We describe a graph visualization tool for visualizing Java bytecode. Our tool, which we call J-Viz, visualizes connected directed graphs according to a canonical node ordering, which we call the sibling-first recursive (SFR) numbering. The particular graphs we consider are derived from applying Shiver's k-CFA framework to Java bytecode, and our visualizer includes helpful links between the nodes of an input graph and the Java bytecode that produced it, as well as a decompiled version of that Java bytecode. We show through several case studies that the canonical drawing paradigm used in J-Viz is effective for identifying potential security vulnerabilities and repeated use of the same code in Java applications.
Cite
@article{arxiv.1608.08970,
title = {J-Viz: Sibling-First Recursive Graph Drawing for Visualizing Java Bytecode},
author = {Md. Jawaherul Alam and Michael T. Goodrich and Timothy Johnson},
journal= {arXiv preprint arXiv:1608.08970},
year = {2016}
}