Sta$c Analysis Dataflow Analysis
|
|
- Geoffrey Lee
- 5 years ago
- Views:
Transcription
1 Sta$c Analysis Dataflow Analysis
2 Roadmap Overview. Four Analysis Examples. Analysis Framework Soot. Theore>cal Abstrac>on of Dataflow Analysis. Inter- procedure Analysis. Taint Analysis.
3 Overview Sta>c analysis is a program analysis technique performed without actually execu>ng programs. Data flow analysis is a process of deriving informa>on about the run >me behavior of a program. Usage: compiler, IDE and security.
4 SSA Requires that each variable is assigned exactly once. y := 1 y := 2 x := y y1 := 1 y2 := 2 x1 := y2 Def- use chain: Def- use chains are used to propagate data flow informa>on. The analysis algorithm takes >me propor>onal to the product of the total number of def- use edges Benefits: Data flow analysis could be easier and faster. Reduce the number of def- use chains. (m*n vs m+n)
5
6
7 Control Flow Graph (CFG) A control flow graph is a representa>on of a program that makes certain analyses (including dataflow analyses) easier. Usually built on Intermediate representa>on: Single sta>c assignment (SSA) form. Statements may be Assignments: x := y or x := y op z or x := op y Branches: goto L or if b then goto L A directed graph where Each node represents a statement Edges represent control flow
8 IN point OUT point
9 Roadmap Overview. Four Analysis Examples. Analysis Framework Soot. Theore>cal Abstrac>on of Dataflow Analysis. Inter- procedure Analysis. Taint Analysis.
10 Example Available expressions Reaching defini>ons Live variables Very busy expressions Data- flow- analysis- example.pdf
11 Blackboard
12 a, b, x a, b, x, y a, b, x, y a, b, y a, b, x, y a, b a, x, b a, x, b a, x, y a, x, y a, b, x, y x a, b, y X (prerequisite knowle 6. a, b, y a, b, y a, x, y
13 Forward Must Dataflow Algorithm Full set
14 Roadmap Overview. Four Analysis Examples. Analysis Framework Soot. Theore>cal Abstrac>on of Dataflow Analysis. Inter- procedure Analysis. Taint Analysis.
15 Use Framework to Implement Analysis Soot is a framework to analyze and op>mize Java or Android programs.
16 Four Steps to Use Soot Forward or backward? Decide what you are approxima>ng. What is the domain s confluence operator? (Union or Intersec>on) Write equa>on for each kind of IR statement. State the star>ng approxima>on. (Ini>al value of each set)
17 HOWTO: Implemen>ng Soot Flow Analysis Subclass ForwardFlowAnalysis or BackwardFlowAnalysis. Implement merge(), copy() Implement flow func>on: flowthrough() Implement ini>al values: newini>alflow() and entryini>alflow() Implement constructor (it must call doanalysis())
18 Soot Example: Live Variable
19 Step1. Forward or Backward
20 Step2. Abstrac>on Domain
21 Step 3. Implemen>ng an Abstrac>on
22 Step 3. Implemen>ng an Abstrac>on
23 Implemen>ng Copy
24 Implemen>ng Merge
25 Flow Equa>ons
26 Implemen>ng Flow Func>on: Cas>ng (1)
27 Implemen>ng Flow Func>on: Copying (2)
28 Implemen>ng Flow Func>on: Removing Kills (3)
29 Implemen>ng Flow Func>on: Adding Gens (4)
30 Step 4. Ini>al Value.
31 Step 5. Implement Constructor
32 Enjoy: Flow Analysis Results
33 Roadmap Overview. Four Analysis Examples. Analysis Framework Soot. Theore$cal Abstrac$on of Dataflow Analysis. Inter- procedure Analysis. Taint Analysis.
34 Theore>cal Abstrac>on of Dataflow Analysis Model dataflow analysis is important: Whether the algorithm will terminate. Which analysis converges faster. There is an order between the values a data flow variable takes in two consecu>ve itera>ons. A general way to express an order between objects is to embed them in a mathema>cal structure called a lafce.
35 Lafce A par$al order on a set S is a rela>on over S S that is Reflexive. For all elements x S : x x. Transi>ve. For all elements x,y,z S : x y and y z implies x z. An>- symmetric. For all elements x,y S : x y and y x implies x = y. A par$ally ordered set, denoted by (S, ), is a set S with a par>al order. LaLce: a par>ally ordered set with unique least upper bounds and greatest lower bounds.
36 Modeling Data Flow Values Using Lafces The rela>on can be interpreted as a conserva>ve (safe) approxima>on of. The lafce for data flow values in live variables analysis
37 Modeling Flow Func$ons
38 Two important proper>es of flow func>ons Determine if the analysis could terminate. Determine if the analysis could run faster.
39 Distribu>ve problems: Live variables Available expressions Reaching defini>ons Very busy expressions Non- distribu>ve problem: A: {x=2, y=1} B: {x=1, y=2} FlowFunc>on(A Π B) = {A,B,C unknown} FlowFunc>on(A) Π FlowFunc>on (B) = {A,B Unknow, Z=3}
40 Roadmap Overview. Example. Theore>cal Abstrac>on of Dataflow Analysis. Inter- procedure Analysis. Taint Analysis. Analysis Framework Soot.
41 Inter- procedure Analysis
42 Top Value: UNDEF Bopom Value: NOT Constant a:=7 (7 Π 17) X:=7 r:=7 x:=7 a:=7, a:=not y:=0 Constant y:=not Constant z:=not Constant
43 A quick fix
44 Context- based Inter- procedure analysis Solu>on: make a finite number of copies Use context informa>on to determine when to share a copy Choice of what to use for context will produce different tradeoffs between precision and scalability Common choice: Call site Parameter value
45 Based on Call Stack Depth 1
46 Based on Call Stack Depth 2
47 Based on Parameter Value
48 Roadmap Overview. Example. Theore>cal Abstrac>on of Dataflow Analysis. Inter- procedure Analysis. Taint Analysis. Analysis Framework Soot.
49 Taint Analysis Follow any applica>on inside a debugger and you will see that data informa>on is being copied and modified all the >me. In another words, informa>on is always moving. Taint analysis can be seen as a form of Informa>on Flow Analysis. Insert some kind of tag or label for data we are interested in. (taint the data) Track the influence of the tainted object along the execu>on of the program. Taint relevant data. Obverse if it flows to sensi>ve func>ons (sink).
50 Two usage in security: Taint Analysis Finding informa$on leakage. Finding program vulnerability. For informa>on leakage: If a data (variable) contains user secrets (e.g., loca>on, contacts), we will taint such data. Taint the variables whose data depend on tainted value. (e.g., a := b + x) Observe if the tainted data will flow to func>ons that might send data to other places.
51
52 Taint Analysis Two usage in security: Finding informa>on leakage. Finding program vulnerability (code injec$on). Applica>on vulnerability: A lot of vulnerabili>es are caused by unchecked input from user (apack) sent to sensi>ve func>ons.
53 <script> alert(1)</script> XSS vulnerability
54 SELECT * FROM `login` WHERE `user`= OR a = a AND `pass`= OR a = a
55 Buffer Overflow Vulnerability
56 Taint Analysis Two usage in security: Finding informa>on leakage. Finding program vulnerability (code injec$on). Applica>on vulnerability: A lot of vulnerabili>es are caused by unchecked input from user (apack) sent to sensi>ve func>ons. If the source of a object X s value is untrusted, we say X is tainted. Taint the variables whose data depend on tainted value. (e.g., a := b + x) Observe if the tainted data will flow to dangerous func>ons that might lead to execu>on its parameters.
57 Taint Analysis Works Android App Informa>on Leakage: FlowDroid. JavaScript: Firefox Extension Vulnerability: Bandhakavi, Sruthi, et al. "VEX: Vefng browser extensions for security vulnerabili>es." Usenix Security Php: Web Applica>on Vulnerability: Jovanovic, Nenad, Christopher Kruegel, and Engin Kirda. "Pixy: A sta>c analysis tool for detec>ng web applica>on vulnerabili>es. Oakland, 2006
58 References Soot Tutorial: hpps://github.com/sable/soot/wiki/tutorials Interprocedural Data Flow Analysis in Soot using Value Contexts: hpps://arxiv.org/pdf/ pdf Harvard Advanced Programming Language: hpp:// Textbool: Data Flow Analysis: Theory and Prac>ce: hpps:// Flow- Analysis- Theory- Prac>ce/dp/ Course: Professor Finddler s programming Languages seminar. Course: Professor Campanoni s code analysis and transforma>on.
Data Flow Analysis. Suman Jana. Adopted From U Penn CIS 570: Modern Programming Language Implementa=on (Autumn 2006)
Data Flow Analysis Suman Jana Adopted From U Penn CIS 570: Modern Programming Language Implementa=on (Autumn 2006) Data flow analysis Derives informa=on about the dynamic behavior of a program by only
More informationSta$c Single Assignment (SSA) Form
Sta$c Single Assignment (SSA) Form SSA form Sta$c single assignment form Intermediate representa$on of program in which every use of a variable is reached by exactly one defini$on Most programs do not
More informationVulnerability Analysis (III): Sta8c Analysis
Computer Security Course. Vulnerability Analysis (III): Sta8c Analysis Slide credit: Vijay D Silva 1 Efficiency of Symbolic Execu8on 2 A Sta8c Analysis Analogy 3 Syntac8c Analysis 4 Seman8cs- Based Analysis
More informationCompiler Optimization Intermediate Representation
Compiler Optimization Intermediate Representation Virendra Singh Associate Professor Computer Architecture and Dependable Systems Lab Department of Electrical Engineering Indian Institute of Technology
More informationIntroduction to Soot. Automated testing and verification. J.P. Galeotti - Alessandra Gorla. Thursday, November 22, 12
Introduction to Soot Automated testing and verification J.P. Galeotti - Alessandra Gorla The Java virtual machine (JVM) The Java compiler translates a Java program into Java bytecode (input language of
More informationSoot, a Tool for Analyzing and Transforming Java Bytecode
Soot, a Tool for Analyzing and Transforming Java Bytecode Laurie Hendren, Patrick Lam, Jennifer Lhoták, Ondřej Lhoták and Feng Qian McGill University Special thanks to John Jorgensen and Navindra Umanee
More informationApproach starts with GEN and KILL sets
b -Advanced-DFA Review of Data Flow Analysis State Propaga+on Computer Science 5-6 Fall Prof. L. J. Osterweil Material adapted from slides originally prepared by Prof. L. A. Clarke A technique for determining
More informationFix- point engine in Z3. Krystof Hoder Nikolaj Bjorner Leonardo de Moura
μz Fix- point engine in Z3 Krystof Hoder Nikolaj Bjorner Leonardo de Moura Mo?va?on Horn EPR applica?ons (Datalog) Points- to analysis Security analysis Deduc?ve data- bases and knowledge bases (Yago)
More informationCompiler Structure. Data Flow Analysis. Control-Flow Graph. Available Expressions. Data Flow Facts
Compiler Structure Source Code Abstract Syntax Tree Control Flow Graph Object Code CMSC 631 Program Analysis and Understanding Fall 2003 Data Flow Analysis Source code parsed to produce AST AST transformed
More informationTop 10 Web Application Vulnerabilities
Top 10 Web Application Vulnerabilities Why you should care about them plus a live hacking demo!! Why should you care?! Insecure so*ware is undermining our financial, healthcare, defense, energy, and other
More informationMore Dataflow Analysis
More Dataflow Analysis Steps to building analysis Step 1: Choose lattice Step 2: Choose direction of dataflow (forward or backward) Step 3: Create transfer function Step 4: Choose confluence operator (i.e.,
More informationROSAEC Survey Workshop SELab. Soohyun Baik
ROSAEC Survey Workshop SELab. Soohyun Baik Cross-Site Scripting Prevention with Dynamic Data Tainting and Static Analysis Philipp Vogt, Florian Nentwich, Nenad Jovanovic, Engin Kirda, Christopher Kruegel,
More informationStatic Analysis. Systems and Internet Infrastructure Security
Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Static Analysis Trent
More informationPrinciples of Program Analysis. Lecture 1 Harry Xu Spring 2013
Principles of Program Analysis Lecture 1 Harry Xu Spring 2013 An Imperfect World Software has bugs The northeast blackout of 2003, affected 10 million people in Ontario and 45 million in eight U.S. states
More informationCSE Compilers. Reminders/ Announcements. Lecture 15: Seman9c Analysis, Part III Michael Ringenburg Winter 2013
CSE 401 - Compilers Lecture 15: Seman9c Analysis, Part III Michael Ringenburg Winter 2013 Winter 2013 UW CSE 401 (Michael Ringenburg) Reminders/ Announcements Project Part 2 due Wednesday Midterm Friday
More informationLecture 1 Introduc-on
Lecture 1 Introduc-on What would you get out of this course? Structure of a Compiler Op9miza9on Example 15-745: Introduc9on 1 What Do Compilers Do? 1. Translate one language into another e.g., convert
More informationFinding Vulnerabilities in Web Applications
Finding Vulnerabilities in Web Applications Christopher Kruegel, Technical University Vienna Evolving Networks, Evolving Threats The past few years have witnessed a significant increase in the number of
More informationBuild Your Own ASP.NET 4 Website Using C# & VB. Chapter 1: Introducing ASP.NET and the.net Pla;orm
Build Your Own ASP.NET 4 Website Using C# & VB Chapter 1: Introducing ASP.NET and the.net Pla;orm Outlines IntroducIon What is ASP.NET? Advantages of ASP.NET Installing the Required SoOware WriIng your
More informationCompiler Design. Fall Data-Flow Analysis. Sample Exercises and Solutions. Prof. Pedro C. Diniz
Compiler Design Fall 2015 Data-Flow Analysis Sample Exercises and Solutions Prof. Pedro C. Diniz USC / Information Sciences Institute 4676 Admiralty Way, Suite 1001 Marina del Rey, California 90292 pedro@isi.edu
More informationCS 188: Ar)ficial Intelligence
CS 188: Ar)ficial Intelligence Search Instructors: Pieter Abbeel & Anca Dragan University of California, Berkeley [These slides were created by Dan Klein and Pieter Abbeel for CS188 Intro to AI at UC Berkeley
More informationWhy Global Dataflow Analysis?
Why Global Dataflow Analysis? Answer key questions at compile-time about the flow of values and other program properties over control-flow paths Compiler fundamentals What defs. of x reach a given use
More informationCSE 473: Ar+ficial Intelligence
CSE 473: Ar+ficial Intelligence Search Instructor: Luke Ze=lemoyer University of Washington [These slides were adapted from Dan Klein and Pieter Abbeel for CS188 Intro to AI at UC Berkeley. All CS188 materials
More informationStatic analysis of PHP applications
Static analysis of PHP applications Ondřej Šerý DISTRIBUTED SYSTEMS RESEARCH GROUP http://dsrg.mff.cuni.cz CHARLES UNIVERSITY PRAGUE Faculty of Mathematics and Physics References G. Wassermann, Z. Su:
More informationCloud Data Management System (CDMS)
Cloud Management System (CMS) Wiqar Chaudry Solu9ons Engineer Senior Advisor CMS Overview he OpenStack cloud data management system features a canonical data modeling framework designed to broker context
More informationAlterna(ve Architectures
Alterna(ve Architectures COMS W4118 Prof. Kaustubh R. Joshi krj@cs.columbia.edu hep://www.cs.columbia.edu/~krj/os References: Opera(ng Systems Concepts (9e), Linux Kernel Development, previous W4118s Copyright
More informationProgram Static Analysis. Overview
Program Static Analysis Overview Program static analysis Abstract interpretation Data flow analysis Intra-procedural Inter-procedural 2 1 What is static analysis? The analysis to understand computer software
More informationPattern Recognition and Applications Lab WEB Security. Giorgio Giacinto.
Pattern Recognition and Applications Lab WEB Security Giorgio Giacinto giacinto@diee.unica.it Sicurezza Informa1ca, 2015-2016 Department of Electrical and Electronic Engineering University of Cagliari,
More informationFounda'ons of So,ware Engineering. Sta$c analysis (1/2) Claire Le Goues
Founda'ons of So,ware Engineering Sta$c analysis (1/2) Claire Le Goues 1 Two fundamental concepts Abstrac'on. Elide details of a specific implementa$on. Capture seman$cally relevant details; ignore the
More informationThe Kernel Abstrac/on
The Kernel Abstrac/on Debugging as Engineering Much of your /me in this course will be spent debugging In industry, 50% of sobware dev is debugging Even more for kernel development How do you reduce /me
More informationVirtualization. Introduction. Why we interested? 11/28/15. Virtualiza5on provide an abstract environment to run applica5ons.
Virtualization Yifu Rong Introduction Virtualiza5on provide an abstract environment to run applica5ons. Virtualiza5on technologies have a long trail in the history of computer science. Why we interested?
More informationCare & Feeding of Programmers: Addressing App Sec Gaps using HTTP Headers. Sunny Wear OWASP Tampa Chapter December
Care & Feeding of Programmers: Addressing App Sec Gaps using HTTP Headers Sunny Wear OWASP Tampa Chapter December Mee@ng 1 About the Speaker Informa@on Security Architect Areas of exper@se: Applica@on,
More informationData-flow Analysis. Y.N. Srikant. Department of Computer Science and Automation Indian Institute of Science Bangalore
Department of Computer Science and Automation Indian Institute of Science Bangalore 560 012 NPTEL Course on Compiler Design Data-flow analysis These are techniques that derive information about the flow
More informationMIT Introduction to Dataflow Analysis. Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology
MIT 6.035 Introduction to Dataflow Analysis Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology Dataflow Analysis Used to determine properties of program that involve multiple
More informationWe can express this in dataflow equations using gen and kill sets, where the sets are now sets of expressions.
Available expressions Suppose we want to do common-subexpression elimination; that is, given a program that computes x y more than once, can we eliminate one of the duplicate computations? To find places
More informationLecture 2. White- box Tes2ng and Structural Coverage (see Amman and Offut, Chapter 2)
Lecture 2 White- box Tes2ng and Structural Coverage (see Amman and Offut, Chapter 2) White- box Tes2ng (aka. Glass- box or structural tes2ng) An error may exist at one (or more) loca2on(s) Line numbers
More informationCS553 Lecture Generalizing Data-flow Analysis 3
Generalizing Data-flow Analysis Announcements Project 2 writeup is available Read Stephenson paper Last Time Control-flow analysis Today C-Breeze Introduction Other types of data-flow analysis Reaching
More informationAtomix: A Framework for Deploying Signal Processing Applica:ons on Wireless Infrastructure
Atomix: A ramework for Deploying Signal Processing Applica:ons on Wireless Infrastructure Manu Bansal, Aaron Schulman, Sachin KaA Stanford University NSDI 15 SoIware- defined base- sta:ons DSP0 DSP1 Local
More informationModular arithme.c and cryptography
Modular arithme.c and cryptography CSC 1300 Discrete Structures Villanova University Public Key Cryptography (Slides 11-32) by Dr. Lillian Cassel, Villanova University Villanova CSC 1300 - Dr Papalaskari
More informationObjec+ves. Review. Basics of Java Syntax Java fundamentals. What are quali+es of good sooware? What is Java? How do you compile a Java program?
Objec+ves Basics of Java Syntax Java fundamentals Ø Primi+ve data types Ø Sta+c typing Ø Arithme+c operators Ø Rela+onal operators 1 Review What are quali+es of good sooware? What is Java? Ø Benefits to
More informationEncapsula)on, cont d. Polymorphism, Inheritance part 1. COMP 401, Spring 2015 Lecture 7 1/29/2015
Encapsula)on, cont d. Polymorphism, Inheritance part 1 COMP 401, Spring 2015 Lecture 7 1/29/2015 Encapsula)on In Prac)ce Part 2: Separate Exposed Behavior Define an interface for all exposed behavior In
More informationSQL Injec*on. By Robin Gonzalez
SQL Injec*on By Robin Gonzalez Some things that can go wrong Excessive and Unused Privileges Privilege Abuse Input Injec>on Malware Week Audit Trail Other things that can go wrong Storage Media Exposure
More informationCMPSC 497: Static Analysis
CMPSC 497: Static Analysis Trent Jaeger Systems and Internet Infrastructure Security (SIIS) Lab Computer Science and Engineering Department Pennsylvania State University Page 1 Our Goal In this course,
More informationLecture 2. White- box Tes2ng and Structural Coverage (see Amman and Offut, Chapter 2)
Lecture 2 White- box Tes2ng and Structural Coverage (see Amman and Offut, Chapter 2) White- box Tes2ng (aka. Glass- box or structural tes2ng) An error may exist at one (or more) loca2on(s) Line numbers
More informationCS 465 Final Review. Fall 2017 Prof. Daniel Menasce
CS 465 Final Review Fall 2017 Prof. Daniel Menasce Ques@ons What are the types of hazards in a datapath and how each of them can be mi@gated? State and explain some of the methods used to deal with branch
More informationData Flow Analysis. Program Analysis
Program Analysis https://www.cse.iitb.ac.in/~karkare/cs618/ Data Flow Analysis Amey Karkare Dept of Computer Science and Engg IIT Kanpur Visiting IIT Bombay karkare@cse.iitk.ac.in karkare@cse.iitb.ac.in
More informationData Flow Analysis. CSCE Lecture 9-02/15/2018
Data Flow Analysis CSCE 747 - Lecture 9-02/15/2018 Data Flow Another view - program statements compute and transform data So, look at how that data is passed through the program. Reason about data dependence
More informationW1005 Intro to CS and Programming in MATLAB. Brief History of Compu?ng. Fall 2014 Instructor: Ilia Vovsha. hip://www.cs.columbia.
W1005 Intro to CS and Programming in MATLAB Brief History of Compu?ng Fall 2014 Instructor: Ilia Vovsha hip://www.cs.columbia.edu/~vovsha/w1005 Computer Philosophy Computer is a (electronic digital) device
More informationCompiler Optimisation
Compiler Optimisation 3 Dataflow Analysis Hugh Leather IF 1.18a hleather@inf.ed.ac.uk Institute for Computing Systems Architecture School of Informatics University of Edinburgh 2018 Introduction Optimisations
More informationIntroduction to Python. Fang (Cherry) Liu Ph.D. Scien5fic Compu5ng Consultant PACE GATECH
Introduction to Python Ph.D. Scien5fic Compu5ng Consultant PACE GATECH Things Covered What is Python? How to access Python environment? Fundamental elements in Python Variables (assignment, comparison,
More informationData-flow Analysis - Part 2
- Part 2 Department of Computer Science Indian Institute of Science Bangalore 560 012 NPTEL Course on Compiler Design Data-flow analysis These are techniques that derive information about the flow of data
More informationGlobal Optimization. Lecture Outline. Global flow analysis. Global constant propagation. Liveness analysis. Local Optimization. Global Optimization
Lecture Outline Global Optimization Global flow analysis Global constant propagation Liveness analysis Compiler Design I (2011) 2 Local Optimization Recall the simple basic-block optimizations Constant
More informationRipple: Reflection Analysis for Android Apps in Incomplete Information Environments
Ripple: Reflection Analysis for Android Apps in Incomplete Information Environments Yifei Zhang, Tian Tan, Yue Li and Jingling Xue Programming Languages and Compilers Group University of New South Wales
More informationWays to implement a language
Interpreters Implemen+ng PLs Most of the course is learning fundamental concepts for using PLs Syntax vs. seman+cs vs. idioms Powerful constructs like closures, first- class objects, iterators (streams),
More informationHow to read security test report?
How to read security test report? Ainārs Galvāns Security Tester Exigen Services Latvia www.exigenservices.lv Defini@ons (wikipedia) Term Threat Vulnerability Informa@on assurance Defini+on A threat is
More informationReview for Final Exam
Review for Final Exam Some selected slides from the second half of the semester Move from Dynamic Analysis to Sta?c Analysis Dynamic analysis approaches are based on sampling the input space Infer behavior
More informationIntermediate Representation (IR)
Intermediate Representation (IR) Components and Design Goals for an IR IR encodes all knowledge the compiler has derived about source program. Simple compiler structure source code More typical compiler
More informationDataflow analysis (ctd.)
Dataflow analysis (ctd.) Available expressions Determine which expressions have already been evaluated at each point. A expression x+y is available at point p if every path from the entry to p evaluates
More informationCS153: Compilers Lecture 23: Static Single Assignment Form
CS153: Compilers Lecture 23: Static Single Assignment Form Stephen Chong https://www.seas.harvard.edu/courses/cs153 Pre-class Puzzle Suppose we want to compute an analysis over CFGs. We have two possible
More informationCode Genera*on for Control Flow Constructs
Code Genera*on for Control Flow Constructs 1 Roadmap Last *me: Got the basics of MIPS CodeGen for some AST node types This *me: Do the rest of the AST nodes Introduce control flow graphs Scanner Parser
More informationCode-Injection Attacks in Browsers Supporting Policies. Elias Athanasopoulos, Vasilis Pappas, and Evangelos P. Markatos FORTH-ICS
Code-Injection Attacks in Browsers Supporting Policies Elias Athanasopoulos, Vasilis Pappas, and Evangelos P. Markatos FORTH-ICS What is all about? New code-injection attacks or return-to-libc attacks
More informationAnnouncements. Working in pairs is only allowed for programming assignments and not for homework problems. H3 has been posted
Announcements Working in pairs is only allowed for programming assignments and not for homework problems H3 has been posted 1 Syntax Directed Transla@on 2 CFGs so Far CFGs for Language Defini&on The CFGs
More informationInforma)on Retrieval and Map- Reduce Implementa)ons. Mohammad Amir Sharif PhD Student Center for Advanced Computer Studies
Informa)on Retrieval and Map- Reduce Implementa)ons Mohammad Amir Sharif PhD Student Center for Advanced Computer Studies mas4108@louisiana.edu Map-Reduce: Why? Need to process 100TB datasets On 1 node:
More informationOutline STRANGER. Background
Outline Malicious Code Analysis II : An Automata-based String Analysis Tool for PHP 1 Mitchell Adair 2 November 28 th, 2011 Outline 1 2 Credit: [: An Automata-based String Analysis Tool for PHP] Background
More informationOpera&ng Systems: Principles and Prac&ce. Tom Anderson
Opera&ng Systems: Principles and Prac&ce Tom Anderson How This Course Fits in the UW CSE Curriculum CSE 333: Systems Programming Project experience in C/C++ How to use the opera&ng system interface CSE
More informationGoals of Program Optimization (1 of 2)
Goals of Program Optimization (1 of 2) Goal: Improve program performance within some constraints Ask Three Key Questions for Every Optimization 1. Is it legal? 2. Is it profitable? 3. Is it compile-time
More informationMalicious Code Analysis II
Malicious Code Analysis II STRANGER: An Automata-based String Analysis Tool for PHP Mitchell Adair November 28 th, 2011 Outline 1 STRANGER 2 Outline 1 STRANGER 2 STRANGER Credit: [STRANGER: An Automata-based
More informationCompila(on /15a Lecture 6. Seman(c Analysis Noam Rinetzky
Compila(on 0368-3133 2014/15a Lecture 6 Seman(c Analysis Noam Rinetzky 1 You are here Source text txt Process text input characters Lexical Analysis tokens Annotated AST Syntax Analysis AST Seman(c Analysis
More informationWeb Pen Tes)ng. Michael Hicks CMSC 498L, Fall 2012 Part 2 slides due to Eric Eames, Lead Penetra)on Tester, SAIC, March 2012
Web Pen Tes)ng Michael Hicks CMSC 498L, Fall 2012 Part 2 slides due to Eric Eames, Lead Penetra)on Tester, SAIC, March 2012 Exploi)ng Vulnerabili)es Code injec)on Cross site scrip)ng, SQL injec)on, (buffer
More informationSSA Construction. Daniel Grund & Sebastian Hack. CC Winter Term 09/10. Saarland University
SSA Construction Daniel Grund & Sebastian Hack Saarland University CC Winter Term 09/10 Outline Overview Intermediate Representations Why? How? IR Concepts Static Single Assignment Form Introduction Theory
More informationDesign Principles & Prac4ces
Design Principles & Prac4ces Robert France Robert B. France 1 Understanding complexity Accidental versus Essen4al complexity Essen%al complexity: Complexity that is inherent in the problem or the solu4on
More informationLab 2: Buffer Overflows
Lab 2: Buffer Overflows Fengwei Zhang Wayne State University Course: Cyber Security Prac@ce 1 Buffer Overflows One of the most common vulnerabili@es in soeware Programming languages commonly associated
More informationReading assignment. Chapter 3.1, 3.2 Chapter 4.1, 4.3
Reading assignment Chapter 3.1, 3.2 Chapter 4.1, 4.3 1 Outline Introduc5on to assembly programing Introduc5on to Y86 Y86 instruc5ons, encoding and execu5on 2 Assembly The CPU uses machine language to perform
More informationModelling interfaces in distributed systems: some first steps. David Pym UCL and Alan Turing London
Modelling interfaces in distributed systems: some first steps David Pym UCL and Alan Turing Ins@tute London Modelling distributed systems: basic concepts Basic concepts of distributed systems Loca@on:
More informationA Compiler and Run- 1me System for Network Programming Languages
A Compiler and Run- 1me System for Network Programming Languages Christopher Monsanto, Princeton Nate Foster, Cornell Rob Harrison, West Point David Walker, Princeton 1 SoFware- Defined Networks Controller
More informationEvalua&ng Secure Programming Knowledge
Evalua&ng Secure Programming Knowledge Ma6 Bishop, UC Davis Jun Dai, Cal State Sacramento Melissa Dark, Purdue University Ida Ngambeki, Purdue University Phillip Nico, Cal Poly San Luis Obispo Minghua
More information: Advanced Compiler Design. 8.0 Instruc?on scheduling
6-80: Advanced Compiler Design 8.0 Instruc?on scheduling Thomas R. Gross Computer Science Department ETH Zurich, Switzerland Overview 8. Instruc?on scheduling basics 8. Scheduling for ILP processors 8.
More informationA System for Genera/ng Sta/c Analyzers for Machine Instruc/ons (TSL)
Seminar on A System for Genera/ng Sta/c Analyzers for Machine Instruc/ons (TSL) Junghee Lim, Univ. of Wisconsin Madison, USA and Thomas Reps, GrammaTech, USA Presenter : Anand Ramkumar S Universitat des
More informationComputer Systems: A Programmer s Perspec4ve. Have a tour of computer system at first... Chapter 1
Computer Systems: A Programmer s Perspec4ve Have a tour of computer system at first... Chapter 1 1 Computer System Runs the sojware and manages the hardware RISC vs CISC ADDRESS BUS DATA BUS SOFTWARE HARDWARE
More informationBenjamin Holland, Ganesh Ram Santhanam, Payas Awadhutkar, and Suresh Kothari {bholland, gsanthan, payas,
Statically-informed Dynamic Analysis Tools to Detect Algorithmic Complexity Vulnerabilities 16th IEEE Interna,onal Working Conference on Source Code Analysis and Manipula,on (SCAM 2016) October 2, 2016
More informationTowards Provably Secure and Correct Systems. Avik Chaudhuri
Towards Provably Secure and Correct Systems Avik Chaudhuri Systems we rely on Opera
More informationTopic I (d): Static Single Assignment Form (SSA)
Topic I (d): Static Single Assignment Form (SSA) 621-10F/Topic-1d-SSA 1 Reading List Slides: Topic Ix Other readings as assigned in class 621-10F/Topic-1d-SSA 2 ABET Outcome Ability to apply knowledge
More informationInstructor: Randy H. Katz hap://inst.eecs.berkeley.edu/~cs61c/fa13. Fall Lecture #7. Warehouse Scale Computer
CS 61C: Great Ideas in Computer Architecture Everything is a Number Instructor: Randy H. Katz hap://inst.eecs.berkeley.edu/~cs61c/fa13 9/19/13 Fall 2013 - - Lecture #7 1 New- School Machine Structures
More informationMo#va#ng the OO Way. COMP 401, Fall 2017 Lecture 05
Mo#va#ng the OO Way COMP 401, Fall 2017 Lecture 05 Arrays Finishing up from last #me Mul#dimensional Arrays Mul#dimensional array is simply an array of arrays Fill out dimensions lef to right. int[][]
More informationCompiler Optimisation
Compiler Optimisation 4 Dataflow Analysis Hugh Leather IF 1.18a hleather@inf.ed.ac.uk Institute for Computing Systems Architecture School of Informatics University of Edinburgh 2018 Introduction This lecture:
More informationCompiler Construction 2009/2010 SSA Static Single Assignment Form
Compiler Construction 2009/2010 SSA Static Single Assignment Form Peter Thiemann March 15, 2010 Outline 1 Static Single-Assignment Form 2 Converting to SSA Form 3 Optimization Algorithms Using SSA 4 Dependencies
More informationAdDroid Privilege Separa,on for Applica,ons and Adver,sers in Android
AdDroid Privilege Separa,on for Applica,ons and Adver,sers in Android Paul Pearce 1, Adrienne Porter Felt 1, Gabriel Nunez 2, David Wagner 1 1 University of California, Berkeley 2 Sandia Na,onal Laboratory
More informationLecture 6 Foundations of Data Flow Analysis
Lecture 6 Foundations of Data Flow Analysis I. Meet operator II. Transfer functions III. Correctness, Precision, Convergence IV. Efficiency ALSU 9.3 Phillip B. Gibbons 15-745: Foundations of Data Flow
More informationPreliminary ACTL-SLOW Design in the ACS and OPC-UA context. G. Tos? (19/04/2016)
Preliminary ACTL-SLOW Design in the ACS and OPC-UA context G. Tos? (19/04/2016) Summary General Introduc?on to ACS Preliminary ACTL-SLOW proposed design Hardware device integra?on in ACS and ACTL- SLOW
More informationWe can express this in dataflow equations using gen and kill sets, where the sets are now sets of expressions.
Available expressions Suppose we want to do common-subexpression elimination; that is, given a program that computes x y more than once, can we eliminate one of the duplicate computations? To find places
More informationELEC 876: Software Reengineering
ELEC 876: Software Reengineering () Dr. Ying Zou Department of Electrical & Computer Engineering Queen s University Compiler and Interpreter Compiler Source Code Object Compile Execute Code Results data
More informationProgram analysis for determining opportunities for optimization: 2. analysis: dataow Organization 1. What kind of optimizations are useful? lattice al
Scalar Optimization 1 Program analysis for determining opportunities for optimization: 2. analysis: dataow Organization 1. What kind of optimizations are useful? lattice algebra solving equations on lattices
More informationIntermediate Representations
Intermediate Representations Intermediate Representations (EaC Chaper 5) Source Code Front End IR Middle End IR Back End Target Code Front end - produces an intermediate representation (IR) Middle end
More informationCode optimization. Have we achieved optimal code? Impossible to answer! We make improvements to the code. Aim: faster code and/or less space
Code optimization Have we achieved optimal code? Impossible to answer! We make improvements to the code Aim: faster code and/or less space Types of optimization machine-independent In source code or internal
More informationUsing Dynamic Voltage Frequency Scaling and CPU Pinning for Energy Efficiency in Cloud Compu1ng. Jakub Krzywda Umeå University
Using Dynamic Voltage Frequency Scaling and CPU Pinning for Energy Efficiency in Cloud Compu1ng Jakub Krzywda Umeå University How to use DVFS and CPU Pinning to lower the power consump1on during periods
More informationCSE443 Compilers. Dr. Carl Alphonce 343 Davis Hall
CSE443 Compilers Dr. Carl Alphonce alphonce@buffalo.edu 343 Davis Hall http://www.cse.buffalo.edu/faculty/alphonce/sp17/cse443/index.php https://piazza.com/class/iybn4ndqa1s3ei Announcements Be sure to
More informationAbstract Interpretation Continued
Abstract Interpretation Continued Height of Lattice: Length of Max. Chain height=5 size=14 T height=2 size = T -2-1 0 1 2 Chain of Length n A set of elements x 0,x 1,..., x n in D that are linearly ordered,
More informationScien&fic Experiments as Workflows and Scripts. Vanessa Braganholo
Scien&fic Experiments as Workflows and Scripts Vanessa Braganholo The experiment life cycle Composition Concep&on Reuse Analysis Query Discovery Visualiza&on Provenance Data Distribu&on Monitoring Execution
More informationWriting a Fraction Class
Writing a Fraction Class So far we have worked with floa0ng-point numbers but computers store binary values, so not all real numbers can be represented precisely In applica0ons where the precision of real
More informationThe Heptane Static Worst-Case Execution Time Estimation Tool
The Heptane Static Worst-Case Execution Time Estimation Tool Damien Hardy Benjamin Rouxel Isabelle Puaut damien.hardy@irisa.fr benjamin.rouxel@irisa.fr isabelle.puaut@irisa.fr Institut de Recherche en
More informationCS 61C: Great Ideas in Computer Architecture Compilers and Floa-ng Point. Today s. Lecture
CS 61C: Great Ideas in Computer Architecture s and Floa-ng Point Instructors: Krste Asanovic, Randy H. Katz hdp://inst.eecs.berkeley.edu/~cs61c/fa12 Fall 2012 - - Lecture #13 1 New- School Machine Structures
More information