1 / 45

Practice: Week6

Practice: Week6. Problem 1. Byte Ordering. Implement a function is_little_endian(), which returns 1 if it is running on little-endian machine and 0 if it is running on big-endian machine. (This function should be able to run on any machine regardless of difference of word size.).

vartan
Télécharger la présentation

Practice: Week6

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Practice: Week6

  2. Problem 1

  3. Byte Ordering Implement a function is_little_endian(), which returns 1 if it is running on little-endian machine and 0 if it is running on big-endian machine. (This function should be able to run on any machine regardless of difference of word size.)

  4. Byte Ordering Implement a function is_little_endian(), which returns 1 if it is running on little-endian machine and 0 if it is running on big-endian machine. (This function should be able to run on any machine regardless of difference of word size.) int is_little_endian() { int x=1; return (int)(*(char *)&x); }

  5. Problem 2

  6. Conversions Between Signed and Unsigned We are running programs on a machine where values of type int are 32 bits. They are represented in two’s complement, and they are right shifted arithmetically. Values of type unsigned are also 32 bits. We generate arbitrary values x and y, and convert them to unsigned values as follows: /* Create some arbitrary values */ int x = random(); int y = random(); /* Convert to unsigned */ unsigned ux = (unsigned)x; unsigned uy = (unsigned)y;

  7. Conversions Between Signed and Unsigned For each of the following C expressions, you are to indicate whether or not the expression always yields 1. If it always yields 1, describe the underlying mathematical principles. Otherwise, give an example of arguments that make it yield 0. A. (x>y) == (-x<-y) B. ((x+y)<<5) + x-y == 31*y+33*x C. ~x+ ~y == ~(x+y) D. (int) (ux-uy) == -(y-x) E. ((x >> 1) << 1) <= x

  8. Conversions Between Signed and Unsigned A. (x>y) == (-x<-y). No Let x = TMin32, y = 0.

  9. Conversions Between Signed and Unsigned A. (x>y) == (-x<-y). No Let x = TMin32, y = 0. B. ((x+y)<<5) + x-y == 31*y+33*x. Yes from the ring properties of two’s complement arithmetic.

  10. Conversions Between Signed and Unsigned A. (x>y) == (-x<-y). No Let x = TMin32, y = 0. B. ((x+y)<<5) + x-y == 31*y+33*x. Yes from the ring properties of two’s complement arithmetic. C. ~x+ ~y == ~(x+y). No letx= 0,y= 0.

  11. Conversions Between Signed and Unsigned A. (x>y) == (-x<-y). No Let x = TMin32, y = 0. B. ((x+y)<<5) + x-y == 31*y+33*x. Yes from the ring properties of two’s complement arithmetic. C. ~x+ ~y == ~(x+y). No letx= 0,y= 0. D. (int) (ux-uy) == -(y-x). Yes Due to the isomorphism between two’s complement and unsigned arithmetic.

  12. Conversions Between Signed and Unsigned A. (x>y) == (-x<-y). No Let x = TMin32, y = 0. B. ((x+y)<<5) + x-y == 31*y+33*x. Yes from the ring properties of two’s complement arithmetic. C. ~x+ ~y == ~(x+y). No letx= 0,y= 0. D. (int) (ux-uy) == -(y-x). Yes Due to the isomorphism between two’s complement and unsigned arithmetic. E. ((x >> 1) << 1) <= x. Yes Right shift rounds toward minus infinity.

  13. Problem 3

  14. Bit Operations /* [absValue] * – Calculate the absolute value of x * * Example: absValue(5) = 5, absValue(-29) = 29 * Legal ops: ~ & ^ | - << >> */ int absValue(int x) { /* Please fill your code*/ return ret; }

  15. Bit Operations /* [absValue] * – Calculate the absolute value of x * * Example: absValue(5) = 5, absValue(-29) = 29 * Legal ops: ~ & ^ | - << >> */ int absValue(int x) { /* Please fill your code*/ int mask = X >> 31 return (x ^ mask) – mask; }

  16. Problem 4

  17. 1. 32-bit little endian machine 2. 4 byte size and hex 3. Each operation take effect on the memory and register

  18. 1. 32-bit little endian machine 2. 4 byte size and hex 3. Each operation take effect on the memory and register

  19. 1. 32-bit little endian machine 2. 4 byte size and hex 3. Each operation take effect on the memory and register

  20. 1. 32-bit little endian machine 2. 4 byte size and hex 3. Each operation take effect on the memory and register

  21. 1. 32-bit little endian machine 2. 4 byte size and hex 3. Each operation take effect on the memory and register

  22. 1. 32-bit little endian machine 2. 4 byte size and hex 3. Each operation take effect on the memory and register

  23. 1. 32-bit little endian machine 2. 4 byte size and hex 3. Each operation take effect on the memory and register

  24. 1. 32-bit little endian machine 2. 4 byte size and hex 3. Each operation take effect on the memory and register

  25. 1. 32-bit little endian machine 2. 4 byte size and hex 3. Each operation take effect on the memory and register

  26. 1. 32-bit little endian machine 2. 4 byte size and hex 3. Each operation take effect on the memory and register

  27. 1. 32-bit little endian machine 2. 4 byte size and hex 3. Each operation take effect on the memory and register

  28. 1. 32-bit little endian machine 2. 4 byte size and hex 3. Each operation take effect on the memory and register

  29. 1. 32-bit little endian machine 2. 4 byte size and hex 3. Each operation take effect on the memory and register

  30. 1. 32-bit little endian machine 2. 4 byte size and hex 3. Each operation take effect on the memory and register

  31. 1. 32-bit little endian machine 2. 4 byte size and hex 3. Each operation take effect on the memory and register

  32. 1. 32-bit little endian machine 2. 4 byte size and hex 3. Each operation take effect on the memory and register

  33. Problem 5

  34. Switch Suppose the following C code and assembly code are executed on a 32-bit little endian machine. Read the code and answer the following questions: int switch_example(int op, int a, int b){ int result; switch (op) { case80: result = a * 5; break; case_[1]_: result = b + 10; break; case83: result = b >> 2; break; case_[2]_: case_[3]_: if (_[4]_) result = _[5]_; else result = _[6]_; break; default: result = 0; break; } return result; }

  35. L6: movl 12(%ebp), %eax cmpl 16(%ebp), %eax jge __[14]__ movl 12(%ebp), %eax subl $3, %eax movl %eax, -4(%ebp) jmp L11 L9: movl 16(%ebp), %eax imull $4, %eax movl %eax, -4(%ebp) jmp L11 L2: movl $0, -4(%ebp) L11: movl -4(%ebp), %eax leave ret Switch _switch_example: pushl %ebp movl %esp, %ebp subl $16, %esp movl 8(%ebp), %eax subl __[10]__, %eax cmpl __[11]__, %eax ja __[12]__ jmp __[13]__ L3: movl 12(%ebp), %eax imull $5, %eax movl %eax, -4(%ebp) jmp L11 L4: movl 16(%ebp), %eax addl $10, %eax movl %eax, -4(%ebp) jmp L11 L5: movl 16(%ebp), %eax sarl $2, %eax movl %eax, -4(%ebp) jmp L11 .section .rodata .align 4 L7: .long L3 .long L2 .long L4 .long _[7]_ .long _[8]_ .long L2 .long L2 .long _[9]_ op at %ebp+8 a at %ebp+12 b at %ebp+16 result at %ebp-4

  36. L6: movl 12(%ebp), %eax cmpl 16(%ebp), %eax jge __[14]__ movl 12(%ebp), %eax subl $3, %eax movl %eax, -4(%ebp) jmp L11 L9: movl 16(%ebp), %eax imull $4, %eax movl %eax, -4(%ebp) jmp L11 L2: movl $0, -4(%ebp) L11: movl -4(%ebp), %eax leave ret _switch_example: pushl %ebp movl %esp, %ebp subl $16, %esp movl 8(%ebp), %eax subl __[10]__, %eax cmpl __[11]__, %eax ja __[12]__ jmp __[13]__ L3: movl 12(%ebp), %eax imull $5, %eax movl %eax, -4(%ebp) jmp L11 L4: movl 16(%ebp), %eax addl $10, %eax movl %eax, -4(%ebp) jmp L11 L5: movl 16(%ebp), %eax sarl $2, %eax movl %eax, -4(%ebp) jmp L11 .section .rodata .align 4 L7: .long L3 .long L2 .long L4 .long _[7]_ .long _[8]_ .long L2 .long L2 .long _[9]_ Please explain the advantage and limitation of “Jump Table”, and provide a simple code which is not suitable to be translated into a “Jump Table”

  37. Security vulnerability in the XDR library “Aside Security vulnerability in the XDR library” Answer: practice problem 2.37 void *result = malloc(ele_cnt * ele_size); if (result == NULL) /* malloc failed */ return NULL;

  38. Security vulnerability in the XDR library “Aside Security vulnerability in the XDR library” Answer: practice problem 2.37 long long unsigned asize = ele_cnt * (long long unsigned) ele_size; void *result = malloc(asize); if (result == NULL) /* malloc failed */ return NULL;

  39. Security vulnerability in the XDR library “Aside Security vulnerability in the XDR library” Answer: practice problem 2.37 long long unsigned required_size = ele_cnt * (long long unsigned) ele_size; size_t request_size = (size_t) required_size; if (required_size != request_size) /* Overflow must have occurred. Abort */ return NULL; void *result = malloc(request_size); if (result == NULL) /* malloc failed */ return NULL;

  40. Advanced Topic: Integer Security Buffer Overflow: Array allocation “malloc(n * size)” Overflow: 2^30 * 2^3 = 0 Smaller buffer than expected Memory corruption: iphone jaibreak (CVE-2011-0226)

  41. Advanced Topic: Integer Security Logical Bug Linux kernel OOM killer (CVE-2011-4097) Compute “memory usage score” for each process kill process with the highest score Score: nr_pages * 1000 / nr_totalpages Malicious process consume too much memory  a low score trick the kernel into killing innocent process

  42. Advanced Topic: Integer Security An emerging threat 2007 CVE survey: “integer overflows, barely in the top 10 overall in the past few years, are number 2 for OS vender advisories, behind buffer overflow” 2010 ~ early 2011 CVE survey: Linux kernel More than 1/3 of serious bugs are integer errors

  43. Advanced Topic: Integer Security What’s wrong? From: linux driver/gpu/drm/vmwgfx/vmwgfx_kms.c u32 pitch = /*from user space*/ u32 height = /*from user space*/ u32 size = pitch * height; if (size > vram_size) return;

  44. Advanced Topic: Integer Security What’s wrong? From: linux driver/gpu/drm/vmwgfx/vmwgfx_kms.c u32 pitch = /*from user space*/ u32 height = /*from user space*/ u32 size = pitch * height; if (size > vram_size) return; Patch: use 64 bits? u64 size = pitch * height; if (size > vram_size) return;

  45. Advanced Topic: Integer Security What’s wrong? From: linux driver/gpu/drm/vmwgfx/vmwgfx_kms.c u32 pitch = /*from user space*/ u32 height = /*from user space*/ u32 size = pitch * height; if (size > vram_size) return; Patch2: convert pitch and height to u64 first! u64 size = (u64)pitch * (u64)height; if (size > vram_size) return;

More Related