Efficient plagiarism detection for large code repositories

Unauthorized re‐use of code by students is a widespread problem in academic institutions, and raises liability issues for industry. Manual plagiarism detection is time‐consuming, and current effective plagiarism detection approaches cannot be easily scaled to very large code repositories. While there are practical text‐based plagiarism detection systems capable of working with large collections, this is not the case for code‐based plagiarism detection. In this paper, we propose techniques for detecting plagiarism in program code using text similarity measures and local alignment. Through detailed empirical evaluation on small and large collections of programs, we show that our approach is highly scalable while maintaining similar levels of effectiveness to that of the popular JPlag and MOSS systems. Copyright © 2006 John Wiley & Sons, Ltd.     

工业打印中QR码的编码及应用研究

二维条码作为一种新兴的自动识别技术,是提高工作效率的管理工具,因此广泛应用于许多生产应用领域中.本文介绍了QR码的概念和优势,根据实际中的需要,系统地阐述了一种适用于工业打印的QR码的生成实现算法,该算法对传统的编码方法做出了一些改进,通过该算法能创建专业的QR二维条形码,并在实验中证明生成的QR码能在工业打印中得到很好的识别和运用.     

Partial redundancy elimination for access expressions by speculative code motion

We present a new memory access optimization for Java to perform aggressive code motion for speculatively optimizing memory accesses by applying partial redundancy elimination (PRE) techniques. First, to reduce as many barriers as possible and to enhance code motion, we perform alias analysis to identify all the regions in which each object reference is not aliased. Secondly, we find all the possible barriers. Finally, we perform code motions in three steps. For the first step, we apply a non‐speculative PRE algorithm to move load instructions and their following instructions in the backwards direction of the control flow graph. For the second step, we apply a speculative PRE algorithm to move some of them aggressively before the conditional branches. For the third step, we apply our modified version of a non‐speculative PRE algorithm to move store instructions in the forward direction of the control flow graph and to even move some of them after the merge points. We implemented our new algorithm in our production‐level Java just‐in‐time compiler. Our experimental results show that our speculative algorithm improves the average (maximum) performance by 13.1% (90.7%) for jBYTEmark and 1.4% (4.4%) for SPECjvm98 over the fastest algorithm previously described, while it increases the average (maximum) compilation time by 0.9% (2.9%) for both benchmark suites. Copyright © 2004 John Wiley & Sons, Ltd.     

基于感兴趣区域和RS编码机制的QR码美化算法

针对已有QR码美化方法没有考虑背景图像的感兴趣区域,进而影响美化效果的问题,提出基于感兴趣区域和RS编码机制的QR码美化算法。首先提出改进的基于多特征感兴趣区域检测算法,进而用此方法得到背景图的显著二值图。其次,将原始QR码利用RS编码矩阵进行异或操作得到中间QR码,该QR码和背景图的显著二值图完全一致;然后,将背景图像和中间QR码按照特定的融合策略进行融合。最后,将融合图再次利用RS纠错机制进一步扩大美化区域,得到最终的美化QR码图像。在测试样本集上的实验表明:所提算法可以实现完整的背景替换,保存更多的图像信息,具有较好的视觉效果和较高的解码率。     

“Slimming” a Java virtual machine by way of cold code removal and optimistic partial program loading

Embedded systems provide limited storage capacity. This limitation conflicts with the demands of modern virtual machine platforms, which require large amounts of library code to be present on each client device. These conflicting requirements are often resolved by providing specialized embedded versions of the standard libraries, but even these stripped down libraries consume significant resources.We present a solution for “always connected” mobile devices based on a zero footprint client paradigm. In our approach, all code resides on a remote server. Only those parts of applications and libraries that are likely to be needed are transferred to the mobile client device. Since it is difficult to predict statically which library parts will be needed at run time, we combine static analysis, opportunistic off-target linking and lazy code loading to transfer code with a high likelihood of execution ahead of time while the other code, such as exception code, remains on the server and is transferred only on demand. This allows us to perform not only dead code elimination, but also aggressive elimination of unused code.The granularity of our approach is flexible from class files all the way down to individual basic blocks. Our method achieves total code size reductions of up to 95%.     

Platform‐independent code conversion within the C++ locale framework

This paper describes some of the author's experiences from a C++ implementation of a concordance program for texts in Old West Norse (also known as Old Icelandic) and Runic Swedish. Since the input to the program used a character repertoire that no standard one‐byte character encoding covers, it was natural to use Unicode to represent data both inside the program and in external files. Inside the program, each character was represented with C++ ‘wide characters’; the input and output was represented in UTF‐8. The author constructed C++ code conversion facets that convert data between those two representations during file I/O. This enabled him to successfully compile, and run, the concordance program on both Linux (Fedora Core 3 with gcc 3.4.2) and Windows XP (using Visual C++ .NET 2003). The only necessary change to the source when changing platform was isolated to the lines selecting which code conversion facet to use—all other pieces of code remained unchanged. In particular, the author could still use the standard C++ locale framework for collation and code conversion, in spite of the fact that the library‐provided code conversion facets had been replaced. Copyright © 2006 John Wiley & Sons, Ltd.     

Fast,frequency‐based,integrated register allocation and instruction scheduling

Instruction scheduling and register allocation are two of the most important optimization phases in modern compilers as they have a significant impact on the quality of the generated code. Unfortunately, the objectives of these two optimizations are in conflict with one another. The instruction scheduler attempts to exploit instruction‐level parallelism and requires many operands to be available in registers. On the other hand, the register allocator wants register pressure to be kept low so that the amount of spill code can be minimized. Currently these two phases are done separately, typically in three passes: prepass scheduling, register allocation and postpass scheduling. But this separation can lead to poor results. Previous works attempted to solve the phase‐ordering problem by combining the instruction scheduler with graph‐coloring‐based register allocators. The latter tend to be computationally expensive. Linear‐scan register allocators, on the other hand, are simple, fast and efficient. In this paper, we describe our effort to integrate instruction scheduling with a linear‐scan allocator. Furthermore, our integrated optimizer is able to take advantage of execution frequencies obtained through profiling. Our integrated register allocator and instruction scheduler achieved good code quality with significantly reduced compilation times. On the SPEC2000 benchmarks running on a 900 MHz ItaniumII, compared with OpenIMPACT, we halved the time spent in instruction scheduling and register allocation with negligible impact on execution times. Copyright © 2007 John Wiley & Sons, Ltd.     

基于同余方程和改进的压扁控制流的混淆算法

针对现有控制流混淆算法的混淆结果单一的问题,提出了一种基于同余方程和改进的压扁控制流混淆算法。首先,使用密钥和一组同余方程来生成源代码的基本块中需要使用的不透明谓词;其次,基于Logistic混沌映射提出了一种新的N态不透明谓词构造算法,并将其应用到现有的压扁控制流算法中,对现有的压扁控制流算法进行改进;最后,将上述两个对源码进行混淆的算法结合,以此来增加源代码中控制流的复杂度,使其更难被破解。与现有的基于混沌不透明谓词的压扁控制流算法相比,所提混淆算法使混淆后代码的防篡改攻击时间平均提高了22%以上,总圈复杂度平均提高了34%以上。实验结果表明,所提算法能够保证混淆后程序执行结果的正确性并且具有很高的圈复杂度,能够有效地抵抗静态攻击和动态攻击。     

快速的CCSDS压缩方法的编码选项选择算法

为提升“空间数据系统咨询委员会”( CCSDS)提出的通用无损压缩编码方法的时间效率和压缩性能,提出一种新的编码选项选择算法.该算法利先用块内J个数据的和,粗略搜索最优编码选项参数的范围,再从该范围内精确查找.证明:最佳的搜索范围为3J/2,算法的时问复杂度为O(K+J).相对于CCSDS图像压缩标准中的快速编码选择方法,新算法可以使压缩性能最优;相比启发式的编码选择算法,该算法执行时间缩短了15％ ～25％.     

Pushdown model checking for malware detection

The number of malware is growing extraordinarily fast. Therefore, it is important to have efficient malware detectors. Malware writers try to obfuscate their code by different techniques. Many well-known obfuscation techniques rely on operations on the stack such as inserting dead code by adding useless push and pop instructions, or hiding calls to the operating system, etc. Thus, it is important for malware detectors to be able to deal with the program’s stack. In this study, we propose a new model-checking approach for malware detection that takes into account the behavior of the stack. Our approach consists in: (1) Modeling the program using a pushdown system (PDS). (2) Introducing a new logic, called stack computation tree predicate logic (SCTPL), to represent the malicious behavior. SCTPL can be seen as an extension of the branching-time temporal logic CTL with variables, quantifiers, and predicates over the stack. (3) Reducing the malware detection problem to the model-checking problem of PDSs against SCTPL formulas. We show how our new logic can be used to precisely express malicious behaviors that could not be specified by existing specification formalisms. We then consider the model-checking problem of PDSs against SCTPL specifications. We reduce this problem to emptiness checking in Symbolic Alternating Büchi Pushdown Systems, and we provide an algorithm to solve this problem. We implemented our techniques in a tool and applied it to detect several viruses. Our results are encouraging.     

基于简化Trace的动态隐式断言执行

分支指令与分支预测失败限制了处理器发掘指令级并行(ILP)的潜力.通过If-conversion或Predicated执行将程序中的控制相关转化为数据相关,能较好地降低分支预测开销.提出一种基于简化Trace结构的动态隐式断言执行机制(Dynamic Implicit Predication,DIP),而早期的相关研究主要集中于由编译器显式为宽发射处理器产生静态Predicated指令.无需编译器或者其他二进制工具的帮助,DIP可以在程序运行过程中识别可以进行断言变换的指令片断,完成指令转换与优化,并在以后的执行中使用优化后的指令Trace.基于SPEC2000模拟测试表明DIP可以有效避免错误的分支预测,提高并行度,单个程序的IPC平均提高10.3%,基准程序的平均加速比可达7.59%.     

软件DSM系统中的动态数据竞争检测

数据竞争是共享存储程序中的一类难于调试的错误 .在支持域存储一致性模型的软件 DSM系统 JIAJIA上 ,通过采用汇编代码装配技术来获得程序所读写的共享变量集合的方法 ,实现了基于锁集合的动态数据竞争检测算法 .利用本文方法 ,在 TSP和 Barnes程序中找到了数据竞争情况 ,并根据找到的数据竞争 ,修正了 Barnes中的错误 .实际使用经验表明 ,本文方法易于用户使用 ,达到了实用水平     

算法在程序代码相似度度量中的应用

程序代码相似度度量是用来检测剽窃及重复率、验证学生作业原创性的关键科技技术,这一技术还可以对所评阅的作业进行自动修改,通过对算法在程序代码相似度度量中的应用进行研究,可以辅助教师有效的衡量出学生程序设计对间的相似程度,从而检测出学生作业中相似的程序代码,促进教学评价的科学性和真实性,实现尊重原创、提倡创新的社会效益和教育目的。     

具有时间多样性的JavaScript代码保护方法

Web应用同本地应用一样面临恶意主机威胁.如何确保暴露于用户主机中的Web应用核心算法或关键业务流程等重要信息的安全成为亟待解决的问题.针对现有JavaScript代码保护方法难以抵御动态分析且抗累积攻击效果差的问题,提出了一种具有时间多样性的JavaScript代码保护(TDJSP)方法.首先,通过程序多样化处理和路径空间模糊化,使JavaScript程序在执行时具有多样性效果,以有效抵御累积攻击;其次,检测调试器、模拟器等非正常执行环境的特征,并根据检测结果进行响应,增加攻击者进行动态分析的难度.理论分析和实验结果表明,JavaScript程序的抗逆向分析能力得到了提高,同时,其空间增长率约为3.1(优于JScrambler3),时间延迟为毫秒级.因此,该方法能够在不影响程序性能的前提下提升Web应用的安全性.     

A family of code coverage-based heuristics for effective fault localization

Locating faults in a program can be very time-consuming and arduous, and therefore, there is an increased demand for automated techniques that can assist in the fault localization process. In this paper a code coverage-based method with a family of heuristics is proposed in order to prioritize suspicious code according to its likelihood of containing program bugs. Highly suspicious code (i.e., code that is more likely to contain a bug) should be examined before code that is relatively less suspicious; and in this manner programmers can identify and repair faulty code more efficiently and effectively. We also address two important issues: first, how can each additional failed test case aid in locating program faults; and second, how can each additional successful test case help in locating program faults. We propose that with respect to a piece of code, the contribution of the first failed test case that executes it in computing its likelihood of containing a bug is larger than or equal to that of the second failed test case that executes it, which in turn is larger than or equal to that of the third failed test case that executes it, and so on. This principle is also applied to the contribution provided by successful test cases that execute the piece of code. A tool, χDebug, was implemented to automate the computation of the suspiciousness of the code and the subsequent prioritization of suspicious code for locating program faults. To validate our method case studies were performed on six sets of programs: Siemens suite, Unix suite, space, grep, gzip, and make. Data collected from the studies are supportive of the above claim and also suggest Heuristics III(a), (b) and (c) of our method can effectively reduce the effort spent on fault localization.     

F4上的短码长的自正交码链

研究了达到Griesmer界的最优自正交码。应用组合的方法和随机算法构造域F₄上短码长n（10≤n≤19）的最优（或极大）自正交码及其子码链。给出了码长10≤n≤19时最优（或极大）自正交码的子码链的一种结果,其中码链中码的参数均达到了Griesmer界。这些结果对进一步研究自正交子码链及构造量子码具有重要的参考价值。     

Experiment with control code obfuscation

Control code obfuscation is intended to prevent malicious reverse engineering of software by masking the program control flow. The idea for further advancing the state of the art was presented in 2000 by WANG C. An obfuscating system for Java based on the ideas of WANG C is implemented and experimented. The experiment results show that obfuscation can be done efficiently with moderate increases in code size, execution times, while making the obfuscated code resilient to a variety of reverse engineering attacks.     

Experience with logical code analysis in software maintenance

Formal program specification and logical analysis are often used for program derivation and proofs of correctness. The basic tools include the logic of predicate calculus and Dijkstra's weakest precondition calculations. Recent work has shown that these tools are also very useful in the maintenance phase of the software life-cycle. This paper reports experience working with software maintenance teams to apply formal methods. Formal logical analysis is invaluable for isolating defects, determining code corrections, eliminating side-effects, and code re-engineering. Logical analysis works well in software maintenance because many defects can be isolated to small segments of code. These small segments can then be analyzed manually or with code analysis tools. The result is lowered software maintenance costs due to the benefits of defect prevention, reduction of code complexity metrics, productivity improvements, and better specifications and documentation. It would be beneficial to use logical code analysis in the earlier phases of the software life-cycle, such as quality assurance and inspection.     

一种基于流图变换的代码迷惑算法

为了提高软件的安全性,常使攻击者难以理解专利软件系统内部的工作机制,代码迷惑技术因其代价低廉而越来越受到人们的重视。代码迷惑技术的提出对于软件保护具有非常重要的意义,代码迷惑技术的使用可以对程序代码及核心算法进行保护。简要概述了代码迷惑技术基本内容,阐述了基本块和流图的相关知识,给出了可归约流图变换为不可归约流图的迷惑变换具体的算法及实验结果,并对算法的有效性进行了分析。     

一种精简二进制代码的程序理解方法

精简二进制代码形式的软件是软件分析和程序理解需要处理的一类具有代表性的对象,基于高级语言源代码和调试符号信息的传统分析方法在处理此类软件时受到了极大限制。提出一种精简二进制形式软件的理解方法,首先将分析对象转变为运行期进程,引入实际运行中的进程信息;然后引入程序的行为特征,以程序表现出的外在行为和对外接口作为辅助信息,将此类外部特征映射到程序代码;最后基于切片思想和调试技术,获得程序切片并分析。这种方法为分析理解过程扩展了信息量,降低了复杂度,解决了分析此类软件时信息缺失和难以建立理解模型的问题。