is511-2021-spring's People
is511-2021-spring's Issues
[Question][Hw5] Filter in Semantics.ml
I do not under stand the filter operates in memory exactley. Would filter (x<0) true mem with mem : (x -> Top/y -> Pos) return (x -> Neg/y -> Pos)?
[Question][Hw5] About Example3.c
int main() {
int i;
int sum = 0;
int z;
for (i = 10; i > 1; i--) {
sum = 10 / i;
}
z = 10 / (i - 1); // safe by interval with narrowing, false alarm by sign
z = 10 / i; // error
return 0;
}
About above code, it says z = 10 / i;
has potential error in sign domain.
However, the variable i comes from for loop, and i should be Pos by its condition i > 1.
I wonder why it has potential error, and also wonder the logic. Could you give an advice?
[Announcement][KLCOUD2 VM] Delete the unused data in the VM!
The department informed us that the overall usage of the storage area of KCLOUD2 VM has increased dramatically from the original estimate(about 95%).
Please delete the unused data in the VM('/dev/vda` area), so that there is no problem with your assignment environment.
Thank you.
[Question][Hw3] kcloudvpn account disabled after login failures.
It says like "cannot login with this account" when I try kcloudvpn logins (not like "wrong password").
I think my account is disabled because of consequent login failures.
Could you please enable the account or reset the password? Or how can I contact kcloudvpn admin?
ID is is511-21. I'm so sorry for this.
[Announcement] How to prepare homework environment
Here's the link for preparing homework environment.
https://docs.google.com/presentation/d/1y5Pk-Ks3883ut5WqYRnj8YggxBiAK3ZVzf-hJN6Z8XY/edit?usp=sharing
Check your KCLOUD VPN/VM information from KLMS.
[Question][Hw3] clang does not know -fno-discard-value-names option.
I have a question about running the clang on the example.
when I tried to use the script that
clang -c -emit-llvm -S -fno-discard-value-names -Xclang -disable-O0-optnone -o example1.tmp.ll -g example1.c,
clang omitted error that
unknown argument: '-fno-discard-value-names'.
How should I solve it?
Thanks.
[Question][Hw4] Question about HW4
Q. Can I branch mutation logic based on target filename?
What I mean is, Can you guarantee that the filename will be same as test directory in the evaluation?
for instance,
if "json_parser" = env.exe then
mutate_json ~~
else
mutate_default ~~
[Question][Hw3] Can I late-commit more though I had committed codes in time?
I have committed Hw3 yesterday (5/5), but I want to submit better performing code.
As far as i know, I'm allowed for 5 grace days, so is it allowed to commit more codes after the deadline?
Could not use Llvm in utop
Hi,
I try to use Llvm in utop by: "open Llvm;;" but it returns: "Error: Unbound module Llvm".
I have checked the environment and the dependencies have been installed right version:
llvm-config --version : 10.0.0
opt --version: LLVM version 10.0.0
clang --version: clang version 10.0.0-4ubuntu1~18.04.2
Please help me with my problem
Thank you!
[Announcement][HW5] fix test script
- Please apply the following patch to
test/dune
:
--- a/test/dune
+++ b/test/dune
@@ -2,34 +2,58 @@
(deps example1.ll)
(action
(with-stdout-to
- example1.sign.output
- (run ../analyzer example1.ll))))
+ example1.output
+ (run ../analyzer sign example1.ll))))
(rule
(alias runtest)
(action
- (diff example1.sign.expected example1.sign.output)))
+ (diff example1.expected example1.output)))
(rule
(deps example2.ll)
(action
(with-stdout-to
- example2.sign.output
- (run ../analyzer example2.ll))))
+ example2.output
+ (run ../analyzer sign example2.ll))))
(rule
(alias runtest)
(action
- (diff example2.sign.expected example2.sign.output)))
+ (diff example2.expected example2.output)))
(rule
(deps example3.ll)
(action
(with-stdout-to
- example3.sign.output
- (run ../analyzer example3.ll))))
+ example3.output
+ (run ../analyzer sign example3.ll))))
(rule
(alias runtest)
(action
- (diff example3.sign.expected example3.sign.output)))
+ (diff example3.expected example3.output)))
+
+(rule
+ (deps example4.ll)
+ (action
+ (with-stdout-to
+ example4.output
+ (run ../analyzer taint example4.ll))))
+
+(rule
+ (alias runtest)
+ (action
+ (diff example4.expected example4.output)))
+
+(rule
+ (deps example5.ll)
+ (action
+ (with-stdout-to
+ example5.output
+ (run ../analyzer taint example5.ll))))
+
+(rule
+ (alias runtest)
+ (action
+ (diff example5.expected example5.output)))
- add two files:
new file mode 100644
index 0000000..ac488ee
--- /dev/null
+++ b/test/example4.expected
@@ -0,0 +1 @@
+Potential Tainted-flow @ example4.c:main:5:3 (call void @sink(i32 %call), !dbg !14)
diff --git a/test/example5.expected b/test/example5.expected
new file mode 100644
index 0000000..ccb4aef
--- /dev/null
+++ b/test/example5.expected
@@ -0,0 +1 @@
+Potential Tainted-flow @ example5.c:main:12:3 (call void @sink(i32 %y.0), !dbg !23)
- Remove
.travis.yml
Students, who checkout the skeleton code from now on, will have the fixed code.
[Announcement] Warming-up Homework
-
Goal: setting up and getting familiarized with OCaml and Git
- Implement simple programs in OCaml (e.g., hello-world)
- Push to your Github repository
- Will not be graded
-
Invitation URLs
- hello-world: https://classroom.github.com/a/eZe5Pv-c
- ocaml-programming: https://classroom.github.com/a/G4S8mlaB
[Question][Hw5] Semantics of `sanitizer()`
I would like to ask two questions about semantics of sanitizer()
function.
-
Is the semantics of
sanitizer()
to be fixed as a single abstract value? In skeleton, type ofof_sanitizer
takes no parameter into account. I guess we can do better(?) in terms ofSIGN
domain. I just want to make sure if this is intended for simplicity. -
In 12th week lecture slides, there is an example showing how
sanitizer()
function works and I found one to be a bit spurious. Below is the third example in 16th page:
sink(z)
in the last line shall be SAFE as joined value of z
from two branches are both sanitized.
Please correct me if I got wrong or missed anything.
[Announcement] Please use GitHub (not KLMS) for Assignment 3-5
TAs will not check KLMS submissions(제출물) for Prof. Kihong Heo's assignments(Assignment 3-5).
Please commit your code directly to your personal assignment repository.
(ex. is511-2021-spring-hw3-YOUR_GITHUB_ID)
[Announcement] Do not change your commit date
In git, it's possible to change the date of a commit.
We do not allow to change the date of any commit to earlier one to get a better score.
So please, check your commits before pushing them to your remote repository.
[Question][Hw4] Question on function Utils.is_debug
I copied my HW3's instrument.ml
into my HW4 repository, ran make
on root directory, then ran make
on test
directory, which resulted in a segmentation fault.
Makefile:13: recipe for target 'json_parser' failed
make: *** [json_parser] Segmentation fault (core dumped)
I think I narrowed down the problem to the Utils.is_debug
function: using this function causes a segmentation fault.
I made a minimal version of instrument.ml
, available in the is_debug
branch of my HW4 repository.
Since this issue appears only on the json_parser
part and not on the two given examples, I presume something's wrong in the json parser or the is_debug
function. Could you clarify my guess?
[Question][Hw3] Bring type declaration from Utils.ml
I want to bring type debug_loc in Utils.ml to take line and column information from return value of debug_location. Can I get any advice or help?
[Question][Hw5] About order
I wonder order x y returns true if x ⊆ y, or returns true if y ⊆ x. Which is true?
[Question][Hw3] Where is a document related llvm::LLVMBuilder::CreateCall?
When I refer a build_call
function from https://llvm.moe/ocaml/Llvm.html ,
website briefs explain what a function does and tells See the method llvm::LLVMBuilder::CreateCall
to me.
But how can I find a document or explanation related llvm::LLVMBuilder::CreateCall
? I tried to google it and searching from https://llvm.org/docs/GettingStartedTutorials.html , but I have no idea.
[Announcement] Added example testcases for hw3
We added new example testcases for hw3. (example2
and example3
)
Please check the main/master branch of your repository if you started your homework before ~21 hours ago.
[Announcement][HW4] Evaluation criteria is changed!
[Old]
Coverage (20pt): # covered lines / 500 * 20
[New]
Coverage (20pt): # covered (line, column)s / 800 * 20
The coverege includes cases from both passed inputs and crashed inputs. (-store_passing_input
flag will be used)
Also, the reference in Google docs is changed. Please check the HW4 documentation again!
[Misc] an article worth reading
An interesting article that shows why we should study security: https://www.technologyreview.com/2021/02/03/1017242/google-project-zero-day-flaw-security
I recommend you read that for fun.
According to the article:
that it’s far too easy for hackers to keep exploiting insidious zero-days because companies are not doing a good job of permanently shutting down flaws and loopholes.
In the worst case, a couple of zero-days that I discovered were an issue of the vendor fixing something on one line of code and, on literally the next line of code, the exact same type of vulnerability was still present and they didn't bother to fix it.
[Question][Hw3] Error in command make
When I enter 'make' command, the following error occurs.
Error: Library "llvm.irreader" not found.
Hint: try:
dune external-lib-deps --missing src/main.exe
Makefile:8: recipe for target 'all' failed
make: *** [all] Error 1
So I tried to install conf-llvm 10.0.0 and llvm 10.0.0, I failed to install conf-llvm 10.0.0 since it does not have llvm-10-dev.
But I could not install llvm-10-dev by any ways I tried. May I ask how I can solve this problem?
[Question][Hw5] About Taint Analysis Report
분석 결과를 report할 때 analysis.ml
의 check
함수를 사용하는데,
check_instr
와 check
는 이미 구현되어 있는 코드를 사용하여 report를 하였습니다.
하지만 check_instr
는 sign analysis와 taint analysis의 구분이 없어 taint analysis를 report할 때
아래 코드로 인해 invalid division by zero report가 발생합니다.
if Memory.Value.order zero v then
이와 같은 경우는 고려하지 않아도 되는 것인지 여쭙고 싶습니다.
감사합니다.
[Question][Hw4]Make error on test
When I tried to use make, error occurred :
PHI nodes not grouped at top of basic block!
%string_length.7 = phi i32 [ %string_length.0, %sw.epilog846 ], [ %string_length.6, %sw.epilog1129 ], !dbg !1364
label %if.end1130
PHI nodes not grouped at top of basic block!
%cond = phi i8* [ %call, %cond.true ], [ %call1, %cond.false ], !dbg !1534
label %cond.end
fatal error: error in backend: Broken module found, compilation aborted!
clang: error: clang frontend command failed with exit code 70 (use -v to see invocation)
Ubuntu clang version 10.0.1-++20210405103842+ef32c611aa21-1exp120210405084441.211
Target: x86_64-pc-linux-gnu
Thread model: posix
InstalledDir: /usr/bin
clang: note: diagnostic msg: PLEASE submit a bug report to https://bugs.llvm.org/ and include the crash backtrace, preprocessed source, and associated run script.
clang: note: diagnostic msg:
PLEASE ATTACH THE FOLLOWING FILES TO THE BUG REPORT:
Preprocessed source(s) and associated run script(s) are located at:
clang: note: diagnostic msg: /tmp/runtime-a8a490.c
clang: note: diagnostic msg: /tmp/runtime-a8a490.sh
clang: note: diagnostic msg:
How should I handle it?
Thank you.
[Announcement] No class this week
Hi all,
Just to avoid confusion, there will be no class this mid term week. See you next week.
[Question][Hw4] json_parser's running time is massively slow
When I check json_parser.c
file, there is no heavy time-consuming computation.
However, for me, json_parser's running time is massively slow.
$ time ./json_parser < json_seed/seed_2.json
real 0m5.409s
user 0m0.080s
sys 0m0.835s
$ time ./json_parser < json_seed/seed_2.json
real 0m5.369s
user 0m0.074s
sys 0m0.841s
$ time ./json_parser < json_seed/seed_2.json
real 0m5.478s
user 0m0.109s
sys 0m0.835s
I cannot easily catch the reason. Even if my sanitizer is implement in weird way, json_parser.instrumented.ll
may same as others, so it won't be a reason for running time.
Is there anyone who suffers with same thing?
[Question][Hw5] About Unreachable Code
filter function in Semantics.ml returns an abstract memory that satisfies given condition.
According to instruction, filter (x < 10) true mem will return an abstract memory that satisfies condition x < 10.
However, in example1.c,
int main() {
int x = source();
int z;
if (x >= 0) {
z = 10 / x; // error
if (x < 0) {
z = 10 / x; // unreachable
}
} else {
z = 10 / x; // safe
}
z = 10 / x; // error
return 0;
}
Then filter (x>=0) true mem return memory (x->Top), and (x<0) true mem return memory (x->Neg) since x remains Top in the memory. Then the code
z = 10 / x; // unreachable
becomes reachable. Could you give an advice how I can solve this problem?
[Question][Hw5] How to get llvalue result register with given instruction?
I am able to get operands using Llvm.operand, but I cannot get result register from instruction.
I've searched for several times, but I couldn't find it.
What should I do?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.