- No reading questions for 11/20
- Due 11/13
- Eraser. Would Eraser report a race on the following
code? Why or why not?
int x = 0; main() { pthread_t child; pthread_create(&child, NULL, bar, NULL); pthread_join(child, NULL) x = 10; } bar(void* unused) { x = 100; } - ThreadSanitizer. Line 5-10 in Handle-Read-Or-Write-Event removes some old read or write accesses from SSrd and SSwr. Is it possible that a future access races with a removed access X, but because X is removed, we cannot detect a race on the accessed memory location? Explain your answer for (1) pure happens-before-based race detection and (2) hybrid race detection.
- Due 10/20
- EXE. Construct a worst case example to make the array-based refinement algorithm (second algorithm in Section 3.3) add n(n-1)/2 array axioms. State the assumptions you make.
- Due 10/9
- Software vs hardware virtualization. A physical machine hosts two virtual machines VM1 and VM2. The physical machine has eight physical pages, numbered from 0 to 7 and each virtual machine has four guest physical pages. The VMM maps VM1's guest physical pages to the first four host physical pages sequentially, and VM2's guest physical pages to the second four host physical pages sequentially. The guest page table of VM1 has four entries: 3, 1, 2 and 0. The guest page table of VM2 also has four entries: 1, 0, 3, 2. If software virtualization is used, what're the shadow page tables for VM1 and VM2? If hardware virtualization is used, what are the page tables the VMM maintains for VM1 and VM2?
- RacePro. How would you augment RacePro to detect TOCTOU file system races? Sketch your design.
- Due 10/2
- Memcheck. Would valgrind detect the buffer overrun in the following code? Why or why not?
int foo(void) { int a[2] = {0}; a[2] = 10; // off by 1 } - TaintDroid. How can you steal private data without being caught by TaintDroid? Show your idea by writing pseudo code to steal one bit of secrecy.
- Due 9/25
- Pin. Write a Pin module that replaces malloc() calls with my_malloc() calls. You can get Pin from here. What're the pros and cons of the Pin approach v.s. the LLVM approach in solving this problem?
- Detours. What may go wrong if you apply Detours to target functions written in assembly?
- Due 9/18
- LLVM. Write a LLVM pass that transforms malloc() calls to my_malloc() calls. You may want to download and install LLVM to try your pass. You can get the GCC frontend and LLVM backend from this link. Assume that my_malloc has the same signature as malloc, and is provided by a custom library you write.
- bddbddb. Write a Datalog program to look for cases when a piece of memory is allocated by p = malloc() but is never freed by free(p). Note you don't need to try your program with bddbddb because the version you can download from sourceforge only supports Java.