From 34419beeefc082204cd6f9507eafcdcb0b0a9718 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Th=C3=A9ophile=20Bastian?= Date: Wed, 27 Nov 2024 10:46:35 +0100 Subject: [PATCH] Staticdeps: partial writeup --- slides/50_staticdeps/main.tex | 147 +++++++++++++++++++++++++++++----- slides/include/macros.tex | 12 +++ slides/include/packages.tex | 2 + 3 files changed, 139 insertions(+), 22 deletions(-) diff --git a/slides/50_staticdeps/main.tex b/slides/50_staticdeps/main.tex index a550718..b57f182 100644 --- a/slides/50_staticdeps/main.tex +++ b/slides/50_staticdeps/main.tex @@ -27,7 +27,7 @@ \end{frame} \begin{frame}[fragile]{An example: memoized Fibonacci sequence} - \begin{minipage}[t]{0.46\textwidth} + \begin{minipage}[c]{0.46\textwidth} \begin{lstlisting}[language=C] int fibo(int* F, int n) { for(int i=2; i <= n; ++i) { @@ -36,9 +36,10 @@ int fibo(int* F, int n) { return F[n]; } \end{lstlisting} - \end{minipage}\hfill - \begin{minipage}[t]{0.46\textwidth} -\begin{lstlisting}[language={[x86masm]Assembler}] +\end{minipage}\hfill\begin{minipage}[c]{0.06\textwidth} +\contour{black}{$\longrightarrow$} +\end{minipage}\hfill\begin{minipage}[c]{0.40\textwidth} +\begin{lstlisting}[language={[x86masm]Assembler}, numbers=none] 0: mov (%rax),%edx 1: add 0x4(%rax),%edx 2: mov %edx,0x8(%rax) @@ -49,34 +50,136 @@ int fibo(int* F, int n) { \end{minipage} \end{frame} -\begin{frame} +\begin{frame}[fragile] + \vspace{1cm} \newcommand{\unk}{{\color{gray}?}} \newcommand{\h}{\cellcolor[HTML]{D0ECFF}} \newcommand{\w}{\cellcolor[HTML]{d6bf86}} + \newcommand{\dep}[1]{{\color{red}$\veryshortarrow$\,#1}} +\begin{columns} +\column{\dimexpr\paperwidth-8pt} + \centering + \hfill\begin{minipage}{0.29\textwidth} + {\footnotesize + \begin{tabular}{c c c} + Mem. read\h & & Mem. write\w \\ + \end{tabular} + } + \vspace{1em} + \vfill + \begin{lstlisting}[language={[x86masm]Assembler}, numbers=none] +0: mov (%rax),%edx +1: add 0x4(%rax),%edx +2: mov %edx,0x8(%rax) +3: add $0x4,%rax +4: cmp %rcx,%rax +5: jne 0 +\end{lstlisting} + \end{minipage}\hfill + \begin{minipage}{0.69\textwidth} \centering \footnotesize - \begin{tabular}{r c c c c c c c c c c c c c c} + \begin{tabular}{c c c c c c c c c l} \toprule - \textbf{Before} - & [0,0] & [0,1] & [0,2] & [0,3] & [0,4] & [0,5] - & & [1,1] & [1,2] & [1,3] - & & [2,1] & [2,2] & [2,3] \\ + \textbf{Before} & \multicolumn{2}{c}{\textbf{Registers}} && + \multicolumn{5}{c}{\textbf{Memory}} & \textbf{Dep}\\ + \textbf{instr} & \reg{rax} & \reg{edx} + && \texttt{100} & \texttt{104} & \texttt{108} & \texttt{112} & \texttt{116} & \\ \midrule - \textbf{Regs} & & & & & & & & & &\\ - \reg{rax} & \unk & 100 & 100 & 100 & 104 & 104 && 104 & 104 & 104 && 108 & 108 & 108 \\ - \reg{edx} & \unk & 200 & 376 & 376 & 376 & 376 && 176 & 552 & 552 && 376 & 928 & 928 \\ - \reg{rcx} & \unk & \unk & \unk& \unk& \unk& 42 && 42 & 42 & 42 && 42 & 42 & 42 \\ + 0,0 & \unk& \unk&& \unk & \unk & \unk & \unk & \unk & \\ + \pause{} + 0,1 & 100 & 200 && 200\h& \unk & \unk & \unk & \unk & \\ + \pause{} + 0,2 & 100 & 376 && 200 & 176\h& \unk & \unk & \unk & \\ + \pause{} + 0,3 & 100 & 376 && 200 & 176 & 376\w& \unk & \unk & \\ + \pause{} + 0,4 & \alert{104} & 376 && 200 & 176 & 376 & \unk & \unk & \\ + 0,5 & 100 & 376 && 200 & 176 & 376 & \unk & \unk & \\ \midrule - \textbf{Mem} & & & & & & & & & &\\ - \texttt{100} & \unk & 200\h& 200 & 200 & 200 & 200 && 200 & 200 & 200 && 200 & 200 & 200 \\ - \texttt{104} & \unk & \unk & 176\h& 176 & 176 & 176 && 176\h& 176 & 176 && 176 & 176 & 176 \\ - \texttt{108} & \unk & \unk & \unk & 376\w& 376 & 376 && 376 & 376\h& 376 && 376\h& 376 & 376 \\ - \texttt{112} & \unk & \unk & \unk & \unk & \unk& \unk&& \unk & \unk & 552\w&& 552 & 552\h& 552 \\ - \texttt{116} & \unk & \unk & \unk & \unk & \unk& \unk&& \unk & \unk & \unk && \unk & \unk & 928\w\\ - %\texttt{116} & \unk & \unk& \unk& \unk& \unk& \unk& & & \\ - \bottomrule + \pause{} + 1,1 & 104 & \alert{176} && 200 & 176\h& 376 & \unk & \unk & \\ + \pause{} + 1,2 & 104 & \alert{552} && 200 & 176 & 376\h& \unk & \unk & \dep{-1,3}\\ + \pause{} + 1,3 & 104 & 552 && 200 & 176 & 376 & 552\w& \unk & \\ + \midrule + \pause{} + 2,1 & 108 & \alert{376} && 200 & 176 & 376\h& 552 & \unk & \dep{-2,2}\\ + \pause{} + 2,2 & 108 & \alert{928} && 200 & 176 & 376 & 552\h& \unk & \dep{-1,3}\\ + \pause{} + 2,3 & 108 & 928 && 200 & 176 & 376 & 552 & 928\w &\\ + \bottomrule{} \end{tabular} + \end{minipage}\hfill +\end{columns} \let\unk\unefined \let\h\unefined \let\w\unefined + \let\dep\unefined + +\end{frame} + +\begin{frame}{Practical implementation} + \begin{itemize} + \item Python code + \item Reads asm / elf / symbol in elf + \item Disassembly: \texttt{capstone} + \item Semantics: \texttt{VEX} (aka Valgrind) + \end{itemize} + + \begin{center} + $\leadsto$ fast-ish; supports many architectures + \end{center} +\end{frame} + +\begin{frame}{Limitations} + \begin{itemize} + \item Randomness may generate false positives + \begin{itemize} + \item Very unlikely: $2^{64}$ vs. $\sim~10^{4}$ + \item If needed, amplify (run twice) + \end{itemize} + \item No false negatives caused by randomness, however + + \bigskip + \item Unaware of context: \emph{assumes no pointers alias} + \begin{itemize} + \item Intrinsic limitation of block-based code analyzers + \item Future works: abstract interpretation? + \end{itemize} + \end{itemize} +\end{frame} + +\begin{frame}{Evaluation: coverage} + \begin{itemize} + \item Baseline: instrumentation (extract deps at runtime) + \item On all \cesasme{} benchmarks + \end{itemize} + \begin{minipage}{0.4\textwidth} + \[ + \cov_u = + \frac{\card{\text{found}}}{\card{\text{found}}+\card{\text{missed}}} + \] + \end{minipage}\hfill + \begin{minipage}{0.4\textwidth} + \[ + \cov_w = + \frac{\sum_{d\in\text{found}}\rho_d} + {\sum_{d\in\text{found}~\cup~\text{missed}}\rho_d} + \] + \end{minipage} + + \vfill + + \begin{center} + \begin{tabular}{r r} + \toprule + $\cov_u$ (\%) & $\cov_w$ (\%) \\ + \midrule + \alert{94.4} & \alert{98.3} \\ + \bottomrule + \end{tabular} + \end{center} \end{frame} diff --git a/slides/include/macros.tex b/slides/include/macros.tex index 2ff1496..c1e1573 100644 --- a/slides/include/macros.tex +++ b/slides/include/macros.tex @@ -78,6 +78,18 @@ \newcommand{\ktau}{\tau_K} \newcommand{\na}{{\color{gray}N/A}} +% Very short arrow -- thanks https://tex.stackexchange.com/a/395049 +\makeatletter +\DeclareRobustCommand{\veryshortarrow}{% + \mathrel{\mathpalette\short@to\relax}% +} + +\newcommand{\short@to}[2]{% + \mkern2mu + \clipbox{{.5\width} 0 0 0}{$\m@th#1\vphantom{+}{\shortrightarrow}$}% + } +\makeatother + % Hyperlinks \newcommand{\pymodule}[1]{\href{https://docs.python.org/3/library/#1.html}{\lstpython{#1}}} diff --git a/slides/include/packages.tex b/slides/include/packages.tex index cc2ed5d..2add70d 100644 --- a/slides/include/packages.tex +++ b/slides/include/packages.tex @@ -19,6 +19,8 @@ \usepackage[bottom]{footmisc} % footnotes are below floats \usepackage[final]{microtype} \usepackage{tikz} % Alas. +\usepackage[outline]{contour} +\usepackage{trimclip} % Local sty files \usepackage{include/my_listings}