[go: up one dir, main page]

CN114491536B - Code analysis method and device based on knowledge graph - Google Patents

Code analysis method and device based on knowledge graph Download PDF

Info

Publication number
CN114491536B
CN114491536B CN202210103947.XA CN202210103947A CN114491536B CN 114491536 B CN114491536 B CN 114491536B CN 202210103947 A CN202210103947 A CN 202210103947A CN 114491536 B CN114491536 B CN 114491536B
Authority
CN
China
Prior art keywords
class
code
call
function
determining
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210103947.XA
Other languages
Chinese (zh)
Other versions
CN114491536A (en
Inventor
吕博良
旷亚和
程佩哲
张�诚
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Industrial and Commercial Bank of China Ltd ICBC
Original Assignee
Industrial and Commercial Bank of China Ltd ICBC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Industrial and Commercial Bank of China Ltd ICBC filed Critical Industrial and Commercial Bank of China Ltd ICBC
Priority to CN202210103947.XA priority Critical patent/CN114491536B/en
Publication of CN114491536A publication Critical patent/CN114491536A/en
Application granted granted Critical
Publication of CN114491536B publication Critical patent/CN114491536B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/562Static detection
    • G06F21/563Static detection by source code analysis
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/30Information retrieval; Database structures therefor; File system structures therefor of unstructured textual data
    • G06F16/36Creation of semantic tools, e.g. ontology or thesauri
    • G06F16/367Ontology

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Databases & Information Systems (AREA)
  • Data Mining & Analysis (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Computational Linguistics (AREA)
  • Health & Medical Sciences (AREA)
  • Animal Behavior & Ethology (AREA)
  • General Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Stored Programmes (AREA)

Abstract

本公开提供了一种基于知识图谱的代码分析方法,可以应用于人工智能技术领域。该方法包括:根据全量类代码信息和用户配置信息确定待分析类信息;根据所述待分析类信息确定每个类的继承与实现关系以及函数单级调用关系;根据所述类的继承与实现关系对所述函数单级调用关系进行补充以生成单级函数调用节点;根据所述单级函数调用节点生成代码类调用知识图谱;以及根据所述代码类调用知识图谱对代码进行分析。本公开还提供了一种基于知识图谱的代码分析装置、设备、存储介质和程序产品。

The present disclosure provides a code analysis method based on knowledge graph, which can be applied to the field of artificial intelligence technology. The method includes: determining the class information to be analyzed based on the full class code information and user configuration information; determining the inheritance and implementation relationship of each class and the single-level function call relationship based on the class information to be analyzed; supplementing the single-level function call relationship based on the inheritance and implementation relationship of the class to generate a single-level function call node; generating a code class call knowledge graph based on the single-level function call node; and analyzing the code based on the code class call knowledge graph. The present disclosure also provides a code analysis device, equipment, storage medium and program product based on knowledge graph.

Description

Code analysis method and device based on knowledge graph
Technical Field
The present disclosure relates to the field of artificial intelligence technology, in particular to the field of static code analysis technology, and more particularly, to a code analysis method, apparatus, device, medium and program product based on a knowledge graph.
Background
Static code analysis refers to analyzing code semantics and behavior without actually executing the program, thereby finding program semantics or undefined behavior in the program that are abnormal due to erroneous encoding. Static analysis does not need to wait for all codes to be written, does not need to construct an operating environment and write test cases, and can discover various problems in the codes at early stage of software development flow.
However, the modern software system is larger and larger in scale, the number of code lines is increased from tens or hundreds of thousands of lines to tens of thousands of lines, the system complexity is also higher and higher, and especially, with the appearance of object-oriented languages, the appearance of scenes such as polymorphism, abstract class and the like makes the function call condition more and more complex. How to quickly and accurately analyze a function call flow is a core problem of code-level vulnerability mining and dangerous function call chain mining.
It should be noted that the information disclosed in the above background section is only for enhancing understanding of the background of the present disclosure and thus may include information that does not constitute prior art known to those of ordinary skill in the art.
Disclosure of Invention
In view of the foregoing, the present disclosure provides knowledge-graph-based code analysis methods, apparatuses, devices, media, and program products.
According to a first aspect of the present disclosure, a code analysis method based on a knowledge graph is provided, including determining class information to be analyzed according to full-scale class code information and user configuration information;
determining inheritance and realization relation and function single-stage calling relation of each class according to the class information to be analyzed;
Supplementing the single-stage function call relationship according to the inheritance and the implementation relationship of the class to generate a single-stage function call node;
Generating a code class calling knowledge graph according to the single-stage function calling node and
And calling a knowledge graph according to the code class to analyze the code.
According to an embodiment of the disclosure, the inheritance and implementation relationships of the class include an inheritance relationship of the class, a relationship of the interface class and the implementation class, and a relationship of the abstract class and the implementation class, and the determining the single-stage function call node by supplementing the function single-stage call relationship according to the inheritance and implementation relationship of the class includes:
determining a class function call relationship according to the inheritance relationship of the class, the relationship between the interface class and the implementation class and the relationship between the abstract class and the implementation class;
Determining a complementary function single-stage call relationship according to the class function call relationship and the function single-stage call relationship;
And determining single-stage function call nodes according to the function names and the complementary function single-stage call relations corresponding to the function names, and storing the single-stage function call nodes into a graph database.
According to an embodiment of the present disclosure, the generating a code class call knowledge graph according to the single-level function call node includes:
obtaining a single-stage function call node in a graph database;
determining an entity relation table, an entity attribute table and a schema table according to the single-stage function call node, and
And generating a code class calling knowledge graph according to the entity relation table, the entity attribute table and the schema table.
According to an embodiment of the present disclosure, determining an entity relationship table and a schema table from the single-level function call node includes:
Generating a code class function, a class call relationship field into a plurality of entity-relationship-entity triples of the code class-call relationship-code class, wherein the entity is the code class, the relationship is the call relationship, and
And constructing a schema table, wherein the schema table comprises a code class name, an attribute type and an association relationship.
According to an embodiment of the disclosure, the analyzing the code according to the code class calling knowledge-graph includes:
searching the code class call chain relation by depth-first traversal algorithm to generate all paths of any starting point, and
And determining a program call chain of the target function according to the name of the target function and the path.
According to an embodiment of the disclosure, the analyzing the code according to the code class calling knowledge-graph further includes:
Determining the input and output degree of the function according to the name and knowledge graph of the target function, and
And determining the heat of the function according to the access degree.
According to an embodiment of the disclosure, the analyzing the code according to the code class calling knowledge-graph further includes:
And calculating call chain similarity of a plurality of software.
According to an embodiment of the present disclosure, the calculating call chain similarity of the plurality of software includes:
acquiring code class calling knowledge maps of at least two pieces of software;
Invoking point-side relation of a connected graph of the knowledge graph according to the code class to generate at least two vector matrixes;
Calculating the similarity of the vector matrix by using a deep learning algorithm, and
And determining the similarity of the two software according to the similarity of the vector matrix.
The second aspect of the disclosure provides a code analysis device based on a knowledge graph, comprising a first determination module, a second determination module and a third determination module, wherein the first determination module is used for determining class information to be analyzed according to total class code information and user configuration information;
The second determining module is used for determining inheritance and realization relations and function single-stage calling relations of each class according to the class information to be analyzed;
The first generation module is used for supplementing the single-stage function call relation according to inheritance and realization relation of the class so as to generate a single-stage function call node;
A second generation module for generating a code class call knowledge graph according to the single-stage function call node, and
And the analysis module is used for calling a knowledge graph according to the code class to analyze the code.
A third aspect of the present disclosure provides an electronic device comprising one or more processors and a memory for storing one or more programs, wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to perform the knowledge-graph based code analysis method described above.
A fourth aspect of the present disclosure also provides a computer-readable storage medium having stored thereon executable instructions that, when executed by a processor, cause the processor to perform the above-described knowledge-graph based code analysis method.
A fifth aspect of the present disclosure also provides a computer program product comprising a computer program which, when executed by a processor, implements the knowledge-graph based code analysis method described above.
According to the code analysis method based on the knowledge graph, which is provided by the embodiment of the disclosure, the knowledge graph is constructed by analyzing the function single-stage call relation in the class code, and the function call flow can be rapidly and accurately analyzed in a graph path searching mode based on the knowledge graph, so that the code static analysis and the dangerous call chain searching work are assisted to be completed.
Drawings
The foregoing and other objects, features and advantages of the disclosure will be more apparent from the following description of embodiments of the disclosure with reference to the accompanying drawings, in which:
FIG. 1 schematically illustrates application scenario diagrams of knowledge-based code analysis methods, apparatus, devices, media, and program products according to embodiments of the present disclosure;
FIG. 2 schematically illustrates a flow chart of a knowledge-graph based code analysis method, in accordance with an embodiment of the present disclosure;
FIG. 3 schematically illustrates a flow chart of a method of determining single-level function call points, according to an embodiment of the disclosure;
FIG. 4 schematically illustrates a single-level function call site diagram according to an embodiment of the present disclosure;
FIG. 5 schematically illustrates a flow chart of a method of constructing a class function knowledge graph, in accordance with an embodiment of the disclosure;
FIG. 6 schematically illustrates a flow chart of a code analysis method according to an embodiment of the disclosure;
FIG. 7 schematically shows a block diagram of a knowledge-graph-based code analysis apparatus, according to an embodiment of the present disclosure, and
Fig. 8 schematically illustrates a block diagram of an electronic device adapted to implement a knowledge-graph based code analysis method, in accordance with an embodiment of the disclosure.
Detailed Description
Hereinafter, embodiments of the present disclosure will be described with reference to the accompanying drawings. It should be understood that the description is only exemplary and is not intended to limit the scope of the present disclosure. In the following detailed description, for purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of the embodiments of the present disclosure. It may be evident, however, that one or more embodiments may be practiced without these specific details. In addition, in the following description, descriptions of well-known structures and techniques are omitted so as not to unnecessarily obscure the concepts of the present disclosure.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the disclosure. The terms "comprises," "comprising," and/or the like, as used herein, specify the presence of stated features, steps, operations, and/or components, but do not preclude the presence or addition of one or more other features, steps, operations, or components.
All terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art unless otherwise defined. It should be noted that the terms used herein should be construed to have meanings consistent with the context of the present specification and should not be construed in an idealized or overly formal manner.
Where a convention analogous to "at least one of A, B and C, etc." is used, in general such a convention should be interpreted in accordance with the meaning of one of skill in the art having generally understood the convention (e.g., "a system having at least one of A, B and C" would include, but not be limited to, systems having a alone, B alone, C alone, a and B together, a and C together, B and C together, and/or A, B, C together, etc.).
The embodiment of the disclosure provides a code analysis method based on a knowledge graph, which comprises the steps of determining class information to be analyzed according to full-quantity class code information and user configuration information, determining inheritance and implementation relations and function single-stage calling relations of each class according to the class information to be analyzed, supplementing the function single-stage calling relations according to the inheritance and the implementation relations of the class to generate a single-stage function calling node, generating a code class calling knowledge graph according to the single-stage function calling node, and analyzing codes according to the code class calling knowledge graph.
Fig. 1 schematically illustrates an application scenario diagram of a knowledge-graph-based code analysis method, apparatus, device, medium, and program product according to an embodiment of the present disclosure. It should be noted that the application scenario illustrated in fig. 1 is merely an example of an application scenario that may be used in embodiments of the present disclosure to help those skilled in the art understand the technical content of the present disclosure, but does not mean that embodiments of the present disclosure may not be used in other devices, systems, environments, or scenarios. It should be noted that, the code analysis method and the device based on the knowledge graph provided by the embodiments of the present disclosure may be used in the static code analysis technical field and the related aspects of the financial field, and may also be used in any field other than the financial field, and the application field of the code analysis method and the device based on the knowledge graph provided by the embodiments of the present disclosure is not limited.
As shown in fig. 1, an application scenario 100 according to this embodiment may include a code packet analysis mining scenario. The network 104 is used as a medium to provide communication links between the terminal devices 101, 102, 103 and the server 105. The network 104 may include various connection types, such as wired, wireless communication links, or fiber optic cables, among others.
The user may interact with the server 105 via the network 104 using the terminal devices 101, 102, 103 to receive or send messages or the like. Various client applications may be installed on the terminal devices 101, 102, 103, such as shopping class applications, web browser applications, search class applications, instant messaging tools, mailbox clients, social platform software, and the like (just examples).
The terminal devices 101, 102, 103 may be a variety of electronic devices having a display screen and supporting web browsing, including but not limited to smartphones, tablets, laptop and desktop computers, and the like.
The server 105 may be a server providing various services, such as a background management server (by way of example only) providing support for websites browsed by users using the terminal devices 101, 102, 103. The background management server may analyze and process the received data such as the user request, and feed back the processing result (e.g., information or data generated according to the user configuration information and the request information) to the terminal device.
It should be noted that the code analysis method based on the knowledge-graph provided by the embodiments of the present disclosure may be generally performed by the server 105. Accordingly, the knowledge-graph-based code analysis apparatus provided by the embodiments of the present disclosure may be generally provided in the server 105. The knowledge-graph-based code analysis method provided by the embodiments of the present disclosure may also be performed by a server or a server cluster that is different from the server 105 and is capable of communicating with the terminal devices 101, 102, 103 and/or the server 105. Accordingly, the knowledge-graph-based code analysis apparatus provided by the embodiments of the present disclosure may also be provided in a server or a server cluster that is different from the server 105 and is capable of communicating with the terminal devices 101, 102, 103 and/or the server 105.
It should be understood that the number of terminal devices, networks and servers in fig. 1 is merely illustrative. There may be any number of terminal devices, networks, and servers, as desired for implementation.
The method for analyzing the code based on the knowledge graph according to the disclosed embodiment will be described in detail with reference to fig. 2 to 6 based on the scenario described in fig. 1.
Fig. 2 schematically illustrates a flow chart of a knowledge-graph based code analysis method, according to an embodiment of the disclosure.
As shown in fig. 2, the knowledge-graph-based code analysis method of this embodiment includes operations S210 to S250, which may be performed by a processor or other computing device.
In operation S210, class information to be analyzed is determined according to the full-quantity class code information and the user configuration information.
In one example, first, according to user configuration, integrating code packages to be analyzed, including integrating code packages, single code class, and running environment basic class information, and confirming class ranges to be analyzed.
In operation S220, inheritance and implementation relationships and function single-level call relationships of each class are determined according to the class information to be analyzed.
In one example, scan analysis is sequentially performed on each class file according to the to-be-analyzed class range information determined in operation S210, and after all classes are analyzed in a full amount, the function call situation is more complex due to the appearance of object-oriented languages, the appearance of multi-states, abstract classes and other scenes, so that in order to obtain a complete single-stage function call relationship, the inheritance and implementation relationship of a single class needs to be carded, wherein the inheritance and implementation relationship of the class includes the inheritance relationship of the class, the relationship of the interface class and the implementation class, and the relationship of the abstract class and the implementation class.
In operation S230, the function single-level call relationship is supplemented according to the inheritance and implementation relationship of the class to generate a single-level function call node.
In one example, in order to obtain a complete single-level function call relationship, after determining the inheritance and implementation relationship of a class and the single-level call relationship of a function, traversing the single-level call relationship of each class according to the inheritance and implementation relationship of the class is required to form a supplement to the single-level call relationship, generating the complete single-level function call node by the supplemented single-level call relationship, storing the complete single-level function call node in a graph database manner, and referring to a determining method of a single-level function call point for a specific process of supplementing the single-level call relationship.
In operation S240, a code class call knowledge graph is generated from the single-level function call node.
In one example, function information data, i.e., single level function call nodes (including function names and function single level call relationships), is obtained from a graph database. And mapping the code class functions and class call relation fields to a triplet formed by a basic unit of an entity-relation-entity of the knowledge graph, wherein the entity is a code class. If the code class-call relation-entity of the code class is generated, a map generation point-side relation table and a schema table are constructed, a class call map can be formed through the entity relation table and the schema table for subsequent presentation and analysis, and the generation process of the code class call knowledge map can be seen from operation S241 to operation S243 in FIG. 5.
In operation S250, a knowledge graph is called according to the code class to analyze the code.
In one example, the code class call knowledge graph can be utilized to perform graph analysis to realize rapid analysis on software codes, for example, depth of a program call chain is explored by using a depth-first traversal algorithm, the call degree of a class or method is measured by using a centrality algorithm, the similarity of different software classes can be measured by combining a DeepWalk algorithm with a node2vec algorithm, and the like, the code class call knowledge graph can be expanded, for example, the depth of a function call chain can be displayed, namely, by inputting a search value of a starting point v, a code class call chain taking any v as the starting point can be searched for judging and displaying information including possible reachable paths, path depths, path nodes and the like. The heat of the function can be displayed, namely, the center of the class and the method can be calculated by inputting the starting point of the function through a knowledge graph, the heat can be rated by rank through the utilization of the access degree of the entity stage, and the stage with high access degree is the high heat method or the inheritance method.
According to the code analysis method based on the knowledge graph, which is provided by the embodiment of the disclosure, the knowledge graph is constructed by analyzing the function single-stage call relation in the class code, and the function call flow can be rapidly and accurately analyzed in a graph path searching mode based on the knowledge graph, so that the code static analysis and the dangerous call chain searching work are assisted to be completed.
Fig. 3 schematically illustrates a flow chart of a method of determining single-level function call points according to an embodiment of the disclosure. Fig. 4 schematically illustrates a single-level function call site diagram according to an embodiment of the present disclosure. As shown in fig. 3, operation S230 includes operations S231 to S233.
In operation S231, a class function call relationship is determined according to the inheritance relationship of the class, the relationship of the interface class and the implementation class, and the relationship of the abstract class and the implementation class. In operation S232, a complementary function single-level call relationship is determined from the class function call relationship and the function single-level call relationship. In operation S233, a single-level function call node is determined according to the function name and the supplemented function single-level call relationship corresponding to the function name, and is stored in the graph database.
In one example, the single-level call relationship of each Class needs to be traversed according to inheritance and implementation relationship of the Class, and supplements the single-level call relationship, for example, the Method1 Method of Class a calls the Method1 interface of interface Class INTERFACE I, and Class B and Class c are both implementation classes of INTERFACE I, so that the single-level call relationship of Class a.method1- > Class i.method1 is expanded into Class a.method1- > Class b.method1 and Class a.method1- > Class c.method1, for example, the Method1 of Class a calls the Method1 Method of abstract Class M, and Class D is a specific implementation Class of Class M, then Class a.method1- > Class m.method1 is updated into Class a.method1- > Class d.method1, and if the function is rewritten into the Class of function, the function is also stored in the Class. After the processing is completed, a complete single-stage function call node is formed, as shown in figure 4, and three single-stage call relation nodes exist, wherein a call relation exists between a Class A Method1 and a Class B Method1, a Class C Method1, a Class D Method1 and a Class A Method2, a call relation exists between a Class B Method1 and a Class B Method2, the Class B Method2 has a call relation with the Class B Method3 and the Class C Method5, and a plurality of complete program call chains can be obtained by aggregating the single-level call relation nodes, for example, the Class A Method1- > Class B Method2- > Class B Method3.
Fig. 5 schematically illustrates a flowchart of a method of constructing a class function knowledge graph, in accordance with an embodiment of the disclosure. As shown, operation S240 includes operations S241-S243.
In operation S241, a single level function call node in the graph database is acquired. In operation S242, an entity relationship table, an entity attribute table, and a schema table are determined according to the single-level function call node. In operation S243, a code class call knowledge graph is generated from the entity relationship table, the entity attribute table, and the schema table.
According to the embodiment of the disclosure, a code class function and a class calling relation field are used for generating a plurality of entity-relation-entity triples of the code class-calling relation-code class, wherein the entity is the code class, the relation is the calling relation, and a schema table is constructed, wherein the schema table comprises a code class name, an attribute type and an association relation.
In one example, a map generation point-side relationship table and a schema table need to be constructed, such as tables 1 to 3 below. As shown in Table 1, in the entity relation table, the entity is a code Class, the point is used as the point of the knowledge graph, the association relation is a calling relation and the side is used as the side of the knowledge graph, and the entity attribute table records the relation between the code classes, for example, class B and Class A are inheritance relations. The graph database can be input to perform graph making through the entity-relation-entity table and the Schema table, and a code class calling knowledge graph is generated. After the knowledge-graph is generated, the code can be rapidly and accurately analyzed based on the knowledge-graph.
Table 1 "entity-relationship-entity" table
Code class Code class Association relation Edge number
Class A Method3 Class A Methodl l 0_flow
Class A Methodl Class A Method2 1 1_flow
Class A Method1 Class B Methodl 1 2_flow
Class B Method1 Class B Method2 1 3_flow
Table 2 "entity-attribute value" table
Code class Relationship of the genus Relationship value
Class B Inheritance Class A
Class C Inheritance Class B
Class A Realization of interface I
Class B Realization of interface I
TABLE 3 Schema TABLE
Type(s) Name of the name Description of the invention Unidirectional Attribute names Attribute type
Entity Code class Start code class Start code class String
Entity Code class Object code class Object code class String
Relationship of Association relation Association relation TRUE Start code class String
Object code class String
Edge number String
Association relation int
Fig. 6 schematically shows a flow chart of a code analysis method according to an embodiment of the disclosure. As shown in fig. 6, operation S250 includes operations S251 to S253. It should be noted that, the operations S251, S252 and S253 are only different analysis directions based on the knowledge-graph, and the execution sequence is not particularly limited.
In operation S251, the program call chain depth is explored using a depth-first traversal algorithm.
According to the embodiment of the disclosure, the code class calling chain relation is searched through a depth-first traversal algorithm, and all paths with any starting point are generated. And determining a program call chain of the target function according to the name and the path of the target function.
Executing operation S251 may obtain a program call chain, specifically, taking a depth-first traversal algorithm as an example, searching for code class call chain relationships through the depth-first traversal algorithm, assuming that all vertices of a given graph G have not been visited. If a vertex v is optionally the initial departure point (the class of start point codes) in G, then the depth-first traversal may be defined by first accessing the departure point v and marking it as accessed, and then searching each adjacency point w of v in turn from v. If w has not been accessed, then the depth-first traversal is continued with w as the new departure point until all vertices in the graph that have paths with the start code class v (also referred to as vertices reachable from the source point) have been accessed. If there are still non-visited vertices in the graph at this time, the above process is repeated with an alternative non-visited vertex as a new source point until all vertices in the graph have been visited.
The traversal process is as follows, let x be the current vertex to be examined, and after x is marked, select an undetected edge (x, y) from x. If it is found that vertex y has been accessed, then another undetected edge from x is reselected, otherwise, the edge (x, y) reaches the unaccessed y, accesses y and marks it as accessed, then searches from y until all paths from y are searched, i.e., after all vertices reachable from y are accessed, vertex x is traced back, and an undetected edge from x is selected again. The above process is continued until all edges from x have been detected. If the graph G is a connected graph, the traversal process is ended, otherwise, a vertex which is not accessed yet is continuously selected as a new source point, and a new searching process is carried out. All paths of any starting point v can be generated after algorithm traversal, such as the call chain relation of 'Class A Method1-Class B Method2-Class C Method 5'.
In operation S252, call chain similarity of a plurality of software is calculated.
According to the embodiment of the disclosure, a code class calling knowledge graph of at least two pieces of software is obtained, at least two vector matrixes are generated according to point-edge relations of a connected graph of the code class calling knowledge graph, similarity of the vector matrixes is calculated by means of a deep learning algorithm, and the similarity of the two pieces of software is determined according to the similarity of the vector matrixes.
In one example, the similarity of different software can be analyzed based on the knowledge graph, at least two code classes of the software are firstly constructed according to the construction method of the knowledge graph to call the knowledge graph, the graph embedding Graph embedding method such as deep walk and node2vec is used for converting the point side relationship of the connected graph of the knowledge graph into a set of mathematical vectors, the graph data is identified by a matrix, and the similarity of the matrices can be measured by a deep learning algorithm such as a convolutional neural network or a clustering algorithm by converting the different software into the vectors, so that the similarity between the software can be judged according to the similarity of the vector matrices.
In operation S253, the heat of the objective function is calculated.
According to the embodiment of the disclosure, the access degree of the function is determined according to the name and the knowledge graph of the target function, and the heat degree of the function is determined according to the access degree.
In one example, the starting point of the input function may calculate the centrality of the class and method through a knowledge graph, and the heat of the function may be rank rated by using the access degree of the entity stage, where the stage with high access degree is the high heat method or the inheritance method. The method can be used for expanding the depth of the function call chain, namely, the code class call chain taking any function V as a starting point can be searched by inputting the search value of the starting point function V and used for judging and displaying information including possible reachable paths, path depth, path nodes and the like.
Based on the code analysis method based on the knowledge graph, the disclosure also provides a code analysis device based on the knowledge graph. The device will be described in detail below in connection with fig. 7.
Fig. 7 schematically shows a block diagram of a knowledge-graph-based code analysis apparatus according to an embodiment of the present disclosure.
As shown in fig. 7, the knowledge-graph-based code analysis apparatus 700 of this embodiment includes a first determination module 710, a second determination module 720, a first generation module 730, a second generation module 740, and an analysis module 750.
The first determining module 710 is configured to determine class information to be analyzed according to the full-scale class code information and the user configuration information. In an embodiment, the first determining module 710 may be configured to perform the operation S210 described above, which is not described herein.
The second determining module 720 is configured to determine inheritance and implementation relationships and function single-level call relationships of each class according to the class information to be analyzed. In an embodiment, the second determining module 720 may be configured to perform the operation S220 described above, which is not described herein.
The first generating module 730 is configured to supplement the single-level function call relationship according to the inheritance and implementation relationship of the class to generate a single-level function call node. In an embodiment, the first generating module 730 may be configured to perform the operation S230 described above, which is not described herein.
The second generating module 740 is configured to generate a code class call knowledge graph according to the single-level function call node. In an embodiment, the second generating module 740 may be configured to perform the operation S240 described above, which is not described herein.
The analysis module 750 is used for analyzing codes according to the invoking knowledge-graph according to the code class. In an embodiment, the analysis module 750 may be configured to perform the operation S250 described above, which is not described herein.
According to an embodiment of the present disclosure, any of the first determination module 710, the second determination module 720, the first generation module 730, the second generation module 740, and the analysis module 750 may be combined in one module to be implemented, or any of the modules may be split into a plurality of modules. Or at least some of the functionality of one or more of the modules may be combined with, and implemented in, at least some of the functionality of other modules. According to embodiments of the present disclosure, at least one of the first determination module 710, the second determination module 720, the first generation module 730, the second generation module 740, and the analysis module 750 may be implemented at least in part as hardware circuitry, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system on a chip, a system on a substrate, a system on a package, an Application Specific Integrated Circuit (ASIC), or as hardware or firmware in any other reasonable manner of integrating or packaging the circuitry, or as any one of or a suitable combination of any of the three. Or at least one of the first determination module 710, the second determination module 720, the first generation module 730, the second generation module 740, and the analysis module 750 may be at least partially implemented as computer program modules which, when executed, may perform the respective functions.
Fig. 8 schematically illustrates a block diagram of an electronic device adapted to implement a knowledge-graph based code analysis method, in accordance with an embodiment of the disclosure.
As shown in fig. 8, an electronic device 900 according to an embodiment of the present disclosure includes a processor 901 that can perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM) 902 or a program loaded from a storage portion 908 into a Random Access Memory (RAM) 903. The processor 901 may include, for example, a general purpose microprocessor (e.g., a CPU), an instruction set processor and/or an associated chipset and/or a special purpose microprocessor (e.g., an Application Specific Integrated Circuit (ASIC)), or the like. Processor 901 may also include on-board memory for caching purposes. Processor 901 may include a single processing unit or multiple processing units for performing the different actions of the method flows according to embodiments of the present disclosure.
In the RAM 903, various programs and data necessary for the operation of the electronic device 900 are stored. The processor 901, the ROM 902, and the RAM 903 are connected to each other by a bus 904. The processor 901 performs various operations of the method flow according to the embodiments of the present disclosure by executing programs in the ROM 902 and/or the RAM 903. Note that the program may be stored in one or more memories other than the ROM 902 and the RAM 903. The processor 901 may also perform various operations of the method flow according to embodiments of the present disclosure by executing programs stored in the one or more memories.
According to an embodiment of the disclosure, the electronic device 900 may also include an input/output (I/O) interface 905, the input/output (I/O) interface 905 also being connected to the bus 904. The electronic device 900 may also include one or more of an input portion 906 including a keyboard, a mouse, etc., an output portion 907 including a display such as a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), etc., and a speaker, etc., a storage portion 908 including a hard disk, etc., and a communication portion 909 including a network interface card such as a LAN card, a modem, etc., connected to the I/O interface 905. The communication section 909 performs communication processing via a network such as the internet. The drive 910 is also connected to the I/O interface 905 as needed. A removable medium 911 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is installed as needed on the drive 910 so that a computer program read out therefrom is installed into the storage section 908 as needed.
The present disclosure also provides a computer-readable storage medium that may be included in the apparatus/device/system described in the above embodiments, or may exist alone without being assembled into the apparatus/device/system. The computer-readable storage medium carries one or more programs which, when executed, implement methods in accordance with embodiments of the present disclosure.
According to embodiments of the present disclosure, the computer-readable storage medium may be a non-volatile computer-readable storage medium, which may include, for example, but is not limited to, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this disclosure, a computer-readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. For example, according to embodiments of the present disclosure, the computer-readable storage medium may include ROM 902 and/or RAM 903 and/or one or more memories other than ROM 902 and RAM 903 described above.
Embodiments of the present disclosure also include a computer program product comprising a computer program containing program code for performing the methods shown in the flowcharts. The program code is for causing a computer system to implement the knowledge-graph based code analysis method provided by the embodiments of the present disclosure when the computer program product is run in the computer system.
The above-described functions defined in the system/apparatus of the embodiments of the present disclosure are performed when the computer program is executed by the processor 901. The systems, apparatus, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the disclosure.
In one embodiment, the computer program may be based on a tangible storage medium such as an optical storage device, a magnetic storage device, or the like. In another embodiment, the computer program may also be transmitted, distributed, and downloaded and installed in the form of a signal on a network medium, via communication portion 909, and/or installed from removable medium 911. The computer program may comprise program code that is transmitted using any appropriate network medium, including but not limited to wireless, wireline, etc., or any suitable combination of the preceding.
In such an embodiment, the computer program may be downloaded and installed from the network via the communication portion 909 and/or installed from the removable medium 911. The above-described functions defined in the system of the embodiments of the present disclosure are performed when the computer program is executed by the processor 901. The systems, devices, apparatus, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the disclosure.
According to embodiments of the present disclosure, program code for performing computer programs provided by embodiments of the present disclosure may be written in any combination of one or more programming languages, and in particular, such computer programs may be implemented in high-level procedural and/or object-oriented programming languages, and/or assembly/machine languages. Programming languages include, but are not limited to, such as Java, c++, python, "C" or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, partly on a remote computing device, or entirely on the remote computing device or server. In the case of remote computing devices, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., connected via the Internet using an Internet service provider).
The flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
Those skilled in the art will appreciate that the features recited in the various embodiments of the disclosure and/or in the claims may be provided in a variety of combinations and/or combinations, even if such combinations or combinations are not explicitly recited in the disclosure. In particular, the features recited in the various embodiments of the present disclosure and/or the claims may be variously combined and/or combined without departing from the spirit and teachings of the present disclosure. All such combinations and/or combinations fall within the scope of the present disclosure.
The embodiments of the present disclosure are described above. These examples are for illustrative purposes only and are not intended to limit the scope of the present disclosure. Although the embodiments are described above separately, this does not mean that the measures in the embodiments cannot be used advantageously in combination. The scope of the disclosure is defined by the appended claims and equivalents thereof. Various alternatives and modifications can be made by those skilled in the art without departing from the scope of the disclosure, and such alternatives and modifications are intended to fall within the scope of the disclosure.

Claims (10)

1. The code analysis method based on the knowledge graph is characterized by comprising the following steps of:
determining class information to be analyzed according to the full-quantity class code information and the user configuration information;
determining inheritance and realization relation and function single-stage calling relation of each class according to the class information to be analyzed;
determining a class function call relation according to the inheritance and the implementation relation of the class;
Determining a complementary function single-stage call relationship according to the class function call relationship and the function single-stage call relationship;
Determining a single-stage function call node according to the function name and the supplemented function single-stage call relation corresponding to the function name;
determining an entity relation table, an entity attribute table and a schema table according to the single-stage function call node;
Generating a code class calling knowledge graph according to the entity relation table, the entity attribute table and the schema table, and
And calling a knowledge graph according to the code class to analyze the code.
2. The method of claim 1, wherein determining an entity relationship table and a schema table from the single-level function call node comprises:
Generating a code class function, a class call relationship field into a plurality of entity-relationship-entity triples of the code class-call relationship-code class, wherein the entity is the code class, the relationship is the call relationship, and
And constructing a schema table, wherein the schema table comprises a code class name, an attribute type and an association relationship.
3. The method of claim 2, wherein said analyzing the code according to the code class call knowledge-graph comprises:
searching the code class call chain relation by depth-first traversal algorithm to generate all paths of any starting point, and
And determining a program call chain of the target function according to the name of the target function and the path.
4. The method of claim 2, wherein analyzing the code according to the code class call knowledge-graph further comprises:
Determining the input and output degree of the function according to the name and knowledge graph of the target function, and
And determining the heat of the function according to the access degree.
5. The method of claim 2, wherein analyzing the code according to the code class call knowledge-graph further comprises:
And calculating call chain similarity of a plurality of software.
6. The method of claim 5, wherein calculating call chain similarity for a plurality of software comprises:
acquiring code class calling knowledge maps of at least two pieces of software;
Invoking point-side relation of a connected graph of the knowledge graph according to the code class to generate at least two vector matrixes;
Calculating the similarity of the vector matrix by using a deep learning algorithm, and
And determining the similarity of the two software according to the similarity of the vector matrix.
7. A knowledge-graph-based code analysis device, comprising:
the first determining module is used for determining the class information to be analyzed according to the total class code information and the user configuration information;
The second determining module is used for determining inheritance and realization relations and function single-stage calling relations of each class according to the class information to be analyzed;
The first generation module is used for supplementing the single-stage function call relation according to inheritance and realization relation of the class so as to generate a single-stage function call node;
A second generation module for generating a code class call knowledge graph according to the single-stage function call node, and
An analysis module for calling a knowledge graph according to the code class to analyze the code,
The first generation module is also used for determining a class function call relation according to inheritance and implementation relation of the class, determining a complementary function single-stage call relation according to the class function call relation and the function single-stage call relation, and determining a single-stage function call node according to a function name and the complementary function single-stage call relation corresponding to the function name;
The second generating module is further used for determining an entity relation table, an entity attribute table and a schema table according to the single-stage function call node, and generating a code class call knowledge graph according to the entity relation table, the entity attribute table and the schema table.
8. An electronic device, comprising:
One or more processors;
storage means for storing one or more programs,
Wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to perform the method of any of claims 1-6.
9. A computer readable storage medium having stored thereon executable instructions which, when executed by a processor, cause the processor to perform the method according to any of claims 1-6.
10. A computer program product comprising a computer program which, when executed by a processor, implements the method according to any one of claims 1-6.
CN202210103947.XA 2022-01-27 2022-01-27 Code analysis method and device based on knowledge graph Active CN114491536B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210103947.XA CN114491536B (en) 2022-01-27 2022-01-27 Code analysis method and device based on knowledge graph

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210103947.XA CN114491536B (en) 2022-01-27 2022-01-27 Code analysis method and device based on knowledge graph

Publications (2)

Publication Number Publication Date
CN114491536A CN114491536A (en) 2022-05-13
CN114491536B true CN114491536B (en) 2025-01-10

Family

ID=81476449

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210103947.XA Active CN114491536B (en) 2022-01-27 2022-01-27 Code analysis method and device based on knowledge graph

Country Status (1)

Country Link
CN (1) CN114491536B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117076256A (en) * 2023-08-29 2023-11-17 腾讯科技(深圳)有限公司 Exception identification methods, exception handling methods and model training methods
CN118445211B (en) * 2024-07-03 2024-12-13 荣耀终端有限公司 Code detection method, device, storage medium and program product
CN118963869B (en) * 2024-10-15 2024-12-13 北京网智天元大数据科技有限公司 Large model task calling execution method and device based on knowledge graph
CN119721222A (en) * 2024-12-04 2025-03-28 北京百度网讯科技有限公司 Code knowledge graph generation, code generation method, device, equipment and medium

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109101410A (en) * 2017-06-20 2018-12-28 北京明略软件系统有限公司 A kind of risk driven test method and device and computer readable storage medium
CN111400197A (en) * 2020-05-29 2020-07-10 支付宝(杭州)信息技术有限公司 Application package analysis method and device and computer readable storage medium

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110489520B (en) * 2019-07-08 2023-05-16 平安科技(深圳)有限公司 Knowledge graph-based event processing method, device, equipment and storage medium
CN111949800A (en) * 2020-07-06 2020-11-17 北京大学 A method and system for establishing a knowledge graph of an open source project
CN113434418A (en) * 2021-06-29 2021-09-24 扬州大学 Knowledge-driven software defect detection and analysis method and system

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109101410A (en) * 2017-06-20 2018-12-28 北京明略软件系统有限公司 A kind of risk driven test method and device and computer readable storage medium
CN111400197A (en) * 2020-05-29 2020-07-10 支付宝(杭州)信息技术有限公司 Application package analysis method and device and computer readable storage medium

Also Published As

Publication number Publication date
CN114491536A (en) 2022-05-13

Similar Documents

Publication Publication Date Title
CN114491536B (en) Code analysis method and device based on knowledge graph
US10261883B2 (en) Aggregating source code metric values
JP7090131B2 (en) Methods and equipment for generating information
CN116541069A (en) Key function evaluation method, device, electronic equipment, medium and program product
CN114997111B (en) Service processing method, device, computer equipment and storage medium
CN116560661A (en) Code optimization method, device, equipment and storage medium
CN116244387A (en) Entity relationship construction method, device, electronic equipment and storage medium
CN114462040A (en) Malicious software detection model training method, malicious software detection method and malicious software detection device
CN111581431B (en) Data exploration method and device based on dynamic evaluation
CN111026629B (en) A method and device for automatically generating test scripts
CN118445399A (en) Information generating method, apparatus, device, storage medium, and program product
CN117806977A (en) Test method, apparatus, device, medium and program product
CN111767290A (en) Method and apparatus for updating user portraits
CN113377377B (en) Static code analysis method, analysis device, electronic device and readable storage medium
US10318257B2 (en) Selective object sensitive points-to analysis
CN112068814B (en) Method, device, system and medium for generating executable file
CN115048297A (en) Symbol execution method, device, equipment, medium and program product for page
CN118069507B (en) Regression testing quality assessment method and device based on code knowledge graph
CN115098391B (en) Page detection method, device, equipment, and medium
CN120315725B (en) Dependency graph generation method, risk assessment method, device, equipment and medium
CN118296023B (en) Data comparison method, device, equipment, medium and program product
US12299011B2 (en) Connection nature between nodes in graph structure
US9465723B2 (en) Systems and/or methods for monitoring live software
CN112101390A (en) Attribute information determination method, attribute information determination device and electronic equipment
CN114237624B (en) Error handling method, device, equipment, medium and product based on Go language

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant