• Title/Summary/Keyword: Abstract Syntax Tree

Search Result 28, Processing Time 0.256 seconds

A Design of the Similarity Evaluation System using Abstract Syntax Tree (AST를 이용한 프로그램 유사도 평가 시스템 설계)

  • 정재은;김영철;김상헌;유재우
    • Proceedings of the Korean Information Science Society Conference
    • /
    • /
    • pp.430-432
    • /
    • 1999
  • 본 논문에서는 AST(Abstract Syntax Tree)를 이용하여 서로 다른 프로그램의 유사도를 측정하는 방법을 제시한다. 지금까지 유사도 평가 방법은 거의 제시되지 않고 프로그램의 비교평가 연구는 찾아볼 수가 없다. 본 시스템은 서로 다른 여러 프로그램을 입력받아 파싱함으로써 AST를 생성하여 생성된 AST를 유사도 측정에 이용한다. 따라서 다른 비교 측정 시스템보다 비용과 속도 면에서 경제적이고 빠르게 유사도를 검출해 낼 수 있으며, 또한 신속히 평가 결과를 학생들에게 피드백 함으로써 큰 학습성과를 기대할 수 있다.

  • PDF

Analyzing Developer's Share of Code Based on Abstract Syntax Tree (추상 구문 트리 기반의 개발자별 소스 코드 지분 분석)

  • Lee, Yong-hyeon;Kim, KiSub;Jung, Woosung
    • Proceedings of the Korean Society of Computer Information Conference
    • /
    • /
    • pp.23-24
    • /
    • 2015
  • 소프트웨어 프로젝트에서 발생하는 버그의 수가 증가함에 따라 이를 수정할 적합한 개발자를 효과적으로 찾기 위한 연구들이 진행되었다. 하지만, 대부분의 연구들이 텍스트 기반의 라인 변경을 통해 얻은 정보만을 활용하기 때문에 정확도가 떨어지며, 파일, 클래스, 함수와 같은 다양한 계층 단위에 대한 처리가 어렵다. 본 논문은 개발자의 코드 변경 정보를 추적함으로써 기여도를 보다 정확하게 계산하고, 다양한 코드 수준에서의 분석을 효과적으로 지원하는 AST기반의 지분 계산 접근법을 제안한다.

  • PDF

Tree-Pattern-Based Clone Detection with High Precision and Recall

  • Lee, Hyo-Sub;Choi, Myung-Ryul;Doh, Kyung-Goo
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.12 no.5
    • /
    • pp.1932-1950
    • /
    • 2018
  • The paper proposes a code-clone detection method that gives the highest possible precision and recall, without giving much attention to efficiency and scalability. The goal is to automatically create a reliable reference corpus that can be used as a basis for evaluating the precision and recall of clone detection tools. The algorithm takes an abstract-syntax-tree representation of source code and thoroughly examines every possible pair of all duplicate tree patterns in the tree, while avoiding unnecessary and duplicated comparisons wherever possible. The largest possible duplicate patterns are then collected in the set of pattern clusters that are used to identify code clones. The method is implemented and evaluated for a standard set of open-source Java applications. The experimental result shows very high precision and recall. False-negative clones missed by our method are all non-contiguous clones. Finally, the concept of neighbor patterns, which can be used to improve recall by detecting non-contiguous clones and intertwined clones, is proposed.

Node.js Module Vulnerability Analysis: Based on AST and CFG (AST 와 CFG 에 기반한 Node.js 모듈 취약점 분석)

  • Kim, Hee Yeon;Oh, Ho Kyun;Kim, Ji Hoon;You, Jaewook;Shin, Jeong Hoon;Kim, Kyounggon
    • Proceedings of the Korea Information Processing Society Conference
    • /
    • /
    • pp.475-478
    • /
    • 2019
  • 웹어플리케이션의 발전에 따라 자바스크립트 런타임 플랫폼인 Node.js 의 사용도 증가하고 있다. 개발자들은 Node.js 의 다양한 모듈을 활용하여 프로그래밍을 하게 되는데, Node.js 모듈 보안의 중요성에 비하여 모듈 취약점 분석은 충분히 이루어지지 않고 있다. 본 논문에서는 소스코드의 구조를 트리 형태로 표현하는 Abstract Syntax Tree 와 소스코드의 실행 흐름 및 변수의 흐름을 그래프로 나타내는 Control Flow Graph/Data Flow Graph 가 Node.js 모듈 취약점 분석에 효율적으로 활용될 수 있음을 서술하고자 한다. Node.js 모듈은 여러 스크립트 파일로 나누어져 있다는 점과 사용자의 입력이 분명하다는 특징이 있다. 또한 자바스크립트 언어를 사용하므로 선언된 변수들의 타입에 따라 적용되는 범위인 scope 가 다르게 적용된다는 특징이 있다. 본 논문에서는 이러한 Node.js 모듈의 특징을 고려하여 Abstract Syntax Tree 및 Control Flow Graph/Data Flow Graph 을 어떻게 생성하고 취약점 분석에 활용할 것인지에 대한 방법론을 제안하고, 실제 분석에 활용할 수 있는 코드 구현을 통하여 구체화시키고자 한다.

A Visualization of Secure Vulnerability in Code using Abstract Syntax Tree Metamodel (추상구문트리 메타모델을 통한 코드의 보안 취약성 가시화)

  • Son, Hyun Seung;Kim, R. Young Chul
    • Journal of Security Engineering
    • /
    • v.14 no.1
    • /
    • pp.21-32
    • /
    • 2017
  • Recently, as information systems have been hacked and personal information leakage accidents have occurred frequently, the korea government enacted a secure coding guide and made it mandatory for informatization projects related to the electronic government. However, it is not easy for general developers to know and implement all software vulnerabilities in secure coding. Also, it is difficult to check for vulnerabilities in previously developed software. Therefore, there is a need for techniques to automatically analyze security vulnerabilities at the source code level and visualize the results. In this paper, we propose a method to analyze security vulnerability more easily by applying software visualization technology to secure coding.

Efficient method for finding patched vulnerability with code filtering in Apple iOS (코드 필터링 기법을 이용한 iOS 환경에서의 패치 분석 방법론)

  • Jo, Je-gyeong;Ryou, Jae-cheol
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.25 no.5
    • /
    • pp.1021-1026
    • /
    • 2015
  • Increasing of damage by phishing, government and organization response more rapidly. So phishing use malware and vulnerability for attack. Recently attack that use patch analysis is increased when Microsoft announce patches. Cause of that, researcher for security on defense need technology of patch analysis. But most patch analysis are develop for Microsoft's product. Increasing of mobile environment, necessary of patch analysis on mobile is increased. But ordinary patch analysis can not use mobile environment that there is many file and small size. So we suggest this research that use code filtering instead of Control Flow Graph and Abstract Syntax Tree.

A Study of Incremental and Multiple Entry Support Parser for Multi View Editing Environment (다중 뷰 편집환경을 위한 점진적 다중진입 지원 파서에 대한 연구)

  • Yeom, Saehun;Bang, Hyeja
    • Journal of Korea Society of Digital Industry and Information Management
    • /
    • v.14 no.3
    • /
    • pp.21-28
    • /
    • 2018
  • As computer performance and needs of user convenience increase, computer user interface are also changing. This changes had great effects on software development environment. In past, text editors like vi or emacs on UNIX OS were the main development environment. These editors are very strong to edit source code, but difficult and not intuitive compared to GUI(Graphical User Interface) based environment and were used by only some experts. Moreover, the trends of software development environment was changed from command line to GUI environment and GUI Editor provides usability and efficiency. As a result, the usage of text based editor had decreased. However, because GUI based editor use a lot of computer resources, computer performance and efficiency are decreasing. The more contents are, the more time to verify and display the contents it takes. In this paper, we provide a new parser that provide multi view editing, incremental parsing and multiple entry of abstract syntax tree.

AST Creating and Crosscutting Concern Weaving Mechanism for Class Optimization in .NET Framework (닷넷 프레임워크에서 클래스 최적화를 위한 추상구조트리 생성 및 크로스커팅 위빙 메커니즘)

  • Lee, Seung-Hyung;Park, Je-Yeon;Song, Young-Jae
    • The Journal of the Korea Contents Association
    • /
    • v.10 no.2
    • /
    • pp.89-98
    • /
    • 2010
  • The enterprise system is becoming more complex and larger. With the changes of the times, the system is developing to object-oriented programming method(OOP). However, the same code inserts to the core class repetitiously in the OOP, that causes a decrease in productivity and a trouble of application of another requirement. To solve this weak point, we propose a weaving mechanism what applies to metadata and crosscutting concern. For a class optimization and an integration between different languages, we take the following way. This paper uses three ways, those are, metadata generation using reflection, transformation to Abstract Syntax Tree, and mapping through crosscutting information specified XML. Through the proposed theory, class optimization can be accomplished by solving a functional decentralization and a confusion of codes.

Aspect Mining Process Design Using Abstract Syntax Tree (추상구문트리를 이용한 어스팩트 마이닝 프로세스 설계)

  • Lee, Seung-Hyung;Song, Young-Jae
    • The Journal of the Korea Contents Association
    • /
    • v.11 no.5
    • /
    • pp.75-83
    • /
    • 2011
  • Aspect-oriented programming is the paradigm which extracts crosscutting concern from a system and solves scattering of a function and confusion of a code through software modularization. Existing aspect developing method has a difficult to extract a target area, so it is not easy to apply aspect mining. In an aspect minning, it is necessary a technique that convert existing program refactoring elements to crosscutting area. In the paper, it is suggested an aspect mining technique for extracting crosscutting concern in a system. Using abstract syntax structure specification, extract functional duplicated relation elements. Through Apriori algorithm, it is possible to create a duplicated syntax tree and automatic creation and optimization of a duplicated source module, target of crosscutting area. As a result of applying module of Berkeley Yacc(berbose.c) to mining process, it is confirmed that the length and volume of program has been decreased of 9.47% compared with original module, and it has been decreased of 4.92% in length and 5.11% in volume compared with CCFinder.

A Design and Implementation of the VoiceXML Multiple-View Editor Using MVC Framework (MVC 프레임 워크를 사용한 VoiceXML 다중 뷰 편집기의 설계 및 구현)

  • 유재우;염세훈
    • The Journal of the Acoustical Society of Korea
    • /
    • v.23 no.5
    • /
    • pp.390-399
    • /
    • 2004
  • In this paper, we design and implement a multiple-view VoiceXML editor to improve editing efficiency of the VoiceXML. The VoiceXML multiple-view Editor uses a MVC framework to support multiple views and paradigm. Our multiple-view editor consists of Model. View and Controller using MVC framework. A model, core data structure. is constructed of abstract syntax tree and abstract grammar. A view. user interface. is formalized in unparsing rules and unparser. A controller. to control model and view. is made of command interpreter and tree handler. The VoiceXML multiple-view editor overcomes a drawbacks of existing XML editors by showing document structure and context concurrently. as well as document flows. Our VoiceXML multiple-view editor. which MVC framework has been applied, provides various editing views concurrently to users. Thereby. it supports efficient and convenient editing environments for voice-web documents to users and it guarantees transparency of editors. as various views have a same consistent model.