Presentation is loading. Please wait.

Presentation is loading. Please wait.

David Evans CS201j: Engineering Software University of Virginia Computer Science Lecture 9: Designing Exceptionally.

Published byClyde Shields Modified over 8 years ago

Similar presentations

Presentation on theme: "David Evans CS201j: Engineering Software University of Virginia Computer Science Lecture 9: Designing Exceptionally."— Presentation transcript:

1 David Evans http://www.cs.virginia.edu/evans CS201j: Engineering Software University of Virginia Computer Science Lecture 9: Designing Exceptionally

2 30 September 2003CS 201J Fall 20032 Menu Section Problem –Weakly Uses Example Handling Mistakes –No checking –Run-time checking –Static checking PS3 Comments

3 30 September 2003CS 201J Fall 20033 Design What are the things in the problem? –Obvious things: advisor, student, course –Less obvious things: prerequisites, set of courses Most of the things in the problem should be abstract datatypes

4 30 September 2003CS 201J Fall 20034 Weakly Uses public class Course { private Department dept; private int number; //@invariant dept != null //@invariant number > 0 public Course (Department d, int n) { dept = d; number = n; } public Department getDepartment () { return dept; } public int getNumber () { return number; } Department Course

5 30 September 2003CS 201J Fall 20035 public class Course { private Department dept; private int number; //@invariant dept != null //@invariant number > 0 public Course (Department d, int n) { dept = d; number = n; } public Department getDepartment () { return dept; } public int getNumber () { return number; } public String toString () { return (dept.getMnemonic () + number); } Department Course

6 30 September 2003CS 201J Fall 20036 Handling Mistakes No checking –Assume programmers know what they are doing Run-time checking –Check for anomalous behavior during program execution Static checking –Check at compile-time –Know properties of all possible executions before executing code

7 30 September 2003CS 201J Fall 20037 Example: Array Bounds What should happen when the program writes beyond the bounds of an array? int a[10]; a[10] = 17;

8 30 September 2003CS 201J Fall 20038 C/C++ Answer Checking is just a waste of execution time, we should trust the programmer not to make mistakes. # include int main (void) { int x = 9; char s[4]; cin >> s; cout << "s is: " << s << endl; cout << "x is: " << x << endl; }

9 30 September 2003CS 201J Fall 20039 C/C++ Bounds NonChecking # include int main (void) { int x = 9; char s[4]; cin >> s; cout << "s is: " << s << endl; cout << "x is: " << x << endl; } > g++ -o bounds bounds.cc > bounds cs s is: cs x is: 9 > bounds cs201 s is: cs201 x is: 49 > bounds cs201j s is: cs201j x is: 27185 > bounds aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa s is: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa x is: 1633771873 Segmentation fault (core dumped) (User input)

10 30 September 2003CS 201J Fall 200310 What’s going on?!! s x # include int main (void) { int x = 9; char s[4]; cin >> s; cout << "s is: " << s << endl; cout << "x is: " << x << endl; } 9 > bounds cs201 s is: cs201 x is: 49 ‘c’ ‘s’ ‘2’ ‘0’ ‘1’ = 49

11 30 September 2003CS 201J Fall 200311 0 What’s going on?!! s x # include int main (void) { int x = 9; char s[4]; cin >> s; cout << "s is: " << s << endl; cout << "x is: " << x << endl; } 9 > bounds cs201j s is: cs201j x is: 27185 ‘c’ ‘s’ ‘2’ ‘0’ ‘1’ = 49 ‘j’ = 106 In C/C++, space for int (32 bits) is enough to hold 4 char s (8 bits). = (106*256) + 49 0 0

12 30 September 2003CS 201J Fall 200312 s x # include int main (void) { int x = 9; char s[4]; cin >> s; cout << "s is: " << s << endl; cout << "x is: " << x << endl; } 9 > bounds aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa s is: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa x is: 1633771873 Segmentation fault (core dumped) ‘a’ 9 return address ‘a’ When main returns, execution jumps to the return address stored on the stack. But, the input overwrote that return address!

13 30 September 2003CS 201J Fall 200313 When things go really bad… If person entering input is clever, they can put what they want in the return address, and their own code after that to jump to! “Buffer Overflow Attack” “Stack Smashing”

14 30 September 2003CS 201J Fall 200314 Code Red

15 30 September 2003CS 201J Fall 200315 Buffer Overflows Code Red: exploited buffer overflow in Microsoft’s IIS (web server) Attacker sends excessively long request to web server, overflows buffer and puts virus code on stack About ½ of all security problems are due to buffer overflows!

16 30 September 2003CS 201J Fall 200316 Array Bounds in Java public class AverageLength { public static void main (/*@non_null@*/ String args[]) { String filename = args[0]; … } > javac AverageLength.java > java AverageLength Exception in thread "main" java.lang.ArrayIndexOutOfBoundsException at AverageLength.main(AverageLength.java:7)

17 30 September 2003CS 201J Fall 200317 Array Bounds Checking C/C++: No checking +No execution cost ?Lower Development cost? (if you don’t care about robustness) - Really, really bad things can happen (and do often for typical programs)

18 30 September 2003CS 201J Fall 200318 Array Bounds Checking Java: Run-time checking –Performance cost: virtual machine needs to check array indexes are in bounds +Get a run-time error, instead of Code Red But, sometimes run-time errors can be really, really bad too!

19 30 September 2003CS 201J Fall 200319 Run-Time Exceptions Before Run-Time Exception After Run-Time Exception Ariane V (European) rocket, $5B Rubble, $0B Rocket exploded because of Run-Time Exception (1996) (not array bounds, value out of range – one bad line of code)

20 30 September 2003CS 201J Fall 200320 Array Bounds with ESC/Java public class AverageLength { public static void main (/*@non_null@*/ String args[]) { String filename = args[0]; … } > escjava AverageLength.java AverageLength.java:7: Warning: Array index possibly too large (IndexTooBig) String filename = args[0]; ^

21 30 September 2003CS 201J Fall 200321 Array Bounds Checking ESC/Java: static checking +Check at compile-time: know there will not be an array bounds error on any possible execution ?If you trust the compile time checking, can turn off run-time checking (no performance penalty) ?More apparent effort to develop code (but is there really?)

22 30 September 2003CS 201J Fall 200322 PS3 –Read the comments! –The choice of rep had a big impact on success in implementation –Easiest implementation had a rep invariant that kept entries in tally-sorted order PS4: turn in TWO copies of your design document tomorrow

Download ppt "David Evans CS201j: Engineering Software University of Virginia Computer Science Lecture 9: Designing Exceptionally."

Similar presentations

David Evans CS201j: Engineering Software University of Virginia Computer Science Lecture 20: Hair Dryer Attacks Image.

David Evans CS201j: Engineering Software University of Virginia Computer Science Lecture 20: Hair Dryer Attacks Image.
Cs2220: Engineering Software Class 10: Generic Datatypes Fall 2010 University of Virginia David Evans.

Cs2220: Engineering Software Class 10: Generic Datatypes Fall 2010 University of Virginia David Evans.
Exploring Security Vulnerabilities by Exploiting Buffer Overflow using the MIPS ISA Andrew T. Phillips Jack S. E. Tan Department of Computer Science University.

Exploring Security Vulnerabilities by Exploiting Buffer Overflow using the MIPS ISA Andrew T. Phillips Jack S. E. Tan Department of Computer Science University.
CSc 352 Programming Hygiene Saumya Debray Dept. of Computer Science The University of Arizona, Tucson

CSc 352 Programming Hygiene Saumya Debray Dept. of Computer Science The University of Arizona, Tucson
Buffer Overflow Causes. ©2002, Jedidiah R. Crandall, Susan L. Gerhart, Jan G. Hogle. Buffer Overflow Causes Author: Jedidiah.

Buffer Overflow Causes. ©2002, Jedidiah R. Crandall, Susan L. Gerhart, Jan G. Hogle. Buffer Overflow Causes Author: Jedidiah.
David Evans CS201J: Engineering Software University of Virginia Computer Science Lecture 6: Reasoning about Data Abstractions.

David Evans CS201J: Engineering Software University of Virginia Computer Science Lecture 6: Reasoning about Data Abstractions.
CS2110 Dynamic Allocation Chapter 19 Section 19.4 This file is called Mike-Ch19.ppt.

CS2110 Dynamic Allocation Chapter 19 Section 19.4 This file is called Mike-Ch19.ppt.
Breno de MedeirosFlorida State University Fall 2005 Buffer overflow and stack smashing attacks Principles of application software security.

Breno de MedeirosFlorida State University Fall 2005 Buffer overflow and stack smashing attacks Principles of application software security.
Buffer Overflows By Tim Peterson Joel Miller Dan Block.

Buffer Overflows By Tim Peterson Joel Miller Dan Block.
Prof. Bodik CS 164 Lecture 261 Language Security Lecture 26.

Prof. Bodik CS 164 Lecture 261 Language Security Lecture 26.
1 Array, Pointer and Reference ( I ) Ying Wu Electrical Engineering and Computer Science Northwestern University EECS 230 Lectures.

1 Array, Pointer and Reference ( I ) Ying Wu Electrical Engineering and Computer Science Northwestern University EECS 230 Lectures.
Pointers and Dynamic Variables. Objectives on completion of this topic, students should be able to: Correctly allocate data dynamically * Use the new.

Pointers and Dynamic Variables. Objectives on completion of this topic, students should be able to: Correctly allocate data dynamically * Use the new.
U NIVERSITY OF M ASSACHUSETTS A MHERST Department of Computer Science Computer Systems Principles C/C++ Emery Berger and Mark Corner University of Massachusetts.

U NIVERSITY OF M ASSACHUSETTS A MHERST Department of Computer Science Computer Systems Principles C/C++ Emery Berger and Mark Corner University of Massachusetts.
David Evans CS201j: Engineering Software University of Virginia Computer Science Lecture 22: Low-Level Programming in.

David Evans CS201j: Engineering Software University of Virginia Computer Science Lecture 22: Low-Level Programming in.
ITEC 320 Lecture 26 C++ Introduction. Introduction Qualification s Ten years of C++ development (albeit not fulltime) Written somewhere between 100-500kloc.

ITEC 320 Lecture 26 C++ Introduction. Introduction Qualification s Ten years of C++ development (albeit not fulltime) Written somewhere between kloc.
Program Input and the Software Design Process ROBERT REAVES.

Program Input and the Software Design Process ROBERT REAVES.
Statically Detecting Likely Buffer Overflow Vulnerabilities David Larochelle David Evans University of Virginia Department of Computer Science Supported.

Statically Detecting Likely Buffer Overflow Vulnerabilities David Larochelle David Evans University of Virginia Department of Computer Science Supported.
David Evans CS201j: Engineering Software University of Virginia Computer Science Lecture 18: 0xCAFEBABE (Java Byte Codes)

David Evans CS201j: Engineering Software University of Virginia Computer Science Lecture 18: 0xCAFEBABE (Java Byte Codes)
Prof. amr Goneid, AUC1 CSCE 110 PROGRAMMING FUNDAMENTALS WITH C++ Prof. Amr Goneid AUC Part 10. Pointers & Dynamic Data Structures.

Prof. amr Goneid, AUC1 CSCE 110 PROGRAMMING FUNDAMENTALS WITH C++ Prof. Amr Goneid AUC Part 10. Pointers & Dynamic Data Structures.
Security Exploiting Overflows. Introduction r See the following link for more info: operating-systems-and-applications-in-

Security Exploiting Overflows. Introduction r See the following link for more info: operating-systems-and-applications-in-

Similar presentations

Ads by Google