Carnegie Mellon Introduction to Computer Systems 15 213 18 243 spring 2009 21st Lecture Apr 2nd Instructors Gregory Kesden and Markus P schel Carnegie Mellon Announcements Exam Next Tuesday Covers Ch 5 8 10 1 10 8 Next recitations answering your questions Malloclab Due April 16th 150 points Can be done in teams of 2 recommended to reduce workload Has a check point Carnegie Mellon Today Memory related bugs System level I O Unix I O Standard I O RIO robust I O package Conclusions and examples Carnegie Mellon Memory Related Perils and Pitfalls Dereferencing bad pointers Reading uninitialized memory Overwriting memory Referencing nonexistent variables Freeing blocks multiple times Referencing freed blocks Failing to free blocks Carnegie Mellon Dereferencing Bad Pointers The classic scanf bug int val scanf d val Carnegie Mellon Reading Uninitialized Memory Assuming that heap data is initialized to zero return y Ax int matvec int A int x int y malloc N sizeof int int i j for i 0 i N i for j 0 j N j y i A i j x j return y Carnegie Mellon Overwriting Memory Allocating the possibly wrong sized object int p p malloc N sizeof int for i 0 i N i p i malloc M sizeof int Carnegie Mellon Overwriting Memory Not checking the max string size char s 8 int i gets s reads 123456789 from stdin Basis for classic buffer overflow attacks 1988 Internet worm Modern attacks on Web servers AOL Microsoft IM war Carnegie Mellon Overwriting Memory Misunderstanding pointer arithmetic int search int p int val while p p val p sizeof int return p Carnegie Mellon Referencing Nonexistent Variables Forgetting that local variables disappear when a function returns int foo int val return val Carnegie Mellon Freeing Blocks Multiple Times Nasty x malloc N sizeof int manipulate x free x y malloc M sizeof int manipulate y free x Carnegie Mellon Referencing Freed Blocks Evil x malloc N sizeof int manipulate x free x y malloc M sizeof int for i 0 i M i y i x i Carnegie Mellon Failing to Free Blocks Memory Leaks Slow long term killer foo int x malloc N sizeof int return Carnegie Mellon Failing to Free Blocks Memory Leaks Freeing only part of a data structure struct list int val struct list next foo struct list head malloc sizeof struct list head val 0 head next NULL create and manipulate the rest of the list free head return Carnegie Mellon Dealing With Memory Bugs Conventional debugger gdb Good for finding bad pointer dereferences Hard to detect the other memory bugs Debugging malloc UToronto CSRI malloc Wrapper around conventional malloc Detects memory bugs at malloc and free boundaries Memory overwrites that corrupt heap structures Some instances of freeing blocks multiple times Memory leaks Cannot detect all memory bugs Overwrites into the middle of allocated blocks Freeing block twice that has been reallocated in the interim Referencing freed blocks Carnegie Mellon Dealing With Memory Bugs cont Some malloc implementations contain checking code Linux glibc malloc setenv MALLOC CHECK 2 FreeBSD setenv MALLOC OPTIONS AJR Binary translator valgrind Linux Purify Powerful debugging and analysis technique Rewrites text section of executable object file Can detect all errors as debugging malloc Can also check each individual reference at runtime Bad pointers Overwriting Referencing outside of allocated block Garbage collection Boehm Weiser Conservative GC Let the system free blocks instead of the programmer Carnegie Mellon Overwriting Memory Referencing a pointer instead of the object it points to int BinheapDelete int binheap int size int packet packet binheap 0 binheap 0 binheap size 1 size Heapify binheap size 0 return packet Carnegie Mellon Today Memory related bugs System level I O Unix I O Standard I O RIO robust I O package Conclusions and examples Carnegie Mellon Unix Files A Unix file is a sequence of m bytes B0 B1 Bk Bm 1 All I O devices are represented as files dev sda2 usr disk partition dev tty2 terminal Even the kernel is represented as a file dev kmem proc kernel memory image kernel data structures Carnegie Mellon Unix File Types Regular file File containing user app data binary text whatever OS does not know anything about the format other than sequence of bytes akin to main memory Directory file A file that contains the names and locations of other files Character special and block special files Terminals character special and disks block special FIFO named pipe A file type used for inter process communication Socket A file type used for network communication between processes Carnegie Mellon Unix I O Key Features Elegant mapping of files to devices allows kernel to export simple interface called Unix I O Important idea All input and output is handled in a consistent and uniform way Basic Unix I O operations system calls Opening and closing files open and close Reading and writing a file read and write Changing the current file position seek indicates next offset into file to read or write lseek B0 B1 Bk 1 Bk Bk 1 Current file position k Carnegie Mellon Opening Files Opening a file informs the kernel that you are getting ready to access that file int fd file descriptor if fd open etc hosts O RDONLY 0 perror open exit 1 Returns a small identifying integer file descriptor fd 1 indicates that an error occurred Each process created by a Unix shell begins life with three open files associated with a terminal 0 standard input 1 standard output 2 standard error Carnegie Mellon Closing Files Closing a file informs the kernel that you are finished accessing that file int fd file descriptor int retval return value if retval close fd 0 perror close exit 1 Closing an already closed file is a recipe for disaster in threaded programs more on this later Moral Always check return codes even for seemingly benign functions such as close Carnegie Mellon Reading Files Reading a file copies bytes from the current file position to memory and then updates file position char buf 512 int fd file descriptor int nbytes number of bytes read Open file fd Then read up to 512 bytes from file fd if nbytes read fd buf sizeof buf 0 perror read exit 1 Returns number of bytes read from file fd into buf Return type ssize t is signed integer nbytes 0 indicates that an error occurred Short counts nbytes sizeof buf are possible and are not errors Carnegie Mellon Writing Files Writing a file copies bytes from memory to the current file position and then updates current file position char buf 512 int fd file descriptor int nbytes number of bytes read
View Full Document
Unlocking...