This is an update of the Clang-based implementation of Herb Sutter’s Lifetime safety profile for the C++ Core Guidelines, available online at cppx.godbolt.org.
The document describes the implementation of various digital logic circuits like D latch, D flip flop, JK flip flop, multiplexers, decoders, counters etc. using VHDL. It includes the VHDL code, test benches and synthesis reports for each circuit. The aim is to design the circuits in behavioral and structural modeling and verify their functionality.
Les race conditions, nos très chères amiesPierre Laporte
Dans tous les projets se cachent des race conditions. Et on les aime, ces bugs rares qui pimentent notre quotidien !
Durant cette session, on définira formellement ce qu'est une race condition. On verra ensuite deux manières de les détecter. La première sera au niveau d'un groupe de classes via la librairie jcstress. La seconde sera au niveau des applications elles-mêmes, via une méthodologie appellée "The Box" initialement prévue pour régler les problèmes de performance.
Lambda expressions have been introduced in Java 8 to support functional programming and enable behavior parameterization by passing functions as parameters to methods. The majority of software clones (duplicated code) are known to have behavioral differences (i.e., Type-2 and Type-3 clones). However, to the best of our knowledge, there is no previous work to investigate the utility of Lambda expressions for parameterizing such behavioral differences in clones. In this paper, we propose a technique that examines the applicability of Lambda expressions for the refactoring of clones with behavioral differences. Moreover, we empirically investigate the applicability and characteristics of the Lambda expressions introduced to refactor a large dataset of clones. Our findings show that Lambda expressions enable the refactoring of a significant portion of clones that could not be refactored by any other means.
The document contains VHDL code for various logic gates and their simulations. It includes code for inverters, AND gates, OR gates, NAND gates, NOR gates, XOR gates, XNOR gates, half adders and full adders. The code is written using different VHDL modeling styles like data flow, structural and behavioral. Schematics and simulation results are also provided for each logic gate and adder circuit.
This document discusses approaches for analyzing obfuscated code without symbols. It presents several techniques including identifying logging functions, searching for specific strings, using meta information like RTTI, analyzing the context of functions and their relationships, and considering properties of the overall program. A combination of techniques is recommended, prioritizing those most likely to apply, such as searching for strings, analyzing wrapper functions, and studying function call relationships.
The document contains 7 VHDL programs with the following objectives:
1) Implement a 3:8 decoder using behavioral modeling.
2) Implement an 8:1 multiplexer using behavioral modeling.
3) Implement a 1:8 demultiplexer using behavioral modeling.
4) Implement 4-bit addition/subtraction.
5) Implement a 4-bit comparator.
6) Generate a MOD-10 up counter.
7) Generate a 1010 sequence detector.
Each program contains the VHDL code, RTL logic diagram and output waveform to achieve the given objective.
Triton and Symbolic execution on GDB@DEF CON ChinaWei-Bo Chen
Triton and Symbolic execution on GDB is a talk about symbolic execution. It introduces Triton, a symbolic execution framework, and SymGDB, which combines Triton with GDB to enable symbolic execution directly within the GDB debugger. Key points include how Triton works, its components like the symbolic execution engine and AST representations, and how SymGDB utilizes the GDB Python API to synchronize Triton's state with the debugged program and allow symbolic analysis of programs within GDB. Examples demonstrating SymGDB on crackme programs that take symbolic user input are also presented.
The document describes the implementation of various digital logic circuits like D latch, D flip flop, JK flip flop, multiplexers, decoders, counters etc. using VHDL. It includes the VHDL code, test benches and synthesis reports for each circuit. The aim is to design the circuits in behavioral and structural modeling and verify their functionality.
Les race conditions, nos très chères amiesPierre Laporte
Dans tous les projets se cachent des race conditions. Et on les aime, ces bugs rares qui pimentent notre quotidien !
Durant cette session, on définira formellement ce qu'est une race condition. On verra ensuite deux manières de les détecter. La première sera au niveau d'un groupe de classes via la librairie jcstress. La seconde sera au niveau des applications elles-mêmes, via une méthodologie appellée "The Box" initialement prévue pour régler les problèmes de performance.
Lambda expressions have been introduced in Java 8 to support functional programming and enable behavior parameterization by passing functions as parameters to methods. The majority of software clones (duplicated code) are known to have behavioral differences (i.e., Type-2 and Type-3 clones). However, to the best of our knowledge, there is no previous work to investigate the utility of Lambda expressions for parameterizing such behavioral differences in clones. In this paper, we propose a technique that examines the applicability of Lambda expressions for the refactoring of clones with behavioral differences. Moreover, we empirically investigate the applicability and characteristics of the Lambda expressions introduced to refactor a large dataset of clones. Our findings show that Lambda expressions enable the refactoring of a significant portion of clones that could not be refactored by any other means.
The document contains VHDL code for various logic gates and their simulations. It includes code for inverters, AND gates, OR gates, NAND gates, NOR gates, XOR gates, XNOR gates, half adders and full adders. The code is written using different VHDL modeling styles like data flow, structural and behavioral. Schematics and simulation results are also provided for each logic gate and adder circuit.
This document discusses approaches for analyzing obfuscated code without symbols. It presents several techniques including identifying logging functions, searching for specific strings, using meta information like RTTI, analyzing the context of functions and their relationships, and considering properties of the overall program. A combination of techniques is recommended, prioritizing those most likely to apply, such as searching for strings, analyzing wrapper functions, and studying function call relationships.
The document contains 7 VHDL programs with the following objectives:
1) Implement a 3:8 decoder using behavioral modeling.
2) Implement an 8:1 multiplexer using behavioral modeling.
3) Implement a 1:8 demultiplexer using behavioral modeling.
4) Implement 4-bit addition/subtraction.
5) Implement a 4-bit comparator.
6) Generate a MOD-10 up counter.
7) Generate a 1010 sequence detector.
Each program contains the VHDL code, RTL logic diagram and output waveform to achieve the given objective.
Triton and Symbolic execution on GDB@DEF CON ChinaWei-Bo Chen
Triton and Symbolic execution on GDB is a talk about symbolic execution. It introduces Triton, a symbolic execution framework, and SymGDB, which combines Triton with GDB to enable symbolic execution directly within the GDB debugger. Key points include how Triton works, its components like the symbolic execution engine and AST representations, and how SymGDB utilizes the GDB Python API to synchronize Triton's state with the debugged program and allow symbolic analysis of programs within GDB. Examples demonstrating SymGDB on crackme programs that take symbolic user input are also presented.
The document describes 8 experiments involving VHDL code implementations of various digital logic circuits. Experiment 1 implements 4:1 and 8:1 multiplexers. Experiment 2 implements 1:4 and 1:8 demultiplexers. Experiment 3 implements a 3:8 decoder. Experiment 4 implements a 4-bit adder. Experiment 5 implements a 4-bit comparator. Experiment 6 implements a 2-bit ALU. Experiment 7 and 8 both implement a D flip-flop. The document provides the full VHDL code for each circuit implementation.
The document discusses three sanitizers - AddressSanitizer, ThreadSanitizer, and MemorySanitizer - that detect bugs in C/C++ programs. AddressSanitizer detects memory errors like buffer overflows and use-after-frees. ThreadSanitizer finds data races between threads. MemorySanitizer identifies uses of uninitialized memory. The sanitizers work by instrumenting code at compile-time and providing a run-time library for error detection and reporting. They have found thousands of bugs in major software projects with reasonable overhead. Future work includes supporting more platforms and detecting additional classes of bugs.
What has to be paid attention when reviewing code of the library you developAndrey Karpov
Developers of libraries have to be more diligent than «classic» application programmers. Why? You never know where and when the library will be used: Platforms; Compilers; Optimizations; Usage scenarios.
Runtime Code Generation and Data Management for Heterogeneous Computing in JavaJuan Fumero
This document discusses runtime and data management techniques for heterogeneous computing in Java. It presents an approach that uses three levels of abstraction: parallel skeletons API based on functional programming, a high-level optimizing library that rewrites operations to target specific hardware, and OpenCL code generation and runtime with data management for heterogeneous architectures. It describes how the runtime performs type inference, IR generation, optimizations, and kernel generation to compile Java code into OpenCL kernels. It also discusses how custom array types are used to reduce data marshaling overhead between the Java and OpenCL runtimes.
[Defcon Russia #29] Алексей Тюрин - Spring autobindingDefconRussia
В Spring MVC есть классная фича — autobinding. Но если пользоваться ей неправильно, могут появиться «незаметные» уязвимости, иногда с серьёзным импактом. Рассмотрим пару примеров, углубимся в тонкости появления autobinding-багов. Writeup [ENG]: http://agrrrdog.blogspot.ru/2017/03/autobinding-vulns-and-spring-mvc.html
Georgy Nosenko - An introduction to the use SMT solvers for software securityDefconRussia
The document discusses how SMT solvers can be used for software security applications such as bug hunting, exploit generation, protection analysis, and malware analysis by modeling portions of code or algorithms as logical formulas that can then be analyzed using an SMT solver to prove properties or generate inputs. It provides examples of how SMT solvers have been used to find integer overflows, help with program verification, and aid in defeating simple hashing algorithms.
This document discusses sequential circuits and sequential basics in Verilog, including:
- Sequential circuits have outputs that depend on current and previous inputs and store state to represent the history of inputs, usually governed by a clock.
- D-flipflops are basic 1-bit storage elements that store a new value on each clock cycle. Registers are made of multiple D-flipflops to store multi-bit values.
- Pipelines can be built using registers to break a process into stages, allowing a new input to pass through each stage on every clock cycle while keeping the clock period low. An example pipeline computes the average of three input streams by storing intermediate values in registers between calculation stages.
Go Go Gadget! - An Intro to Return Oriented Programming (ROP)Miguel Arroyo
ROP (return-oriented programming) is a technique that allows executing malicious code on systems with non-executable stacks by chaining short instruction sequences ("gadgets") already present in memory. The document provides an overview of ROP, including its origins as a generalization of ret2libc attacks. It describes how ROP chains gadgets by controlling the instruction pointer to execute desired sequences ending in return instructions. Finally, it walks through a simple ROP exploit on x86 as a demonstration.
This document provides an overview of operators, selection statements, and looping statements in Java. It begins with a breakdown of the different types of operators in Java including assignment, relational, arithmetic, conditional, bitwise, and logical operators. It then covers selection statements such as if-else statements and switch statements. Finally, it discusses looping statements including for, while, do-while loops as well as the continue and break statements. It also includes brief sections on arrays and arrays of arrays in Java.
Дмитрий Демчук. Кроссплатформенный краш-репортSergey Platonov
Доклад будет посвящен возможностям библиотеки Google Breakpad по созданию краш-репорта. Посмотрим как это работает изнутри.
На примерах будут рассмотрены способы интеграции библиотеки на разных платформах Windows, Linux, Max OS.
This document discusses a password collection called W3@|cP@$s. It contains dictionaries of passwords gathered from multiple sources on the internet. The document provides statistics on the number and types of passwords collected, such as the frequency of different character sets and length distributions. It also describes the features of the collection, including the ability to filter passwords, count totals, and check sample passwords. The collection contains over 3.5 billion passwords gathered using automated bots to find password dumps from sites like pastebin.com.
Есть много причин заниматься конверсией управляемых языков в нативные: это прежде всего производительность, но также защита от реверс-инжиниринга, поддержка аппаратных технологий или каких-то специфичных платформ. В этом докладе мы посмотрим на пример построения конвертера из C# в C++ и те нюансы, которые встречаются при решении этой задачи
[Defcon Russia #29] Борис Савков - Bare-metal programming на примере Raspber...DefconRussia
Докладчик покажет, как с помощью bare-metal programming подружить Raspberry Pi с GPIO, памятью и Ethernet, и пояснит, кому и зачем это может понадобиться.
This document provides an overview of Java generics through examples. It begins with simple examples demonstrating how generics can be used to define container classes (BoxPrinter) and pair classes (Pair). It discusses benefits like type safety and avoiding duplication. Further examples show generics with methods and limitations like erasure. Wildcard types are presented as a way to address subtyping issues. In general, generics provide flexibility in coding but their syntax can sometimes be complex to read.
Static Code Analysis for Projects, Built on Unreal EngineAndrey Karpov
Why Do You Need Static Analysis? Detect errors early in the program development process. Get recommendations on code formatting. Check your spelling. Calculate various software metrics.
PVS-Studio is a static code analyzer that checks C, C++ and C# code for bugs. It supports projects developed with Windows (Visual Studio) and Linux (Clang, GCC). It integrates with tools like Visual Studio, SonarQube and supports standalone use. PVS-Studio detects many types of bugs like null pointer dereferences, uninitialized variables, dead code, buffer overflows, security issues and more. It has been effective at finding real bugs in major open source projects.
This document summarizes a presentation about Kotlin given to the Kotlin Vienna Meetup. The presentation introduced Gadsu, a medical records application built with Kotlin, discussed using Kotlin in various environments like Travis CI and Codecov, showed code examples using Kotlin features like extension methods and delegates, and covered lessons learned from the project. Some benefits of Kotlin mentioned included improved null safety, extension methods, and more compact syntax compared to Java.
How Triton can help to reverse virtual machine based software protectionsJonathan Salwan
The first part of the talk is going to be an introduction to the Triton framework to expose its components and to explain how they work together. Then, the second part will include demonstrations on how it's possible to reverse virtual machine based protections using taint analysis, symbolic execution, SMT simplifications and LLVM-IR optimizations.
The document discusses hardware description languages (HDLs) and Verilog programming. It states that two widely used HDLs are Verilog and VHDL. Verilog is more popular than VHDL for FPGA programming. The document then provides details on the history, functions, and usage of Verilog. It explains that Verilog can be used to model circuits at different levels of abstraction, from transistor level to behavioral level. Register transfer level modeling combines behavioral and dataflow modeling, which is suitable for FPGA design. Several examples of Verilog code for gate level and dataflow modeling are also presented.
How Data Flow analysis works in a static code analyzerAndrey Karpov
Data flow analysis is a technology for source code analysis, widely used in various development tools: compilers, linters, IDE. We'll talk about it exemplifying with design of a static analyzer. The talk covers classification and various kinds of data flow analysis, neighbouring technologies supporting each other, obstacles arising during development, surprises from C++ language when one tries to analyze the code. In this talk, some errors, detected in real projects using this technology, are shown in detail.
This document provides an overview of memory management concepts in Java and C++, including pointers, the heap, stack, activation records, classes and objects. It discusses how objects are allocated in memory in both languages, with objects in Java being referenced by pointers on the stack and allocated on the heap, while in C++ objects can be allocated on the stack or heap. The document also covers issues like memory leaks in C++ if objects are not deleted from the heap, and garbage collection handling object deletion in Java. Methods and calling conventions are compared between the two languages.
The document describes 8 experiments involving VHDL code implementations of various digital logic circuits. Experiment 1 implements 4:1 and 8:1 multiplexers. Experiment 2 implements 1:4 and 1:8 demultiplexers. Experiment 3 implements a 3:8 decoder. Experiment 4 implements a 4-bit adder. Experiment 5 implements a 4-bit comparator. Experiment 6 implements a 2-bit ALU. Experiment 7 and 8 both implement a D flip-flop. The document provides the full VHDL code for each circuit implementation.
The document discusses three sanitizers - AddressSanitizer, ThreadSanitizer, and MemorySanitizer - that detect bugs in C/C++ programs. AddressSanitizer detects memory errors like buffer overflows and use-after-frees. ThreadSanitizer finds data races between threads. MemorySanitizer identifies uses of uninitialized memory. The sanitizers work by instrumenting code at compile-time and providing a run-time library for error detection and reporting. They have found thousands of bugs in major software projects with reasonable overhead. Future work includes supporting more platforms and detecting additional classes of bugs.
What has to be paid attention when reviewing code of the library you developAndrey Karpov
Developers of libraries have to be more diligent than «classic» application programmers. Why? You never know where and when the library will be used: Platforms; Compilers; Optimizations; Usage scenarios.
Runtime Code Generation and Data Management for Heterogeneous Computing in JavaJuan Fumero
This document discusses runtime and data management techniques for heterogeneous computing in Java. It presents an approach that uses three levels of abstraction: parallel skeletons API based on functional programming, a high-level optimizing library that rewrites operations to target specific hardware, and OpenCL code generation and runtime with data management for heterogeneous architectures. It describes how the runtime performs type inference, IR generation, optimizations, and kernel generation to compile Java code into OpenCL kernels. It also discusses how custom array types are used to reduce data marshaling overhead between the Java and OpenCL runtimes.
[Defcon Russia #29] Алексей Тюрин - Spring autobindingDefconRussia
В Spring MVC есть классная фича — autobinding. Но если пользоваться ей неправильно, могут появиться «незаметные» уязвимости, иногда с серьёзным импактом. Рассмотрим пару примеров, углубимся в тонкости появления autobinding-багов. Writeup [ENG]: http://agrrrdog.blogspot.ru/2017/03/autobinding-vulns-and-spring-mvc.html
Georgy Nosenko - An introduction to the use SMT solvers for software securityDefconRussia
The document discusses how SMT solvers can be used for software security applications such as bug hunting, exploit generation, protection analysis, and malware analysis by modeling portions of code or algorithms as logical formulas that can then be analyzed using an SMT solver to prove properties or generate inputs. It provides examples of how SMT solvers have been used to find integer overflows, help with program verification, and aid in defeating simple hashing algorithms.
This document discusses sequential circuits and sequential basics in Verilog, including:
- Sequential circuits have outputs that depend on current and previous inputs and store state to represent the history of inputs, usually governed by a clock.
- D-flipflops are basic 1-bit storage elements that store a new value on each clock cycle. Registers are made of multiple D-flipflops to store multi-bit values.
- Pipelines can be built using registers to break a process into stages, allowing a new input to pass through each stage on every clock cycle while keeping the clock period low. An example pipeline computes the average of three input streams by storing intermediate values in registers between calculation stages.
Go Go Gadget! - An Intro to Return Oriented Programming (ROP)Miguel Arroyo
ROP (return-oriented programming) is a technique that allows executing malicious code on systems with non-executable stacks by chaining short instruction sequences ("gadgets") already present in memory. The document provides an overview of ROP, including its origins as a generalization of ret2libc attacks. It describes how ROP chains gadgets by controlling the instruction pointer to execute desired sequences ending in return instructions. Finally, it walks through a simple ROP exploit on x86 as a demonstration.
This document provides an overview of operators, selection statements, and looping statements in Java. It begins with a breakdown of the different types of operators in Java including assignment, relational, arithmetic, conditional, bitwise, and logical operators. It then covers selection statements such as if-else statements and switch statements. Finally, it discusses looping statements including for, while, do-while loops as well as the continue and break statements. It also includes brief sections on arrays and arrays of arrays in Java.
Дмитрий Демчук. Кроссплатформенный краш-репортSergey Platonov
Доклад будет посвящен возможностям библиотеки Google Breakpad по созданию краш-репорта. Посмотрим как это работает изнутри.
На примерах будут рассмотрены способы интеграции библиотеки на разных платформах Windows, Linux, Max OS.
This document discusses a password collection called W3@|cP@$s. It contains dictionaries of passwords gathered from multiple sources on the internet. The document provides statistics on the number and types of passwords collected, such as the frequency of different character sets and length distributions. It also describes the features of the collection, including the ability to filter passwords, count totals, and check sample passwords. The collection contains over 3.5 billion passwords gathered using automated bots to find password dumps from sites like pastebin.com.
Есть много причин заниматься конверсией управляемых языков в нативные: это прежде всего производительность, но также защита от реверс-инжиниринга, поддержка аппаратных технологий или каких-то специфичных платформ. В этом докладе мы посмотрим на пример построения конвертера из C# в C++ и те нюансы, которые встречаются при решении этой задачи
[Defcon Russia #29] Борис Савков - Bare-metal programming на примере Raspber...DefconRussia
Докладчик покажет, как с помощью bare-metal programming подружить Raspberry Pi с GPIO, памятью и Ethernet, и пояснит, кому и зачем это может понадобиться.
This document provides an overview of Java generics through examples. It begins with simple examples demonstrating how generics can be used to define container classes (BoxPrinter) and pair classes (Pair). It discusses benefits like type safety and avoiding duplication. Further examples show generics with methods and limitations like erasure. Wildcard types are presented as a way to address subtyping issues. In general, generics provide flexibility in coding but their syntax can sometimes be complex to read.
Static Code Analysis for Projects, Built on Unreal EngineAndrey Karpov
Why Do You Need Static Analysis? Detect errors early in the program development process. Get recommendations on code formatting. Check your spelling. Calculate various software metrics.
PVS-Studio is a static code analyzer that checks C, C++ and C# code for bugs. It supports projects developed with Windows (Visual Studio) and Linux (Clang, GCC). It integrates with tools like Visual Studio, SonarQube and supports standalone use. PVS-Studio detects many types of bugs like null pointer dereferences, uninitialized variables, dead code, buffer overflows, security issues and more. It has been effective at finding real bugs in major open source projects.
This document summarizes a presentation about Kotlin given to the Kotlin Vienna Meetup. The presentation introduced Gadsu, a medical records application built with Kotlin, discussed using Kotlin in various environments like Travis CI and Codecov, showed code examples using Kotlin features like extension methods and delegates, and covered lessons learned from the project. Some benefits of Kotlin mentioned included improved null safety, extension methods, and more compact syntax compared to Java.
How Triton can help to reverse virtual machine based software protectionsJonathan Salwan
The first part of the talk is going to be an introduction to the Triton framework to expose its components and to explain how they work together. Then, the second part will include demonstrations on how it's possible to reverse virtual machine based protections using taint analysis, symbolic execution, SMT simplifications and LLVM-IR optimizations.
The document discusses hardware description languages (HDLs) and Verilog programming. It states that two widely used HDLs are Verilog and VHDL. Verilog is more popular than VHDL for FPGA programming. The document then provides details on the history, functions, and usage of Verilog. It explains that Verilog can be used to model circuits at different levels of abstraction, from transistor level to behavioral level. Register transfer level modeling combines behavioral and dataflow modeling, which is suitable for FPGA design. Several examples of Verilog code for gate level and dataflow modeling are also presented.
How Data Flow analysis works in a static code analyzerAndrey Karpov
Data flow analysis is a technology for source code analysis, widely used in various development tools: compilers, linters, IDE. We'll talk about it exemplifying with design of a static analyzer. The talk covers classification and various kinds of data flow analysis, neighbouring technologies supporting each other, obstacles arising during development, surprises from C++ language when one tries to analyze the code. In this talk, some errors, detected in real projects using this technology, are shown in detail.
This document provides an overview of memory management concepts in Java and C++, including pointers, the heap, stack, activation records, classes and objects. It discusses how objects are allocated in memory in both languages, with objects in Java being referenced by pointers on the stack and allocated on the heap, while in C++ objects can be allocated on the stack or heap. The document also covers issues like memory leaks in C++ if objects are not deleted from the heap, and garbage collection handling object deletion in Java. Methods and calling conventions are compared between the two languages.
This document summarizes an obfuscation technique called function merging. It describes creating a single merge function that acts as a dispatcher for other functions via a switch statement. The merge function loads arguments, replaces returns, and moves function content. Wrappers are created to call the merge function and avoid API breakage.
Here are the values of some pointer expressions using a and p:
p: Points to the first element of a, which is 10
*p: 10 (the value at the address p points to)
p+1: Points to the second element of a, which is 20
*(p+1): 20
&(p+1): Points to the address of p+1
p-1: Not valid, as p is pointing to the first element already
Basic c++ 11/14 for python programmersJen Yee Hong
A short list of some common python programming patterns and their C++ equivalents. This can help programmers learn C++ in a more efficient way if he or she already knows Python.
Part of this material is used for internal training of Appier Inc, one of the leading artificial intelligence company in Asia.
Thank Appier Inc. for allowing me to share this.
Value Objects, Full Throttle (to be updated for spring TC39 meetings)Brendan Eich
Slides I prepared for the 29 January 2014 Ecma TC39 meeting, on Value Objects in JS, an ES7 proposal -- this one shotgunned the roadmap-space of declarative syntax, to find the right amount per TC39 (nearly zero, turns out).
O'Reilly Velocity New York 2016 presentation on modern Linux tracing tools and technology. Highlights the available tracing data sources on Linux (ftrace, perf_events, BPF) and demonstrates some tools that can be used to obtain traces, including DebugFS, the perf front-end, and most importantly, the BCC/BPF tool collection.
(1) The document summarizes C++ advanced features such as overloaded operators, templates, exception handling, and namespaces. It also provides an overview of the Standard Template Library (STL) including containers, iterators, and algorithms.
(2) Overloaded operators allow basic operations for user-defined types. Templates are used for generic programming of classes and functions. Exception handling provides error handling using throw/catch blocks. Namespaces prevent naming conflicts. The STL contains containers, iterators to access elements, and algorithms that perform operations on containers.
(3) Popular C++ compilers, local user groups, and further reading materials are also listed. Upcoming events include meetings of the ACGNJ Java and C++
PVS-Studio team experience: checking various open source projects, or mistake...Andrey Karpov
To let the world know about our product, we check open-source projects. By the moment we have checked 245 projects. A side effect: we found 9574 errors and notified the authors about them.
This document discusses principles of sequence control in programming languages. It covers expressions, assignment statements, selection statements like if/else and switch/case, and iterative statements like for, while, and loops controlled by data structures. It provides examples of how these concepts are implemented in different languages like C, Pascal, and C#. Unconditional branching with goto is also discussed, noting that while powerful it can hurt readability so most modern languages avoid or restrict it.
This document provides an overview of Node.js application performance analysis and optimization as well as distributed system design. It discusses analyzing and optimizing CPU, memory, file I/O and network I/O usage. It also covers profiling Node.js applications using tools like Linux profiling tools, Node.js libraries, and V8 profiling tools. Lastly it discusses designing distributed systems using single machine and cluster approaches.
Our new blog post featuring some common python programming patterns and their C++ equivalents is now up!
Leave us a comment below and let us know what you'd like to see covered in our future posts!
█ Read More
Technical Insights: Introduction to GraphQL|goo.gl/d7PyXH
Libra : A Compatible Method for Defending Against Arbitrary Memory OverwriteJeremy Haung
http://adl.tw/~jeremy/slides/presentation2.pptx
Attached detailed Analysis of CVE-2013-2094 (&on x86-32).
Exploit the CVE-2013-2094 with animation
There have been more vulnerabilities in the Linux Kernel in 2013 than there had been in the previous decade. In this paper, the research was focused on defending against arbitrary memory overwrites in Privilege Escalation.
To avoid malicious users getting root authority. The easiest way is to set the sensitive data structure to read-only. But we are not sure the sensitive data structure will never be modified by legal behavior from a normal device driver; thus, we posed a compatible solution between read-only solutions and writable solutions to enhance compatibility.
The main idea that we posed not only solves the above problem, but also the general problem which is ensuring that important memory values can only be changed within a safe range.
It is not just set to read-only.
Key Word : Linux Kernel Vulnerabilities、exploit、Privilege Escalation
Dynamic Binary Analysis and Obfuscated Codes Jonathan Salwan
At this presentation we will talk about how a DBA (Dynamic Binary Analysis) may help a reverse engineer to reverse obfuscated code. We will first introduce some basic obfuscation techniques and then expose how it's possible to break some stuffs (using our open-source DBA framework - Triton) like detect opaque predicates, reconstruct CFG, find the original algorithm, isolate sensible data and many more... Then, we will conclude with a demo and few words about our future work.
This document discusses embedded system development. It begins with definitions of embedded systems and some of their common characteristics like limited resources and real-time constraints. It then discusses specific issues like memory alignment, flash and RAM sizes, and performance optimizations. Examples are given of embedded projects like digital video recorders and how to address issues like file sorting, memory usage and stack overflows. The conclusion emphasizes that embedded systems involve knowledge from many technical fields and stresses the importance of experience, observation, and a positive problem-solving attitude.
Story of static code analyzer developmentAndrey Karpov
The document discusses the history and development of static code analyzers. It describes how early tools used regular expressions that were ineffective for complex code analysis. Modern static analyzers overcome these limitations through techniques like type inference, data flow analysis, symbolic execution, and pattern-based analysis. They also leverage method annotations and a mixture of analysis approaches. While machine learning is hyped, static analysis remains very challenging due to the complexity of code and rapid language evolution.
Building source code level profiler for C++.pdfssuser28de9e
1. The document describes building a source code level profiler for C++ applications. It outlines 4 milestones: logging execution time, reducing macros, tracking function hit counts, and call path profiling using a radix tree.
2. Key aspects discussed include using timers to log function durations, storing profiling data in a timed entry class, and maintaining a call tree using a radix tree with nodes representing functions and profiling data.
3. The goal is to develop a customizable profiler to identify performance bottlenecks by profiling execution times and call paths at the source code level.
Here is a bpftrace program to measure scheduler latency for ICMP echo requests:
#!/usr/local/bin/bpftrace
kprobe:icmp_send {
@start[tid] = nsecs;
}
kprobe:__netif_receive_skb_core {
@diff[tid] = hist(nsecs - @start[tid]);
delete(@start[tid]);
}
END {
print(@diff);
clear(@diff);
}
This traces the time between the icmp_send kernel function (when the packet is queued for transmit) and the __netif_receive_skb_core function (when the response packet is received). The
Similar to Update on C++ Core Guidelines Lifetime Analysis. Gábor Horváth. CoreHard Spring 2019 (20)
C++ CoreHard Autumn 2018. Создание пакетов для открытых библиотек через conan...corehard_by
Использование сторонних библиотек в языке C++ никогда не было простым - необходимо было правильно собрать их, имея дело с различными системами сборки, но с появлением пакетного менеджера conan.io процесс стал намного проще, так что теперь осталось только сделать пакеты для нужным библиотек, и в этом поможет команда bincrafter-ов.
C++ CoreHard Autumn 2018. Actors vs CSP vs Tasks vs ... - Евгений Охотниковcorehard_by
На предыдущих конференциях C++ CoreHard автор доклада рассказывал про Модель Акторов и опыт ее использования в C++. Но Модель Акторов -- это далеко не единственный способ борьбы со сложностью при работе с многопоточностью. Давайте попробуем поговорить о том, что еще можно применить и как это может выглядеть в C++.
C++ CoreHard Autumn 2018. Знай свое "железо": иерархия памяти - Александр Титовcorehard_by
Если вам важна скорость работы ваших программ, то вы обязаны понимать, как работает ваше "железо". Современный процессор -- это сложное устройство, многие механизмы которого могут неочевидным образом влиять на скорость исполнения вашего кода. В докладе дается обзорное представление основных структур современного процессора и подробно рассматривается работа иерархии памяти. Будут освещены следующие темы: организация кэш-памяти, принцип локальности, предподкачка данных, нежелательное общее владение данными, а также программные техники для эффективной работы с памятью.
C++ CoreHard Autumn 2018. Информационная безопасность и разработка ПО - Евген...corehard_by
Информационная безопасность все больше из отдельной сферы плавно перетекает в разработку ПО. А значит «обычным» программистам приходится понимать те требования и терминологию, которые специалисты по безопасности уже давно знают и используют. CWE, CERT, MISRA, SAST– для «обычных» программистов это непонятные аббревиатуры. Поэтому в обзорном докладе мы попробуем рассказать простым языком об этих понятиях так, чтобы все разработчики начали уверенно ориентироваться в этой теме.
C++ CoreHard Autumn 2018. Заглядываем под капот «Поясов по C++» - Илья Шишковcorehard_by
Вот уже более двух лет мы создаём онлайн-специализацию по С++ на платформе Coursera. Её цель — обучить языку C++ с нуля до уровня, достаточного для решения практических задач, с которыми приходилось сталкиваться авторам в своей практике. В своём докладе я расскажу, как мы создаём наши онлайн-курсы, и уделю особое внимание техническим проблемам, которые нам пришлось решить в процессе создания автоматической системы проверки программ студентов.
C++ CoreHard Autumn 2018. Ускорение сборки C++ проектов, способы и последстви...corehard_by
В докладе обсуждаются способы улучшения времени сборки C++ проектов, опыт полученный в ходе ускорения сборки клиента и тулов World Of Tanks. Также описывается эффект, который они оказывают на организацию кодобазы (как позитивный, так и негативный) и затраты, которые необходимы для поддержки этих решений, т.к. не все они бесплатны. Методики, описываемые в докладе: ускорение линковки (Incremental Linking, Fastlink), ускорение компиляции(Include what you use, использование precompiled headers).
C++ CoreHard Autumn 2018. Метаклассы: воплощаем мечты в реальность - Сергей С...corehard_by
Доклад посвящён вопросам реализации пропозала Герба Саттера PR0707 (метаклассы в С++) за пределами компилятор - в виде отдельной утилиты. Будет продемонстрированы варианты использования метаклассов в реальной жизни, затронуты вопросы их реализации на базе Clang Frontend, а также возможные перспективы развития технологии и методики.
C++ CoreHard Autumn 2018. Что не умеет оптимизировать компилятор - Александр ...corehard_by
Все мы знаем, что компиляторы в настоящее время достаточно умные. И нам как программистам зачастую не нужно думать о каких-то незначительных оптимизациях - мы полагаемся на оптимизации компилятора. Что ж, настало время выяснить, действительно ли настолько компиляторы умны и узнать, в каких местах программист всё же (может быть) умнее.
C++ CoreHard Autumn 2018. Кодогенерация C++ кроссплатформенно. Продолжение - ...corehard_by
В докладе будет рассмотрена генерация кода при компиляции различных языковых конструкций, как простых, так и сложных, на различных платформах, как общераспространённых x86/x64, так и тех, которым уделяется меньше внимания: ARM, AVR. Также будут встречаться примеры для совсем экзотических процессоров вроде PowerPC и даже MicroBlaze. Основной упор будет делаться не на обработку данных, а именно на сопоставление различных конструкций кода с инструкциями целевых платформ.
C++ CoreHard Autumn 2018. Concurrency and Parallelism in C++17 and C++20/23 -...corehard_by
What do threads, atomic variables, mutexes, and conditional variables have in common? They are the basic building blocks of any concurrent application in C++, which are even for the experienced C++ programmers a big challenge. This massively changed with C++17 and change even more with C++20/23. What did we get with C++17, what can we hope for with C++20/23? With C++17, most of the standard template library algorithms are available in sequential, parallel, and vectorised variants. With the upcoming standards, we can look forward to executors, transactional memory, significantly improved futures and coroutines. To make it short. These are just the highlights from the concurrent and parallel perspective. Thus there is the hope that in the future C++ abstractions such as executors, transactional memory, futures and coroutines are used and that threads, atomic variables, mutexes and condition variables are just implementation details.
C++ CoreHard Autumn 2018. Обработка списков на C++ в функциональном стиле - В...corehard_by
Язык C++, претерпев долгую эволюцию, обрёл ряд черт, характерных для функциональной парадигмы: функции стали полноправными объектами, над которыми могут выполняться операции, а аппарат шаблонов позволяет проводить вычисления на типах на этапе компиляции. Математический фундамент этих двух главных аспектов составляют, соответственно, ламбда-исчисление и теория категорий. Расширение языка этими средствами способствовало реализации на языке C++ ряда инструментов, известных из функционального программирования. Некоторые из этих реализаций вошли в стандартную библиотеку (std::function, std::bind), другие - в сторонние библиотеки, в том числе в коллекцию библиотек Boost (functional, hana). Важную роль в арсенале функционального программирования играют операции свёртки и развёртки, которые очевиднее всего определяются для списков, но также естественным образом обобщаются на другие индуктивные и коиндуктивные структуры данных. Например, суммирование списка чисел можно представить себе как свёртку списка по операции сложения, а построение списка простых множителей заданного целого числа - как развёртку. Обобщения свёртки и развёртки известны как анаморфизмы и катаморфизмы. Также в функциональном программировании находит применение понятие гиломорфизма - композиция развёртки некоторого объекта в коллекцию с последующей свёрткой её в новый объект. В докладе продемонстрировано, что свёртки, развёртки и их композиции допускают довольно простую реализацию на языке C++.
C++ Corehard Autumn 2018. Обучаем на Python, применяем на C++ - Павел Филоновcorehard_by
Доклад посвящен часто используемому шаблону в моих проектах по анализу данных, когда обучение и настройка моделей происходят с использованием python, а вот их запуск в промышленное использование на языке C++. Предлагается рассмотреть несколько учебных примеров реализации такого подхода, от простой линейной регрессии до обработки изображений с помощью нейронных сетей.
C++ CoreHard Autumn 2018. Asynchronous programming with ranges - Ivan Čukićcorehard_by
This talk will be about the design and implementation of a reactive programming model inspired by ranges that allows easy implementation of asynchronous and distributed software systems by writing code that looks like a sequence of ordinary range transformations like filter, transform, etc. This programming model will be demonstrated along with the implementation of a simple asynchronous web service where the whole system logic is defined as a chain of range transformations.
C++ CoreHard Autumn 2018. Debug C++ Without Running - Anastasia Kazakovacorehard_by
The document discusses how an IDE can help debug tricky C++ code without running it by leveraging tools to understand macros, types, templates, and overloads. It describes how an IDE could show the step-by-step substitution of macros, substitute typedefs one step at a time, debug template instantiations and constant expressions, explain overload resolution, and profile includes to optimize header usage. The presenter argues that tools are needed to make powerful C++ abstractions more accessible.
C++ CoreHard Autumn 2018. Полезный constexpr - Антон Полухинcorehard_by
В C++11 добавили новое ключевое слово - constexpr. Выглядит оно весьма невзрачно, да и на первый взгляд кажется, что смысла в нём маловато... Для чего же оно нужно, какие у него есть тайные супер способности и какую роль оно сыграет в дальнейшем развитии языка C++ - обо всём об этом мы и поговорим.
C++ CoreHard Autumn 2018. Text Formatting For a Future Range-Based Standard L...corehard_by
This document discusses range-based text formatting and proposes replacing existing approaches with a range-based solution. It suggests representing text as ranges and using range algorithms and functions for concatenation and formatting. This would allow treating different string types uniformly and flexibly while avoiding issues with current formatting methods like iostream manipulation and format strings. The document provides examples of formatting numbers and dates as ranges and constructing containers like std::string from multiple ranges.
Исключительная модель памяти. Алексей Ткаченко ➠ CoreHard Autumn 2019corehard_by
Память в компьютере - это не только гигабайты оперативной памяти в слоте, но и занятная абстракция. В докладе мы рассмотрим, как можно эту абстракцию использовать необычным образом для моделирования других абстракций - регистровых файлов периферийных устройств. Доклад будет полезен не только embedded-разработчикам, но и, возможно, заставит переосмыслить свой взгляд на память.
Как помочь и как помешать компилятору. Андрей Олейников ➠ CoreHard Autumn 2019corehard_by
Как правило, можно положиться на то, что компилятор оптимизирует результирующий бинарный файл так, чтобы она работала максимально быстро. Но компилятор не знает на каких данных и на каком железе программа будет запущена. Плюс хотелось бы, чтобы компиляция занимала приемлемое время. Из-за этого результат может оказаться субоптимальным. Предлагаю на примерах для LLVM посмотреть как можно подсказать компилятору как оптимизировать программу и сделать результат лучше или хуже.
Мы напишем простейший веб-сервис из клиента и сервера на C++. На этом C++ часть закончится, и пойдет настройка окружения и инфраструктуры. Мы обеспечим детерминируемость сборки и прогона тестов. Облегчим последующее обновление зависимых библиотек. Автоматизируем статические проверки, верификацию кода, прогон тестов. Обеспечим доступность сервиса, настроим инфраструктуру, сбалансируем нагрузку, добавим автоматическое и ручное масштабирование. И под конец мы настроим continious delivery таким образом, что код будет на продакшене через 5 минут после реквеста, при этом даже невалидные изменения и ошибки программиста не смогут повлиять на его работу.
Skybuffer SAM4U tool for SAP license adoptionTatiana Kojar
Manage and optimize your license adoption and consumption with SAM4U, an SAP free customer software asset management tool.
SAM4U, an SAP complimentary software asset management tool for customers, delivers a detailed and well-structured overview of license inventory and usage with a user-friendly interface. We offer a hosted, cost-effective, and performance-optimized SAM4U setup in the Skybuffer Cloud environment. You retain ownership of the system and data, while we manage the ABAP 7.58 infrastructure, ensuring fixed Total Cost of Ownership (TCO) and exceptional services through the SAP Fiori interface.
High performance Serverless Java on AWS- GoTo Amsterdam 2024Vadym Kazulkin
Java is for many years one of the most popular programming languages, but it used to have hard times in the Serverless community. Java is known for its high cold start times and high memory footprint, comparing to other programming languages like Node.js and Python. In this talk I'll look at the general best practices and techniques we can use to decrease memory consumption, cold start times for Java Serverless development on AWS including GraalVM (Native Image) and AWS own offering SnapStart based on Firecracker microVM snapshot and restore and CRaC (Coordinated Restore at Checkpoint) runtime hooks. I'll also provide a lot of benchmarking on Lambda functions trying out various deployment package sizes, Lambda memory settings, Java compilation options and HTTP (a)synchronous clients and measure their impact on cold and warm start times.
"$10 thousand per minute of downtime: architecture, queues, streaming and fin...Fwdays
Direct losses from downtime in 1 minute = $5-$10 thousand dollars. Reputation is priceless.
As part of the talk, we will consider the architectural strategies necessary for the development of highly loaded fintech solutions. We will focus on using queues and streaming to efficiently work and manage large amounts of data in real-time and to minimize latency.
We will focus special attention on the architectural patterns used in the design of the fintech system, microservices and event-driven architecture, which ensure scalability, fault tolerance, and consistency of the entire system.
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfChart Kalyan
A Mix Chart displays historical data of numbers in a graphical or tabular form. The Kalyan Rajdhani Mix Chart specifically shows the results of a sequence of numbers over different periods.
"Scaling RAG Applications to serve millions of users", Kevin GoedeckeFwdays
How we managed to grow and scale a RAG application from zero to thousands of users in 7 months. Lessons from technical challenges around managing high load for LLMs, RAGs and Vector databases.
Main news related to the CCS TSI 2023 (2023/1695)Jakub Marek
An English 🇬🇧 translation of a presentation to the speech I gave about the main changes brought by CCS TSI 2023 at the biggest Czech conference on Communications and signalling systems on Railways, which was held in Clarion Hotel Olomouc from 7th to 9th November 2023 (konferenceszt.cz). Attended by around 500 participants and 200 on-line followers.
The original Czech 🇨🇿 version of the presentation can be found here: https://www.slideshare.net/slideshow/hlavni-novinky-souvisejici-s-ccs-tsi-2023-2023-1695/269688092 .
The videorecording (in Czech) from the presentation is available here: https://youtu.be/WzjJWm4IyPk?si=SImb06tuXGb30BEH .
Introduction of Cybersecurity with OSS at Code Europe 2024Hiroshi SHIBATA
I develop the Ruby programming language, RubyGems, and Bundler, which are package managers for Ruby. Today, I will introduce how to enhance the security of your application using open-source software (OSS) examples from Ruby and RubyGems.
The first topic is CVE (Common Vulnerabilities and Exposures). I have published CVEs many times. But what exactly is a CVE? I'll provide a basic understanding of CVEs and explain how to detect and handle vulnerabilities in OSS.
Next, let's discuss package managers. Package managers play a critical role in the OSS ecosystem. I'll explain how to manage library dependencies in your application.
I'll share insights into how the Ruby and RubyGems core team works to keep our ecosystem safe. By the end of this talk, you'll have a better understanding of how to safeguard your code.
Essentials of Automations: Exploring Attributes & Automation ParametersSafe Software
Building automations in FME Flow can save time, money, and help businesses scale by eliminating data silos and providing data to stakeholders in real-time. One essential component to orchestrating complex automations is the use of attributes & automation parameters (both formerly known as “keys”). In fact, it’s unlikely you’ll ever build an Automation without using these components, but what exactly are they?
Attributes & automation parameters enable the automation author to pass data values from one automation component to the next. During this webinar, our FME Flow Specialists will cover leveraging the three types of these output attributes & parameters in FME Flow: Event, Custom, and Automation. As a bonus, they’ll also be making use of the Split-Merge Block functionality.
You’ll leave this webinar with a better understanding of how to maximize the potential of automations by making use of attributes & automation parameters, with the ultimate goal of setting your enterprise integration workflows up on autopilot.
Northern Engraving | Modern Metal Trim, Nameplates and Appliance PanelsNorthern Engraving
What began over 115 years ago as a supplier of precision gauges to the automotive industry has evolved into being an industry leader in the manufacture of product branding, automotive cockpit trim and decorative appliance trim. Value-added services include in-house Design, Engineering, Program Management, Test Lab and Tool Shops.
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...DanBrown980551
This LF Energy webinar took place June 20, 2024. It featured:
-Alex Thornton, LF Energy
-Hallie Cramer, Google
-Daniel Roesler, UtilityAPI
-Henry Richardson, WattTime
In response to the urgency and scale required to effectively address climate change, open source solutions offer significant potential for driving innovation and progress. Currently, there is a growing demand for standardization and interoperability in energy data and modeling. Open source standards and specifications within the energy sector can also alleviate challenges associated with data fragmentation, transparency, and accessibility. At the same time, it is crucial to consider privacy and security concerns throughout the development of open source platforms.
This webinar will delve into the motivations behind establishing LF Energy’s Carbon Data Specification Consortium. It will provide an overview of the draft specifications and the ongoing progress made by the respective working groups.
Three primary specifications will be discussed:
-Discovery and client registration, emphasizing transparent processes and secure and private access
-Customer data, centering around customer tariffs, bills, energy usage, and full consumption disclosure
-Power systems data, focusing on grid data, inclusive of transmission and distribution networks, generation, intergrid power flows, and market settlement data
This talk will cover ScyllaDB Architecture from the cluster-level view and zoom in on data distribution and internal node architecture. In the process, we will learn the secret sauce used to get ScyllaDB's high availability and superior performance. We will also touch on the upcoming changes to ScyllaDB architecture, moving to strongly consistent metadata and tablets.
Northern Engraving | Nameplate Manufacturing Process - 2024Northern Engraving
Manufacturing custom quality metal nameplates and badges involves several standard operations. Processes include sheet prep, lithography, screening, coating, punch press and inspection. All decoration is completed in the flat sheet with adhesive and tooling operations following. The possibilities for creating unique durable nameplates are endless. How will you create your brand identity? We can help!
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-EfficiencyScyllaDB
Freshworks creates AI-boosted business software that helps employees work more efficiently and effectively. Managing data across multiple RDBMS and NoSQL databases was already a challenge at their current scale. To prepare for 10X growth, they knew it was time to rethink their database strategy. Learn how they architected a solution that would simplify scaling while keeping costs under control.
JavaLand 2024: Application Development Green Masterplan
Update on C++ Core Guidelines Lifetime Analysis. Gábor Horváth. CoreHard Spring 2019
1. Update on the C++ Core
Guidelines’ Lifetime Safety
analysis in Clang
Gábor Horváth
xazax.hun@gmail.com
1
2. Agenda
• Motivation
• Whirlwind tour of lifetime analysis
• See the following talks for details:
• https://youtu.be/80BZxujhY38?t=1096
• https://youtu.be/sjnp3P9x5jA
• Highlight some implementation details
• Evaluation
• Upstreaming
• Conclusions
2
3. Motivation
• Microsoft: 70 percent of security patches are fixing memory errors
• https://youtu.be/PjbGojjnBZQ
• C++ has many sources of errors:
• Manual memory management, temporary objects, Pointer-like objects, …
• Dynamic tools
• Few false positives, not every arch is supported, coverage is important
• Static tools
• Arch independent, the earlier a bug is found the cheaper the fix
• Works without good test coverage
3
4. Motivation #2
int *p;
{
int x;
p = &x;
}
*p = 5;
string_view sv;
{
string s{“CoreHard"};
sv = s;
}
sv[0] = ‘c’;
Many static tools warn for the left snippet but not for the right,
even though they are fundamentally similar.
4
6. A Tour of Herb’s Lifetime Analysis
• Intends to catch common errors (not a verification tool)
• Classify types into categories
• Owners: never dangle, implementation assumed to be correct
• Pointers: might dangle, tracking points-to sets
• Aggregates: handled member-wise
• Values: everything else
• Analysis is function local
• Two implementations
• We implemented it in a Clang fork
• Kyle Reed and Neil MacIntosh implemented the MSVC version
6
7. A Tour of Herb’s Lifetime Analysis #2
• Flow-sensitive analysis
• We only need annotations for misclassifications (rare)
• Maps each Pointer at each program point to a points-to set
• Elements of a points-to set:
• Null
• Invalid
• Static (lives longer than the pointer or we cannot reason about it)
• Local variable/parameter
• Aggregate member
• Owned memory of an Owner
7
8. A Tour of Herb’s Lifetime Analysis #3
• https://cppx.godbolt.org/z/IdGRsT
8
9. A Tour of Herb’s Lifetime Analysis #4
9
vector v1{…};
vector v2{…};
auto it = v1.begin();
if (cond)
it = v2.begin();
if (cond2)
v2.push_back(…);
*it = …; // warning
11. Analysis Within
a Basic Block
• Basic blocks contain subexprs in an eval order, no AST traversal required
• End of full expression is not marked (apart from DeclStmt)
• When to invalidate Pointers to temporaries?
• Modified the CFG to include ExprWithCleanup AST nodes
• Clang Static Analyzer is another user
11
int x;
int *p = &x;
int *q = p;
2: x
3: &[B1.2]
4: int *p = &x;
5: p
6: [B1.5] (LValToRVal)
7: int *q = p;
2: {x}
3: {x}
4: pset(p)={x}
5: {p}
6: {x}
7: pset(q)={x}
12. Analysis Within
a Basic Block
• Basic blocks contain subexprs in an eval order, no AST traversal required
• End of full expression is not marked (apart from DeclStmt)
• When to invalidate Pointers to temporaries?
• Modified the CFG to include ExprWithCleanup AST nodes
• Clang Static Analyzer is another user
12
int x;
int *p = &x;
int *q = p;
2: x
3: &[B1.2]
4: int *p = &x;
5: p
6: [B1.5] (LValToRVal)
7: int *q = p;
2: {x}
3: {x}
4: pset(p)={x}
5: {p}
6: {x}
7: pset(q)={x}
13. Analysis Within
a Basic Block
• Basic blocks contain subexprs in an eval order, no AST traversal required
• End of full expression is not marked (apart from DeclStmt)
• When to invalidate Pointers to temporaries?
• Modified the CFG to include ExprWithCleanup AST nodes
• Clang Static Analyzer is another user
13
int x;
int *p = &x;
int *q = p;
2: x
3: &[B1.2]
4: int *p = &x;
5: p
6: [B1.5] (LValToRVal)
7: int *q = p;
2: {x}
3: {x}
4: pset(p)={x}
5: {p}
6: {x}
7: pset(q)={x}
14. Analysis Within
a Basic Block
• Basic blocks contain subexprs in an eval order, no AST traversal required
• End of full expression is not marked (apart from DeclStmt)
• When to invalidate Pointers to temporaries?
• Modified the CFG to include ExprWithCleanup AST nodes
• Clang Static Analyzer is another user
14
int x;
int *p = &x;
int *q = p;
2: x
3: &[B1.2]
4: int *p = &x;
5: p
6: [B1.5] (LValToRVal)
7: int *q = p;
2: {x}
3: {x}
4: pset(p)={x}
5: {p}
6: {x}
7: pset(q)={x}
15. Analysis Within
a Basic Block
• Basic blocks contain subexprs in an eval order, no AST traversal required
• End of full expression is not marked (apart from DeclStmt)
• When to invalidate Pointers to temporaries?
• Modified the CFG to include ExprWithCleanup AST nodes
• Clang Static Analyzer is another user
15
int x;
int *p = &x;
int *q = p;
2: x
3: &[B1.2]
4: int *p = &x;
5: p
6: [B1.5] (LValToRVal)
7: int *q = p;
2: {x}
3: {x}
4: pset(p)={x}
5: {p}
6: {x}
7: pset(q)={x}
16. Analysis Within
a Basic Block
• Basic blocks contain subexprs in an eval order, no AST traversal required
• End of full expression is not marked (apart from DeclStmt)
• When to invalidate Pointers to temporaries?
• Modified the CFG to include ExprWithCleanup AST nodes
• Clang Static Analyzer is another user
16
int x;
int *p = &x;
int *q = p;
2: x
3: &[B1.2]
4: int *p = &x;
5: p
6: [B1.5] (LValToRVal)
7: int *q = p;
2: {x}
3: {x}
4: pset(p)={x}
5: {p}
6: {x}
7: pset(q)={x}
17. Analysis Within
a Basic Block
• Basic blocks contain subexprs in an eval order, no AST traversal required
• End of full expression is not marked (apart from DeclStmt)
• When to invalidate Pointers to temporaries?
• Modified the CFG to include ExprWithCleanup AST nodes
• Clang Static Analyzer is another user
17
int x;
int *p = &x;
int *q = p;
2: x
3: &[B1.2]
4: int *p = &x;
5: p
6: [B1.5] (LValToRVal)
7: int *q = p;
2: {x}
3: {x}
4: pset(p)={x}
5: {p}
6: {x}
7: pset(q)={x}
18. Analysis Within
a Basic Block
• Basic blocks contain subexprs in an eval order, no AST traversal required
• End of full expression is not marked (apart from DeclStmt)
• When to invalidate Pointers to temporaries?
• Modified the CFG to include ExprWithCleanup AST nodes
• Clang Static Analyzer is another user
18
int x;
int *p = &x;
int *q = p;
2: x
3: &[B1.2]
4: int *p = &x;
5: p
6: [B1.5] (LValToRVal)
7: int *q = p;
2: {x}
3: {x}
4: pset(p)={x}
5: {p}
6: {x}
7: pset(q)={x}
19. Analysis Within
a Basic Block
• Basic blocks contain subexprs in an eval order, no AST traversal required
• End of full expression is not marked (apart from DeclStmt)
• When to invalidate Pointers to temporaries?
• Modified the CFG to include ExprWithCleanup AST nodes
• Clang Static Analyzer is another user
19
int x;
int *p = &x;
int *q = p;
2: x
3: &[B1.2]
4: int *p = &x;
5: p
6: [B1.5] (LValToRVal)
7: int *q = p;
2: {x}
3: {x}
4: pset(p)={x}
5: {p}
6: {x}
7: pset(q)={x}
20. Analysis on the CFG Level – Merging Points-to Sets
int* p;
// pset(p) = {(invalid)}
if (cond) {
p = &i;
// pset(p) = {i}
} else {
p = nullptr;
// pset(p) = {(null)}
}
// pset(p) = {i, (null)}
• Calculate points-to sets
within each basic block
• Merge incoming points-to
sets on basic block entry
• Fixed-point iteration
• Loops
20
21. Analysis on the CFG Level – Dealing with Forks
void f(int* a) {
// pset(a) = {(null), *a)
if (a) {
// pset(a) = {*a}
} else {
// pset(a) = {(null)}
}
// pset(a) = {(null), *a)
}
{0, *a}
0*a
a = 0a != 0
a != 0 a = 0
{0, *a}
21
22. Tracking Null Pointers – Logical operators
if (a && b) {
*a;
}
*a;
if (a) {
if (b) {
*a; // OK
}
}
*a; // warning
a
b
*a
*a
b = 0a = 0
a != 0
a != 0
b != 0
a != 0
b != 0
22
23. Tracking Null Pointers – The Role of noreturn
(a && b)? … : noreturn();
*a;
a
b
…
*a
b = 0
a = 0
a != 0
a != 0
b != 0
a != 0
b != 0
noreturn
23
24. Tracking Null Pointers – Merging Too Early
bool c = a && b;
c ? … : noreturn();
*a; // false positive
a
b
b = 0
a = 0
a != 0
a != 0
b != 0
c
… noreturn
*a
c = 0c != 0
24
25. Tracking Null Pointers – Challenges with Assertions
void f(int* a, int *b) {
assert(a && b);
*b;
}
a
b
b = 0
a = 0
a != 0
a != 0
b != 0
void f(int* a, int *b) {
(bool)(a && b)? … : noreturn();
*b; // false positive
}
cast
*b noreturn
25
26. Summary of Flow-Sensitive Lifetime Analysis
• The performance overhead of the prototype is less than 10% of
-fsyntax-only
• 3 sources of false positives:
• Infeasible paths
• Miscategorizations
• Function modelling
26
30. Goal: Enable a Subset of Lifetime Warnings with
No False Positives
Clang warnings exist for:
30
Let’s generalize them!
int *data() {
int i = 3;
return &i;
}
new initializer_list<int>{1, 2, 3};
struct Y {
int *p;
Y(int i) : p(&i) {}
};
31. Evaluation of the Statement Local Analysis
• No false positives or true positives for LLVM and Clang head
• Few FPs if we categorize every user defined type
• FPs could be fixed with annotating llvm::ValueHandleBase
• Sample of 22 lifetime related fixes
• Faulty commits passed the reviews
• 11 would have been caught before breaking the bots
• 1 false negative due to Path not being automatically categorized as owner
• 3 are missed due to assignments not being checked
• Less than 1% performance overhead
31
32. What is the Issue Here?
• Contextual information is required to catch the problem
32
StringRef Prefix = is_abs(dir)
? SysRoot : "";
• Faulty:
• Fixed: StringRef Prefix = is_abs(dir)
? StringRef(SysRoot) : "";
33. Other True Positive Findings
• cplusplus.InnerPointer check of the Clang Static Analyzer
found 3 true positives in Ceph, Facebook’s RocksDB, GPGME
• GSoC 2018 project by Réka Kovács
• Problems were reported and fixed promptly
• The true positives were all statement local problems
• The same true positives can also be found with our statement-local
analysis
• How many true positives would we expect from the original
warnings?
33
34. Plans for upstreaming
• Annotations
• Other analyses can start to adopt to type
• Generalize warnings
• On by default for STL and explicitly annotated types
• Type category inference is controversial
• Plans for a tool that inserts inferred annotations
• Add flow sensitive analysis
• First handle function calls conservatively
• Add further annotations
• Infer annotations for functions
• Implement use-after-move checks, add exception support
34
35. Conclusions
• Herb’s analysis is useful for new projects, not always applicable to old
• Type categories are useful for other analyses
• Generalizing Clang warnings
• Generalizing CSA checks
• Generalizing Tidy checks
• Generalized warnings has low performance impact, all sources of
false positives can be addressed
• Infeasible paths → statement local analysis
• Miscategorization → only trigger for STL and annotated types
• Function modelling → only rely on known functions
35