Staticdeps: partial writeup
This commit is contained in:
parent
1efc2ab81b
commit
34419beeef
3 changed files with 139 additions and 22 deletions
|
|
@ -27,7 +27,7 @@
|
|||
\end{frame}
|
||||
|
||||
\begin{frame}[fragile]{An example: memoized Fibonacci sequence}
|
||||
\begin{minipage}[t]{0.46\textwidth}
|
||||
\begin{minipage}[c]{0.46\textwidth}
|
||||
\begin{lstlisting}[language=C]
|
||||
int fibo(int* F, int n) {
|
||||
for(int i=2; i <= n; ++i) {
|
||||
|
|
@ -36,9 +36,10 @@ int fibo(int* F, int n) {
|
|||
return F[n];
|
||||
}
|
||||
\end{lstlisting}
|
||||
\end{minipage}\hfill
|
||||
\begin{minipage}[t]{0.46\textwidth}
|
||||
\begin{lstlisting}[language={[x86masm]Assembler}]
|
||||
\end{minipage}\hfill\begin{minipage}[c]{0.06\textwidth}
|
||||
\contour{black}{$\longrightarrow$}
|
||||
\end{minipage}\hfill\begin{minipage}[c]{0.40\textwidth}
|
||||
\begin{lstlisting}[language={[x86masm]Assembler}, numbers=none]
|
||||
0: mov (%rax),%edx
|
||||
1: add 0x4(%rax),%edx
|
||||
2: mov %edx,0x8(%rax)
|
||||
|
|
@ -49,34 +50,136 @@ int fibo(int* F, int n) {
|
|||
\end{minipage}
|
||||
\end{frame}
|
||||
|
||||
\begin{frame}
|
||||
\begin{frame}[fragile]
|
||||
\vspace{1cm}
|
||||
\newcommand{\unk}{{\color{gray}?}}
|
||||
\newcommand{\h}{\cellcolor[HTML]{D0ECFF}}
|
||||
\newcommand{\w}{\cellcolor[HTML]{d6bf86}}
|
||||
\newcommand{\dep}[1]{{\color{red}$\veryshortarrow$\,#1}}
|
||||
\begin{columns}
|
||||
\column{\dimexpr\paperwidth-8pt}
|
||||
\centering
|
||||
\hfill\begin{minipage}{0.29\textwidth}
|
||||
{\footnotesize
|
||||
\begin{tabular}{c c c}
|
||||
Mem. read\h & & Mem. write\w \\
|
||||
\end{tabular}
|
||||
}
|
||||
\vspace{1em}
|
||||
\vfill
|
||||
\begin{lstlisting}[language={[x86masm]Assembler}, numbers=none]
|
||||
0: mov (%rax),%edx
|
||||
1: add 0x4(%rax),%edx
|
||||
2: mov %edx,0x8(%rax)
|
||||
3: add $0x4,%rax
|
||||
4: cmp %rcx,%rax
|
||||
5: jne 0
|
||||
\end{lstlisting}
|
||||
\end{minipage}\hfill
|
||||
\begin{minipage}{0.69\textwidth}
|
||||
\centering
|
||||
\footnotesize
|
||||
\begin{tabular}{r c c c c c c c c c c c c c c}
|
||||
\begin{tabular}{c c c c c c c c c l}
|
||||
\toprule
|
||||
\textbf{Before}
|
||||
& [0,0] & [0,1] & [0,2] & [0,3] & [0,4] & [0,5]
|
||||
& & [1,1] & [1,2] & [1,3]
|
||||
& & [2,1] & [2,2] & [2,3] \\
|
||||
\textbf{Before} & \multicolumn{2}{c}{\textbf{Registers}} &&
|
||||
\multicolumn{5}{c}{\textbf{Memory}} & \textbf{Dep}\\
|
||||
\textbf{instr} & \reg{rax} & \reg{edx}
|
||||
&& \texttt{100} & \texttt{104} & \texttt{108} & \texttt{112} & \texttt{116} & \\
|
||||
\midrule
|
||||
\textbf{Regs} & & & & & & & & & &\\
|
||||
\reg{rax} & \unk & 100 & 100 & 100 & 104 & 104 && 104 & 104 & 104 && 108 & 108 & 108 \\
|
||||
\reg{edx} & \unk & 200 & 376 & 376 & 376 & 376 && 176 & 552 & 552 && 376 & 928 & 928 \\
|
||||
\reg{rcx} & \unk & \unk & \unk& \unk& \unk& 42 && 42 & 42 & 42 && 42 & 42 & 42 \\
|
||||
0,0 & \unk& \unk&& \unk & \unk & \unk & \unk & \unk & \\
|
||||
\pause{}
|
||||
0,1 & 100 & 200 && 200\h& \unk & \unk & \unk & \unk & \\
|
||||
\pause{}
|
||||
0,2 & 100 & 376 && 200 & 176\h& \unk & \unk & \unk & \\
|
||||
\pause{}
|
||||
0,3 & 100 & 376 && 200 & 176 & 376\w& \unk & \unk & \\
|
||||
\pause{}
|
||||
0,4 & \alert{104} & 376 && 200 & 176 & 376 & \unk & \unk & \\
|
||||
0,5 & 100 & 376 && 200 & 176 & 376 & \unk & \unk & \\
|
||||
\midrule
|
||||
\textbf{Mem} & & & & & & & & & &\\
|
||||
\texttt{100} & \unk & 200\h& 200 & 200 & 200 & 200 && 200 & 200 & 200 && 200 & 200 & 200 \\
|
||||
\texttt{104} & \unk & \unk & 176\h& 176 & 176 & 176 && 176\h& 176 & 176 && 176 & 176 & 176 \\
|
||||
\texttt{108} & \unk & \unk & \unk & 376\w& 376 & 376 && 376 & 376\h& 376 && 376\h& 376 & 376 \\
|
||||
\texttt{112} & \unk & \unk & \unk & \unk & \unk& \unk&& \unk & \unk & 552\w&& 552 & 552\h& 552 \\
|
||||
\texttt{116} & \unk & \unk & \unk & \unk & \unk& \unk&& \unk & \unk & \unk && \unk & \unk & 928\w\\
|
||||
%\texttt{116} & \unk & \unk& \unk& \unk& \unk& \unk& & & \\
|
||||
\bottomrule
|
||||
\pause{}
|
||||
1,1 & 104 & \alert{176} && 200 & 176\h& 376 & \unk & \unk & \\
|
||||
\pause{}
|
||||
1,2 & 104 & \alert{552} && 200 & 176 & 376\h& \unk & \unk & \dep{-1,3}\\
|
||||
\pause{}
|
||||
1,3 & 104 & 552 && 200 & 176 & 376 & 552\w& \unk & \\
|
||||
\midrule
|
||||
\pause{}
|
||||
2,1 & 108 & \alert{376} && 200 & 176 & 376\h& 552 & \unk & \dep{-2,2}\\
|
||||
\pause{}
|
||||
2,2 & 108 & \alert{928} && 200 & 176 & 376 & 552\h& \unk & \dep{-1,3}\\
|
||||
\pause{}
|
||||
2,3 & 108 & 928 && 200 & 176 & 376 & 552 & 928\w &\\
|
||||
\bottomrule{}
|
||||
\end{tabular}
|
||||
\end{minipage}\hfill
|
||||
\end{columns}
|
||||
\let\unk\unefined
|
||||
\let\h\unefined
|
||||
\let\w\unefined
|
||||
\let\dep\unefined
|
||||
|
||||
\end{frame}
|
||||
|
||||
\begin{frame}{Practical implementation}
|
||||
\begin{itemize}
|
||||
\item Python code
|
||||
\item Reads asm / elf / symbol in elf
|
||||
\item Disassembly: \texttt{capstone}
|
||||
\item Semantics: \texttt{VEX} (aka Valgrind)
|
||||
\end{itemize}
|
||||
|
||||
\begin{center}
|
||||
$\leadsto$ fast-ish; supports many architectures
|
||||
\end{center}
|
||||
\end{frame}
|
||||
|
||||
\begin{frame}{Limitations}
|
||||
\begin{itemize}
|
||||
\item Randomness may generate false positives
|
||||
\begin{itemize}
|
||||
\item Very unlikely: $2^{64}$ vs. $\sim~10^{4}$
|
||||
\item If needed, amplify (run twice)
|
||||
\end{itemize}
|
||||
\item No false negatives caused by randomness, however
|
||||
|
||||
\bigskip
|
||||
\item Unaware of context: \emph{assumes no pointers alias}
|
||||
\begin{itemize}
|
||||
\item Intrinsic limitation of block-based code analyzers
|
||||
\item Future works: abstract interpretation?
|
||||
\end{itemize}
|
||||
\end{itemize}
|
||||
\end{frame}
|
||||
|
||||
\begin{frame}{Evaluation: coverage}
|
||||
\begin{itemize}
|
||||
\item Baseline: instrumentation (extract deps at runtime)
|
||||
\item On all \cesasme{} benchmarks
|
||||
\end{itemize}
|
||||
\begin{minipage}{0.4\textwidth}
|
||||
\[
|
||||
\cov_u =
|
||||
\frac{\card{\text{found}}}{\card{\text{found}}+\card{\text{missed}}}
|
||||
\]
|
||||
\end{minipage}\hfill
|
||||
\begin{minipage}{0.4\textwidth}
|
||||
\[
|
||||
\cov_w =
|
||||
\frac{\sum_{d\in\text{found}}\rho_d}
|
||||
{\sum_{d\in\text{found}~\cup~\text{missed}}\rho_d}
|
||||
\]
|
||||
\end{minipage}
|
||||
|
||||
\vfill
|
||||
|
||||
\begin{center}
|
||||
\begin{tabular}{r r}
|
||||
\toprule
|
||||
$\cov_u$ (\%) & $\cov_w$ (\%) \\
|
||||
\midrule
|
||||
\alert{94.4} & \alert{98.3} \\
|
||||
\bottomrule
|
||||
\end{tabular}
|
||||
\end{center}
|
||||
\end{frame}
|
||||
|
|
|
|||
|
|
@ -78,6 +78,18 @@
|
|||
\newcommand{\ktau}{\tau_K}
|
||||
\newcommand{\na}{{\color{gray}N/A}}
|
||||
|
||||
% Very short arrow -- thanks https://tex.stackexchange.com/a/395049
|
||||
\makeatletter
|
||||
\DeclareRobustCommand{\veryshortarrow}{%
|
||||
\mathrel{\mathpalette\short@to\relax}%
|
||||
}
|
||||
|
||||
\newcommand{\short@to}[2]{%
|
||||
\mkern2mu
|
||||
\clipbox{{.5\width} 0 0 0}{$\m@th#1\vphantom{+}{\shortrightarrow}$}%
|
||||
}
|
||||
\makeatother
|
||||
|
||||
% Hyperlinks
|
||||
\newcommand{\pymodule}[1]{\href{https://docs.python.org/3/library/#1.html}{\lstpython{#1}}}
|
||||
|
||||
|
|
|
|||
|
|
@ -19,6 +19,8 @@
|
|||
\usepackage[bottom]{footmisc} % footnotes are below floats
|
||||
\usepackage[final]{microtype}
|
||||
\usepackage{tikz} % Alas.
|
||||
\usepackage[outline]{contour}
|
||||
\usepackage{trimclip}
|
||||
|
||||
% Local sty files
|
||||
\usepackage{include/my_listings}
|
||||
|
|
|
|||
Loading…
Reference in a new issue