Constructing the control-flow graph (CFG) of machine code is made difficult by dynamic transfers of control (DTC), where the address of the next instruction is computed at run-time. Switchcase statements make compilers generate a large variety of machine-code forms with DTC. Two analysis approaches are commonly used: pattern-matching methods identify predefined instruction patterns to extract t...

Control flow diagrams are a keystone in testing the structure of software programs. With the help of control flow between the various components of the program, we can select the test cases in a particular domain. In this paper, we introduced a window-based tool for generating the CFG of a C Program automatically. The data flow testing, i.e., control flow testing depends on all def-use of the v...

Loop identification is an essential step of control flow analysis in decompilation. The Classical algorithm for identifying loops is Tarjan’s interval-finding algorithm, which is restricted to reducible graphs. Havlak presents one extension of Tarjan’s algorithm to deal with irreducible graphs, which constructs a loop-nesting forest for an arbitrary flow graph. There’s evidence showing that the...

The disassembled code of an executable program can be seen as a graph representing the possible sequence of instructions (Control Flow Graph). grap is a YARA-like tool, completely open-source, and able to detect graph patterns, defined by the analyst, within an executable program. We used grap to detect cryptographic algorithms: we created patterns for AES and ChaCha20 that are based on parts o...

This lecture continues the presentation of how to perform Dataflow Frequency Analysis [5] on the folded DAG structure generated via the Larus algorithm for collecting a whole-program path. The frequency-analysis technique can be applied to the class of bi-distributive dataflowanalysis problems. This lecture formalizes the technique of generating dataflow-frequency facts by traversing the DAG re...

Branch divergence is a very commonly occurring performance problem in GPGPU in which the execution of diverging branches is serialized to execute only one control flow path at a time. Existing hardware mechanism to reconverge threads using a stack causes duplicate execution of code for unstructured control flow graphs. Also the stack mechanism cannot effectively utilize the available parallelis...

Malware is a man-made malicious code designed for computer destructive purposes. The early destructive programs were developed either for pranks or experimental purposes. However, in this day and age, malware are created mainly for financial gain. Since years ago, the use of malware attack tools, such as keylogger, screen capture software, and trojan were rapidly used to commit cybercrimes. The...

Assertions are critical in pre-silicon hardware verification to ensure expected design behavior. While Register Transfer Level (RTL) code coverage can provide a metric for assertion quality, few methods to report it currently exist. We introduce two practical and effective code coverage metrics for assertions one inspired by test suite code coverage as reported by RTL simulators and the other b...

We introduce in this paper a new CP-based approach to support errors location in a program for which a counter-example is available, i.e. an instantiation of the input variables that violates the post-condition. To provide helpful information for error location, we generate a constraint system for the paths of the CFG (Control Flow Graph) for which at most k conditional statements may be errone...

Empowered by instrumentation, coverage-guided fuzzing monitors the program execution path taken by an input, and prioritizes inputs based on their contribution to code coverage. Although instrumenting every basic block ensures full visibility, it slows down the fuzzer and thus the speed of vulnerability discovery. This paper shows that thanks to common program structures (e.g., directed acyclic...