C++ Programming · Lecture 12 Software Engineering Group Philipp D. Schubert C++ Programming. 1....
Transcript of C++ Programming · Lecture 12 Software Engineering Group Philipp D. Schubert C++ Programming. 1....
![Page 1: C++ Programming · Lecture 12 Software Engineering Group Philipp D. Schubert C++ Programming. 1. Cyber attacks 2. Program analysis 3. Static analysis 4. Designing code analysis (DECA)](https://reader034.fdocuments.net/reader034/viewer/2022050508/5f98f551becd1f164147daf4/html5/thumbnails/1.jpg)
Lecture 12
Software Engineering Group
Philipp D. Schubert
C++ Programming
![Page 2: C++ Programming · Lecture 12 Software Engineering Group Philipp D. Schubert C++ Programming. 1. Cyber attacks 2. Program analysis 3. Static analysis 4. Designing code analysis (DECA)](https://reader034.fdocuments.net/reader034/viewer/2022050508/5f98f551becd1f164147daf4/html5/thumbnails/2.jpg)
1. Cyber attacks
2. Program analysis
3. Static analysis
4. Designing code analysis (DECA)
5. Job offer
Contents
![Page 3: C++ Programming · Lecture 12 Software Engineering Group Philipp D. Schubert C++ Programming. 1. Cyber attacks 2. Program analysis 3. Static analysis 4. Designing code analysis (DECA)](https://reader034.fdocuments.net/reader034/viewer/2022050508/5f98f551becd1f164147daf4/html5/thumbnails/3.jpg)
Usual Cyber-Attack
Find vulnerability or place backdoor
Inject malicious code
Circumvent detection
Surveil system, infect more machines if required
Execute payload
[Image taken from https://i.ytimg.com/vi/C-3FqOUf3nY/maxresdefault.jpg]
![Page 4: C++ Programming · Lecture 12 Software Engineering Group Philipp D. Schubert C++ Programming. 1. Cyber attacks 2. Program analysis 3. Static analysis 4. Designing code analysis (DECA)](https://reader034.fdocuments.net/reader034/viewer/2022050508/5f98f551becd1f164147daf4/html5/thumbnails/4.jpg)
Who is responsible?
According to a recent study by the DHS, more than 90% of all current cyber attacks succeed because of
vulnerabilities in the application layer!
![Page 5: C++ Programming · Lecture 12 Software Engineering Group Philipp D. Schubert C++ Programming. 1. Cyber attacks 2. Program analysis 3. Static analysis 4. Designing code analysis (DECA)](https://reader034.fdocuments.net/reader034/viewer/2022050508/5f98f551becd1f164147daf4/html5/thumbnails/5.jpg)
How can we reduce the number of vulnerabilities?
Write your code carefully
Test your code excessively
Use dynamic analysis
Use static analysis
Use manual reviews
![Page 6: C++ Programming · Lecture 12 Software Engineering Group Philipp D. Schubert C++ Programming. 1. Cyber attacks 2. Program analysis 3. Static analysis 4. Designing code analysis (DECA)](https://reader034.fdocuments.net/reader034/viewer/2022050508/5f98f551becd1f164147daf4/html5/thumbnails/6.jpg)
Rice´s theorem
Program analysis is mathematically provable hard
All non-trivial semantic properties of programs are undecidable!
A semantic property is one about the behavior
An example
Does a program terminate for all inputs?
A property is non-trivial if
It is neither true for every program
Nor for no program
That are quite a lot of properties!
https://en.wikipedia.org/wiki/Rice's_theorem
Contains proof sketch as well as complete proof
We have to use an over-approximation then!
![Page 7: C++ Programming · Lecture 12 Software Engineering Group Philipp D. Schubert C++ Programming. 1. Cyber attacks 2. Program analysis 3. Static analysis 4. Designing code analysis (DECA)](https://reader034.fdocuments.net/reader034/viewer/2022050508/5f98f551becd1f164147daf4/html5/thumbnails/7.jpg)
Program analysis
Dynamic analysis
Retrieve information about a program behavior by executing it
Execute on real or virtual processor
Must be executed with sufficient test inputs (code coverage)
Discover a set of possible behaviors
Uncertainty principle, make sure code instrumentalization don´t cause side-effects
Inadequate testing leads to catastrophic failures runtime error in Ariane 5 rocket
Static analysis
Retrieve information about a program without executing it
Analysis performed on source code or intermediate code
Over-approximation of the program behaviour
Program understanding
Done by humans: program comprehension, code review, software walkthroughs
[https://en.wikipedia.org/wiki/Dynamic_program_analysis, https://en.wikipedia.org/wiki/Static_program_analysis]
![Page 8: C++ Programming · Lecture 12 Software Engineering Group Philipp D. Schubert C++ Programming. 1. Cyber attacks 2. Program analysis 3. Static analysis 4. Designing code analysis (DECA)](https://reader034.fdocuments.net/reader034/viewer/2022050508/5f98f551becd1f164147daf4/html5/thumbnails/8.jpg)
Workflow in static analysis
Parse method (as source code, bytecode or some other intermediate representation)
Convert into control-flow graph (CFG)
Perform an analysis on the CFG
int i = 10;
int j = 20;
if (p) {
i = 100;
} else {
j = i;
}
print(i);
Find interesting properties
int i = 10;
int j = 10;
i = 100; j = i;
print(i)
if (p)
![Page 9: C++ Programming · Lecture 12 Software Engineering Group Philipp D. Schubert C++ Programming. 1. Cyber attacks 2. Program analysis 3. Static analysis 4. Designing code analysis (DECA)](https://reader034.fdocuments.net/reader034/viewer/2022050508/5f98f551becd1f164147daf4/html5/thumbnails/9.jpg)
Workflow in static analysis
Another example
int y = x;
if (p) x = y;
if (!p) z = 2;
b = y;
Depending on complexity of p
Mutual exclusiveness cannot be inferred
CFG are conservative
If control may flow from stmt A to stmt B then there is an edge from A to B
Opposite is not true!
Problem is undecidable
Over-approximation
Real CFGs contain exceptional edges as well
Unsound otherwise
int y = x;
if (p)
if (!p)
b = y;
x = y;
z = 2;
![Page 10: C++ Programming · Lecture 12 Software Engineering Group Philipp D. Schubert C++ Programming. 1. Cyber attacks 2. Program analysis 3. Static analysis 4. Designing code analysis (DECA)](https://reader034.fdocuments.net/reader034/viewer/2022050508/5f98f551becd1f164147daf4/html5/thumbnails/10.jpg)
Intermediate representations
; Function Attrs: norecurse nounwind uwtable
define i32 @main() #0 {
%1 = alloca i32, align 4
%2 = alloca i32, align 4
%3 = alloca i32, align 4
store i32 0, i32* %1, align 4
store i32 0, i32* %2, align 4
store i32 0, i32* %3, align 4
br label %4
; <label>:4: ; preds = %10, %0
%5 = load i32, i32* %3, align 4
%6 = icmp slt i32 %5, 10
br i1 %6, label %7, label %13
; <label>:7: ; preds = %4
%8 = load i32, i32* %2, align 4
%9 = add nsw i32 %8, 1
store i32 %9, i32* %2, align 4
br label %10
; <label>:10: ; preds = %7
%11 = load i32, i32* %3, align 4
%12 = add nsw i32 %11, 1
store i32 %12, i32* %3, align 4
br label %4
; <label>:13: ; preds = %4
ret i32 0
}
Analysis usually done on an intermediate
representation (IR)
Simpler than source language
Just a few op codes
Uses jumps (goto) to represent loops
int main()
{
int counter = 0;
for (int i = 0; i < 10; ++i) {
counter++;
}
return 0;
}
LLVM IR to the right
![Page 11: C++ Programming · Lecture 12 Software Engineering Group Philipp D. Schubert C++ Programming. 1. Cyber attacks 2. Program analysis 3. Static analysis 4. Designing code analysis (DECA)](https://reader034.fdocuments.net/reader034/viewer/2022050508/5f98f551becd1f164147daf4/html5/thumbnails/11.jpg)
LLVM
Compiler infrastructure
Provide many helpful mechanisms to write:
Compiler optimizations
Static analyses
Intermediate representation LLVM IR
Abstracted from concrete input language
Pros
No nesting
Looping/ branches through jumps (goto)
Simple basic operations
3 address code
Cons
No direct mapping from LLVM IR back to source
Front-endOptimization/
analysisSource languages Target languageBack-end
![Page 12: C++ Programming · Lecture 12 Software Engineering Group Philipp D. Schubert C++ Programming. 1. Cyber attacks 2. Program analysis 3. Static analysis 4. Designing code analysis (DECA)](https://reader034.fdocuments.net/reader034/viewer/2022050508/5f98f551becd1f164147daf4/html5/thumbnails/12.jpg)
Static analysis
Intra-procedural analysis
Function f Property 𝝋
Analysis
Does the property 𝜑 hold at statement s?
![Page 13: C++ Programming · Lecture 12 Software Engineering Group Philipp D. Schubert C++ Programming. 1. Cyber attacks 2. Program analysis 3. Static analysis 4. Designing code analysis (DECA)](https://reader034.fdocuments.net/reader034/viewer/2022050508/5f98f551becd1f164147daf4/html5/thumbnails/13.jpg)
Some properties & corresponding analyses
Is this variable still used later on?
Live-variables analysis
Can this code ever execute?
Dead-code analysis
Can this pointer ever be null?
Nullness analysis
Is this file handle ever closed?
Typestate analysis
There are many more
![Page 14: C++ Programming · Lecture 12 Software Engineering Group Philipp D. Schubert C++ Programming. 1. Cyber attacks 2. Program analysis 3. Static analysis 4. Designing code analysis (DECA)](https://reader034.fdocuments.net/reader034/viewer/2022050508/5f98f551becd1f164147daf4/html5/thumbnails/14.jpg)
Data flow analysis
Control flow
Data flow
Analysis: What values are printed?
Reaching definition analysis
int x = 1;
print(x);
if (z > 0) {
x = 2;
}
print(x)
Use data flow analysis
int x = 1;
print(x);
if (z > 0)
x = 2;
print(x);
𝑥 = ?
𝑥 = 1
𝑥 = 1
𝑥 = 1
𝑥 =1
𝑥 = 2
𝑥 ∈ {1, 2}
![Page 15: C++ Programming · Lecture 12 Software Engineering Group Philipp D. Schubert C++ Programming. 1. Cyber attacks 2. Program analysis 3. Static analysis 4. Designing code analysis (DECA)](https://reader034.fdocuments.net/reader034/viewer/2022050508/5f98f551becd1f164147daf4/html5/thumbnails/15.jpg)
A more advanced example
Which assignments are unnecessary?
Live variables analysis
int z = // some value;
int x = 1;
int y = 2;
if (z > 0) {
y = z;
if (z > 1) {
z = 7;
}
}
print(y);
Findings
Assignment to z and x can be eliminated
int z = // some val
int x = 1;
int y = 2;
if (z > 0)
y = z;
if (z > 1)
z = 7;
print(y);
∅
{𝑦} {𝑦}
{𝑦}
{𝑦, 𝑧}
{𝑧}{𝑦, 𝑧}
{𝑦, 𝑧}
{𝑧}
{𝑧}
∅
Overwrite y,
don’t need
old y
![Page 16: C++ Programming · Lecture 12 Software Engineering Group Philipp D. Schubert C++ Programming. 1. Cyber attacks 2. Program analysis 3. Static analysis 4. Designing code analysis (DECA)](https://reader034.fdocuments.net/reader034/viewer/2022050508/5f98f551becd1f164147daf4/html5/thumbnails/16.jpg)
Loops?
Reaching definitions revisited
int x = 1;
while (...) {
x++;
}
print(x);
Problem!
This does not terminate
Number of iterations must be bound
int x = 1;
while( … )
x++;
print(x);
𝑥 =?
𝑥 = 1
𝑥 = 2
𝑥 = 1
𝑥 ∈ {2,3, … }𝑥 ∈ {1,2, … }
𝑥 ∈ {1,2, … }
𝑥 = 1
![Page 17: C++ Programming · Lecture 12 Software Engineering Group Philipp D. Schubert C++ Programming. 1. Cyber attacks 2. Program analysis 3. Static analysis 4. Designing code analysis (DECA)](https://reader034.fdocuments.net/reader034/viewer/2022050508/5f98f551becd1f164147daf4/html5/thumbnails/17.jpg)
Monotone framework
1. Analysis direction (forward or backward)
2. Analysis domain (lattice)
3. Effect of statements on information (flow functions)
4. Initial values (values of the lattice)
5. Merge information (binary operator on sets of lattice values)
Flow functions
Initial values
Concrete
static
analysis
Uniform
evaluation
algorithm
![Page 18: C++ Programming · Lecture 12 Software Engineering Group Philipp D. Schubert C++ Programming. 1. Cyber attacks 2. Program analysis 3. Static analysis 4. Designing code analysis (DECA)](https://reader034.fdocuments.net/reader034/viewer/2022050508/5f98f551becd1f164147daf4/html5/thumbnails/18.jpg)
Overview and more examples
SEPL Goethe University, Frankfurt am Main
Lecture “Foundations of Programming Languages”, Christoph Reichenbach
Have a look at the following youtube playlist (one lecture unit)
https://www.youtube.com/watch?v=sxiFwiCgoVo&list=PLgJZZQPiH1mHIZAyIF1baZbMpIzxXn90o
Optimizations and static analysis
What?
Why?
How?
![Page 19: C++ Programming · Lecture 12 Software Engineering Group Philipp D. Schubert C++ Programming. 1. Cyber attacks 2. Program analysis 3. Static analysis 4. Designing code analysis (DECA)](https://reader034.fdocuments.net/reader034/viewer/2022050508/5f98f551becd1f164147daf4/html5/thumbnails/19.jpg)
Inter-procedural program analysis
Why is inter-procedural analysis hard?
![Page 20: C++ Programming · Lecture 12 Software Engineering Group Philipp D. Schubert C++ Programming. 1. Cyber attacks 2. Program analysis 3. Static analysis 4. Designing code analysis (DECA)](https://reader034.fdocuments.net/reader034/viewer/2022050508/5f98f551becd1f164147daf4/html5/thumbnails/20.jpg)
Inter-procedural program analysis
How to overcome unrealizable paths?
Use context-sensitive analysis
Inlining
Easy
Not efficient
Call-strings approach
Annotate data flow facts with ´call strings´
Summary approach
Compute function summaries describing their effect
Plug-in summary when function is called
We use the summary approach
Every approach has advantages/ disadvantages
![Page 21: C++ Programming · Lecture 12 Software Engineering Group Philipp D. Schubert C++ Programming. 1. Cyber attacks 2. Program analysis 3. Static analysis 4. Designing code analysis (DECA)](https://reader034.fdocuments.net/reader034/viewer/2022050508/5f98f551becd1f164147daf4/html5/thumbnails/21.jpg)
Designing code analysis for large-scale software systems (DECA)
Summer semester 2017
Lead by Eric Bodden
Contents
Intra-procedural data-flow analysis
Call-graph construction algorithms
Context-insensitive inter-procedural data-flow analysis
Context-sensitivity using the call-strings approach
Value-based context
Context-sensitivity using the functional approach
Efficiently solving distributed problems in the IFDS and IDE frameworks
Current challenges in inter-procedural static program analysis
Applications to software security
![Page 22: C++ Programming · Lecture 12 Software Engineering Group Philipp D. Schubert C++ Programming. 1. Cyber attacks 2. Program analysis 3. Static analysis 4. Designing code analysis (DECA)](https://reader034.fdocuments.net/reader034/viewer/2022050508/5f98f551becd1f164147daf4/html5/thumbnails/22.jpg)
Job offer
Topic
Static analysis
C++ programming
LLVM compiler framework
Benefits
Money ;-)
Fun
Learn a lot
Invitations to our professional and social events
Opportunity for bachelor/ master thesis
Lots of career options
Working on an important topic
Just send me an email
![Page 23: C++ Programming · Lecture 12 Software Engineering Group Philipp D. Schubert C++ Programming. 1. Cyber attacks 2. Program analysis 3. Static analysis 4. Designing code analysis (DECA)](https://reader034.fdocuments.net/reader034/viewer/2022050508/5f98f551becd1f164147daf4/html5/thumbnails/23.jpg)
It´s about creativityenum _multiply { multiply, times };,
struct _multiply_Int : Int {
_multiply_Int(const Int& i) : Int(i.val) {}
};
inline _multiply_Int operator/ (const Int& lhs, _multiply rhs) {
return _multiply_Int(i);
}
inline Int operator/ (const _multiply_Int& lhs, const Int& rhs) {
return lhs.val * rhs.val;
}
int main()
{
Int a(10);
Int b(20);
Int c = a /multiply/ b;
cout << c << endl;
return 0;
}
You cannot define custom operators
How about that?
Int a(10);
Int b(20);
Int c = a /multiply/ b;
Int c = a /times/ b;
cout << c << endl;
This can be realized in C++
#include <iostream>
using namespace std;
struct Int {
int val;
Int(int i) : val(i) {}
friend ostream& operator<< (ostream& os,
const Int& i)
{ return os << i.val; }
};
![Page 24: C++ Programming · Lecture 12 Software Engineering Group Philipp D. Schubert C++ Programming. 1. Cyber attacks 2. Program analysis 3. Static analysis 4. Designing code analysis (DECA)](https://reader034.fdocuments.net/reader034/viewer/2022050508/5f98f551becd1f164147daf4/html5/thumbnails/24.jpg)
Be critical
Sadly not everything about C++ is great!
A nice talk that sums up some of the biggest oddities of C++
C++ bashing: “A case against C++”, Felix von Leitner
“Why C++ is bad for the environment, causes global warming and kills puppies”
https://media.ccc.de/v/cccamp07-en-1951-A_Case_Against_C++
However, at the end I hope you find C++ somewhat useful!
![Page 25: C++ Programming · Lecture 12 Software Engineering Group Philipp D. Schubert C++ Programming. 1. Cyber attacks 2. Program analysis 3. Static analysis 4. Designing code analysis (DECA)](https://reader034.fdocuments.net/reader034/viewer/2022050508/5f98f551becd1f164147daf4/html5/thumbnails/25.jpg)
Questions?
Thank you for your attention