A Programmer's Perspective Bits, Bytes, Nibbles, Words and Strings Gal A. Kaminka galk@cs.biu.ac.il
Topics Why bits? Why 0/1? Basic terms: Bits, Bytes, Nibbles, Words Representing information as bits Characters and strings Instructions (more on this when we look at assembly) Numbers Bit-level manipulations Boolean algebra Expressing in C A Programmer's Perspective Based on class notes by Bryant and O'Hallaron 2
Everything is bits Each bit is 0 or 1 By encoding/interpreting sets of bits in various ways Computers represent numbers, sets, strings, etc Computers manipulate representations (instructions) Why bits? Electronic implementation is easy Easy to store with bistable elements Reliably transmitted on noisy and inaccurate wires 1.1V 0.9V 0 1 0 0.2V 0.0V A Programmer's Perspective Based on class notes by Bryant and O'Hallaron 3
Binary Representations Number representation (base 2) Represent 15213 10 as 11101101101101 2 Represent 1.5213 X 10 4 as 1.1101101101101 2 X 2 13 Represent 1.20 10 as 1.0011001100110011[0011] 2 Instruction representation In AMD64 machine code RETQ command: C3 (hex) = 11000011 2 MOV $0, %EAX: b8 (hex) = 10111000 2 [00000000 ] A Programmer's Perspective Based on class notes by Bryant and O'Hallaron 4
Terms Bit: Single binary digit, 0 or 1 Byte: 8 bits. Smallest unit of memory used in modern computers Nibble (English: small bite): 4 bits Word: 2 nibbles = 1 byte 8-64 bits (1 to 8 bytes) Depends on machine! A Programmer's Perspective Based on class notes by Bryant and O'Hallaron 5
Encoding Byte Values Byte = 8 bits, nibble = 4 bits Binary 00000000 2 to 11111111 2 Decimal: 0 10 to 255 10 Hexadecimal 00 16 to FF 16 Two nibbles Base 16 number representation Use characters 0 to 9 and A to F Write FA1D37B 16 in C as 0xFA1D37B» Or 0xfa1d37b Octal: 0 8 to 377 8 Base 8, Not often used Written in C as '0256' (0 is zero) Hex Decimal Binary 0 0 0000 1 1 0001 2 2 0010 3 3 0011 4 4 0100 5 5 0101 6 6 0110 7 7 0111 8 8 1000 9 9 1001 A 10 1010 B 11 1011 C 12 1100 D 13 1101 E 14 1110 F 15 1111 A Programmer's Perspective Based on class notes by Bryant and O'Hallaron 6
Bit level operations A Programmer's Perspective Based on class notes by Bryant and O'Hallaron 7
Boolean Algebra (George Boole, 19 th century) Developed by George Boole in 19th Century Algebraic representation of logic Encode True as 1 and False as 0 And A&B = 1 when both A=1 and B=1 Or A B = 1 when either A=1 or B=1 Not ~A = 1 when A=0 Exclusive-Or (Xor) A^B = 1 when either A=1 or B=1, but not both A Programmer's Perspective Based on class notes by Bryant and O'Hallaron 8
General Boolean Algebras Operate on Bit Vectors Operations applied bitwise 01101001 & 01010101 01000001 01101001 01010101 01111101 01101001 ^ 01010101 00111100 ~ 01010101 01000001 01111101 00111100 10101010 10101010 All of the Properties of Boolean Algebra Apply A Programmer's Perspective Based on class notes by Bryant and O'Hallaron 9
Example: Representing & Manipulating Sets Representation Width w bit vector represents subsets of {0,, w 1} a j = 1 if j A 01101001 { 0, 3, 5, 6 } 76543210 01010101 { 0, 2, 4, 6 } 76543210 Operations & Intersection 01000001 { 0, 6 } Union 01111101 { 0, 2, 3, 4, 5, 6 } ^ Symmetric difference 00111100 { 2, 3, 4, 5 } ~ Complement 10101010 { 1, 3, 5, 7 } A Programmer's Perspective Based on class notes by Bryant and O'Hallaron 10
Bit-Level Operations in C Operations &,, ~, ^ Available in C Apply to any integral data type long,int,short,char,unsigned View arguments as bit vectors Arguments applied bit-wise Examples (Char data type) ~ 0x41 0xBE ~ 010000012 101111102 ~ 0x00 0xFF ~ 000000002 111111112 0x69 & 0x55 0x41 011010012 & 010101012 010000012 0x69 0x55 0x7D 011010012 010101012 011111012 A Programmer's Perspective Based on class notes by Bryant and O'Hallaron 11
Contrast: Logic Operations in C Contrast to Logical Operators & &,,! View 0 as False Anything nonzero as True Always return 0 or 1 Early termination Examples (char data type)!0x41 0x00!0x00 0x01!!0x41 0x01 0x69 & & 0x55 0x01 0x69 0x55 0x01 p & & *p (avoids null pointer access) A Programmer's Perspective Based on class notes by Bryant and O'Hallaron 12
Contrast: Logic Operations in C Contrast to Logical Operators & &,,! View 0 as False Anything nonzero as True Always return 0 or 1 Early termination Examples (char data type)!0x41 0x00!0x00 0x01!!0x41 0x01 0x69 & & 0x55 0x01 0x69 0x55 0x01 p & & *p (avoids null pointer access) A Programmer's Perspective Based on class notes by Bryant and O'Hallaron 13
Shift Operations Left Shift: x << y Shift bit-vector x left y positions Throw away extra bits on left Fill with 0 s on right Right Shift: x >> y Shift bit-vector x right y positions Throw away extra bits on right Logical shift Fill with 0 s on left Arithmetic shift Replicate most significant bit on left Undefined Behavior Shift amount < 0 or word size Argument x << 3 Log. >> 2 Arith. >> 2 Argument x << 3 Log. >> 2 Arith. >> 2 01100010 00010000 00011000 00011000 10100010 00010000 00101000 11101000 A Programmer's Perspective Based on class notes by Bryant and O'Hallaron 14
Cool Stuff with Xor Bitwise Xor is form of addition With extra property that every value is its own additive inverse A ^ A = 0 void funny(int *x, int *y) { *x = *x ^ *y; /* #1 */ *y = *x ^ *y; /* #2 */ *x = *x ^ *y; /* #3 */ } Begin 1 2 3 End *x A A^B A^B (A^B)^A = B B *y B B (A^B)^B = A A A A Programmer's Perspective Based on class notes by Bryant and O'Hallaron 15
A Programmer's Perspective Based on class notes by Bryant and O'Hallaron 16
Some basic representations C Data Type Typical 32-bit Typical 64-bit x86-64 char 1 1 1 short 2 2 2 int 4 4 4 long 4 8 8 float 4 4 4 double 8 8 8 long double 10/16 pointer 4 8 8 A Programmer's Perspective Based on class notes by Bryant and O'Hallaron 17
Representing a character Single byte sufficient for small codes In C: char c; But interpretation of value depends on chosen code Fixed-length code: Baudot, ITA2, USTTY: 5 bits BCD (binary coded decimal, used in early computers): 6 bits ASCII defines 128 characters (7 bits) ISO 8859, EBCDIC: 8 bits Variable-length codes UTF-8: 8-32 bits UTF-16: 16-32 bits Wide chars: chars more than 8 bits. A Programmer's Perspective Based on class notes by Bryant and O'Hallaron 18
Example: ASCII A Programmer's Perspective Based on class notes by Bryant and O'Hallaron 19
Representing Strings (in C) Represented by array of 1-byte characters Each character encoded in ASCII format Standard 7-bit encoding of character set Character 0 has code 0x30» Digit i has code 0x30+i Other encodings exist (e.g., for Hebrew) String are null-terminated Final character = 0x00 Array length must be strlen()+1. char S[6] = "15213"; Alpha S 31 35 32 31 33 00 Sun S 31 35 32 31 33 00 A Programmer's Perspective Based on class notes by Bryant and O'Hallaron 20
Representing Strings (in C) Represented by array of 1-byte characters Each character encoded in ASCII format Standard 7-bit encoding of character set Character 0 has code 0x30» Digit i has code 0x30+i Other encodings exist (e.g., for Hebrew) String are null-terminated Final character = 0x00 Array length must be strlen()+1. char S[6] = "15213"; Alpha S Text files generally platform independent But: Different conventions of line termination character(s)! But: Different default encodings (depend on locale) 31 35 32 31 33 00 Sun S 31 35 32 31 33 00 A Programmer's Perspective Based on class notes by Bryant and O'Hallaron 21
Representing Strings (Cont'd) Strings in Pascal (a.k.a P-Strings) Represented by array of characters+1 First cell holds length, no need for null-termination Length known in O(1)! Think about strcat(), strlen(), strcpy(),... Size of string limited by size of array cell value p-string 5 31 35 32 31 33 A Programmer's Perspective Based on class notes by Bryant and O'Hallaron 22
Representing Strings (Cont'd) Strings in Pascal (a.k.a P-Strings) Represented by array of characters+1 First cell holds length, no need for null-termination Length known in O(1)! Think about strcat(), strlen(), strcpy(),... Size of string limited by size of array cell value p-string c-strings and p-strings can be used with wide chars, but: big/little endian now matters (each cell multiple bytes) No longer built-in, instead platform/library specific 5 31 35 32 31 33 A Programmer's Perspective Based on class notes by Bryant and O'Hallaron 23
A Programmer's Perspective Based on class notes by Bryant and O'Hallaron 24
Machine-Level Code Representation Encode Program as Sequence of Instructions Arithmetic, logical, math operations Read or write memory Conditional branches, jumps Different machines, different instructions Most code not binary compatible Alpha s, Sun s, ARM (tablets) use fix-length instructions Reduced Instruction Set Computer (RISC) PC s use variable length instructions Complex Instruction Set Computer (CISC) A Programmer's Perspective Based on class notes by Bryant and O'Hallaron 25
Representing Instructions int sum(int x, int y) { return x+y; } Alpha sum 00 00 Sun sum 81 C3 PC sum 55 89 For this example, Alpha & Sun use two 4-byte instructions Use differing numbers of instructions in other cases 30 42 01 80 E0 08 90 02 E5 8B 45 0C PC uses 7 instructions with lengths 1, 2, and 3 bytes Same for NT and for Linux FA 6B 00 09 03 45 08 89 EC 5D C3 Different CPUs use totally different instructions and encodings A Programmer's Perspective Based on class notes by Bryant and O'Hallaron 26
Machines have Words Imprecise definitions Nominal size of integer-valued data Sometimes size of address, memory bus width Current desktop machines are 64 bits (8 bytes) Potentially address 1.8 X 10 19 bytes 32-bit machines phasing out (but in phones, tablets) Low-end use 8- or 16-bit words Machines support multiple data formats Fractions or multiples of word size Always integral number of bytes A Programmer's Perspective Based on class notes by Bryant and O'Hallaron 27
Encoding Integers Unsigned w 1 B2U(X) x i 2 i i0 Two s Complement w 2 B2T(X) x w 1 2 w 1 x i 2 i i0 short int x = 15213; short int y = -15213; C short 2 bytes long Decimal Hex Binary x 15213 3B 6D 00111011 01101101 y -15213 C4 93 11000100 10010011 Sign Bit Sign Bit For 2 s complement, most significant bit indicates sign 0 for nonnegative 1 for negative A Programmer's Perspective Based on class notes by Bryant and O'Hallaron 28
Encoding Example (Cont.) x = 15213: 00111011 01101101 y = -15213: 11000100 10010011 Weight 15213-15213 1 1 1 1 1 2 0 0 1 2 4 1 4 0 0 8 1 8 0 0 16 0 0 1 16 32 1 32 0 0 64 1 64 0 0 128 0 0 1 128 256 1 256 0 0 512 1 512 0 0 1024 0 0 1 1024 2048 1 2048 0 0 4096 1 4096 0 0 8192 1 8192 0 0 16384 0 0 1 16384-32768 0 0 1-32768 Sum 15213-15213 A Programmer's Perspective Based on class notes by Bryant and O'Hallaron 29
Numeric Ranges Unsigned Values UMin = 0 000 0 UMax = 2 w 1 111 1 Two s Complement Values TMin = 2 w 1 100 0 TMax = 2 w 1 1 011 1 Other Values Minus 1 111 1 Values for W = 16 Decimal Hex Binary UMax 65535 FF FF 11111111 11111111 TMax 32767 7F FF 01111111 11111111 TMin -32768 80 00 10000000 00000000-1 -1 FF FF 11111111 11111111 0 0 00 00 00000000 00000000 A Programmer's Perspective Based on class notes by Bryant and O'Hallaron 30
Values for Different Word Sizes W 8 16 32 64 UMax 255 65,535 4,294,967,295 18,446,744,073,709,551,615 TMax 127 32,767 2,147,483,647 9,223,372,036,854,775,807 TMin -128-32,768-2,147,483,648-9,223,372,036,854,775,808 Observations TMin = TMax + 1 Asymmetric range UMax = 2 * TMax + 1 C Programming #include <limits.h> K&R App. B11 Declares constants, e.g., ULONG_MAX LONG_MAX LONG_MIN Values platform specific A Programmer's Perspective Based on class notes by Bryant and O'Hallaron 31
Unsigned & Signed Numeric Values X B2U(X) B2T(X) 0000 0 0 0001 1 1 0010 2 2 0011 3 3 0100 4 4 0101 5 5 0110 6 6 0111 7 7 1000 8 8 1001 9 7 1010 10 6 1011 11 5 1100 12 4 1101 13 3 1110 14 2 1111 15 1 Equivalence Same encodings for nonnegative values Uniqueness Every bit pattern represents unique integer value Each representable integer has unique bit encoding Can Invert Mappings U2B(x) = B2U -1 (x) T2B(x) = B2T -1 (x) Bit pattern for two s comp integer A Programmer's Perspective Based on class notes by Bryant and O'Hallaron 32
Casting Signed to Unsigned C Allows Conversions from Signed to Unsigned short int x = 15213; unsigned short int ux = (unsigned short) x; short int y = -15213; unsigned short int uy = (unsigned short) y; Resulting Value No change in bit representation Nonnegative values unchanged ux = 15213 Negative values change into (large) positive values uy = 50323 A Programmer's Perspective Based on class notes by Bryant and O'Hallaron 33
Relation Between Signed & Unsigned Weight -15213 50323 1 1 1 1 1 2 1 2 1 2 4 0 0 0 0 8 0 0 0 0 16 1 16 1 16 32 0 0 0 0 64 0 0 0 0 128 1 128 1 128 256 0 0 0 0 512 0 0 0 0 1024 1 1024 1 1024 2048 0 0 0 0 4096 0 0 0 0 8192 0 0 0 0 16384 1 16384 1 16384 32768 1-32768 1 32768 Sum -15213 50323 uy = y + 2 * 32768= y + 65536 A Programmer's Perspective Based on class notes by Bryant and O'Hallaron 34
Conversion Visualized 2 s Comp. Unsigned Ordering Inversion Negative Big Positive UMax UMax 1 TMax TMax + 1 TMax Unsigned Range 2 s Complement Range 0 1 2 0 TMin A Programmer's Perspective Based on class notes by Bryant and O'Hallaron 35
Signed vs. Unsigned in C Constants Casting By default are considered to be signed integers Unsigned if have U as suffix 0U, 4294967259U Explicit casting between signed & unsigned (U2T and T2U) int tx, ty; unsigned ux, uy; tx = (int) ux; uy = (unsigned) ty; Implicit casting also occurs via assignments, procedure calls tx = ux; uy = ty; A Programmer's Perspective Based on class notes by Bryant and O'Hallaron 36
Casting Surprises Expression Evaluation If mix unsigned and signed in single expression, signed values implicitly cast to unsigned Including comparison operations <, >, ==, <=, >= Examples for W = 32 Constant 1 Constant 2 Relation Evaluation 0 0U -10 0 0U == unsigned -1-1 0U0 < signed 2147483647-1 -2147483648 0U > unsigned 2147483647U -2147483648 > signed -12147483647U -2-2147483648 < unsigned (unsigned)-1-2 -2 > signed 2147483647 (unsigned) -1-2 2147483648U > unsigned 2147483647 2147483647 (int)2147483648u < unsigned 2147483647 (int) 2147483648U > signed A Programmer's Perspective Based on class notes by Bryant and O'Hallaron 37
Remember! Bit pattern does not change Bit pattern gets re-interpreted ==> Unexpected effects When mixed signed, unsigned => cast to unsigned A Programmer's Perspective Based on class notes by Bryant and O'Hallaron 38
Sign Extension Task: Rule: Given w-bit signed integer x Convert it to w+k-bit integer with same value Make k copies of sign bit: X = x w 1,, x w 1, x w 1, x w 2,, x 0 k copies of MSB X w X k A Programmer's Perspective Based on class notes by Bryant and O'Hallaron 39 w
Justification For Sign Extension Prove Correctness by Induction on k Induction Step: extending by single bit maintains value w X - Key observation: 2 w 1 = 2 w +2 w 1 X - + w+1 Look at weight of upper bits: X 2 w 1 x w 1 X 2 w x w 1 + 2 w 1 x w 1 = 2 w 1 x w 1 A Programmer's Perspective Based on class notes by Bryant and O'Hallaron 40
Sign Extension Example short int x = 15213; int ix = (int) x; short int y = -15213; int iy = (int) y; Decimal Hex Binary x 15213 3B 6D 00111011 01101101 ix 15213 00 00 3B 6D 00000000 00000000 00111011 01101101 y -15213 C4 93 11000100 10010011 iy -15213 FF FF C4 93 11111111 11111111 11000100 10010011 Converting from smaller to larger integer data type C automatically performs sign extension A Programmer's Perspective Based on class notes by Bryant and O'Hallaron 41
Visualizing (Mathematical) Integer Addition Integer Addition 4-bit integers u, v Compute true sum Add 4 (u, v) Values increase linearly with u and v Forms planar surface 32 28 24 20 Add 4 (u, v) Integer Addition 16 12 8 4 0 0 2 u 4 6 8 10 12 14 0 2 4 6 8 v 10 12 14 A Programmer's Perspective Based on class notes by Bryant and O'Hallaron 42
Unsigned Addition Operands: w bits True Sum: w+1 bits u + v u + v Discard Carry: w bits UAdd w (u, v) Standard Addition Function Ignores carry output Implements Modular Arithmetic s = UAdd w (u, v) = u + v mod 2 w A Programmer's Perspective Based on class notes by Bryant and O'Hallaron 43
Visualizing Unsigned Addition Wraps Around If true sum 2 w At most once UAdd 4 (u, v) Overflow True Sum 2 w+1 Overflow 16 14 12 10 2 w 0 Modular Sum 8 6 4 2 0 0 u 2 4 6 8 10 12 14 0 2 4 6 8 10 12 v 14 A Programmer's Perspective Based on class notes by Bryant and O'Hallaron 44
Two s Complement Addition Operands: w bits True Sum: w+1 bits u + v u + v Discard Carry: w bits TAdd w (u, v) TAdd and UAdd have Identical Bit-Level Behavior Signed vs. unsigned addition in C: int s, t, u, v; s = (int) ((unsigned) u + (unsigned) v); t = u + v Will give s == t A Programmer's Perspective Based on class notes by Bryant and O'Hallaron 45
TAdd Overflow Functionality True sum requires w+1 bits Drop off MSB Treat remaining bits as 2 s comp. integer 0 111 1 0 100 0 0 000 0 2 w 1 2 w 1 1 0 True Sum PosOver TAdd Result 011 1 000 0 1 011 1 2 w 1 100 0 1 000 0 2 w NegOver A Programmer's Perspective Based on class notes by Bryant and O'Hallaron 46
Visualizing 2 s Complement Addition NegOver Values 4-bit two s comp. Range from -8 to +7 Wraps Around If sum 2 w 1 Becomes negative At most once If sum < 2 w 1 Becomes positive At most once 8 6 4 2 0-2 -4-6 -8-8 -6-4 -2 u 0 2 4 TAdd 4 (u, v) -2-4 -6-8 6 6 4 2 0 v PosOver A Programmer's Perspective Based on class notes by Bryant and O'Hallaron 47
Multiplication Goal: Computing Product of w-bit numbers x, y Either signed or unsigned But, exact results can be bigger than w bits Unsigned: up to 2w bits Result range: 0 x * y (2 w 1) 2 = 2 2w 2 w+1 + 1 Two s complement min (negative): Up to 2w-1 bits Result range: x * y ( 2 w 1 )*(2 w 1 1) = 2 2w 2 + 2 w 1 Two s complement max (positive): Up to 2w bits, but only for (TMin w ) 2 Result range: x * y ( 2 w 1 ) 2 = 2 2w 2 So, maintaining exact results would need to keep expanding word size with each product computed is done in software, if needed e.g., by arbitrary precision arithmetic packages A Programmer's Perspective Based on class notes by Bryant and O'Hallaron 48
Unsigned Multiplication in C Operands: w bits True Product: 2*w bits Discard w bits: w bits u v u * v UMult w (u, v) Standard Multiplication Function Ignores high order w bits Implements Modular Arithmetic UMult w (u, v) = u v mod 2 w A Programmer's Perspective Based on class notes by Bryant and O'Hallaron 49
Signed Multiplication in C Operands: w bits * u v True Product: 2*w bits u v Discard w bits: w bits TMult w (u, v) Standard Multiplication Function Ignores high order w bits Some of which are different for signed vs. unsigned multiplication Lower bits are the same A Programmer's Perspective Based on class notes by Bryant and O'Hallaron 50
Power-of-2 Multiply with Shift Operation u << k gives u * 2 k Both signed and unsigned Operands: w bits * u 2 k k 0 0 1 0 0 0 True Product: w+k bits u 2 k 0 0 0 Discard k bits: w bits UMult w (u, 2 k ) Examples TMult w (u, 2 k ) u << 3 == u * 8 (u << 5) (u << 3) == u * 24 Most machines shift and add faster than multiply Compiler generates this code automatically 0 0 0 A Programmer's Perspective Based on class notes by Bryant and O'Hallaron 51
Why Should I Use Unsigned? Don t Use Just Because Number Nonzero C compilers on some machines generate less efficient code unsigned i; int cnt; for (i = 1; i < cnt; i++) a[i] += a[i-1]; Easy to make mistakes for (i = cnt-2; i >= 0; i--) a[i] += a[i+1]; Cast cnt to unsigned (repeatedly) A Programmer's Perspective Based on class notes by Bryant and O'Hallaron 52
Why Should I Use Unsigned? Don t Use Just Because Number Nonzero C compilers on some machines generate less efficient code unsigned i; int cnt; for (i = 1; i < cnt; i++) a[i] += a[i-1]; Easy to make mistakes for (i = cnt-2; i >= 0; i--) a[i] += a[i+1]; Loop forever i never < 0 A Programmer's Perspective Based on class notes by Bryant and O'Hallaron 53
Why Should I Use Unsigned? Don t Use Just Because Number Nonzero C compilers on some machines generate less efficient code unsigned i; int cnt; for (i = 1; i < cnt; i++) a[i] += a[i-1]; Should be for (i = cnt-2; i <cnt; i--) a[i] += a[i+1]; Do Use For: Multiprecision or modular arithmetic Need extra bits' range, right up to limit of word size Represent sets A Programmer's Perspective Based on class notes by Bryant and O'Hallaron 54
C Puzzle Answers Assume machine with 32 bit word size, two s comp. integers TMin makes a good counterexample in many cases x < 0 ((x*2) < 0) ux >= 0 (x & 7) == 7 (x<<30) < 0 ux > -1 x > y -x < -y x * x >= 0 int x = foo(); int y = bar(); unsigned ux = x; unsigned uy = y; x > 0 && y > 0 x + y > 0 x >= 0 -x <= 0 x <= 0 -x >= 0 A Programmer's Perspective Based on class notes by Bryant and O'Hallaron 55
C Puzzle Answers Assume machine with 32 bit word size, two s comp. integers TMin makes a good counterexample in many cases x < 0 ((x*2) < 0) False: TMin ux >= 0 True: 0 = UMin (x & 7) == 7 (x<<30) < 0 True: x 1 = 1 ux > -1 False: 0 x > y -x < -y False: -1, TMin x * x >= 0 False: x=65535 x > 0 && y > 0 x + y > 0 False: TMax, TMax x >= 0 -x <= 0 True: TMax < 0 x <= 0 -x >= 0 False: TMin A Programmer's Perspective Based on class notes by Bryant and O'Hallaron 56
A Programmer's Perspective Based on class notes by Bryant and O'Hallaron 57
Byte-Oriented Memory Organization Programs Refer to Virtual Addresses Conceptually very large array of bytes Implemented with hierarchy of different memory types SRAM, DRAM, disk In Unix and Windows NT, address space private to process Program can clobber its own data, but not that of others You will see this again, in much more detail Compiler + Run-Time System Control Allocation Where different program objects should be stored Multiple mechanisms: static, stack, and heap In any case, all allocation within single virtual address space You will see this again, in much more detail A Programmer's Perspective Based on class notes by Bryant and O'Hallaron 58
Word-Oriented Memory Organization Addresses Specify Byte Locations Address of first byte in word Addresses of successive words differ by 4 (32-bit) or 8 (64-bit) 32-bit Words Addr = 0000?? Addr = 0004?? Addr = 0008?? Addr = 0012?? 64-bit Words Addr = 0000?? Addr = 0008?? Bytes Addr. 0000 0001 0002 0003 0004 0005 0006 0007 0008 0009 0010 0011 0012 0013 0014 0015 A Programmer's Perspective Based on class notes by Bryant and O'Hallaron 59
Byte Ordering How should bytes within multi-byte word be ordered in memory? Conventions Sun s, Mac s are Big Endian machines Least significant byte has highest address Alphas, PC s are Little Endian machines Least significant byte has lowest address A Programmer's Perspective Based on class notes by Bryant and O'Hallaron 60
Byte Ordering Example Big Endian Least significant byte has highest address Little Endian Least significant byte has lowest address Example Variable x has 4-byte representation 0x01234567 Address given by &x is 0x100 Big Endian Little Endian 0x100 0x101 0x102 0x103 01 23 45 67 0x100 0x101 0x102 0x103 67 45 23 01 A Programmer's Perspective Based on class notes by Bryant and O'Hallaron 61
Reading Byte-Reversed Listings Disassembly Text representation of binary machine code Generated by program that reads the machine code Example Fragment Address Instruction Code Assembly Rendition 8048365: 5b pop %ebx 8048366: 81 c3 ab 12 00 00 add $0x12ab,%ebx 804836c: 83 bb 28 00 00 00 00 cmpl $0x0,0x28(%ebx) Deciphering Numbers Value: Pad to 4 bytes: Split into bytes: 0x12ab 0x000012ab Reverse: ab 12 00 00 00 00 12 ab A Programmer's Perspective Based on class notes by Bryant and O'Hallaron 62
Examining Data Representations Code to Print Byte Representation of Data Casting pointer to unsigned char * creates byte array typedef unsigned char *pointer; void show_bytes(pointer start, int len) { int i; for (i = 0; i < len; i++) printf("0x%p\t0x%.2x\n", start+i, start[i]); printf("\n"); } Printf directives: %p: Print pointer %x: Print Hexadecimal A Programmer's Perspective Based on class notes by Bryant and O'Hallaron 63
show_bytes Execution Example int a = 15213; printf("int a = 15213;\n"); show_bytes((pointer) &a, sizeof(int)); Result (Linux): int a = 15213; 0x11ffffcb8 0x6d 0x11ffffcb9 0x3b 0x11ffffcba 0x00 0x11ffffcbb 0x00 A Programmer's Perspective Based on class notes by Bryant and O'Hallaron 64
Representing Integers int A = 15213; int B = -15213; long int C = 15213; Decimal: 15213 Binary: 0011 1011 0110 1101 Hex: 3 B 6 D Alpha A Sun A ia32 C Alpha C Sun C 6D 3B 00 00 00 00 3B 6D 6D 3B 00 00 6D 3B 00 00 00 00 3B 6D 00 Alpha B Sun B 00 93 C4 FF FF 00 00 FF C4 FF 93 Two s complement representation A Programmer's Perspective Based on class notes by Bryant and O'Hallaron 65
Representing Pointers int B = -15213; int *P = &B; Alpha Address Hex:... 0 1 F F F F F C A 0 Binary: 0000 0001 1111 1111 1111 1111 1111 1100 1010 0000 Sun P EF FF FB 2C Sun Address Hex: E F F F F B 2 C Binary: 1110 1111 1111 1111 1111 1011 0010 1100 Linux Address Hex: B F F F F 8 D 4 Binary: 1011 1111 1111 1111 1111 1000 1101 0100 Different compilers & machines assign different locations to objects Alpha P A Programmer's Perspective Based on class notes by Bryant and O'Hallaron 66 A0 FC FF FF 01 00 00 00 Linux P D4 F8 FF BF
A Programmer's Perspective Based on class notes by Bryant and O'Hallaron 67
Code Security Example /* Kernel memory region holding user-accessible data */ #define KSIZE 1024 char kbuf[ksize]; /* Copy at most maxlen bytes from kernel region to user buffer */ int copy_from_kernel(void *user_dest, int maxlen) { /* Byte count len is minimum of buffer size and maxlen */ int len = KSIZE < maxlen? KSIZE : maxlen; memcpy(user_dest, kbuf, len); return len; } Similar to code found in FreeBSD s implementation of getpeername There are legions of smart people trying to find vulnerabilities in programs A Programmer's Perspective Based on class notes by Bryant and O'Hallaron 68
Typical Usage /* Kernel memory region holding user-accessible data */ #define KSIZE 1024 char kbuf[ksize]; /* Copy at most maxlen bytes from kernel region to user buffer */ int copy_from_kernel(void *user_dest, int maxlen) { /* Byte count len is minimum of buffer size and maxlen */ int len = KSIZE < maxlen? KSIZE : maxlen; memcpy(user_dest, kbuf, len); return len; } #define MSIZE 528 void getstuff() { char mybuf[msize]; copy_from_kernel(mybuf, MSIZE); printf( %s\n, mybuf); } A Programmer's Perspective Based on class notes by Bryant and O'Hallaron 69
Malicious Usage /* Kernel memory region holding user-accessible data */ #define KSIZE 1024 char kbuf[ksize]; /* Copy at most maxlen bytes from kernel region to user buffer */ int copy_from_kernel(void *user_dest, int maxlen) { /* Byte count len is minimum of buffer size and maxlen */ int len = KSIZE < maxlen? KSIZE : maxlen; memcpy(user_dest, kbuf, len); return len; } #define MSIZE 528 /* Declaration of library function memcpy */ void *memcpy(void *dest, void *src, size_t n); void getstuff() { char mybuf[msize]; copy_from_kernel(mybuf, -MSIZE);... } A Programmer's Perspective Based on class notes by Bryant and O'Hallaron 70
Code Security Example #2 SUN XDR library Widely used library for transferring data between machines void* copy_elements(void *ele_src[], int ele_cnt, size_t ele_size); ele_src malloc(ele_cnt * ele_size) A Programmer's Perspective Based on class notes by Bryant and O'Hallaron 71
XDR Code void* copy_elements(void *ele_src[], int ele_cnt, size_t ele_size) { /* * Allocate buffer for ele_cnt objects, each of ele_size bytes * and copy from locations designated by ele_src */ void *result = malloc(ele_cnt * ele_size); if (result == NULL) /* malloc failed */ return NULL; void *next = result; int i; for (i = 0; i < ele_cnt; i++) { /* Copy object i to destination */ memcpy(next, ele_src[i], ele_size); /* Move pointer to next memory region */ next += ele_size; } return result; } A Programmer's Perspective Based on class notes by Bryant and O'Hallaron 72
XDR Vulnerability malloc(ele_cnt * ele_size) What if: ele_cnt = 2 20 + 1 ele_size = 4096 = 2 12 Allocation =?? How can I make this function secure? A Programmer's Perspective Based on class notes by Bryant and O'Hallaron 73
Main Points Boolean Algebra is Mathematical Basis Basic form encodes false as 0, true as 1 General form like bit-level operations in C Good for representing & manipulating sets It s All About Bits & Bytes Numbers, text, programs Different Machines Follow Different Conventions Representations Word size Byte ordering A Programmer's Perspective Based on class notes by Bryant and O'Hallaron 74
שאלות? A Programmer's Perspective Based on class notes by Bryant and O'Hallaron 75