Evaluating Bug Finders
|
|
- Beatrix Jennings
- 5 years ago
- Views:
Transcription
1 Evaluating Bug Finders Test and Measurement of Static Code Analyzers Aurelien DELAITRE Bertrand STIVALET ICSE - COUFLESS 2015 May 23, 2015
2 Authors Aurelien DELAITRE West Virginia University Bertrand STIVALET National Institute of Standards and Technology 2
3 Authors Elizabeth FONG NIST Vadim OKUN NIST 3
4 "If debugging is the process of removing software bugs, then programming must be the process of putting them in" E. Dijkstra 4
5 1. SAMATE Project Software Assurance Metrics And Tool Evaluation 5
6 Software Assurance Reference Dataset (SARD) SARD contains Small test cases w/ specific vulnerabilities Large test suites Software w/ CVEs SARD in numbers 34 Test suites 243 CWEs 148,903 Test cases 665,481 Files 6
7 Static Analysis Tool Expositions (SATE) 5 editions of SATE 3 programming languages 5M+ lines of code for SATE V 7
8 2. Software as Big Data Introduction to Static Analysis 8
9 Static Analysis Automated analysis of large software Defect detection and remediation Use different approaches: Syntax checking Heuristics Formal methods 9
10 Static Analysis Automated analysis of large software Defect detection and remediation Use different approaches Buggy Source Code Compilation Buggy Software 10
11 Static Analysis Automated analysis of large software Defect detection and remediation Use different approaches Buggy Source Code Bug Report Static Analysis Remediation 11
12 Static Analysis Automated analysis of large software Defect detection and remediation Use different approaches Fixed Source Code Compilation Secure Software 12
13 Pros and Cons Improves software assurance Saves time and money Takes customized rule sets False positive (noise) False negative (missed defects) Limited scope 13
14 3. Metrics Measuring the Effectiveness of Tools 14
15 Evaluation Metrics Flawed code Safe code Tool Warnings True False Positives Positives Source Code False Negatives True Negatives 15
16 Evaluation Metrics How much can I trust a tool? Flawed code Safe code Tool Warnings True False Positives Positives Source Code False Negatives True Negatives 16
17 Evaluation Metrics Precision How much can I trust a tool? Flawed code Safe code Tool Warnings True False Positives Positives Prec. False Negatives Source Code True Negatives 17
18 Evaluation Metrics Precision How much can I trust a tool? Flawed code Safe code What proportion of flaws can a tool find? Tool Warnings True False Positives Positives Prec. False Negatives Source Code True Negatives 18
19 Evaluation Metrics Precision How much can I trust a tool? Recall What proportion of flaws can a tool find? Flawed code Safe code Re ca ll Tool Warnings True False Positives Positives Prec. False Negatives Source Code True Negatives 19
20 Evaluation Metrics Precision How much can I trust a tool? What kind of flaws can a tool find? Recall What proportion of flaws can a tool find? Buggy Code Static Analysis 20
21 Evaluation Metrics Precision Coverage How much can I trust a tool? What kind of flaws can a tool find? Recall What proportion of flaws can a tool find? Buggy Code Bug Report Static Analysis 21
22 Evaluation Metrics Precision Coverage How much can I trust a tool? What kind of flaws can a tool find? Recall What proportion of flaws can a tool find? How smart is a tool? Safe Code Static Analysis Buggy Code 22
23 Evaluation Metrics Precision Coverage How much can I trust a tool? What kind of flaws can a tool find? Recall Discrimination What proportion of flaws can a tool find? How smart is a tool? Safe Code Safe Code Static Analysis Buggy Code Buggy Code 23
24 Evaluation Metrics Precision Coverage How much can I trust a tool? What kind of flaws can a tool find? Recall Discrimination What proportion of flaws can a tool find? How smart is a tool? How similar are unrelated tools? report report 24
25 Evaluation Metrics Precision Coverage How much can I trust a tool? What kind of flaws can a tool find? Recall Discrimination What proportion of flaws can a tool find? How smart is a tool? Overlap How similar are unrelated tools? report report 25
26 4. Test Cases Static Analysis Tool Exposition (SATE) 26
27 Design of Test Cases Statistical significance #include <stdio.h> int main(){ 27
28 Design of Test Cases Statistical significance Relevance #include <stdio.h> int main(){ 28
29 Design of Test Cases Statistical significance Relevance Ground Truth #include #include <stdio.h> <stdio.h> int main(){ int main(){ 29
30 Design of Test Cases Statistical significance Relevance Ground Truth #include #include <stdio.h> <stdio.h> int main(){ int main(){ Types of Test Cases: Software with Common Vulnerability Enumeration (CVE) Production Software Synthetic Test Cases 30
31 Design of Test Cases Software w/ CVEs Statistical significance Relevance Ground Truth #include #include <stdio.h> <stdio.h> int main(){ int main(){ Types of Test Cases: Software with Common Vulnerability Enumeration (CVE) Production Software Synthetic Test Cases 31
32 Design of Test Cases Production Software Statistical significance Relevance Ground Truth #include #include <stdio.h> <stdio.h> int main(){ int main(){ Types of Test Cases: Software with Common Vulnerability Enumeration (CVE) Production Software Synthetic Test Cases 32
33 Design of Test Cases Synthetic Cases Statistical significance Ground Truth #include #include <stdio.h> <stdio.h> int main(){ int main(){ Types of Test Cases: Software with Common Vulnerability Enumeration (CVE) Production Software Synthetic Test Cases 33
34 Mapping Metrics to Data Question Production Software Software w/ CVEs Synthetic Test Cases Coverage Recall Precision Discrimination Overlap Applicable - Metric can be computed Limited - Some limitations with the calculation N/A - Not Applicable 34
35 5. Results 35
36 3,480,195 Warnings to analyze*! *from the SATE V experience 36
37 Coverage Spectrum per Tool For Synthetic Java 37
38 Recall per Tool For Synthetic Java 38
39 Precision per Tool For Synthetic Java 39
40 Discrimination per Tool For Synthetic Java 40
41 Combination of Tool Metrics 41
42 Findings Overlap 42
43 Code Complexity char * data; data = NULL; char mystring[] = "mystring" ; data = strdup(mystring); delete [] data; char * data; char * *dataptr1 = &data; char * *dataptr2 = &data; data = NULL; char * data = *dataptr1; char mystring[] = "mystring" ; data = strdup(mystring); *dataptr1 = data; { char * data = *dataptr2; delete [] data; } 43
44 Code Complexity char * data; data = NULL; char mystring[] = "mystring" ; data = strdup(mystring); delete [] data; char * data; char * *dataptr1 = &data; char * *dataptr2 = &data; data = NULL; char * data = *dataptr1; char mystring[] = "mystring" ; data = strdup(mystring); *dataptr1 = data; { char * data = *dataptr2; delete [] data; } CWE 762: Mismatched Memory Management Routines 44
45 Complexity vs. Tool Effectiveness char * data; data = NULL; char mystring[] = "mystring" ; data = strdup(mystring); delete [] data; char * data; char * *dataptr1 = &data; char * *dataptr2 = &data; data = NULL; char * data = *dataptr1; char mystring[] = "mystring" ; data = strdup(mystring); *dataptr1 = data; { char * data = *dataptr2; delete [] data; } Found by tool X Found by tool X Found by tool Y Missed by tool Y 45
46 Recall per Complexity For Synthetic C 46
47 Precision per Tool On Production Software vs. Synthetic Java 47
48 5. Conclusion 48
49 Conclusion Tools need evaluation! Test cases need improvement Testing procedure needs more metrics: Usability Integration Impact 49
50 Thanks! Any questions? Find us at: 50
51 51
52 SATE The Art of Collecting Data Tool Vendors Static Analysis Tool Test Cases SATE Format Converter Synth. Data CVE Data SATE Reports SATE Database Manual Sample Analysis Semi-Automated CVE matching SAMATE Automated Juliet Analysis 52
53 Evaluation Metrics Question What proportion of defects can a tool find? How noisy is a tool? How similar are unrelated tools? Metrics Recall / Coverage Precision / Discrimination Overlap 53
54 Complexity Different kinds of complexities in the Synthetic Test Cases None No complexity int main() { char buf[15]; cin >> buf; cout << "echo: " << buf << endl; return 0; } 54
55 Complexity Different kinds of complexities in the Synthetic Test Cases None Control Flow Control Flow complexity int main() { char buf[15] = "COUFLESS2015"; if (1) cin >> buf; cout << "echo: " << buf << endl; return 0; } 55
56 Complexity Different kinds of complexities in the Synthetic Test Cases None Control Flow Data Flow Data Flow complexity char *stringcopy(char *str1, char *str2) { while (*str2) *str1++ = *str2++; return str2; } int main(int argc, char **argv) { char *buffer = (char *)malloc(16 * sizeof(char)); stringcopy(buffer, argv[1]); printf("%s\n", buffer); return 0; } 56
Large Scale Generation of Complex and Faulty PHP Test Cases
Large Scale Generation of Complex and Faulty PHP Test Cases Bertrand STIVALET Elizabeth FONG ICST 2016 Chicago, IL, USA April 15th, 2016 http://samate.nist.gov Authors Bertrand STIVALET National Institute
More informationLarge Scale Generation of Complex and Faulty PHP Test Cases
Large Scale Generation of Complex and Faulty PHP Test Cases Bertrand Stivalet, Elizabeth Fong Software and Systems Divison, National Institute of Standards and Technology Gaithersburg, MD, 20899, USA {bertrand.stivalet,
More informationSAMATE (Software Assurance Metrics And Tool Evaluation) Project Overview. Tim Boland NIST May 29,
SAMATE (Software Assurance Metrics And Tool Evaluation) Project Overview Tim Boland NIST May 29, 2012 http://samate.nist.gov t.boland@nist.gov 1 NationaI Institute of Standards and Technology (NIST) NIST,
More informationOWASP 5/07/09. The OWASP Foundation OWASP Static Analysis (SA) Track Session 1: Intro to Static Analysis
Static Analysis (SA) Track Session 1: Intro to Static Analysis Eric Dalci Cigital edalci at cigital dot com 5/07/09 Copyright The Foundation Permission is granted to copy, distribute and/or modify this
More informationCode Coverage Metrics And How to Use Them
Code Coverage Metrics And How to Use Them int main(int argc, char* argv[]) { long int i, n=0; ubcd pp, p, c; if (argc > 1) { } else { } if (n < 0) { } else { } n = atol(argv[1]); cout
More informationThe Importance of Benchmarks for Tools that Find or Prevent Buffer Overflows
The Importance of Benchmarks for Tools that Find or Prevent Buffer Overflows Richard Lippmann, Michael Zhivich Kendra Kratkiewicz, Tim Leek, Graham Baker, Robert Cunningham lippmann@ll.mit.edu To be presented
More informationTopic 8: Lazy Evaluation
Topic 8: Lazy Evaluation 1 Recommended Exercises and Readings From Haskell: The craft of functional programming (3 rd Ed.) Exercises: 17.1, 17.2, 17.4, 17.8, 17.23, 17.25, 17.28, 17.29 Readings: Chapter
More informationCS2141 Software Development using C/C++ C++ Basics
CS2141 Software Development using C/C++ C++ Basics Integers Basic Types Can be short, long, or just plain int C++ does not define the size of them other than short
More informationSecure Programming Lecture 13: Code Review and Static Analysis
Secure Programming Lecture 13: Code Review and Static Analysis David Aspinall 4th March 2016 Outline Overview Vulnerabilities and analysis Using static analysis Simple static analysis tasks Type checking
More informationSecure Programming Lecture 13: Static Analysis
Secure Programming Lecture 13: Static Analysis David Aspinall 10th March 2014 Outline Overview Vulnerabilities and analysis Using static analysis Simple static analysis tasks Type checking Style checking
More informationVulnerabilities and analysis. Simple static analysis tasks Type checking Style checking
Outline Recap Secure Programming Lecture 13: Static Analysis David Aspinall 10th March 2014 Overview Vulnerabilities and analysis Using static analysis Simple static analysis tasks Type checking Style
More informationArray Initialization
Array Initialization Array declarations can specify initializations for the elements of the array: int primes[10] = { 2, 3, 5, 7, 11, 13, 17, 19, 23, 29 ; initializes primes[0] to 2, primes[1] to 3, primes[2]
More informationDYNAMIC ARRAYS; FUNCTIONS & POINTERS; SHALLOW VS DEEP COPY
DYNAMIC ARRAYS; FUNCTIONS & POINTERS; SHALLOW VS DEEP COPY Pages 800 to 809 Anna Rakitianskaia, University of Pretoria STATIC ARRAYS So far, we have only used static arrays The size of a static array must
More informationOpportunities and Obstacles to Using Static Analysis for the Development of Safety-Critical Software
Copyright 2006 Rockwell Collins, Inc. All right reserved. Opportunities and Obstacles to Using Static Analysis for the Development of Safety-Critical Software Safety-Critical Business Case FAA: use of
More informationCS 0449 Sample Midterm
Name: CS 0449 Sample Midterm Multiple Choice 1.) Given char *a = Hello ; char *b = World;, which of the following would result in an error? A) strlen(a) B) strcpy(a, b) C) strcmp(a, b) D) strstr(a, b)
More informationCSE 374 Programming Concepts & Tools. Hal Perkins Fall 2015 Lecture 15 Testing
CSE 374 Programming Concepts & Tools Hal Perkins Fall 2015 Lecture 15 Testing Where we are Some very basic software engineering topics in the midst of tools Today: testing (how, why, some terms) Later:
More information정형기법을활용한 AUTOSAR SWC 의구현확인및정적분석
정형기법을활용한 AUTOSAR SWC 의구현확인및정적분석 Develop high quality embedded software 이영준 Principal Application Engineer 2015 The MathWorks, Inc. 1 Agendas Unit-proving of AUTOSAR Component and Runtime error Secure Coding
More informationAPT Session 4: C. Software Development Team Laurence Tratt. 1 / 14
APT Session 4: C Laurence Tratt Software Development Team 2017-11-10 1 / 14 http://soft-dev.org/ What to expect from this session 1 C. 2 / 14 http://soft-dev.org/ Prerequisites 1 Install either GCC or
More informationINTRODUCTION TO SOFTWARE ENGINEERING
INTRODUCTION TO SOFTWARE ENGINEERING Introduction to Software Testing d_sinnig@cs.concordia.ca Department for Computer Science and Software Engineering What is software testing? Software testing consists
More informationLecture Notes CPSC 224 (Spring 2012) Today... Java basics. S. Bowers 1 of 8
Today... Java basics S. Bowers 1 of 8 Java main method (cont.) In Java, main looks like this: public class HelloWorld { public static void main(string[] args) { System.out.println("Hello World!"); Q: How
More informationSecure Software Development: Theory and Practice
Secure Software Development: Theory and Practice Suman Jana MW 2:40-3:55pm 415 Schapiro [SCEP] *Some slides are borrowed from Dan Boneh and John Mitchell Software Security is a major problem! Why writing
More informationUnit 14. Passing Arrays & C++ Strings
1 Unit 14 Passing Arrays & C++ Strings PASSING ARRAYS 2 3 Passing Arrays As Arguments Can we pass an array to another function? YES!! Syntax: Step 1: In the prototype/signature: Put empty square brackets
More informationUsing Machine Learning to Identify Security Issues in Open-Source Libraries. Asankhaya Sharma Yaqin Zhou SourceClear
Using Machine Learning to Identify Security Issues in Open-Source Libraries Asankhaya Sharma Yaqin Zhou SourceClear Outline - Overview of problem space Unidentified security issues How Machine Learning
More informationC++ Undefined Behavior What is it, and why should I care?
C++ Undefined Behavior What is it, and why should I care? Marshall Clow Qualcomm marshall@idio.com http://cplusplusmusings.wordpress.com (intermittent) Twitter: @mclow ACCU 2014 April 2014 What is Undefined
More informationInference of Memory Bounds
Research Review 2017 Will Klieber, software security researcher Joint work with Will Snavely public release and unlimited distribution. 1 Copyright 2017 Carnegie Mellon University. All Rights Reserved.
More informationHolland Computing Center Kickstart MPI Intro
Holland Computing Center Kickstart 2016 MPI Intro Message Passing Interface (MPI) MPI is a specification for message passing library that is standardized by MPI Forum Multiple vendor-specific implementations:
More informationConnecting with Computer Science, 2e. Chapter 15 Programming II
Connecting with Computer Science, 2e Chapter 15 Programming II Objectives In this chapter you will: Gain an understanding of the basics of high-level programming languages, using Java and C++ as examples
More informationBOOLEAN EXPRESSIONS CONTROL FLOW (IF-ELSE) INPUT/OUTPUT. Problem Solving with Computers-I
BOOLEAN EXPRESSIONS CONTROL FLOW (IF-ELSE) INPUT/OUTPUT Problem Solving with Computers-I Announcements HW02: Complete (individually)using dark pencil or pen, turn in during lab section next Wednesday Please
More informationPIC 10A Pointers, Arrays, and Dynamic Memory Allocation. Ernest Ryu UCLA Mathematics
PIC 10A Pointers, Arrays, and Dynamic Memory Allocation Ernest Ryu UCLA Mathematics Pointers A variable is stored somewhere in memory. The address-of operator & returns the memory address of the variable.
More informationOverloading Functions & Command Line Use in C++ CS 16: Solving Problems with Computers I Lecture #6
Overloading Functions & Command Line Use in C++ CS 16: Solving Problems with Computers I Lecture #6 Ziad Matni Dept. of Computer Science, UCSB A reminder about Labs Announcements Please make sure you READ
More informationTesting, code coverage and static analysis. COSC345 Software Engineering
Testing, code coverage and static analysis COSC345 Software Engineering Outline Various testing processes ad hoc / formal / automatic Unit tests and test driven development Code coverage metrics Integration
More informationDEBUGGING: DYNAMIC PROGRAM ANALYSIS
DEBUGGING: DYNAMIC PROGRAM ANALYSIS WS 2017/2018 Martina Seidl Institute for Formal Models and Verification System Invariants properties of a program must hold over the entire run: integrity of data no
More informationSeparate Compilation Model
Separate Compilation Model Recall: For a function call to compile, either the function s definition or declaration must appear previously in the same file. Goal: Compile only modules affected by recent
More informationRicardo Rocha. Department of Computer Science Faculty of Sciences University of Porto
Ricardo Rocha Department of Computer Science Faculty of Sciences University of Porto Adapted from the slides Revisões sobre Programação em C, Sérgio Crisóstomo Compilation #include int main()
More informationCS349/SE382 A1 C Programming Tutorial
CS349/SE382 A1 C Programming Tutorial Erin Lester January 2005 Outline Comments Variable Declarations Objects Dynamic Memory Boolean Type structs, enums and unions Other Differences The Event Loop Comments
More informationStatic Vulnerability Analysis
Static Vulnerability Analysis Static Vulnerability Detection helps in finding vulnerabilities in code that can be extracted by malicious input. There are different static analysis tools for different kinds
More informationCOMP 2355 Introduction to Systems Programming
COMP 2355 Introduction to Systems Programming Christian Grothoff christian@grothoff.org http://grothoff.org/christian/ 1 Today Class syntax, Constructors, Destructors Static methods Inheritance, Abstract
More informationIf Control Construct
If Control Construct A mechanism for deciding whether an action should be taken JPC and JWD 2002 McGraw-Hill, Inc. 1 Boolean Algebra Logical expressions have the one of two values - true or false A rectangle
More informationToday Program Analysis for finding bugs, especially security bugs problem specification motivation approaches remaining issues
Finding Bugs Last time Run-time reordering transformations Today Program Analysis for finding bugs, especially security bugs problem specification motivation approaches remaining issues CS553 Lecture Finding
More information5) Attacker causes damage Different to gaining control. For example, the attacker might quit after gaining control.
Feb 23, 2009 CSE, 409/509 Mitigation of Bugs, Life of an exploit 1) Bug inserted into code 2) Bug passes testing 3) Attacker triggers bug 4) The Attacker gains control of the program 5) Attacker causes
More informationUsing Static Code Analysis to Find Bugs Before They Become Failures
Using Static Code Analysis to Find Bugs Before They Become Failures Presented by Brian Walker Senior Software Engineer, Video Product Line, Tektronix, Inc. Pacific Northwest Software Quality Conference,
More informationC++ Lab 03 - C++ Functions
C++ Lab 03 - C++ Functions 2.680 Unmanned Marine Vehicle Autonomy, Sensing and Communications Spring 2018 Michael Benjamin, mikerb@mit.edu Department of Mechanical Engineering Computer Science and Artificial
More informationProgramming Language. Control Structures: Repetition (while) Eng. Anis Nazer Second Semester
Programming Language Control Structures: Repetition (while) Eng. Anis Nazer Second Semester 2017-2018 Repetition statements Control statements change the order which statements are executed Selection :
More informationStatic Analysis in C/C++ code with Polyspace
1 Static Analysis in C/C++ code with Polyspace Yongchool Ryu Application Engineer gary.ryu@mathworks.com 2016 The MathWorks, Inc. 2 Agenda Efficient way to find problems in Software Category of Static
More informationPIC 10A Flow control. Ernest Ryu UCLA Mathematics
PIC 10A Flow control Ernest Ryu UCLA Mathematics If statement An if statement conditionally executes a block of code. # include < iostream > using namespace std ; int main () { double d1; cin >> d1; if
More informationAlgorithms and Programming I. Lecture#12 Spring 2015
Algorithms and Programming I Lecture#12 Spring 2015 Think Python How to Think Like a Computer Scientist By :Allen Downey Installing Python Follow the instructions on installing Python and IDLE on your
More informationFirst C or C++ Lab Paycheck-V1.0 Using Microsoft Visual Studio
C & C++ LAB ASSIGNMENT #1 First C or C++ Lab Paycheck-V1.0 Using Microsoft Visual Studio Copyright 2013 Dan McElroy Paycheck-V1.0 The purpose of this lab assignment is to enter a C or C++ into Visual Studio
More informationLinked List using a Sentinel
Linked List using a Sentinel Linked List.h / Linked List.h Using a sentinel for search Created by Enoch Hwang on 2/1/10. Copyright 2010 La Sierra University. All rights reserved. / #include
More informationCMPSC 497 Other Memory Vulnerabilities
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA CMPSC 497 Other Memory
More information1d: tests knowing about bitwise fields and union/struct differences.
Question 1 1a: char ptr[] = Hello World ; char a = ptr[1], b = *(ptr+6); Creates an array of 12 elements, 11 visible letters and a character value 0 at the end. i true ii true iii false iv false v true
More informationAdd Subtract Multiply Divide
ARITHMETIC OPERATORS if AND if/else AND while LOOP Order of Operation (Precedence Part 1) Copyright 2014 Dan McElroy Add Subtract Multiply Divide + Add - Subtract * Multiply / Divide = gives the quotient
More informationFor Teacher's Use Only Q No Total Q No Q No
Student Info Student ID: Center: Exam Date: FINALTERM EXAMINATION Spring 2010 CS201- Introduction to Programming Time: 90 min Marks: 58 For Teacher's Use Only Q No. 1 2 3 4 5 6 7 8 Total Marks Q No. 9
More informationFILE IO AND DATA REPRSENTATION. Problem Solving with Computers-I
FILE IO AND DATA REPRSENTATION Problem Solving with Computers-I Midterm next Thursday (Oct 25) No class on Tuesday (Oct 23) Announcements I/O in programs Different ways of reading data into programs cin
More informationC++ Crash Kurs. Polymorphism. Dr. Dennis Pfisterer Institut für Telematik, Universität zu Lübeck
C++ Crash Kurs Polymorphism Dr. Dennis Pfisterer Institut für Telematik, Universität zu Lübeck http://www.itm.uni-luebeck.de/people/pfisterer C++ Polymorphism Major abstractions of C++ Data abstraction
More informationStatic Analysis Alert Audits Lexicon And Rules David Svoboda, CERT Lori Flynn, CERT Presenter: Will Snavely, CERT
Static Analysis Alert Audits Lexicon And Rules David Svoboda, CERT Lori Flynn, CERT Presenter: Will Snavely, CERT Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213 2016 Carnegie
More informationMore on Func*ons Command Line Arguments CS 16: Solving Problems with Computers I Lecture #8
More on Func*ons Command Line Arguments CS 16: Solving Problems with Computers I Lecture #8 Ziad Matni Dept. of Computer Science, UCSB Announcements Homework #7 due today Lab #4 is due on Monday at 8:00
More informationFunctions in C C Programming and Software Tools. N.C. State Department of Computer Science
Functions in C C Programming and Software Tools N.C. State Department of Computer Science Functions in C Functions are also called subroutines or procedures One part of a program calls (or invokes the
More informationLanguage Security. Lecture 40
Language Security Lecture 40 (from notes by G. Necula) Prof. Hilfinger CS 164 Lecture 40 1 Lecture Outline Beyond compilers Looking at other issues in programming language design and tools C Arrays Exploiting
More informationAddressing Future Challenges in the Development of Safe and Secure Software Components The MathWorks, Inc. 1
Addressing Future Challenges in the Development of Safe and Secure Software Components 2016 The MathWorks, Inc. 1 Cybersecurity Emerging Topic in the Auto Industry Vehicle-to-Infrastructure Wifi Hotspot
More informationCommon Misunderstandings from Exam 1 Material
Common Misunderstandings from Exam 1 Material Kyle Dewey Stack and Heap Allocation with Pointers char c = c ; char* p1 = malloc(sizeof(char)); char** p2 = &p1; Where is c allocated? Where is p1 itself
More informationChapter 13. Functions and Parameter Passing (Part 2)
Christian Jacob Chapter 13 Functions and Parameter Passing (Part 2) 13.1 Passing Arguments to Functions 13.1.1 Passing Pointers 13.1.2 Passing Arrays 13.1.3 Passing Strings 13.2 Parameter Passing Mechanisms
More informationgcc hello.c a.out Hello, world gcc -o hello hello.c hello Hello, world
alun@debian:~$ gcc hello.c alun@debian:~$ a.out Hello, world alun@debian:~$ gcc -o hello hello.c alun@debian:~$ hello Hello, world alun@debian:~$ 1 A Quick guide to C for Networks and Operating Systems
More informationC-String Library Functions
Strings Class 34 C-String Library Functions there are several useful functions in the cstring library strlen: the number of characters before the \0 strncat: concatenate two strings together strncpy: overwrite
More informationArrays and Pointers in C. Alan L. Cox
Arrays and Pointers in C Alan L. Cox alc@rice.edu Objectives Be able to use arrays, pointers, and strings in C programs Be able to explain the representation of these data types at the machine level, including
More informationMemory management. Johan Montelius KTH
Memory management Johan Montelius KTH 2017 1 / 22 C program # include int global = 42; int main ( int argc, char * argv []) { if( argc < 2) return -1; int n = atoi ( argv [1]); int on_stack
More informationAdvanced Software Testing Testing Code with Static Analysis
Advanced Software Testing Testing Code with Static Analysis Advanced Software Testing A series of webinars, this one excerpted from Advanced Software Testing: V3, a book for technical test analysts, programmers,
More informationProgramming in C. Session 8. Seema Sirpal Delhi University Computer Centre
Programming in C Session 8 Seema Sirpal Delhi University Computer Centre File I/O & Command Line Arguments An important part of any program is the ability to communicate with the world external to it.
More information#include <iostream> #include <algorithm> #include <cmath> using namespace std; int f1(int x, int y) { return (double)(x/y); }
1. (9 pts) Show what will be output by the cout s in this program. As in normal program execution, any update to a variable should affect the next statement. (Note: boolalpha simply causes Booleans to
More informationCSI33 Data Structures
Outline Department of Mathematics and Computer Science Bronx Community College October 24, 2018 Outline Outline 1 Chapter 8: A C++ Introduction For Python Programmers Expressions and Operator Precedence
More informationCSC209H Lecture 3. Dan Zingaro. January 21, 2015
CSC209H Lecture 3 Dan Zingaro January 21, 2015 Streams (King 22.1) Stream: source of input or destination for output We access a stream through a file pointer (FILE *) Three streams are available without
More informationProgramming in C. What is C?... What is C?
C Programming in C UVic SEng 265 Developed by Brian Kernighan and Dennis Ritchie of Bell Labs Earlier, in 1969, Ritchie and Thompson developed the Unix operating system We will be focusing on a version
More informationProgramming in C UVic SEng 265
Programming in C UVic SEng 265 Daniel M. German Department of Computer Science University of Victoria 1 SEng 265 dmgerman@uvic.ca C Developed by Brian Kernighan and Dennis Ritchie of Bell Labs Earlier,
More informationAnnouncements. CSCI 334: Principles of Programming Languages. Lecture 18: C/C++ Announcements. Announcements. Instructor: Dan Barowy
CSCI 334: Principles of Programming Languages Lecture 18: C/C++ Homework help session will be tomorrow from 7-9pm in Schow 030A instead of on Thursday. Instructor: Dan Barowy HW6 and HW7 solutions We only
More informationStatic Analysis of C++ Projects with CodeSonar
Static Analysis of C++ Projects with CodeSonar John Plaice, Senior Scientist, GrammaTech jplaice@grammatech.com 25 July 2017, Meetup C++ de Montréal Abstract Static program analysis consists of the analysis
More informationOutline. Introduction. Arrays declarations and initialization. Const variables. Character arrays. Static arrays. Examples.
Outline Introduction. Arrays declarations and initialization. Const variables. Character arrays. Static arrays. Examples. 1 Arrays I Array One type of data structures. Consecutive group of memory locations
More informationPointers, Dynamic Data, and Reference Types
Pointers, Dynamic Data, and Reference Types Review on Pointers Reference Variables Dynamic Memory Allocation The new operator The delete operator Dynamic Memory Allocation for Arrays 1 C++ Data Types simple
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 15: Software Security II Department of Computer Science and Engineering University at Buffalo 1 Software Vulnerabilities Buffer overflow vulnerabilities account
More informationCS 103 Lab - Party Like A Char Star
1 Introduction In this lab you will implement a "hangman" game where the user is shown blanks representing letter of a word and then tries to guess and fill in the letters with a limited number of guesses.
More informationStatically Detecting Likely Buffer Overflow Vulnerabilities
Statically Detecting Likely Buffer Overflow Vulnerabilities David Larochelle and David Evans USENIX'01 David Larochelle and David Evans IEEE Software Jan/Feb 2002 Presented by Adam Polyak 30.03.2014 Outline
More informationunsigned char memory[] STACK ¼ 0x xC of address space globals function KERNEL code local variables
Graded assignment 0 will be handed out in section Assignment 1 Not that bad Check your work (run it through the compiler) Factorial Program Prints out ENTERING, LEAVING, and other pointers unsigned char
More informationProgramming in C. What is C?... What is C?
Programming in C UVic SEng 265 C Developed by Brian Kernighan and Dennis Ritchie of Bell Labs Earlier, in 1969, Ritchie and Thompson developed the Unix operating system We will be focusing on a version
More informationThe output: The address of i is 0xbf85416c. The address of main is 0x80483e4. arrays.c. 1 #include <stdio.h> 3 int main(int argc, char **argv) 4 {
Memory A bit is a binary digit, either 0 or 1. A byte is eight bits, and can thus represent 256 unique values, such as 00000000 and 10010110. Computer scientists often think in terms of hexadecimal, rather
More informationChapter 7: User-Defined Simple Data Types, Namespaces, and the string Type
Strings Chapter 7: User-Defined Simple Data Types, Namespaces, and the string Type A string is a sequence of characters. Strings in C++ are enclosed in "". Examples: "porkpie" "TVC15" (a 7-character string)
More informationAutomatically Finding Patches Using Genetic Programming
Automatically Finding Patches Using Genetic Programming Westley Weimer, Stephanie Forrest, Claire Le Goues, ThanVu Nguyen, Ethan Fast, Briana Satchell, Eric Schulte Motivation Software Quality remains
More informationFast Introduction to Object Oriented Programming and C++
Fast Introduction to Object Oriented Programming and C++ Daniel G. Aliaga Note: a compilation of slides from Jacques de Wet, Ohio State University, Chad Willwerth, and Daniel Aliaga. Outline Programming
More informationLibsafeXP: A Practical & Transparent Tool for Run-time Buffer Overflow Preventions
The 7th Annual IEEE Information Assurance Workshop LibsafeXP: A Practical & Transparent Tool for Run-time Buffer Overflow Preventions Zhiqiang Lin, Bing Mao and Li Xie Dept. of Computer Science Nanjing
More informationLecture 4 September Required reading materials for this class
EECS 261: Computer Security Fall 2007 Lecture 4 September 6 Lecturer: David Wagner Scribe: DK Moon 4.1 Required reading materials for this class Beyond Stack Smashing: Recent Advances in Exploiting Buffer
More informationHomework Assignment #2 (revised)
CISC 2000 Computer Science II Fall, 2018 1 Recall the following functions and operators: Homework Assignment #2 (revised) sizeof function: returns the size of a variable (i.e., the number of bytes used
More informationOne-Slide Summary. Lecture Outline. Language Security
Language Security Or: bringing a knife to a gun fight #1 One-Slide Summary A language s design principles and features have a strong influence on the security of programs written in that language. C s
More informationMPI 2. CSCI 4850/5850 High-Performance Computing Spring 2018
MPI 2 CSCI 4850/5850 High-Performance Computing Spring 2018 Tae-Hyuk (Ted) Ahn Department of Computer Science Program of Bioinformatics and Computational Biology Saint Louis University Learning Objectives
More informationCS 103 Lab 6 - Party Like A Char Star
1 Introduction In this lab you will implement a "hangman" game where the user is shown blanks representing letter of a word and then tries to guess and fill in the letters with a limited number of guesses.
More informationCSC 438 Systems and Software Security, Spring 2014 Instructor: Dr. Natarajan Meghanathan Question Bank for Module 6: Software Security Attacks
CSC 438 Systems and Software Security, Spring 2014 Instructor: Dr. Natarajan Meghanathan Question Bank for Module 6: Software Security Attacks 1) What will be the output of the following C program when
More information[CSE10200] Programming Basis ( 프로그래밍기초 ) Chapter 9. Seungkyu Lee. Assistant Professor, Dept. of Computer Engineering Kyung Hee University
[CSE10200] Programming Basis ( 프로그래밍기초 ) Chapter 9 Seungkyu Lee Assistant Professor, Dept. of Computer Engineering Kyung Hee University CHAPTER 9 Pointers #1~2 Pointer int main () { int a; int b; int c;
More informationTesting. Topics. Types of Testing. Types of Testing
Topics 1) What are common types of testing? a) Testing like a user: through the UI. b) Testing like a dev: through the code. 2) What makes a good bug report? 3) How can we write code to test code (via
More informationGood Luck! Marking Guide. APRIL 2014 Final Exam CSC 209H5S
APRIL 2014 Final Exam CSC 209H5S Last Name: Student #: First Name: Signature: UNIVERSITY OF TORONTO MISSISSAUGA APRIL 2014 FINAL EXAMINATION CSC209H5S System Programming Daniel Zingaro Duration - 3 hours
More informationCPSC 427: Object-Oriented Programming
CPSC 427: Object-Oriented Programming Michael J. Fischer Lecture 10 October 1, 2018 CPSC 427, Lecture 10, October 1, 2018 1/20 Brackets Example (continued from lecture 8) Stack class Brackets class Main
More informationSecure Programming Techniques
Secure Programming Techniques Meelis ROOS mroos@ut.ee Institute of Computer Science Tartu University spring 2014 Course outline Introduction General principles Code auditing C/C++ Web SQL Injection PHP
More informationHigh-performance computing and programming Intro to C on Unix/Linux. Uppsala universitet
High-performance computing and programming Intro to C on Unix/Linux IT Uppsala universitet What is C? An old imperative language that remains rooted close to the hardware C is relatively small and easy
More informationUNIX Input/Output Buffering
UNIX Input/Output Buffering When a C/C++ program begins execution, the operating system environment is responsible for opening three files and providing file pointers to them: stdout standard output stderr
More informationIntroduction Slide 1/20. Introduction. Fall Semester. Parallel Computing
Introduction Slide 1/20 Introduction Fall Semester Introduction Slide 2/20 Topic Outline Programming in C Pointers Input-Output Embarrassingly Parallel Message Passing Interface Projectile motion Fractal
More information