Static Program Instrumentation Review

exercise 22 program instrumentation review write n.w
1 / 32
Embed
Share

Dive into a review of static program instrumentation, exploring the concepts of Steensgard's analysis and Andersen's analysis. Understand how Steensgard's analysis might lead to false-positive points-to relationships in certain programs, while Andersen's analysis can avoid such inaccuracies. Learn about the use of measurement probes in static instrumentation for proactive software evaluation.

  • Program Instrumentation
  • Static Analysis
  • Software Evaluation
  • Measurement Probes
rayaanacharya
kar_whi Follow

Uploaded on | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. EXERCISE #22 PROGRAM INSTRUMENTATION REVIEW Write your name and answer the following on a piece of paper Give an example of a program where Steensgard s analysis will indicate a false- positive points-to relationship that Andersen s would avoid 1

  2. EXERCISE #22 SOLUTION PROGRAM INSTRUMENTATION REVIEW 2

  3. ADMINISTRIVIA AND ANNOUNCEMENTS

  4. STATIC INSTRUMENTATION EECS 677: Software Security Evaluation Drew Davidson

  5. 5 PREVIOUSLY: PROGRAM INSTRUMENTATION REVIEW: LAST LECTURE ALTERTHEPROGRAMTOGAINMORE INFORMATIONOUTOFDYNAMICANALYSIS TWOFORMSOFINSTRUMENTATION Static instrumentation Alter the program statically, to gain information at runtime Dynamic instrumentation Alter the program at runtime, potentially leveraging runtime info

  6. 6 THIS LESSON: STATIC INSTRUMENTATION REVIEW: LAST LECTURE INSERTINGMEASUREMENTPROBES INTOAPROGRAM BEFOREITISRUN More closely associated with proactive software evaluation (why?)

  7. 7 STATIC INSTRUMENTATION TOOLS PROGRAM INSTRUMENTATION: APPROACH OFTENBUILTRIGHTINTOCOMPILER LLVM Coverage tools GCC Coverage tools SOMETIMESBUILTUPONOPTIMIZER Google s closure compiler https://github.com/google/closure-compiler

  8. LECTURE OUTLINE Example: Test Coverage Using LLVM Instrumentation Developing LLVM Instrumentation

  9. 9 TEST COVERAGE EXAMPLE: TEST COVERAGE HOWDOWEKNOWIFOURTEST SUITEISSUFFICIENT? Line/branch/path coverage How many lines/branches/paths of the program does suite exercise?

  10. 10 TEST COVERAGE EXAMPLE: TEST COVERAGE HOWDOWEKNOWIFOURTEST SUITEISSUFFICIENT? 1: int f(bool b) { 2: Obj * o = null; 3: int v = 2; 4: if (b) { 5: 6: 7: } 8: if (v == 2){ 9: 10: } 11: return o->property(); 12: } Line/branch/path coverage How many lines/branches/paths of the program does suite exercise? o = new Obj (); v = rand_int(); o->setInvalid();

  11. 11 ASSESSING COVERAGE PROGRAM INSTRUMENTATION: APPROACH 1: int f(bool b) { 2: Obj * o = null; 3: int v = 2; 4: if (b) { 5: 6: 7: } 8: if (v == 2){ 9: 10: } 11: return o->property(); 12: } 13: BIG IDEA: INJECT COUNTERS Simple: Add a counter at every instruction Better: Add a counter at every basic block o = new Obj (); v = rand_int(); WHATCOVERAGEINFORMATIONDOESTHISGIVE US? Instruction: Yes! Branch: Yes! Path: No! o->setInvalid();

  12. 12 EFFICIENT PATH AND BRANCH COUNTERS PROGRAM INSTRUMENTATION: APPROACH BALLAND LARUS 96 Intuition: - Assign integer values to edges such that no two paths compute the same path sum (Section 3.2). Select edges to instrument using a spanning tree

  13. 13 BRANCH FREQUENCY PROGRAM INSTRUMENTATION: APPROACH NA VE APPROACH: INSTRUMENT PROBESATEACHEDGE Inefficient! We don t really need an A -> B counter (it s the sum of the B-> C and B -> D counters)

  14. 14 PATH FREQUENCY REVIEW: THE PROBLEM

  15. 15 EXAMPLE: COVERAGE / FREQUENCY PROGRAM INSTRUMENTATION: APPROACH EXAMPLEOFINSTRUMENTATION: COUNTING EXECUTION FREQUENCY Why is this useful? (Placing sanitizers) Let s first consider inserting edge counters Inefficient! We don t really need an A -> B counter (it s the sum of the B-> C and B -> D counters)

  16. LECTURE OUTLINE Example: Test Coverage Using LLVM Instrumentation Developing LLVM Instrumentation

  17. 17 SETUP / ASSUMPTIONS LLVM BUILT-IN INSTRUMENTATION THISPORTIONOFTHELECTUREUSESACLANG++ INSTALLATION. Should work for many versions of LLVM (tested on clang++-18) Works on clang++14 (which is installed on the cycle servers) INSTALLATION (ONALOCALMACHINE) sudo apt install clang++ llvm-dev

  18. 18 LLVM COVERAGE INSTRUMENTATION LLVM BUILT-IN INSTRUMENTATION GOAL: ASSESSTHECOVERAGEOFATESTSUITE APPROACH: USELLVM SBUILT-IN INSTRUCTION INSTRUMENTATION Piggyback on LLVM s PGO facilities Profile-guided optimization 1) Insert PGO probes 2) Interpret probes as coverage measurements

  19. 19 LLVM: INSERTING PGO PROBES LLVM BUILT-IN INSTRUMENTATION -fcoverage-mapping Map instrumentation results to source code -fprofile-instr-generate Generate profile information at the source instruction level -fprofile-generate Generate profile information at the IR level

  20. 20 LLVM: INSERTING PGO PROBES LLVM BUILT-IN INSTRUMENTATION Let s write a simple LLVM program, then observe the probes clang++ prog.c o prog -fprofile-instr-generate emit-llvm -fcoverage-mapping This will cause the program to output an additional coverage file in the location of the environment variable LLVM_PROFILE_FILE export LLVM_PROFILE_FILE=test1.prof

  21. 21 LLVM COVERAGE INSTRUMENTATION LLVM BUILT-IN INSTRUMENTATION GOAL: ASSESSTHECOVERAGEOFATESTSUITE APPROACH: USELLVM SBUILT-IN INSTRUCTION INSTRUMENTATION Piggyback on LLVM s PGO facilities 1) Insert PGO probes 2) Interpret probes as coverage measurements

  22. 22 LLVM: COVERAGE REPORT LLVM BUILT-IN INSTRUMENTATION The profile file is useful for a variety of things (i.e. PGO). As such, it is not (immediately) human-readable We ll use some extra tools to generate a readable report llvm-profdata merge -sparse test1.prof -o final.profdata llvm-cov-14 show badcalc -instr-profile=final.profdata >& profile.report

  23. 23 PUTTING IT ALL TOGETHER REVIEW: LAST LECTURE THESECOMMANDSWORKFINEFOR 1 TESTRUN, BUTWECAREABOUTTEST SUITES clang++-18 prog.ll o prog -fprofile-instr-generate -fcoverage-mapping export LLVM_PROFILE_FILE=test1.prof ./prog export LLVM_PROFILE_FILE=test2.prof ./prog llvm-profdata merge -sparse test*.prof -o final.profdata llvm-cov-18 show prog -instr-profile=final.profdata >& profile.report

  24. 24 EXAMPLE: LLVM COVERAGE INSTRUMENTATION PROGRAM INSTRUMENTATION: APPROACH LET STAKEITTOTHETERMINAL!

  25. LECTURE OUTLINE Example: Test Coverage Using LLVM Instrumentation Developing LLVM Instrumentation

  26. 26 CUSTOM INSTRUMENTATION PROGRAM INSTRUMENTATION: APPROACH THE PREVIOUS EXAMPLETOOKADVANTAGEOFPRE-EXISTING INSTRUMENTATION What if we wanted to make our own custom instrumentation?

  27. 27 CUSTOM INSTRUMENTATION PROGRAM INSTRUMENTATION: APPROACH GETTINGSTARTED 1) Reference the LLVM API 2) Build our own (trivial) analysis pass 3) Hook into the LLVM opt infrastructure 4) Run our analysis pass GOING FURTHER Insert more full-featured functionality (https://llvm.org/doxygen/classllvm_1_1IRBuilder.html)

  28. 28 EXAMPLE: LLVM CUSTOM INSTRUMENTATION PROGRAM INSTRUMENTATION: APPROACH LET SREMOVEAND ADDSOMEINSTRUCTIONS! Consider a simple add2 program: #include <stdio.h> int main(int argc, const char** argv) { int num; scanf("%i", &num); printf("%i\n", num + 2); return 0; } Let s change this to a multiply

  29. 29 EXAMPLE: LLVM CUSTOM INSTRUMENTATION PROGRAM INSTRUMENTATION: APPROACH LET STAKEITTOTHETERMINAL!

  30. 30 WRAP-UP WE VE DESCRIBED THE THEORY AND PRACTICE OF PROGRAM INSTRUMENTATION Next time: Consider how we generate test cases

  31. 31 WRAP-UP WE VE DESCRIBED 2 FORMS OF ALTERING THE PROGRAM More heuristic by nature

  32. 32 LLVM: COVERAGE MAPPING LLVM BUILT-IN INSTRUMENTATION For understanding line coverage, we need to map changes to source code clang++ prog.c o prog -fprofile-instr-generate emit-llvm -fcoverage-mapping This will cause the program to output an additional coverage file in the location of the environment variable LLVM_PROFILE_FILE export LLVM_PROFILE_FILE=test1.prof

Related


Rashford's Exclusion Raises Questions as Southgate Navigates Delicate Balance Euro 2024

Rashford's Exclusion Raises Questions as Southgate Navigates Delicate Balance Euro 2024

WorldWide
Predicting Spain's Lineup for UEFA Euro 2024

Predicting Spain's Lineup for UEFA Euro 2024

WorldWide
Roland Sallai Primed for Success at Euro 2024

Roland Sallai Primed for Success at Euro 2024

WorldWide
Fernandes Thriving in United's Resurgent Attack^J Euro 2024 Success

Fernandes Thriving in United's Resurgent Attack^J Euro 2024 Success

WorldWide
No Clear Plan Beyond Euro 2024, Says England Manager

No Clear Plan Beyond Euro 2024, Says England Manager

WorldWide
Christoph Baumgartner Expectations and Preparations for Euro 2024

Christoph Baumgartner Expectations and Preparations for Euro 2024

WorldWide
Christoph Baumgartner Expectations and Preparations for Euro 2024

Christoph Baumgartner Expectations and Preparations for Euro 2024

WorldWide
Building England's Euro 2024 Team around Phil Foden

Building England's Euro 2024 Team around Phil Foden

WorldWide
Scotland Superfan since 1974 Robbie Jenkins Prepares for Euro 2024

Scotland Superfan since 1974 Robbie Jenkins Prepares for Euro 2024

WorldWide
Albania Vs Spain National Team Embarks on Euro Cup 2024 Qualifiers Journey

Albania Vs Spain National Team Embarks on Euro Cup 2024 Qualifiers Journey

WorldWide
Best Question Bank for Class 9 CBSE 2024 Maths with Live Videos

Best Question Bank for Class 9 CBSE 2024 Maths with Live Videos

Rachna
Best Question Bank for Class 9 CBSE 2024 Maths with Live Videos

Best Question Bank for Class 9 CBSE 2024 Maths with Live Videos

Rachna
Pausslot Mantra88 Tergacor dan Terpercaya 2024

Pausslot Mantra88 Tergacor dan Terpercaya 2024

Man
Hospital Price Transparency Regulations and Updates for 2024

Hospital Price Transparency Regulations and Updates for 2024

cove
Essential Information About Upcoming MRCOG Exam

Essential Information About Upcoming MRCOG Exam

rhodes
Pregnancy Horoscope 2024

Pregnancy Horoscope 2024

Jyotishi
Euro 2024 Predictions

Euro 2024 Predictions

Simon1
Institutions' Logos and Authors' Affiliations at MECO 2024 and CPSIoT 2024

Institutions' Logos and Authors' Affiliations at MECO 2024 and CPSIoT 2024

cara
Notifications & Circulars - In light of 53rd GST Council Meeting Recommendation

Notifications & Circulars - In light of 53rd GST Council Meeting Recommendation

Connect
Paris Olympics 2024 - Opening Ceremony

Paris Olympics 2024 - Opening Ceremony

vinu
Mondays for Future: Updates and Plans for 2023-2024

Mondays for Future: Updates and Plans for 2023-2024

aranza
NJSDC Kickoff Meeting 2024 Highlights

NJSDC Kickoff Meeting 2024 Highlights

bhud

More Related Content