JDart. Rémi Forax JVM Summit'12
|
|
- Kelly Gallagher
- 6 years ago
- Views:
Transcription
1 JDart Rémi Forax JVM Summit'12
2 Dart in one slide Dynamic Language 2 runtimes : DartVM / Dart2js Less dynamic than Java? Better JavaScript Scope done right, classes, no_such_method, mirrors Optionally types types are mostly for documentation checked mode Integers are nullable and infinite
3 DartVM Derived from V8 Not a production VM (yet!) Client VM / 32 bits only Two tiers compiler Use tagged pointer (small integer/reference) Far better than Java boxing!
4 Example on Fibonacci int fibo(n) { return fibo(n-1) + fibo(n-2); main() { fibo(7);
5 In assembler simple code 0xf3108f0a 0xf3108f0d 0xf3108f12 0xf3108f17 0xf3108f1c 0xf3108f21 0xf3108f24 0xf3108f25 0xf3108f2a 0xf3108f2f 0xf3108f34 0xf3108f37 push [ebp+0x8] push 0x2 mov ecx,0xf31b8f11 'ICData target:-' mov edx,0xf331d279 Array[2, 2, null] call 0xf [stub: TwoArgsCheckInlineCache] add esp,0x8 push eax mov ecx,0xf31b8ca1 'Function 'fibo': static.' mov edx,0xf31a1ba9 Array[1, 1, null] call 0xf [stub: CallStaticFunction] add esp,0x4 push eax 0xf3108f38 push [ebp+0x8] 0xf3108f3b push 0x4... ; same code again! 0xf3108f66 mov ecx,0xf31b8fd1 'ICData target:+' 0xf3108f6b mov edx,0xf331d279 Array[2, 2, null] 0xf3108f70 call 0xf [stub: TwoArgsCheckInlineCache] 0xf3108f75 add esp,0x8 0xf3108f78 push eax 0xf3108f79 pop eax 0xf3108f7a mov ebx,0xf31b8ca1 'Function 'fibo': static.' 0xf3108f7f inc [ebx+0x43] 0xf3108f82 cmp [ebx+0x43],0x7d0 0xf3108f89 jng 0xf3108f9e
6 In assembler - optimized 0xf xf xf310900d 0xf310900f 0xf xf xf xf310901f 0xf xf xf310902a 0xf310902f 0xf mov eax,[ebp+0x8] mov edx,0x2 mov ecx,eax test al,0x1 jnz 0xf sub eax,edx jo 0xf push eax mov ecx,0xf31b8ca1 'Function 'fibo': static.' mov edx,0xf31a1ba9 Array[1, 1, null] call 0xf [stub: CallStaticFunction] add esp,0x4 push eax 0xf mov eax,[ebp+0x8] 0xf mov edx,0x4... ; same code again 0xf310905b mov ecx,eax 0xf310905d or eax,edx 0xf310905f test al,0x1 0xf jnz 0xf310909b 0xf mov eax,ecx 0xf add eax,edx 0xf310906b jo 0xf310909b 0xf mov esp,ebp 0xf pop ebp 0xf ret
7 Dart on the JVM Dart on server uses invokedynamic! but avoid useless boxing precise static type analysis (done offline currently) split-path trick
8
9 JDart static analysis Use a linear* interprocedural type flow analysis before generating bytecode Don't use declared type by default Can be used in rare cases in checked mode Works with an horizon, try to share/reuse analysis Analysis not done more than K times by method (actually K=4) * almost :)
10 Example on Fibonacci int fibo(n [7]) { return fibo(n -1 [6]) + fibo(n-2); main() { fibo(7);
11 Example on Fibonacci int fibo(n [7]) { return fibo(n -1 [6]) + fibo(n-2); int fibo(n [0, +inf]) { // return type [1] return fibo(n [2, +inf] -1) + fibo(n-2); main() { fibo(7);
12 Example on Fibonacci int fibo(n [7]) { return fibo(n -1 [6]) + fibo(n-2); int fibo(n [0, +inf]) { // return type = [1] return [-inf, +inf]? + fibo(n-2 [0, +inf]); // return type = [-inf, +inf] main() { fibo(7);
13 Example on Fibonacci int fibo(n [7]) { return fibo(n -1 [6]) [-inf, +inf] + fibo(n-2 [5]) [-inf, +inf]; [-inf, +inf] int fibo(n [0, +inf]) { // return type = [1] return [-inf, +inf]? + fibo(n-2 [0, +inf]); // return type = [-inf, +inf] main() { fibo(7);
14 Example on Fibonacci [-inf, +inf] int fibo(n [7]) { return fibo(n -1 [6]) [-inf, +inf] + fibo(n-2) [-inf, +inf]; [-inf, +inf] int fibo(n [0, +inf]) { // return type = [1] return [-inf, +inf]? + fibo(n-2 [0, +inf]); // return type = [-inf, +inf] main() { fibo(7); We can remove the first fibo because fibo([7]) doesn't offer a more precise return type
15 Split-path generation Methods that takes an int > int32 are compiled in two methods If return type is int, int32 will be used and overflow values will use a thread local exception In the method, ints are compiled using two variables (int32 and BigInt) if BigInt is null, value is int32 Overflow detection is added where needed using the profile
16 Fibo in pseudo Java private static int fibo(int n) { int r1; BigInt _r1; try { r1 = invokedynamic fibo(n -1); _r1 = null; catch(controlflowexception e) { r1 = 0; _r1 = e.value; int r2; BigInt _r2; try { r2 = invokedynamic fibo(n -2); _r2 = null; catch(controlflowexception e) { r2 = 0; _r2 = e.value; int r3; BigInt _r3; if (_r1 == null && _r2 == null) try { r3 = RT.addExact(r1, r2); _r3 = null; catch(arithmeticexception e) { _r3 = invokedynamic addoverflowed(r1, r2); r3 = 0; else _r3 = invokedynamic addbig(r1, _r1, r2, _r2); r3 = 0; if (_r3 == null) return r3; throw ControlFlowException.valueOf(_r3);
17 In assembler...fd4c: mov %esi,(%rsp)...fd4f: cmp $0x2,%esi...fd52: jl...fda1 ;*if_icmpge...fd54: dec %esi ;*isub...fd57: callq 0x00007f ;*invokestatic fibo...fd5c: mov %eax,0x4(%rsp)...fd60: mov (%rsp),%esi...fd63: add $0xfffffffffffffffe,%esi ;*isub...fd67: callq 0x00007f ;*invokestatic fibo...fd6c: mov %eax,%r9d...fd6f: mov 0x4(%rsp),%eax...fd73: add %r9d,%eax...fd76: mov 0x4(%rsp),%r11d...fd7b: xor %eax,%r11d...fd7e: mov %r9d,%r8d...fd81: xor %eax,%r8d...fd84: and %r8d,%r11d...fd87: test %r11d,%r11d...fd8a: jge...fda6 ;inline RT.addExact...fd8c: mov $0xa5,%esi...fd91: mov %r9d,(%rsp)...fd95: xchg %ax,%ax...fd97: callq 0x00007f ; deoptimization...fda1: mov $0x1,%eax fast path??
18 Execution time! Fibo(40) in second JDart (no inline) JDart Java (int only) 0 DartVM Smaller is better Java boxing
19 Questions?
20 Image Credits Phone booth by Louis du Mons Overflow by James Whitesmith
Kasper Lund, Software engineer at Google. Crankshaft. Turbocharging the next generation of web applications
Kasper Lund, Software engineer at Google Crankshaft Turbocharging the next generation of web applications Overview Why did we introduce Crankshaft? Deciding when and what to optimize Type feedback and
More informationComputer Systems Organization V Fall 2009
Computer Systems Organization V22.0201 Fall 2009 Sample Midterm Exam ANSWERS 1. True/False. Circle the appropriate choice. (a) T (b) F At most one operand of an x86 assembly instruction can be an memory
More informationCompiler Design Spring 2017
Compiler Design Spring 2017 6.0 Runtime system and object layout Dr. Zoltán Majó Compiler Group Java HotSpot Virtual Machine Oracle Corporation 1 Runtime system Some open issues from last time Handling
More information16.317: Microprocessor Systems Design I Spring 2015
16.317: Microprocessor Systems Design I Spring 2015 Exam 2 Solution 1. (16 points, 4 points per part) Multiple choice For each of the multiple choice questions below, clearly indicate your response by
More informationProcedure Calls. Young W. Lim Mon. Young W. Lim Procedure Calls Mon 1 / 29
Procedure Calls Young W. Lim 2017-08-21 Mon Young W. Lim Procedure Calls 2017-08-21 Mon 1 / 29 Outline 1 Introduction Based on Stack Background Transferring Control Register Usage Conventions Procedure
More informationAssembly Language for Intel-Based Computers, 4 th Edition
Assembly Language for Intel-Based Computers, 4 th Edition Kip R Irvine Chapter 5: Procedures Lecture 19: Procedures Procedure s parameters Slides prepared by Kip R Irvine Revision date: 08/22/2002 Modified
More informationBuffer Overflow Attack
Buffer Overflow Attack What every applicant for the hacker should know about the foundation of buffer overflow attacks By (Dalgona@wowhacker.org) Email: zinwon@gmail.com 2005 9 5 Abstract Buffer overflow.
More informationEECE.3170: Microprocessor Systems Design I Summer 2017 Homework 4 Solution
1. (40 points) Write the following subroutine in x86 assembly: Recall that: int f(int v1, int v2, int v3) { int x = v1 + v2; urn (x + v3) * (x v3); Subroutine arguments are passed on the stack, and can
More information16.317: Microprocessor Systems Design I Fall 2014
16.317: Microprocessor Systems Design I Fall 2014 Exam 2 Solution 1. (16 points, 4 points per part) Multiple choice For each of the multiple choice questions below, clearly indicate your response by circling
More informationEE 332 Real Time Systems Midterm Examination Solution Friday February 13, :30 pm to 4:30 pm
EE 332 Real Time Systems Midterm Examination Solution Friday February 13, 2004 2:30 pm to 4:30 pm Student Name Student Number Question Mark #1 / 15 #2 / 20 #3 / 25 TOTAL / 60 General: Two hours (2:30 pm
More informationPractical Malware Analysis
Practical Malware Analysis Ch 4: A Crash Course in x86 Disassembly Revised 1-16-7 Basic Techniques Basic static analysis Looks at malware from the outside Basic dynamic analysis Only shows you how the
More informationProcedure Calls. Young W. Lim Sat. Young W. Lim Procedure Calls Sat 1 / 27
Procedure Calls Young W. Lim 2016-11-05 Sat Young W. Lim Procedure Calls 2016-11-05 Sat 1 / 27 Outline 1 Introduction References Stack Background Transferring Control Register Usage Conventions Procedure
More informationCSC 8400: Computer Systems. Machine-Level Representation of Programs
CSC 8400: Computer Systems Machine-Level Representation of Programs Towards the Hardware High-level language (Java) High-level language (C) assembly language machine language (IA-32) 1 Compilation Stages
More informationOverview of Compiler. A. Introduction
CMPSC 470 Lecture 01 Topics: Overview of compiler Compiling process Structure of compiler Programming language basics Overview of Compiler A. Introduction What is compiler? What is interpreter? A very
More informationCS 2505 Computer Organization I Test 2. Do not start the test until instructed to do so! printed
Instructions: Print your name in the space provided below. This examination is closed book and closed notes, aside from the permitted one-page formula sheet. No calculators or other electronic devices
More informationComputer Science Final Examination Wednesday December 13 th 2006
Computer Science 03-60-266 Final Examination Wednesday December 13 th 2006 Dr. Alioune Ngom Last Name: First Name: Student Number: INSTRUCTIONS EXAM DURATION IS 3 hours. OPEN NOTES EXAM: lecture notes,
More informationTextbook chapter 10. Abstract data structures are. In this section, we will talk about. The array The stack Arithmetic using a stack
LC-3 Data Structures Textbook chapter 0 CMPE2 Summer 2008 Abstract data structures are LC-3 data structures Defined by the rules for inserting and extracting data In this section, we will talk about The
More informationIntroduction to 8086 Assembly
Introduction to 8086 Assembly Lecture 5 Jump, Conditional Jump, Looping, Compare instructions Labels and jumping (the jmp instruction) mov eax, 1 add eax, eax jmp label1 xor eax, eax label1: sub eax, 303
More informationX86 Addressing Modes Chapter 3" Review: Instructions to Recognize"
X86 Addressing Modes Chapter 3" Review: Instructions to Recognize" 1 Arithmetic Instructions (1)! Two Operand Instructions" ADD Dest, Src Dest = Dest + Src SUB Dest, Src Dest = Dest - Src MUL Dest, Src
More informationCS / ECE , Spring 2010 Exam 1
Andrew login ID: Full Name: Recitation Section: CS 15-213 / ECE 18-243, Spring 2010 Exam 1 Version 1100101 Tuesday, March 2nd, 2010 Instructions: Make sure that your exam is not missing any sheets, then
More informationCS241 Computer Organization Spring 2015 IA
CS241 Computer Organization Spring 2015 IA-32 2-10 2015 Outline! Review HW#3 and Quiz#1! More on Assembly (IA32) move instruction (mov) memory address computation arithmetic & logic instructions (add,
More informationEqua%onal Reasoning of x86 Assembly Code. Kevin Coogan and Saumya Debray University of Arizona, Tucson, AZ
Equa%onal Reasoning of x86 Assembly Code Kevin Coogan and Saumya Debray University of Arizona, Tucson, AZ Assembly Code is Source Code Commercial libraries oeen do not come with source code, but there
More informationCSC 2400: Computer Systems. Towards the Hardware: Machine-Level Representation of Programs
CSC 2400: Computer Systems Towards the Hardware: Machine-Level Representation of Programs Towards the Hardware High-level language (Java) High-level language (C) assembly language machine language (IA-32)
More informationCSE 413 Winter 2001 Final Exam Sample Solution
Question 1. (12 points, 4 each) Regular expressions. (a) Describe the set of strings generated by the regular expression ((xy*x) (yx*y))* In any order, 0 or more pairs of x s with 0 or more y s between
More informationx86 Assembly Crash Course Don Porter
x86 Assembly Crash Course Don Porter Registers ò Only variables available in assembly ò General Purpose Registers: ò EAX, EBX, ECX, EDX (32 bit) ò Can be addressed by 8 and 16 bit subsets AL AH AX EAX
More informationOne VM, Many Languages
One VM, Many Languages John Rose Brian Goetz Oracle Corporation 9/20/2010 The following is intended to outline our general product direction. It is intended for information purposes
More information16.317: Microprocessor Systems Design I Fall 2015
16.317: Microprocessor Systems Design I Fall 2015 Exam 2 Solution 1. (16 points, 4 points per part) Multiple choice For each of the multiple choice questions below, clearly indicate your response by circling
More informationTurning C into Object Code Code in files p1.c p2.c Compile with command: gcc -O p1.c p2.c -o p Use optimizations (-O) Put resulting binary in file p
Turning C into Object Code Code in files p1.c p2.c Compile with command: gcc -O p1.c p2.c -o p Use optimizations (-O) Put resulting binary in file p text C program (p1.c p2.c) Compiler (gcc -S) text Asm
More informationCS/ECE 354 Practice Midterm Exam Solutions Spring 2016
CS/ECE 354 Practice Midterm Exam Solutions Spring 2016 C Programming 1. The reason for using pointers in a C program is a. Pointers allow different functions to share and modify their local variables.
More informationAssembly Language for Intel-Based Computers, 4 th Edition. Chapter 5: Procedures. Chapter Overview. The Book's Link Library
Assembly Language for Intel-Based Computers, 4 th Edition Kip R Irvine Chapter 5: Procedures Slides prepared by Kip R Irvine Revision date: 10/3/2003 Chapter corrections (Web) Assembly language sources
More informationSummer 2003 Lecture 14 07/02/03
Summer 2003 Lecture 14 07/02/03 LAB 6 Lab 6 involves interfacing to the IBM PC parallel port Use the material on wwwbeyondlogicorg for reference This lab requires the use of a Digilab board Everyone should
More informationCSE351 Autumn 2012 Midterm Exam (5 Nov 2012)
CSE351 Autumn 2012 Midterm Exam (5 Nov 2012) Please read through the entire examination first! We designed this exam so that it can be completed in 50 minutes and, hopefully, this estimate will prove to
More informationCSE P 501 Compilers. x86 Lite for Compiler Writers Hal Perkins Autumn /25/ Hal Perkins & UW CSE J-1
CSE P 501 Compilers x86 Lite for Compiler Writers Hal Perkins Autumn 2011 10/25/2011 2002-11 Hal Perkins & UW CSE J-1 Agenda Learn/review x86 architecture Core 32-bit part only for now Ignore crufty, backward-compatible
More informationOverview. Constructors and destructors Virtual functions Single inheritance Multiple inheritance RTTI Templates Exceptions Operator Overloading
How C++ Works 1 Overview Constructors and destructors Virtual functions Single inheritance Multiple inheritance RTTI Templates Exceptions Operator Overloading Motivation There are lot of myths about C++
More informationCS412/CS413. Introduction to Compilers Tim Teitelbaum. Lecture 21: Generating Pentium Code 10 March 08
CS412/CS413 Introduction to Compilers Tim Teitelbaum Lecture 21: Generating Pentium Code 10 March 08 CS 412/413 Spring 2008 Introduction to Compilers 1 Simple Code Generation Three-address code makes it
More informationCS 2505 Computer Organization I Test 2. Do not start the test until instructed to do so! printed
Instructions: Print your name in the space provided below. This examination is closed book and closed notes, aside from the permitted one-page formula sheet. No calculators or other electronic devices
More informationCS 2505 Computer Organization I Test 2. Do not start the test until instructed to do so! printed
Instructions: Print your name in the space provided below. This examination is closed book and closed notes, aside from the permitted one-page formula sheet. No calculators or other electronic devices
More informationASSEMBLY III: PROCEDURES. Jo, Heeseung
ASSEMBLY III: PROCEDURES Jo, Heeseung IA-32 STACK (1) Characteristics Region of memory managed with stack discipline Grows toward lower addresses Register indicates lowest stack address - address of top
More informationLink 2. Object Files
Link 2. Object Files Young W. Lim 2017-09-23 Sat Young W. Lim Link 2. Object Files 2017-09-23 Sat 1 / 40 Outline 1 Linking - 2. Object Files Based on Oject Files ELF Sections Example Program Source Codes
More informationComputer Systems Lecture 9
Computer Systems Lecture 9 CPU Registers in x86 CPU status flags EFLAG: The Flag register holds the CPU status flags The status flags are separate bits in EFLAG where information on important conditions
More informationLink 2. Object Files
Link 2. Object Files Young W. Lim 2017-09-20 Wed Young W. Lim Link 2. Object Files 2017-09-20 Wed 1 / 33 Outline 1 Linking - 2. Object Files Based on Oject Files ELF Sections Example Program Source Codes
More informationAssembly III: Procedures. Jo, Heeseung
Assembly III: Procedures Jo, Heeseung IA-32 Stack (1) Characteristics Region of memory managed with stack discipline Grows toward lower addresses Register indicates lowest stack address - address of top
More informationAssembly I: Basic Operations. Jo, Heeseung
Assembly I: Basic Operations Jo, Heeseung Moving Data (1) Moving data: movl source, dest Move 4-byte ("long") word Lots of these in typical code Operand types Immediate: constant integer data - Like C
More informationMachine Programming 1: Introduction
Machine Programming 1: Introduction CS61, Lecture 3 Prof. Stephen Chong September 8, 2011 Announcements (1/2) Assignment 1 due Tuesday Please fill in survey by 5pm today! Assignment 2 will be released
More informationASSEMBLY I: BASIC OPERATIONS. Jo, Heeseung
ASSEMBLY I: BASIC OPERATIONS Jo, Heeseung MOVING DATA (1) Moving data: movl source, dest Move 4-byte ("long") word Lots of these in typical code Operand types Immediate: constant integer data - Like C
More informationLabeling Library Functions in Stripped Binaries
Labeling Library Functions in Stripped Binaries Emily R. Jacobson, Nathan Rosenblum, and Barton P. Miller Computer Sciences Department University of Wisconsin - Madison PASTE 2011 Szeged, Hungary September
More informationExploiting Stack Buffer Overflows Learning how blackhats smash the stack for fun and profit so we can prevent it
Exploiting Stack Buffer Overflows Learning how blackhats smash the stack for fun and profit so we can prevent it 29.11.2012 Secure Software Engineering Andreas Follner 1 Andreas Follner Graduated earlier
More informationCSE 351 Midterm - Winter 2015 Solutions
CSE 351 Midterm - Winter 2015 Solutions February 09, 2015 Please read through the entire examination first! We designed this exam so that it can be completed in 50 minutes and, hopefully, this estimate
More informationReverse Engineering Low Level Software. CS5375 Software Reverse Engineering Dr. Jaime C. Acosta
1 Reverse Engineering Low Level Software CS5375 Software Reverse Engineering Dr. Jaime C. Acosta Machine code 2 3 Machine code Assembly compile Machine Code disassemble 4 Machine code Assembly compile
More informationDo You Trust a Mutated Binary? Drew Bernat Correct Relocation
Correct Relocation: Do You Trust a Mutated Binary? Drew Bernat bernat@cs.wisc.edu April 30, 2007 Correct Relocation Binary Manipulation We want to: Insert new code Modify or delete code These operations
More informationSubprograms, Subroutines, and Functions
Subprograms, Subroutines, and Functions Subprograms are also called subroutines, functions, procedures and methods. A function is just a subprogram that returns a value; say Y = SIN(X). In general, the
More informationCSE 351 Midterm - Winter 2015
CSE 351 Midterm - Winter 2015 February 09, 2015 Please read through the entire examination first! We designed this exam so that it can be completed in 50 minutes and, hopefully, this estimate will prove
More informationSystem calls and assembler
System calls and assembler Michal Sojka sojkam1@fel.cvut.cz ČVUT, FEL License: CC-BY-SA 4.0 System calls (repetition from lectures) A way for normal applications to invoke operating system (OS) kernel's
More informationDecision-Making and Repetition
2.2 Recursion Introduction A recursive method is a method that call itself. You may already be familiar with the factorial function (N!) in mathematics. For any positive integer N, N! is defined to be
More informationFunction Call Convention
Function Call Convention Compass Security Schweiz AG Werkstrasse 20 Postfach 2038 CH-8645 Jona Tel +41 55 214 41 60 Fax +41 55 214 41 61 team@csnc.ch www.csnc.ch Content Intel Architecture Memory Layout
More informationCSE P 501 Exam 8/5/04 Sample Solution. 1. (10 points) Write a regular expression or regular expressions that generate the following sets of strings.
1. (10 points) Write a regular ression or regular ressions that generate the following sets of strings. (a) (5 points) All strings containing a s, b s, and c s with at least one a and at least one b. [abc]*a[abc]*b[abc]*
More informationAccumulator and memory instructions 1. Loads, stores, and transfers 2. Arithmetic operations 3. Multiply and divide 4. Logical operations 5. Data test
HC11 Instruction Set Instruction classes 1. 2. 3. 4. Accumulator and Memory Stack and Index Register Condition Code Register Program control instructions 2 1 Accumulator and memory instructions 1. Loads,
More informationSample Exam I PAC II ANSWERS
Sample Exam I PAC II ANSWERS Please answer questions 1 and 2 on this paper and put all other answers in the blue book. 1. True/False. Please circle the correct response. a. T In the C and assembly calling
More informationCS , Fall 2001 Exam 1
Andrew login ID: Full Name: CS 15-213, Fall 2001 Exam 1 October 9, 2001 Instructions: Make sure that your exam is not missing any sheets, then write your full name and Andrew login ID on the front. Write
More information1 /* file cpuid2.s */ 4.asciz "The processor Vendor ID is %s \n" 5.section.bss. 6.lcomm buffer, section.text. 8.globl _start.
1 /* file cpuid2.s */ 2.section.data 3 output: 4.asciz "The processor Vendor ID is %s \n" 5.section.bss 6.lcomm buffer, 12 7.section.text 8.globl _start 9 _start: 10 movl $0, %eax 11 cpuid 12 movl $buffer,
More information15-213/18-243, Summer 2011 Exam 1 Tuesday, June 28, 2011
Andrew login ID: Full Name: Section: 15-213/18-243, Summer 2011 Exam 1 Tuesday, June 28, 2011 Instructions: Make sure that your exam is not missing any sheets, then write your Andrew login ID, full name,
More informationCPS104 Recitation: Assembly Programming
CPS104 Recitation: Assembly Programming Alexandru Duțu 1 Facts OS kernel and embedded software engineers use assembly for some parts of their code some OSes had their entire GUIs written in assembly in
More informationProgram Exploitation Intro
Program Exploitation Intro x86 Assembly 04//2018 Security 1 Univeristà Ca Foscari, Venezia What is Program Exploitation "Making a program do something unexpected and not planned" The right bugs can be
More informationThe geometry of innocent flesh on the bone: Return-into-libc without function calls (on the x86) Hovav Shacham presented by: Fabian Fäßler
The geometry of innocent flesh on the bone: Return-into-libc without function calls (on the x86) Hovav Shacham presented by: Fabian Fäßler return-oriented programming Hovav Shacham presented by: Fabian
More informationCompilers Crash Course
Compilers Crash Course Prof. Michael Clarkson CSci 6907.85 Spring 2014 Slides Acknowledgment: Prof. Andrew Myers (Cornell) What are Compilers? Translators from one representation of program code to another
More informationPart 1 Fine-grained Operations
Part 1 Fine-grained Operations As we learned on Monday, CMPXCHG can be used to implement other primitives, such as TestAndSet. int CMPXCHG (int* loc, int oldval, int newval) { ATOMIC(); int old_reg_val
More information22 Assembly Language for Intel-Based Computers, 4th Edition. 3. Each edge is a transition from one state to another, caused by some input.
22 Assembly Language for Intel-Based Computers, 4th Edition 6.6 Application: Finite-State Machines 1. A directed graph (also known as a diagraph). 2. Each node is a state. 3. Each edge is a transition
More informationBetriebssysteme und Sicherheit Sicherheit. Buffer Overflows
Betriebssysteme und Sicherheit Sicherheit Buffer Overflows Software Vulnerabilities Implementation error Input validation Attacker-supplied input can lead to Corruption Code execution... Even remote exploitation
More informationBypassing SEHOP. Stéfan Le Berre Damien Cauquil
Bypassing SEHOP Stéfan Le Berre s.leberre@sysdream.com Damien Cauquil d.cauquil@sysdream.com Table of contents 0. Introduction...3 1. SEHOP specifications (short version)...3 2. Dealing with SEHOP when
More informationCSE351 Autumn 2014 Midterm Exam (29 October 2014)
CSE351 Autumn 2014 Midterm Exam (29 October 2014) (Version A) Please read through the entire examination first! We designed this exam so that it can be completed in 50 minutes and, hopefully, this estimate
More informationSA31675 / CVE
Generated by Secunia 10 September, 2008 5 pages Table of Contents Introduction 2 Technical Details 2 Exploitation 4 Characteristics 4 Tested Versions 4 Fixed Versions 5 References 5 Generated by Secunia
More informationDigital Forensics Lecture 3 - Reverse Engineering
Digital Forensics Lecture 3 - Reverse Engineering Low-Level Software Akbar S. Namin Texas Tech University Spring 2017 Reverse Engineering High-Level Software Low-level aspects of software are often the
More informationSubprograms: Arguments
Subprograms: Arguments ICS312 Machine-Level and Systems Programming Henri Casanova (henric@hawaii.edu) Activation Records The stack is useful to store and rieve urn addresses, transparently managed via
More informationY86 Processor State. Instruction Example. Encoding Registers. Lecture 7A. Computer Architecture I Instruction Set Architecture Assembly Language View
Computer Architecture I Instruction Set Architecture Assembly Language View Processor state Registers, memory, Instructions addl, movl, andl, How instructions are encoded as bytes Layer of Abstraction
More informationT Jarkko Turkulainen, F-Secure Corporation
T-110.6220 2010 Emulators and disassemblers Jarkko Turkulainen, F-Secure Corporation Agenda Disassemblers What is disassembly? What makes up an instruction? How disassemblers work Use of disassembly In
More informationMachine Programming 3: Procedures
Machine Programming 3: Procedures CS61, Lecture 5 Prof. Stephen Chong September 15, 2011 Announcements Assignment 2 (Binary bomb) due next week If you haven t yet please create a VM to make sure the infrastructure
More informationCS 3214 Spring # Problem Points Min Max Average Median SD Grader. 1 Memory Layout and Locality Bill
CS 3214 # Problem Points Min Max Average Median SD Grader 1 Memory Layout and Locality 25 2 25 14.2 14 5.7 Bill 2 Stack 25 3 22 12.6 13 4.2 Peter 3 Compilation and Linking 25 0 19 7.6 6 4.7 Maggie 4 Execution
More informationCS , Spring 2004 Exam 1
Andrew login ID: Full Name: CS 15-213, Spring 2004 Exam 1 February 26, 2004 Instructions: Make sure that your exam is not missing any sheets (there should be 15), then write your full name and Andrew login
More informationRoadmap. Java: Assembly language: OS: Machine code: Computer system:
Roadmap C: car *c = malloc(sizeof(car)); c->miles = 100; c->gals = 17; float mpg = get_mpg(c); free(c); Assembly language: Machine code: Computer system: get_mpg: pushq movq... popq ret %rbp %rsp, %rbp
More informationImplementing Functions at the Machine Level
Subroutines/Functions Implementing Functions at the Machine Level A subroutine is a program fragment that... Resides in user space (i.e, not in OS) Performs a well-defined task Is invoked (called) by a
More informationLABORATORY WORK NO. 7 FLOW CONTROL INSTRUCTIONS
LABORATORY WORK NO. 7 FLOW CONTROL INSTRUCTIONS 1. Object of laboratory The x86 microprocessor family has a large variety of instructions that allow instruction flow control. We have 4 categories: jump,
More information47: #define NEH_CPU_IS_VIA 0x : #define NEH_CPU_READ 0x : #define NEH_CPU_MASK 0x : 51: #define NEH_RNG_PRESENT 0x000000
1: /* 2: --------------------------------------------------------------------------- 3: Copyright (c) 1998-2007, Brian Gladman, Worcester, UK. All rights reserved. 4: 5: LICENSE TERMS 6: 7: The free distribution
More informationLab 3. The Art of Assembly Language (II)
Lab. The Art of Assembly Language (II) Dan Bruce, David Clark and Héctor D. Menéndez Department of Computer Science University College London October 2, 2017 License Creative Commons Share Alike Modified
More informationJVM ByteCode Interpreter
JVM ByteCode Interpreter written in Haskell (In under 1000 Lines of Code) By Louis Jenkins Presentation Schedule ( 15 Minutes) Discuss and Run the Virtual Machine first
More informationAssembly I: Basic Operations. Computer Systems Laboratory Sungkyunkwan University
Assembly I: Basic Operations Jin-Soo Kim (jinsookim@skku.edu) Computer Systems Laboratory Sungkyunkwan University http://csl.skku.edu Moving Data (1) Moving data: movl source, dest Move 4-byte ( long )
More informationIslamic University Gaza Engineering Faculty Department of Computer Engineering ECOM 2125: Assembly Language LAB. Lab # 7. Procedures and the Stack
Islamic University Gaza Engineering Faculty Department of Computer Engineering ECOM 2125: Assembly Language LAB Lab # 7 Procedures and the Stack April, 2014 1 Assembly Language LAB Runtime Stack and Stack
More informationCome and join us at WebLyceum
Come and join us at WebLyceum For Past Papers, Quiz, Assignments, GDBs, Video Lectures etc Go to http://www.weblyceum.com and click Register In Case of any Problem Contact Administrators Rana Muhammad
More informationCS Bootcamp x86-64 Autumn 2015
The x86-64 instruction set architecture (ISA) is used by most laptop and desktop processors. We will be embedding assembly into some of our C++ code to explore programming in assembly language. Depending
More informationPRESENTED BY: SANTOSH SANGUMANI & SHARAN NARANG
PRESENTED BY: SANTOSH SANGUMANI & SHARAN NARANG Table of contents Introduction Binary Disassembly Return Address Defense Prototype Implementation Experimental Results Conclusion Buffer Over2low Attacks
More informationCSE351 Autumn 2014 Midterm Exam (29 October 2014)
CSE351 Autumn 2014 Midterm Exam (29 October 2014) Please read through the entire examination first! We designed this exam so that it can be completed in 50 minutes and, hopefully, this estimate will prove
More informationTowards the Hardware"
CSC 2400: Computer Systems Towards the Hardware Chapter 2 Towards the Hardware High-level language (Java) High-level language (C) assembly language machine language (IA-32) 1 High-Level Language Make programming
More informationOverview. Constructors and destructors Virtual functions Single inheritance Multiple inheritance RTTI Templates Exceptions Operator Overloading
HOW C++ WORKS Overview Constructors and destructors Virtual functions Single inheritance Multiple inheritance RTTI Templates Exceptions Operator Overloading Motivation There are lot of myths about C++
More informationx86: assembly for a real machine Compiler construction 2012 x86 assembler, a first example Example explained Lecture 7
x86 architecture Compiler construction 2012 x86: assembly for a real machine x86 architecture Calling conventions Some x86 instructions Instruction selection Instruction scheduling Register allocation
More informationCNIT 127: Exploit Development. Ch 3: Shellcode. Updated
CNIT 127: Exploit Development Ch 3: Shellcode Updated 1-30-17 Topics Protection rings Syscalls Shellcode nasm Assembler ld GNU Linker objdump to see contents of object files strace System Call Tracer Removing
More informationCSC 405 Computer Security Stack Canaries & ASLR
CSC 405 Computer Security Stack Canaries & ASLR Alexandros Kapravelos akaprav@ncsu.edu How can we prevent a buffer overflow? Check bounds Programmer Language Stack canaries [...more ] Buffer overflow defenses
More informationSOEN228, Winter Revision 1.2 Date: October 25,
SOEN228, Winter 2003 Revision 1.2 Date: October 25, 2003 1 Contents Flags Mnemonics Basic I/O Exercises Overview of sample programs 2 Flag Register The flag register stores the condition flags that retain
More informationEECS 213 Introduction to Computer Systems Dinda, Spring Homework 3. Memory and Cache
Homework 3 Memory and Cache 1. Reorder the fields in this structure so that the structure will (a) consume the most space and (b) consume the least space on an IA32 machine on Linux. struct foo { double
More informationEx: Write a piece of code that transfers a block of 256 bytes stored at locations starting at 34000H to locations starting at 36000H. Ans.
INSTRUCTOR: ABDULMUTTALIB A H ALDOURI Conditional Jump Cond Unsigned Signed = JE : Jump Equal JE : Jump Equal ZF = 1 JZ : Jump Zero JZ : Jump Zero ZF = 1 JNZ : Jump Not Zero JNZ : Jump Not Zero ZF = 0
More informationadministrivia today start assembly probably won t finish all these slides Assignment 4 due tomorrow any questions?
administrivia today start assembly probably won t finish all these slides Assignment 4 due tomorrow any questions? exam on Wednesday today s material not on the exam 1 Assembly Assembly is programming
More informationmith College Computer Science CSC231 Assembly Week #11 Fall 2017 Dominique Thiébaut
mith College Computer Science CSC231 Assembly Week #11 Fall 2017 Dominique Thiébaut dthiebaut@smith.edu Back to Conditional Jumps Review sub eax, 10 jz there xxx xxx there:yyy yyy Review cmp eax, 10 jz
More information