thomas Wu
03 Sep 2024
Issue Information
-
IEEJ Transactions on Electrical and Electronic Engineering | VOL. 19
--
02 Sep 2024
View more papers

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.