Carnegie MellonIntroduction to Computer Systems15-213/18-243, spring 20091stLecture, Jan. 12thInstructors:Gregory Kesden and Markus PüschelThe course that gives CMU its “Zip”!Carnegie MellonOverview Course theme Five realities How the course fits into the CS/ECE curriculum LogisticsCarnegie MellonCourse Theme:Abstraction Is Good But Don’t Forget Reality Most CS courses emphasize abstraction Abstract data types Asymptotic analysis These abstractions have limits Especially in the presence of bugs Need to understand details of underlying implementations Useful outcomes Become more effective programmers Able to find and eliminate bugs efficiently Able to understand and tune for program performance Prepare for later “systems” classes in CS & ECE Compilers, Operating Systems, Networks, Computer Architecture, Embedded SystemsCarnegie MellonGreat Reality #1: Int’s are not Integers, Float’s are not Reals Example 1: Is x2≥ 0? Float’s: Yes! Int’s: 40000 * 40000 --> 1600000000 50000 * 50000 --> ?? Example 2: Is (x + y) + z = x + (y + z)? Unsigned & Signed Int’s: Yes! Float’s: (1e20 + -1e20) + 3.14 --> 3.14 1e20 + (-1e20 + 3.14) --> ??Carnegie MellonCode Security Example Similar to code found in FreeBSD’s implementation of getpeername There are legions of smart people trying to find vulnerabilities in programs/* Kernel memory region holding user-accessible data */#define KSIZE 1024char kbuf[KSIZE];/* Copy at most maxlen bytes from kernel region to user buffer */int copy_from_kernel(void *user_dest, int maxlen) {/* Byte count len is minimum of buffer size and maxlen */int len = KSIZE < maxlen ? KSIZE : maxlen;memcpy(user_dest, kbuf, len);return len;}Carnegie MellonTypical Usage/* Kernel memory region holding user-accessible data */#define KSIZE 1024char kbuf[KSIZE];/* Copy at most maxlen bytes from kernel region to user buffer */int copy_from_kernel(void *user_dest, int maxlen) {/* Byte count len is minimum of buffer size and maxlen */int len = KSIZE < maxlen ? KSIZE : maxlen;memcpy(user_dest, kbuf, len);return len;}#define MSIZE 528void getstuff() {char mybuf[MSIZE];copy_from_kernel(mybuf, MSIZE);printf(“%s\n”, mybuf);}Carnegie MellonMalicious Usage/* Kernel memory region holding user-accessible data */#define KSIZE 1024char kbuf[KSIZE];/* Copy at most maxlen bytes from kernel region to user buffer */int copy_from_kernel(void *user_dest, int maxlen) {/* Byte count len is minimum of buffer size and maxlen */int len = KSIZE < maxlen ? KSIZE : maxlen;memcpy(user_dest, kbuf, len);return len;}#define MSIZE 528void getstuff() {char mybuf[MSIZE];copy_from_kernel(mybuf, -MSIZE);. . .}Carnegie MellonComputer Arithmetic Does not generate random values Arithmetic operations have important mathematical properties Cannot assume all “usual” mathematical properties Due to finiteness of representations Integer operations satisfy “ring” properties Commutativity, associativity, distributivity Floating point operations satisfy “ordering” properties Monotonicity, values of signs Observation Need to understand which abstractions apply in which contexts Important issues for compiler writers and serious application programmersCarnegie MellonGreat Reality #2: You’ve Got to Know Assembly Chances are, you’ll never write program in assembly Compilers are much better & more patient than you are But: Understanding assembly key to machine-level execution model Behavior of programs in presence of bugs High-level language model breaks down Tuning program performance Understand optimizations done/not done by the compiler Understanding sources of program inefficiency Implementing system software Compiler has machine code as target Operating systems must manage process state Creating / fighting malware x86 assembly is the language of choice!Carnegie MellonAssembly Code Example Time Stamp Counter Special 64-bit register in Intel-compatible machines Incremented every clock cycle Read with rdtsc instruction Application Measure time (in clock cycles) required by proceduredouble t;start_counter();P();t = get_counter();printf("P required %f clock cycles\n", t);Carnegie MellonCode to Read Counter Write small amount of assembly code using GCC’s asm facility Inserts assembly code into machine code generated by compilerstatic unsigned cyc_hi = 0;static unsigned cyc_lo = 0;/* Set *hi and *lo to the high and low order bitsof the cycle counter. */void access_counter(unsigned *hi, unsigned *lo){asm("rdtsc; movl %%edx,%0; movl %%eax,%1": "=r" (*hi), "=r" (*lo) :: "%edx", "%eax");}Carnegie MellonGreat Reality #3: Memory MattersRandom Access Memory Is an Unphysical Abstraction Memory is not unbounded It must be allocated and managed Many applications are memory dominated Memory referencing bugs especially pernicious Effects are distant in both time and space Memory performance is not uniform Cache and virtual memory effects can greatly affect program performance Adapting program to characteristics of memory system can lead to major speed improvementsCarnegie MellonMemory Referencing Bug Exampledouble fun(int i){volatile double d[1] = {3.14};volatile long int a[2];a[i] = 1073741824; /* Possibly out of bounds */return d[0];}fun(0) –> 3.14fun(1) –> 3.14fun(2) –> 3.1399998664856fun(3) –> 2.00000061035156fun(4) –> 3.14, then segmentation faultCarnegie MellonMemory Referencing Bug Exampledouble fun(int i){volatile double d[1] = {3.14};volatile long int a[2];a[i] = 1073741824; /* Possibly out of bounds */return d[0];}fun(0) –> 3.14fun(1) –> 3.14fun(2) –> 3.1399998664856fun(3) –> 2.00000061035156fun(4) –> 3.14, then segmentation faultSaved Stated7 … d4d3 … d0a[1]a[0]01234Location accessed by fun(i)Explanation:Carnegie MellonMemory Referencing Errors C and C++ do not provide any memory protection Out of bounds array references Invalid pointer values Abuses of malloc/free Can lead to nasty bugs Whether or not bug has any effect depends on system and compiler Action at a distance Corrupted object logically unrelated to one being accessed Effect of bug may be first observed long after it is generated How can I deal with this? Program in Java or ML Understand what possible interactions may occur Use or develop tools to detect
View Full Document