CloneCompass: Visualizations for Exploring Assembly Code Clone Ecosystems

Assembly code analysis is an intensive process undertaken by security analysts and reverse engineers to discover vulnerabilities in existing software when source code is unavailable. Kam1n0 is an efficient code clone search engine that facilitates assembly code analysis. However, Kam1n0 search results can contain millions of function-clone pairs, and efficiently exploring and comprehensively understanding the resulting data can be challenging. This paper presents a design study whereby we collaborated with analyst stakeholders to identify requirements for a tool that visualizes and scales to millions of function-clone pairs. These requirements led to the design of an interactive visual tool, CloneCompass, consisting of novel TreeMap Matrix and Adjacency Matrix visualizations to aid in the exploration of assembly code clones extracted from Kam1n0. We conducted a preliminary evaluation with the analyst stakeholders and show how CloneCompass enables these users to visually and interactively explore code clone data generated from software systems with suspected vulnerabilities.