Presentation is loading. Please wait.

Presentation is loading. Please wait.

Carnegie Mellon 1 Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition Machine-Level Programming V: Unions and Memory layout.

Published byCurtis Hamilton Modified over 8 years ago

Similar presentations

Presentation on theme: "Carnegie Mellon 1 Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition Machine-Level Programming V: Unions and Memory layout."— Presentation transcript:

1 Carnegie Mellon 1 Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition Machine-Level Programming V: Unions and Memory layout Slides adapted from Bryant and O’Hallaron

2 Carnegie Mellon 2 Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition Today Unions Memory layout

3 Carnegie Mellon 3 Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition C unions All members in a union start at the same location  i.e. only one member can contain a value at a given time union { unsigned char bytes[4]; int x; } U; union { unsigned char bytes[4]; int x; } U; U.x = 0x01020304; U.bytes[3] = ?? U.x = 0x01020304; U.bytes[3] = ??

4 Carnegie Mellon 4 Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition Byte Ordering Example union { unsigned char c[8]; unsigned short s[4]; unsigned int i[2]; unsigned long l[1]; } dw; 64-bit

5 Carnegie Mellon 5 Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition Byte Ordering on x86-64 Little Endian U.l[0] = 0xf7f6f5f4f3f2f1f0 U.i[0] = ?? U.s[0] = ?? U.c[0]?? Output on x86-64: LSB MSB

6 Carnegie Mellon 6 Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition typedef union { float f; unsigned u; } bit_float_t; typedef union { float f; unsigned u; } bit_float_t; float bit2float(unsigned u) { bit_float_t arg; arg.u = u; return arg.f; } float bit2float(unsigned u) { bit_float_t arg; arg.u = u; return arg.f; } unsigned float2bit(float f) { bit_float_t arg; arg.f = f; return arg.u; } unsigned float2bit(float f) { bit_float_t arg; arg.f = f; return arg.u; } Using Union to Access Bit Patterns Same as (float) u ?Same as (unsigned) f ?

7 Carnegie Mellon 7 Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition Union Allocation Allocate according to largest element union U1 { char c; int i[2]; double v; } u; union U1 { char c; int i[2]; double v; } u; struct S1 { char c; int i[2]; double v; } s; struct S1 { char c; int i[2]; double v; } s; c 3 bytes i[0]i[1] 4 bytes v x+0x+4x+8x+16x+24 c i[0]i[1] v x+0x+4x+8

8 Carnegie Mellon 8 Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition Unions in assembly typedef union { char c; int i[2]; double v; } u_t; int get_member(u_t *u, int first) { if (first) { return U->c; }else{ return U->i[1]; } typedef union { char c; int i[2]; double v; } u_t; int get_member(u_t *u, int first) { if (first) { return U->c; }else{ return U->i[1]; } testl %esi, %esi je.L2 movsbl (%rdi), %eax ret.L2: movl 4(%rdi), %eax ret testl %esi, %esi je.L2 movsbl (%rdi), %eax ret.L2: movl 4(%rdi), %eax ret

9 Carnegie Mellon 9 Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition Today Unions Memory layout

10 Carnegie Mellon 10 Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition x86-64 Linux Memory Layout Stack  Runtime stack (8MB limit)  E. g., local variables Heap  Dynamically allocated as needed  When call malloc(), calloc(), new() Data  Statically allocated data  E.g., global vars, static vars, string constants Text / Shared Libraries  Executable machine instructions  Read-only Hex Address 00007FFFFFFFFFFF 000000 Stack Text Data Heap 400000 8MB not drawn to scale Shared Libraries

11 Carnegie Mellon 11 Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition Memory Allocation Example char big_array[1L<<24]; /* 16 MB */ char huge_array[1L<<31]; /* 2 GB */ int global = 0; int useless() { return 0; } int main () { void *p1, *p2, *p3, *p4; int local = 0; p1 = malloc(1L << 28); /* 256 MB */ p2 = malloc(1L << 8); /* 256 B */ p3 = malloc(1L << 32); /* 4 GB */ p4 = malloc(1L << 8); /* 256 B */ … } not drawn to scale Where does everything go? Stack Text Data Heap Shared Libraries

12 Carnegie Mellon 12 Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition x86-64 Example Addresses local0x00007ffe4d3be87c p1 0x00007f7262a1e010 p3 0x00007f7162a1d010 p40x000000008359d120 p20x000000008359d010 big_array 0x0000000080601060 huge_array 0x0000000000601060 main()0x000000000040060c useless() 0x0000000000400590 address range ~2 47 00007F 000000 Text Data Heap not drawn to scale Heap Stack

13 Carnegie Mellon 13 Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition Segmentation Fault Each memory segment can be readable, executable, writable (or none at all) Segmentation fault occurs when program tries to access illegal memory  Read from segment with no permission  Write to read-only segments Text Data Heap Stack Read-only data r/x r/w -

14 Carnegie Mellon 14 Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition Segmentation fault example char str1[100] = ”hello world1”; int main () { char *str2 = ”hello world2”; printf(”str1 %p str2 %p\n”); str1[0] = ’H’; str2[0] = ’H’ … }

15 Carnegie Mellon 15 Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition Carnegie Mellon Not all Bad Memory Access lead to immediate segmentation  Result is system specific fun(0) ➙ 3.14 fun(1) ➙ 3.14 fun(2) ➙ 3.1399998664856 fun(3) ➙ 2.00000061035156 fun(4) ➙ 3.14 fun(6) ➙ Segmentation fault typedef struct { int a[2]; double d; } struct_t; double fun(int i) { volatile struct_t s; s.d = 3.14; s.a[i] = 1073741824; /* Possibly out of bounds */ return s.d; }

16 Carnegie Mellon 16 Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition Carnegie Mellon Memory Referencing Bug Example typedef struct { int a[2]; double d; } struct_t; fun(0) ➙ 3.14 fun(1) ➙ 3.14 fun(2) ➙ 3.1399998664856 fun(3) ➙ 2.00000061035156 fun(4) ➙ 3.14 fun(6) ➙ Segmentation fault Location accessed by fun(i) Critical State6 ? 5 ? 4 d7... d4 3 d3... d0 2 a[1] 1 a[0] 0 struct_t

17 Carnegie Mellon 17 Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition Such problems are a BIG deal Generally called a “buffer overflow”  when exceeding the memory size allocated for an array Why a big deal?  It’s the #1 technical cause of security vulnerabilities  #1 overall cause is social engineering / user ignorance Most common form  Unchecked lengths on string inputs  Particularly for bounded character arrays on the stack  sometimes referred to as stack smashing

Download ppt "Carnegie Mellon 1 Bryant and O’Hallaron, Computer Systems: A Programmer’s Perspective, Third Edition Machine-Level Programming V: Unions and Memory layout."

Similar presentations

Smashing the Stack for Fun and Profit

Smashing the Stack for Fun and Profit
Carnegie Mellon 1 Dynamic Memory Allocation: Basic Concepts 15-213: Introduction to Computer Systems 17 th Lecture, Oct. 21, 2010 Instructors: Randy Bryant.

Carnegie Mellon 1 Dynamic Memory Allocation: Basic Concepts : Introduction to Computer Systems 17 th Lecture, Oct. 21, 2010 Instructors: Randy Bryant.
Dynamic Memory Allocation I Topics Basic representation and alignment (mainly for static memory allocation, main concepts carry over to dynamic memory.

Dynamic Memory Allocation I Topics Basic representation and alignment (mainly for static memory allocation, main concepts carry over to dynamic memory.
Unions The storage referenced by a union variable can hold data of different types subject to the restriction that at any one time, the storage holds data.

Unions The storage referenced by a union variable can hold data of different types subject to the restriction that at any one time, the storage holds data.
MIPS Assembly Language Programming

MIPS Assembly Language Programming
Informática II Prof. Dr. Gustavo Patiño MJ 16- 18 24-09-2013.

Informática II Prof. Dr. Gustavo Patiño MJ
Carnegie Mellon 1 Machine-Level Programming V: Advanced Topics 15-213: Introduction to Computer Systems 8 th Lecture, Sep. 16, 2010 Instructors: Randy.

Carnegie Mellon 1 Machine-Level Programming V: Advanced Topics : Introduction to Computer Systems 8 th Lecture, Sep. 16, 2010 Instructors: Randy.
C and Data Structures Baojian Hua

C and Data Structures Baojian Hua
Structured Data II Heterogenous Data Sept. 22, 1998 Topics Structure Allocation Alignment Operating on Byte Strings Unions Byte Ordering Alpha Memory Organization.

Structured Data II Heterogenous Data Sept. 22, 1998 Topics Structure Allocation Alignment Operating on Byte Strings Unions Byte Ordering Alpha Memory Organization.
Memory Layout C and Data Structures Baojian Hua

Memory Layout C and Data Structures Baojian Hua
Security Exploiting Overflows. Introduction r See the following link for more info: operating-systems-and-applications-in-

Security Exploiting Overflows. Introduction r See the following link for more info: operating-systems-and-applications-in-
Lecture 6: Buffer Overflow CS 436/636/736 Spring 2014 Nitesh Saxena *Adopted from a previous lecture by Aleph One (Smashing the Stack for Fun and Profit)

Lecture 6: Buffer Overflow CS 436/636/736 Spring 2014 Nitesh Saxena *Adopted from a previous lecture by Aleph One (Smashing the Stack for Fun and Profit)
Understand stack Buffer overflow attack and defense Controls against program threats.

Understand stack Buffer overflow attack and defense Controls against program threats.
University of Washington Today Memory layout Buffer overflow, worms, and viruses 1.

University of Washington Today Memory layout Buffer overflow, worms, and viruses 1.
Carnegie Mellon 1 Saint Louis University Virtual Memory CSCI 224 / ECE 317: Computer Architecture Instructor: Prof. Jason Fritts Slides adapted from Bryant.

Carnegie Mellon 1 Saint Louis University Virtual Memory CSCI 224 / ECE 317: Computer Architecture Instructor: Prof. Jason Fritts Slides adapted from Bryant.
Variables and Objects, pointers and addresses: Chapter 3, Slide 1 variables and data objects are data containers with names the value of the variable is.

Variables and Objects, pointers and addresses: Chapter 3, Slide 1 variables and data objects are data containers with names the value of the variable is.
Machine-Level Programming 6 Structured Data Topics Structs Unions.

Machine-Level Programming 6 Structured Data Topics Structs Unions.
Introduction: Exploiting Linux. Basic Concepts Vulnerability A flaw in a system that allows an attacker to do something the designer did not intend,

Introduction: Exploiting Linux. Basic Concepts Vulnerability A flaw in a system that allows an attacker to do something the designer did not intend,
1 Machine-Level Programming V: Advanced Topics Andrew Case Slides adapted from Jinyang Li, Randy Bryant & Dave O’Hallaron.

1 Machine-Level Programming V: Advanced Topics Andrew Case Slides adapted from Jinyang Li, Randy Bryant & Dave O’Hallaron.
IT253: Computer Organization Lecture 3: Memory and Bit Operations Tonga Institute of Higher Education.

IT253: Computer Organization Lecture 3: Memory and Bit Operations Tonga Institute of Higher Education.

Similar presentations

Ads by Google