SlideShare une entreprise Scribd logo

Advanced Dynamic Analysis for Leak Detection (Apple Internship 2008)

James Clause
James Clause
Technologie
1  sur  54
Télécharger pour lire hors ligne
Advanced dynamic analysis for leak detection Jim Clause Chris Friesen - Manager Analysis Tools Group
Current analysis tools Shark Instruments
≈ X-ray Current analysis tools Shark Instruments
≈ X-ray MRI Current analysis tools Shark Instruments
≈ X-ray MRI Current analysis tools Shark Instruments ≈?
≈ X-ray MRI Current analysis tools Shark Instruments C A B 312 Z 3 Dynamic taint analysis ≈
Dynamic taint analysis C A B Z
Dynamic taint analysis 1 Assign taint marks C A B Z
Dynamic taint analysis 1 Assign taint marks C A B 312 Z
Dynamic taint analysis 1 Assign taint marks 2 Propagate taint marks C A B 312 Z
Dynamic taint analysis 1 Assign taint marks 2 Propagate taint marks C A B 312 Z
Dynamic taint analysis 1 Assign taint marks 3 Check taint marks 2 Propagate taint marks C A B 312 Z
Dynamic taint analysis 1 Assign taint marks 3 Check taint marks 2 Propagate taint marks C A B 312 Z C A B 312 Z 3
Attack detection / prevention Information policy enforcement Testing Data lifetime Applications of dynamic tainting Memory errors
Attack detection / prevention Prevent stack smashing, SQL injection, buffer overruns, etc. Attack detection / prevention Information policy enforcement Testing Data lifetime Applications of dynamic tainting Memory errors
Information policy enforcement ensure classified information does not leave the system Attack detection / prevention Information policy enforcement Testing Data lifetime Applications of dynamic tainting Memory errors
Testing Coverage metrics, test data generation heuristic, etc. ✔/✘ Attack detection / prevention Information policy enforcement Testing Data lifetime Applications of dynamic tainting Memory errors
Data lifetime track how long sensitive data remain in the application Attack detection / prevention Information policy enforcement Testing Data lifetime Applications of dynamic tainting Memory errors
Attack detection / prevention Information policy enforcement Testing Data lifetime Applications of dynamic tainting Memory errorsMemory errors Detect illegal memory access, leak detection, etc.
Attack detection / prevention Information policy enforcement Testing Data lifetime Applications of dynamic tainting Memory errorsMemory errors Detect illegal memory access, leak detection, etc.leak detection
Detecting leaks is easy, fixing them is hard
Detecting leaks is easy, fixing them is hard @interface Container:NSObject { id _object; } @end @implementation Container - (void) dealloc { //[_object release]; [super dealloc]; } - (void) setObject:(id)obj { [_object release]; _object = [obj retain]; } @end
Detecting leaks is easy, fixing them is hard @interface Container:NSObject { id _object; } @end @implementation Container - (void) dealloc { //[_object release]; [super dealloc]; } - (void) setObject:(id)obj { [_object release]; _object = [obj retain]; } @end Container *create() { Container *c = [[Container alloc] init]; NSObject *o = [[NSObject alloc] init]; [c setObject:o]; [o release]; return c; } int main(...) { Container *c = create(); … [c release]; }
Detecting leaks is easy, fixing them is hard @interface Container:NSObject { id _object; } @end @implementation Container - (void) dealloc { //[_object release]; [super dealloc]; } - (void) setObject:(id)obj { [_object release]; _object = [obj retain]; } @end Container *create() { Container *c = [[Container alloc] init]; NSObject *o = [[NSObject alloc] init]; [c setObject:o]; [o release]; return c; } int main(...) { Container *c = create(); … [c release]; } leaks: This object is leaked
Leakpoint overview Discover where the last pointer to un-freed memory is lost
Leakpoint overview Assign taint marks Propagate taint marks Check taint marks ptr1 = malloc(...) ➔ ptr1 ptr2 = calloc(...) ➔ ptr2 ptr3 = ptr1 ➔ ptr3 , ptr1 ptr1 = NULL ➔ ptr1 , ptr3 ptr4 = ptr2 + 1 ➔ ptr4 , ptr2 Report error if taint mark’s count is zero and memory has not been freed. 1 1 1 Discover where the last pointer to un-freed memory is lost
Leakpoint overview Assign taint marks Propagate taint marks Check taint marks ptr1 = malloc(...) ➔ ptr1 ptr2 = calloc(...) ➔ ptr2 ptr3 = ptr1 ➔ ptr3 , ptr1 ptr1 = NULL ➔ ptr1 , ptr3 ptr4 = ptr2 + 1 ➔ ptr4 , ptr2 Report error if taint mark’s count is zero and memory has not been freed. 2 1 1 1 1 2 2 2 1 1 2 2 Discover where the last pointer to un-freed memory is lost
Leakpoint overview Assign taint marks Propagate taint marks Check taint marks ptr1 = malloc(...) ➔ ptr1 ptr2 = calloc(...) ➔ ptr2 ptr3 = ptr1 ➔ ptr3 , ptr1 ptr1 = NULL ➔ ptr1 , ptr3 ptr4 = ptr2 + 1 ➔ ptr4 , ptr2 Report error if taint mark’s count is zero and memory has not been freed. 2 1 1 1 1 2 2 2 1 1 2 2 In general propagation follows standard pointer arithmetic rules Discover where the last pointer to un-freed memory is lost
Leakpoint overview Assign taint marks Propagate taint marks Check taint marks ptr1 = malloc(...) ➔ ptr1 ptr2 = calloc(...) ➔ ptr2 ptr3 = ptr1 ➔ ptr3 , ptr1 ptr1 = NULL ➔ ptr1 , ptr3 ptr4 = ptr2 + 1 ➔ ptr4 , ptr2 Report error if taint mark’s count is zero and memory has not been freed. 2 3 1 1 1 1 2 2 2 1 1 2 2 In general propagation follows standard pointer arithmetic rules Discover where the last pointer to un-freed memory is lost
@interface Container:NSObject { id _object; } @end @implementation Container - (void) dealloc { [super dealloc]; } - (void) setObject:(id)obj { [_object release]; _object = [obj retain]; } @end Container *create() { Container *c = [[Container alloc] init]; NSObject *o = [[NSObject alloc] init]; [c setObject:o]; [o release]; return c; } int main(...) { Container *c = create(); … [c release]; } Detecting leaks is easy, fixing them is easier
@interface Container:NSObject { id _object; } @end @implementation Container - (void) dealloc { [super dealloc]; } - (void) setObject:(id)obj { [_object release]; _object = [obj retain]; } @end Container *create() { Container *c = [[Container alloc] init]; NSObject *o = [[NSObject alloc] init]; [c setObject:o]; [o release]; return c; } int main(...) { Container *c = create(); … [c release]; } leakpoint: This object is leaked Detecting leaks is easy, fixing them is easier
@interface Container:NSObject { id _object; } @end @implementation Container - (void) dealloc { [super dealloc]; } - (void) setObject:(id)obj { [_object release]; _object = [obj retain]; } @end Container *create() { Container *c = [[Container alloc] init]; NSObject *o = [[NSObject alloc] init]; [c setObject:o]; [o release]; return c; } int main(...) { Container *c = create(); … [c release]; } leakpoint: Last reference was lost here leakpoint: This object is leaked Detecting leaks is easy, fixing them is easier
@interface Container:NSObject { id _object; } @end @implementation Container - (void) dealloc { [super dealloc]; } - (void) setObject:(id)obj { [_object release]; _object = [obj retain]; } @end Container *create() { Container *c = [[Container alloc] init]; NSObject *o = [[NSObject alloc] init]; [c setObject:o]; [o release]; return c; } int main(...) { Container *c = create(); … [c release]; } [_object release]; leakpoint: Last reference was lost here leakpoint: This object is leaked Detecting leaks is easy, fixing them is easier
Leakpoint implementation • Implemented as aValgrind tool (www.valgrind.org) ■ intercept libc memory management functions ■ instrument binary instructions to perform propagation
Lost pointer to 0x1C93AC0 (16 bytes)  allocated at:   at calloc+105   by _internal_class_createInstanceFromZone+149   by _internal_class_createInstance+31   by +[NSObject allocWithZone:]+155 (NSObject.m:445)   by +[NSObject alloc]+41 (NSObject.m:432)   by create+97 (main.m:29)   by main+17 (main.m:38)  leaked at:   at free+103   by _internal_object_dispose+81   by NSDeallocateObject+223 (NSObject.m:207)   by -[Container dealloc]+53 (container.m:13)   by main+43 (main.m:40) Leakpoint implementation • Implemented as aValgrind tool (www.valgrind.org) ■ intercept libc memory management functions ■ instrument binary instructions to perform propagation
leaks Lost pointer to 0x1C93AC0 (16 bytes)  allocated at:   at calloc+105   by _internal_class_createInstanceFromZone+149   by _internal_class_createInstance+31   by +[NSObject allocWithZone:]+155 (NSObject.m:445)   by +[NSObject alloc]+41 (NSObject.m:432)   by create+97 (main.m:29)   by main+17 (main.m:38)  leaked at:   at free+103   by _internal_object_dispose+81   by NSDeallocateObject+223 (NSObject.m:207)   by -[Container dealloc]+53 (container.m:13)   by main+43 (main.m:40) Leakpoint implementation • Implemented as aValgrind tool (www.valgrind.org) ■ intercept libc memory management functions ■ instrument binary instructions to perform propagation
leakpoint leaks Lost pointer to 0x1C93AC0 (16 bytes)  allocated at:   at calloc+105   by _internal_class_createInstanceFromZone+149   by _internal_class_createInstance+31   by +[NSObject allocWithZone:]+155 (NSObject.m:445)   by +[NSObject alloc]+41 (NSObject.m:432)   by create+97 (main.m:29)   by main+17 (main.m:38)  leaked at:   at free+103   by _internal_object_dispose+81   by NSDeallocateObject+223 (NSObject.m:207)   by -[Container dealloc]+53 (container.m:13)   by main+43 (main.m:40) Leakpoint implementation • Implemented as aValgrind tool (www.valgrind.org) ■ intercept libc memory management functions ■ instrument binary instructions to perform propagation
Leakpoint: current status
Leakpoint: current status Handle basic C / C++ / Objective C
Leakpoint: current status Handle basic C / C++ / Objective C✔
Leakpoint: current status Handle basic C / C++ / Objective C✔ Handle CoreFoundation
Leakpoint: current status Handle basic C / C++ / Objective C✔ Handle CoreFoundation✔
Leakpoint: current status Handle basic C / C++ / Objective C Handle Cocoa ✔ Handle CoreFoundation✔
Need to investigate approximately 40 false positive (probably) leak reports • Interface Builder unarchiving • CoreData Leakpoint: current status Handle basic C / C++ / Objective C Handle Cocoa ✔ Handle CoreFoundation✔
Need to investigate approximately 40 false positive (probably) leak reports • Interface Builder unarchiving • CoreData Leakpoint: current status Handle basic C / C++ / Objective C Handle Cocoa ✔ Handle CoreFoundation✔ 64bit compatible
Need to investigate approximately 40 false positive (probably) leak reports • Interface Builder unarchiving • CoreData Leakpoint: current status Handle basic C / C++ / Objective C Handle Cocoa ✔ Handle CoreFoundation✔ 64bit compatible✔
A real leak?: _NSImageMalloc void *_NSImageMalloc(NSZone* zone, size_t size) { // allocate storage aligned to 32 bytes. we do this by // allocating an extra 32 bytes, finding the address in the proper // location and storing the delta in one of the previous 32 bytes. void *unaligned = NSZoneMalloc(zone, size + BITMAP_DATA_ALIGNMENT); if(unaligned != NULL) { uintptr_t aligned = ((uintptr_t)unaligned + BITMAP_DATA_ALIGNMENT) & ~(BITMAP_DATA_ALIGNMENT - 1); (unsigned char*)aligned[-1] = aligned - (uintptr_t) unaligned; return (void*)aligned; } else { return NULL; } }
Overhead Powerful but expensive 50 -100x overheads are common
Overhead Powerful but expensive 50 -100x overheads are common Recommended usage: run cheap tools to check for errors run expensive tools to diagnose errors
Future work + Leakpoint ( )
Future work Impact + Leakpoint ( )
Future work • Apple ■ new leak detection tool ■ experience with dynamic taint analysis Impact + Leakpoint ( )
Future work • Apple ■ new leak detection tool ■ experience with dynamic taint analysis • Me ■ experience withValgrind ■ experience analyzing large commercial code base Impact + Leakpoint ( )
Questions?

Recommandé

Обзор фреймворка Twisted
Обзор фреймворка TwistedОбзор фреймворка Twisted
Обзор фреймворка TwistedMaxim Kulsha
 
Do we need Unsafe in Java?
Do we need Unsafe in Java?Do we need Unsafe in Java?
Do we need Unsafe in Java?Andrei Pangin
 
C++ game development with oxygine
C++ game development with oxygineC++ game development with oxygine
C++ game development with oxyginecorehard_by
 
Grails/Groovyによる開発事例紹介
Grails/Groovyによる開発事例紹介Grails/Groovyによる開発事例紹介
Grails/Groovyによる開発事例紹介Kiyotaka Oku
 
Unbearable Test Code Smell
Unbearable Test Code SmellUnbearable Test Code Smell
Unbearable Test Code SmellSteven Mak
 
sizeof(Object): how much memory objects take on JVMs and when this may matter
sizeof(Object): how much memory objects take on JVMs and when this may mattersizeof(Object): how much memory objects take on JVMs and when this may matter
sizeof(Object): how much memory objects take on JVMs and when this may matterDawid Weiss
 
How Data Flow analysis works in a static code analyzer
How Data Flow analysis works in a static code analyzerHow Data Flow analysis works in a static code analyzer
How Data Flow analysis works in a static code analyzerAndrey Karpov
 
Travel management
Travel managementTravel management
Travel management1Parimal2
 

Recommandé

Обзор фреймворка Twisted
Обзор фреймворка TwistedОбзор фреймворка Twisted
Обзор фреймворка TwistedMaxim Kulsha
 
Do we need Unsafe in Java?
Do we need Unsafe in Java?Do we need Unsafe in Java?
Do we need Unsafe in Java?Andrei Pangin
 
C++ game development with oxygine
C++ game development with oxygineC++ game development with oxygine
C++ game development with oxyginecorehard_by
 
Grails/Groovyによる開発事例紹介
Grails/Groovyによる開発事例紹介Grails/Groovyによる開発事例紹介
Grails/Groovyによる開発事例紹介Kiyotaka Oku
 
Unbearable Test Code Smell
Unbearable Test Code SmellUnbearable Test Code Smell
Unbearable Test Code SmellSteven Mak
 
sizeof(Object): how much memory objects take on JVMs and when this may matter
sizeof(Object): how much memory objects take on JVMs and when this may mattersizeof(Object): how much memory objects take on JVMs and when this may matter
sizeof(Object): how much memory objects take on JVMs and when this may matterDawid Weiss
 
How Data Flow analysis works in a static code analyzer
How Data Flow analysis works in a static code analyzerHow Data Flow analysis works in a static code analyzer
How Data Flow analysis works in a static code analyzerAndrey Karpov
 
Travel management
Travel managementTravel management
Travel management1Parimal2
 
Concurrency Concepts in Java
Concurrency Concepts in JavaConcurrency Concepts in Java
Concurrency Concepts in JavaDoug Hawkins
 
HelsinkiJS meet-up. Dmitry Soshnikov - ECMAScript 6
HelsinkiJS meet-up. Dmitry Soshnikov - ECMAScript 6HelsinkiJS meet-up. Dmitry Soshnikov - ECMAScript 6
HelsinkiJS meet-up. Dmitry Soshnikov - ECMAScript 6Dmitry Soshnikov
 
Design Patterns Reconsidered
Design Patterns ReconsideredDesign Patterns Reconsidered
Design Patterns ReconsideredAlex Miller
 
PVS-Studio in 2021 - Error Examples
PVS-Studio in 2021 - Error ExamplesPVS-Studio in 2021 - Error Examples
PVS-Studio in 2021 - Error ExamplesAndrey Karpov
 
Oxygine 2 d objects,events,debug and resources
Oxygine 2 d objects,events,debug and resourcesOxygine 2 d objects,events,debug and resources
Oxygine 2 d objects,events,debug and resourcescorehard_by
 
Mod04 debuggers
Mod04 debuggersMod04 debuggers
Mod04 debuggersPeter Haase
 
ES6 in Real Life
ES6 in Real LifeES6 in Real Life
ES6 in Real LifeDomenic Denicola
 
The Ring programming language version 1.2 book - Part 79 of 84
The Ring programming language version 1.2 book - Part 79 of 84The Ring programming language version 1.2 book - Part 79 of 84
The Ring programming language version 1.2 book - Part 79 of 84Mahmoud Samir Fayed
 
Better Software: introduction to good code
Better Software: introduction to good codeBetter Software: introduction to good code
Better Software: introduction to good codeGiordano Scalzo
 
Ds 2 cycle
Ds 2 cycleDs 2 cycle
Ds 2 cycleChaitanya Kn
 
Ggug spock
Ggug spockGgug spock
Ggug spockSkills Matter
 
First Steps. (db4o - Object Oriented Database)
First Steps. (db4o - Object Oriented Database)First Steps. (db4o - Object Oriented Database)
First Steps. (db4o - Object Oriented Database)Wildan Maulana
 
Introduction to ES6 with Tommy Cresine
Introduction to ES6 with Tommy CresineIntroduction to ES6 with Tommy Cresine
Introduction to ES6 with Tommy CresineMovel
 
Introduction to web programming for java and c# programmers by @drpicox
Introduction to web programming for java and c# programmers by @drpicoxIntroduction to web programming for java and c# programmers by @drpicox
Introduction to web programming for java and c# programmers by @drpicoxDavid Rodenas
 
EcmaScript 6
EcmaScript 6 EcmaScript 6
EcmaScript 6 Manoj Kumar
 
Advanced Java Practical File
Advanced Java Practical FileAdvanced Java Practical File
Advanced Java Practical FileSoumya Behera
 
#JavaFX.forReal() - ElsassJUG
#JavaFX.forReal() - ElsassJUG#JavaFX.forReal() - ElsassJUG
#JavaFX.forReal() - ElsassJUGThierry Wasylczenko
 
.NET Multithreading and File I/O
.NET Multithreading and File I/O.NET Multithreading and File I/O
.NET Multithreading and File I/OJussi Pohjolainen
 
Construire une application JavaFX 8 avec gradle
Construire une application JavaFX 8 avec gradleConstruire une application JavaFX 8 avec gradle
Construire une application JavaFX 8 avec gradleThierry Wasylczenko
 
Designing Opeation Oriented Web Applications / YAPC::Asia Tokyo 2011
Designing Opeation Oriented Web Applications / YAPC::Asia Tokyo 2011Designing Opeation Oriented Web Applications / YAPC::Asia Tokyo 2011
Designing Opeation Oriented Web Applications / YAPC::Asia Tokyo 2011Masahiro Nagano
 
SEIC - Pipeline Modelling Software for GAS
SEIC - Pipeline Modelling Software for GASSEIC - Pipeline Modelling Software for GAS
SEIC - Pipeline Modelling Software for GASLetizia Conter
 
Cross-platform logging and analytics
Cross-platform logging and analyticsCross-platform logging and analytics
Cross-platform logging and analyticsDrew Crawford
 

Contenu connexe

Tendances

Concurrency Concepts in Java
Concurrency Concepts in JavaConcurrency Concepts in Java
Concurrency Concepts in JavaDoug Hawkins
 
HelsinkiJS meet-up. Dmitry Soshnikov - ECMAScript 6
HelsinkiJS meet-up. Dmitry Soshnikov - ECMAScript 6HelsinkiJS meet-up. Dmitry Soshnikov - ECMAScript 6
HelsinkiJS meet-up. Dmitry Soshnikov - ECMAScript 6Dmitry Soshnikov
 
Design Patterns Reconsidered
Design Patterns ReconsideredDesign Patterns Reconsidered
Design Patterns ReconsideredAlex Miller
 
PVS-Studio in 2021 - Error Examples
PVS-Studio in 2021 - Error ExamplesPVS-Studio in 2021 - Error Examples
PVS-Studio in 2021 - Error ExamplesAndrey Karpov
 
Oxygine 2 d objects,events,debug and resources
Oxygine 2 d objects,events,debug and resourcesOxygine 2 d objects,events,debug and resources
Oxygine 2 d objects,events,debug and resourcescorehard_by
 
The Ring programming language version 1.2 book - Part 79 of 84
The Ring programming language version 1.2 book - Part 79 of 84The Ring programming language version 1.2 book - Part 79 of 84
The Ring programming language version 1.2 book - Part 79 of 84Mahmoud Samir Fayed
 
Better Software: introduction to good code
Better Software: introduction to good codeBetter Software: introduction to good code
Better Software: introduction to good codeGiordano Scalzo
 
First Steps. (db4o - Object Oriented Database)
First Steps. (db4o - Object Oriented Database)First Steps. (db4o - Object Oriented Database)
First Steps. (db4o - Object Oriented Database)Wildan Maulana
 
Introduction to ES6 with Tommy Cresine
Introduction to ES6 with Tommy CresineIntroduction to ES6 with Tommy Cresine
Introduction to ES6 with Tommy CresineMovel
 
Introduction to web programming for java and c# programmers by @drpicox
Introduction to web programming for java and c# programmers by @drpicoxIntroduction to web programming for java and c# programmers by @drpicox
Introduction to web programming for java and c# programmers by @drpicoxDavid Rodenas
 
Advanced Java Practical File
Advanced Java Practical FileAdvanced Java Practical File
Advanced Java Practical FileSoumya Behera
 
.NET Multithreading and File I/O
.NET Multithreading and File I/O.NET Multithreading and File I/O
.NET Multithreading and File I/OJussi Pohjolainen
 
Construire une application JavaFX 8 avec gradle
Construire une application JavaFX 8 avec gradleConstruire une application JavaFX 8 avec gradle
Construire une application JavaFX 8 avec gradleThierry Wasylczenko
 
Designing Opeation Oriented Web Applications / YAPC::Asia Tokyo 2011
Designing Opeation Oriented Web Applications / YAPC::Asia Tokyo 2011Designing Opeation Oriented Web Applications / YAPC::Asia Tokyo 2011
Designing Opeation Oriented Web Applications / YAPC::Asia Tokyo 2011Masahiro Nagano
 

Tendances (20)

Concurrency Concepts in Java
Concurrency Concepts in JavaConcurrency Concepts in Java
Concurrency Concepts in Java
 
HelsinkiJS meet-up. Dmitry Soshnikov - ECMAScript 6
HelsinkiJS meet-up. Dmitry Soshnikov - ECMAScript 6HelsinkiJS meet-up. Dmitry Soshnikov - ECMAScript 6
HelsinkiJS meet-up. Dmitry Soshnikov - ECMAScript 6
 
Design Patterns Reconsidered
Design Patterns ReconsideredDesign Patterns Reconsidered
Design Patterns Reconsidered
 
PVS-Studio in 2021 - Error Examples
PVS-Studio in 2021 - Error ExamplesPVS-Studio in 2021 - Error Examples
PVS-Studio in 2021 - Error Examples
 
Oxygine 2 d objects,events,debug and resources
Oxygine 2 d objects,events,debug and resourcesOxygine 2 d objects,events,debug and resources
Oxygine 2 d objects,events,debug and resources
 
Mod04 debuggers
Mod04 debuggersMod04 debuggers
Mod04 debuggers
 
ES6 in Real Life
ES6 in Real LifeES6 in Real Life
ES6 in Real Life
 
The Ring programming language version 1.2 book - Part 79 of 84
The Ring programming language version 1.2 book - Part 79 of 84The Ring programming language version 1.2 book - Part 79 of 84
The Ring programming language version 1.2 book - Part 79 of 84
 
Better Software: introduction to good code
Better Software: introduction to good codeBetter Software: introduction to good code
Better Software: introduction to good code
 
Ds 2 cycle
Ds 2 cycleDs 2 cycle
Ds 2 cycle
 
Ggug spock
Ggug spockGgug spock
Ggug spock
 
First Steps. (db4o - Object Oriented Database)
First Steps. (db4o - Object Oriented Database)First Steps. (db4o - Object Oriented Database)
First Steps. (db4o - Object Oriented Database)
 
Introduction to ES6 with Tommy Cresine
Introduction to ES6 with Tommy CresineIntroduction to ES6 with Tommy Cresine
Introduction to ES6 with Tommy Cresine
 
Introduction to web programming for java and c# programmers by @drpicox
Introduction to web programming for java and c# programmers by @drpicoxIntroduction to web programming for java and c# programmers by @drpicox
Introduction to web programming for java and c# programmers by @drpicox
 
EcmaScript 6
EcmaScript 6 EcmaScript 6
EcmaScript 6
 
Advanced Java Practical File
Advanced Java Practical FileAdvanced Java Practical File
Advanced Java Practical File
 
#JavaFX.forReal() - ElsassJUG
#JavaFX.forReal() - ElsassJUG#JavaFX.forReal() - ElsassJUG
#JavaFX.forReal() - ElsassJUG
 
.NET Multithreading and File I/O
.NET Multithreading and File I/O.NET Multithreading and File I/O
.NET Multithreading and File I/O
 
Construire une application JavaFX 8 avec gradle
Construire une application JavaFX 8 avec gradleConstruire une application JavaFX 8 avec gradle
Construire une application JavaFX 8 avec gradle
 
Designing Opeation Oriented Web Applications / YAPC::Asia Tokyo 2011
Designing Opeation Oriented Web Applications / YAPC::Asia Tokyo 2011Designing Opeation Oriented Web Applications / YAPC::Asia Tokyo 2011
Designing Opeation Oriented Web Applications / YAPC::Asia Tokyo 2011
 

En vedette

SEIC - Pipeline Modelling Software for GAS
SEIC - Pipeline Modelling Software for GASSEIC - Pipeline Modelling Software for GAS
SEIC - Pipeline Modelling Software for GASLetizia Conter
 
Cross-platform logging and analytics
Cross-platform logging and analyticsCross-platform logging and analytics
Cross-platform logging and analyticsDrew Crawford
 
SOG data: Understanding Data as Information
SOG data: Understanding Data as InformationSOG data: Understanding Data as Information
SOG data: Understanding Data as InformationMicheleTyler
 
iwa_guidance_notes_on_leak_detection_and_repair_2007
iwa_guidance_notes_on_leak_detection_and_repair_2007iwa_guidance_notes_on_leak_detection_and_repair_2007
iwa_guidance_notes_on_leak_detection_and_repair_2007Stuart Stapely
 
American Leak Detection - Description of Services
American Leak Detection - Description of ServicesAmerican Leak Detection - Description of Services
American Leak Detection - Description of ServicesJoshua Butler
 

En vedette (7)

SEIC - Pipeline Modelling Software for GAS
SEIC - Pipeline Modelling Software for GASSEIC - Pipeline Modelling Software for GAS
SEIC - Pipeline Modelling Software for GAS
 
Cross-platform logging and analytics
Cross-platform logging and analyticsCross-platform logging and analytics
Cross-platform logging and analytics
 
Snl 5 white paper
Snl 5 white paperSnl 5 white paper
Snl 5 white paper
 
SOG data: Understanding Data as Information
SOG data: Understanding Data as InformationSOG data: Understanding Data as Information
SOG data: Understanding Data as Information
 
iwa_guidance_notes_on_leak_detection_and_repair_2007
iwa_guidance_notes_on_leak_detection_and_repair_2007iwa_guidance_notes_on_leak_detection_and_repair_2007
iwa_guidance_notes_on_leak_detection_and_repair_2007
 
American Leak Detection - Description of Services
American Leak Detection - Description of ServicesAmerican Leak Detection - Description of Services
American Leak Detection - Description of Services
 
Nmr Course
Nmr CourseNmr Course
Nmr Course
 

Similaire à Advanced Dynamic Analysis for Leak Detection (Apple Internship 2008)

Rust "Hot or Not" at Sioux
Rust "Hot or Not" at SiouxRust "Hot or Not" at Sioux
Rust "Hot or Not" at Siouxnikomatsakis
 
Handling Exceptions In C & C++ [Part B] Ver 2
Handling Exceptions In C & C++ [Part B] Ver 2Handling Exceptions In C & C++ [Part B] Ver 2
Handling Exceptions In C & C++ [Part B] Ver 2ppd1961
 
55 new things in Java 7 - Devoxx France
55 new things in Java 7 - Devoxx France55 new things in Java 7 - Devoxx France
55 new things in Java 7 - Devoxx FranceDavid Delabassee
 
python高级内存管理
python高级内存管理python高级内存管理
python高级内存管理rfyiamcool
 
Automatically Tolerating And Correcting Memory Errors
Automatically Tolerating And Correcting Memory ErrorsAutomatically Tolerating And Correcting Memory Errors
Automatically Tolerating And Correcting Memory ErrorsEmery Berger
 
Where destructors meet threads
Where destructors meet threadsWhere destructors meet threads
Where destructors meet threadsShuo Chen
 
Cypherock Assessment (1).pdf
Cypherock Assessment (1).pdfCypherock Assessment (1).pdf
Cypherock Assessment (1).pdfPARNIKA GUPTA
 
Zn task - defcon russia 20
Zn task - defcon russia 20Zn task - defcon russia 20
Zn task - defcon russia 20DefconRussia
 
Tokyo APAC Groundbreakers tour - The Complete Java Developer
Tokyo APAC Groundbreakers tour - The Complete Java DeveloperTokyo APAC Groundbreakers tour - The Complete Java Developer
Tokyo APAC Groundbreakers tour - The Complete Java DeveloperConnor McDonald
 
Can secwest2011 flash_actionscript
Can secwest2011 flash_actionscriptCan secwest2011 flash_actionscript
Can secwest2011 flash_actionscriptCraft Symbol
 
Agile Iphone Development
Agile Iphone DevelopmentAgile Iphone Development
Agile Iphone DevelopmentGiordano Scalzo
 
C++totural file
C++totural fileC++totural file
C++totural filehalaisumit
 
Exploitation of counter overflows in the Linux kernel
Exploitation of counter overflows in the Linux kernelExploitation of counter overflows in the Linux kernel
Exploitation of counter overflows in the Linux kernelVitaly Nikolenko
 
Start Wrap Episode 11: A New Rope
Start Wrap Episode 11: A New RopeStart Wrap Episode 11: A New Rope
Start Wrap Episode 11: A New RopeYung-Yu Chen
 
Powershell for Log Analysis and Data Crunching
Powershell for Log Analysis and Data Crunching Powershell for Log Analysis and Data Crunching
Powershell for Log Analysis and Data CrunchingMichelle D'israeli
 
The Ring programming language version 1.9 book - Part 90 of 210
The Ring programming language version 1.9 book - Part 90 of 210The Ring programming language version 1.9 book - Part 90 of 210
The Ring programming language version 1.9 book - Part 90 of 210Mahmoud Samir Fayed
 
Kotlin / Android Update
Kotlin / Android UpdateKotlin / Android Update
Kotlin / Android UpdateGarth Gilmour
 

Similaire à Advanced Dynamic Analysis for Leak Detection (Apple Internship 2008) (20)

Rust "Hot or Not" at Sioux
Rust "Hot or Not" at SiouxRust "Hot or Not" at Sioux
Rust "Hot or Not" at Sioux
 
Handling Exceptions In C & C++ [Part B] Ver 2
Handling Exceptions In C & C++ [Part B] Ver 2Handling Exceptions In C & C++ [Part B] Ver 2
Handling Exceptions In C & C++ [Part B] Ver 2
 
Ns2 by khan
Ns2 by khan Ns2 by khan
Ns2 by khan
 
Cryptography Attacks and Applications
Cryptography Attacks and ApplicationsCryptography Attacks and Applications
Cryptography Attacks and Applications
 
55 new things in Java 7 - Devoxx France
55 new things in Java 7 - Devoxx France55 new things in Java 7 - Devoxx France
55 new things in Java 7 - Devoxx France
 
python高级内存管理
python高级内存管理python高级内存管理
python高级内存管理
 
Automatically Tolerating And Correcting Memory Errors
Automatically Tolerating And Correcting Memory ErrorsAutomatically Tolerating And Correcting Memory Errors
Automatically Tolerating And Correcting Memory Errors
 
Where destructors meet threads
Where destructors meet threadsWhere destructors meet threads
Where destructors meet threads
 
Cypherock Assessment (1).pdf
Cypherock Assessment (1).pdfCypherock Assessment (1).pdf
Cypherock Assessment (1).pdf
 
Zn task - defcon russia 20
Zn task - defcon russia 20Zn task - defcon russia 20
Zn task - defcon russia 20
 
Tokyo APAC Groundbreakers tour - The Complete Java Developer
Tokyo APAC Groundbreakers tour - The Complete Java DeveloperTokyo APAC Groundbreakers tour - The Complete Java Developer
Tokyo APAC Groundbreakers tour - The Complete Java Developer
 
Can secwest2011 flash_actionscript
Can secwest2011 flash_actionscriptCan secwest2011 flash_actionscript
Can secwest2011 flash_actionscript
 
Agile Iphone Development
Agile Iphone DevelopmentAgile Iphone Development
Agile Iphone Development
 
C++totural file
C++totural fileC++totural file
C++totural file
 
Exploitation of counter overflows in the Linux kernel
Exploitation of counter overflows in the Linux kernelExploitation of counter overflows in the Linux kernel
Exploitation of counter overflows in the Linux kernel
 
Start Wrap Episode 11: A New Rope
Start Wrap Episode 11: A New RopeStart Wrap Episode 11: A New Rope
Start Wrap Episode 11: A New Rope
 
C++ tutorial
C++ tutorialC++ tutorial
C++ tutorial
 
Powershell for Log Analysis and Data Crunching
Powershell for Log Analysis and Data Crunching Powershell for Log Analysis and Data Crunching
Powershell for Log Analysis and Data Crunching
 
The Ring programming language version 1.9 book - Part 90 of 210
The Ring programming language version 1.9 book - Part 90 of 210The Ring programming language version 1.9 book - Part 90 of 210
The Ring programming language version 1.9 book - Part 90 of 210
 
Kotlin / Android Update
Kotlin / Android UpdateKotlin / Android Update
Kotlin / Android Update
 

Plus de James Clause

Investigating the Impacts of Web Servers on Web Application Energy Usage (GRE...
Investigating the Impacts of Web Servers on Web Application Energy Usage (GRE...Investigating the Impacts of Web Servers on Web Application Energy Usage (GRE...
Investigating the Impacts of Web Servers on Web Application Energy Usage (GRE...James Clause
 
Energy-directed Test Suite Optimization (GREENS 2013)
Energy-directed Test Suite Optimization (GREENS 2013)Energy-directed Test Suite Optimization (GREENS 2013)
Energy-directed Test Suite Optimization (GREENS 2013)James Clause
 
Enabling and Supporting the Debugging of Field Failures (Job Talk)
Enabling and Supporting the Debugging of Field Failures (Job Talk)Enabling and Supporting the Debugging of Field Failures (Job Talk)
Enabling and Supporting the Debugging of Field Failures (Job Talk)James Clause
 
Leakpoint: Pinpointing the Causes of Memory Leaks (ICSE 2010)
Leakpoint: Pinpointing the Causes of Memory Leaks (ICSE 2010)Leakpoint: Pinpointing the Causes of Memory Leaks (ICSE 2010)
Leakpoint: Pinpointing the Causes of Memory Leaks (ICSE 2010)James Clause
 
Debugging Field Failures by Minimizing Captured Executions (ICSE 2009: NIER e...
Debugging Field Failures by Minimizing Captured Executions (ICSE 2009: NIER e...Debugging Field Failures by Minimizing Captured Executions (ICSE 2009: NIER e...
Debugging Field Failures by Minimizing Captured Executions (ICSE 2009: NIER e...James Clause
 
A Technique for Enabling and Supporting Debugging of Field Failures (ICSE 2007)
A Technique for Enabling and Supporting Debugging of Field Failures (ICSE 2007)A Technique for Enabling and Supporting Debugging of Field Failures (ICSE 2007)
A Technique for Enabling and Supporting Debugging of Field Failures (ICSE 2007)James Clause
 
Demand-Driven Structural Testing with Dynamic Instrumentation (ICSE 2005)
Demand-Driven Structural Testing with Dynamic Instrumentation (ICSE 2005)Demand-Driven Structural Testing with Dynamic Instrumentation (ICSE 2005)
Demand-Driven Structural Testing with Dynamic Instrumentation (ICSE 2005)James Clause
 
Initial Explorations on Design Pattern Energy Usage (GREENS 12)
Initial Explorations on Design Pattern Energy Usage (GREENS 12)Initial Explorations on Design Pattern Energy Usage (GREENS 12)
Initial Explorations on Design Pattern Energy Usage (GREENS 12)James Clause
 
Enabling and Supporting the Debugging of Software Failures (PhD Defense)
Enabling and Supporting the Debugging of Software Failures (PhD Defense)Enabling and Supporting the Debugging of Software Failures (PhD Defense)
Enabling and Supporting the Debugging of Software Failures (PhD Defense)James Clause
 
Taint-based Dynamic Analysis (CoC Research Day 2009)
Taint-based Dynamic Analysis (CoC Research Day 2009)Taint-based Dynamic Analysis (CoC Research Day 2009)
Taint-based Dynamic Analysis (CoC Research Day 2009)James Clause
 
Effective Memory Protection Using Dynamic Tainting (ASE 2007)
Effective Memory Protection Using Dynamic Tainting (ASE 2007)Effective Memory Protection Using Dynamic Tainting (ASE 2007)
Effective Memory Protection Using Dynamic Tainting (ASE 2007)James Clause
 
Penumbra: Automatically Identifying Failure-Relevant Inputs (ISSTA 2009)
Penumbra: Automatically Identifying Failure-Relevant Inputs (ISSTA 2009)Penumbra: Automatically Identifying Failure-Relevant Inputs (ISSTA 2009)
Penumbra: Automatically Identifying Failure-Relevant Inputs (ISSTA 2009)James Clause
 
Dytan: A Generic Dynamic Taint Analysis Framework (ISSTA 2007)
Dytan: A Generic Dynamic Taint Analysis Framework (ISSTA 2007)Dytan: A Generic Dynamic Taint Analysis Framework (ISSTA 2007)
Dytan: A Generic Dynamic Taint Analysis Framework (ISSTA 2007)James Clause
 
Camouflage: Automated Anonymization of Field Data (ICSE 2011)
Camouflage: Automated Anonymization of Field Data (ICSE 2011)Camouflage: Automated Anonymization of Field Data (ICSE 2011)
Camouflage: Automated Anonymization of Field Data (ICSE 2011)James Clause
 

Plus de James Clause (14)

Investigating the Impacts of Web Servers on Web Application Energy Usage (GRE...
Investigating the Impacts of Web Servers on Web Application Energy Usage (GRE...Investigating the Impacts of Web Servers on Web Application Energy Usage (GRE...
Investigating the Impacts of Web Servers on Web Application Energy Usage (GRE...
 
Energy-directed Test Suite Optimization (GREENS 2013)
Energy-directed Test Suite Optimization (GREENS 2013)Energy-directed Test Suite Optimization (GREENS 2013)
Energy-directed Test Suite Optimization (GREENS 2013)
 
Enabling and Supporting the Debugging of Field Failures (Job Talk)
Enabling and Supporting the Debugging of Field Failures (Job Talk)Enabling and Supporting the Debugging of Field Failures (Job Talk)
Enabling and Supporting the Debugging of Field Failures (Job Talk)
 
Leakpoint: Pinpointing the Causes of Memory Leaks (ICSE 2010)
Leakpoint: Pinpointing the Causes of Memory Leaks (ICSE 2010)Leakpoint: Pinpointing the Causes of Memory Leaks (ICSE 2010)
Leakpoint: Pinpointing the Causes of Memory Leaks (ICSE 2010)
 
Debugging Field Failures by Minimizing Captured Executions (ICSE 2009: NIER e...
Debugging Field Failures by Minimizing Captured Executions (ICSE 2009: NIER e...Debugging Field Failures by Minimizing Captured Executions (ICSE 2009: NIER e...
Debugging Field Failures by Minimizing Captured Executions (ICSE 2009: NIER e...
 
A Technique for Enabling and Supporting Debugging of Field Failures (ICSE 2007)
A Technique for Enabling and Supporting Debugging of Field Failures (ICSE 2007)A Technique for Enabling and Supporting Debugging of Field Failures (ICSE 2007)
A Technique for Enabling and Supporting Debugging of Field Failures (ICSE 2007)
 
Demand-Driven Structural Testing with Dynamic Instrumentation (ICSE 2005)
Demand-Driven Structural Testing with Dynamic Instrumentation (ICSE 2005)Demand-Driven Structural Testing with Dynamic Instrumentation (ICSE 2005)
Demand-Driven Structural Testing with Dynamic Instrumentation (ICSE 2005)
 
Initial Explorations on Design Pattern Energy Usage (GREENS 12)
Initial Explorations on Design Pattern Energy Usage (GREENS 12)Initial Explorations on Design Pattern Energy Usage (GREENS 12)
Initial Explorations on Design Pattern Energy Usage (GREENS 12)
 
Enabling and Supporting the Debugging of Software Failures (PhD Defense)
Enabling and Supporting the Debugging of Software Failures (PhD Defense)Enabling and Supporting the Debugging of Software Failures (PhD Defense)
Enabling and Supporting the Debugging of Software Failures (PhD Defense)
 
Taint-based Dynamic Analysis (CoC Research Day 2009)
Taint-based Dynamic Analysis (CoC Research Day 2009)Taint-based Dynamic Analysis (CoC Research Day 2009)
Taint-based Dynamic Analysis (CoC Research Day 2009)
 
Effective Memory Protection Using Dynamic Tainting (ASE 2007)
Effective Memory Protection Using Dynamic Tainting (ASE 2007)Effective Memory Protection Using Dynamic Tainting (ASE 2007)
Effective Memory Protection Using Dynamic Tainting (ASE 2007)
 
Penumbra: Automatically Identifying Failure-Relevant Inputs (ISSTA 2009)
Penumbra: Automatically Identifying Failure-Relevant Inputs (ISSTA 2009)Penumbra: Automatically Identifying Failure-Relevant Inputs (ISSTA 2009)
Penumbra: Automatically Identifying Failure-Relevant Inputs (ISSTA 2009)
 
Dytan: A Generic Dynamic Taint Analysis Framework (ISSTA 2007)
Dytan: A Generic Dynamic Taint Analysis Framework (ISSTA 2007)Dytan: A Generic Dynamic Taint Analysis Framework (ISSTA 2007)
Dytan: A Generic Dynamic Taint Analysis Framework (ISSTA 2007)
 
Camouflage: Automated Anonymization of Field Data (ICSE 2011)
Camouflage: Automated Anonymization of Field Data (ICSE 2011)Camouflage: Automated Anonymization of Field Data (ICSE 2011)
Camouflage: Automated Anonymization of Field Data (ICSE 2011)
 

Dernier

Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 

Dernier (20)

Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 

Advanced Dynamic Analysis for Leak Detection (Apple Internship 2008)

  • 1. Advanced dynamic analysis for leak detection Jim Clause Chris Friesen - Manager Analysis Tools Group
  • 6. ≈ X-ray MRI Current analysis tools Shark Instruments C A B 312 Z 3 Dynamic taint analysis ≈
  • 8. Dynamic taint analysis 1 Assign taint marks C A B Z
  • 9. Dynamic taint analysis 1 Assign taint marks C A B 312 Z
  • 10. Dynamic taint analysis 1 Assign taint marks 2 Propagate taint marks C A B 312 Z
  • 11. Dynamic taint analysis 1 Assign taint marks 2 Propagate taint marks C A B 312 Z
  • 12. Dynamic taint analysis 1 Assign taint marks 3 Check taint marks 2 Propagate taint marks C A B 312 Z
  • 13. Dynamic taint analysis 1 Assign taint marks 3 Check taint marks 2 Propagate taint marks C A B 312 Z C A B 312 Z 3
  • 14. Attack detection / prevention Information policy enforcement Testing Data lifetime Applications of dynamic tainting Memory errors
  • 15. Attack detection / prevention Prevent stack smashing, SQL injection, buffer overruns, etc. Attack detection / prevention Information policy enforcement Testing Data lifetime Applications of dynamic tainting Memory errors
  • 16. Information policy enforcement ensure classified information does not leave the system Attack detection / prevention Information policy enforcement Testing Data lifetime Applications of dynamic tainting Memory errors
  • 17. Testing Coverage metrics, test data generation heuristic, etc. ✔/✘ Attack detection / prevention Information policy enforcement Testing Data lifetime Applications of dynamic tainting Memory errors
  • 18. Data lifetime track how long sensitive data remain in the application Attack detection / prevention Information policy enforcement Testing Data lifetime Applications of dynamic tainting Memory errors
  • 19. Attack detection / prevention Information policy enforcement Testing Data lifetime Applications of dynamic tainting Memory errorsMemory errors Detect illegal memory access, leak detection, etc.
  • 20. Attack detection / prevention Information policy enforcement Testing Data lifetime Applications of dynamic tainting Memory errorsMemory errors Detect illegal memory access, leak detection, etc.leak detection
  • 21. Detecting leaks is easy, fixing them is hard
  • 22. Detecting leaks is easy, fixing them is hard @interface Container:NSObject { id _object; } @end @implementation Container - (void) dealloc { //[_object release]; [super dealloc]; } - (void) setObject:(id)obj { [_object release]; _object = [obj retain]; } @end
  • 23. Detecting leaks is easy, fixing them is hard @interface Container:NSObject { id _object; } @end @implementation Container - (void) dealloc { //[_object release]; [super dealloc]; } - (void) setObject:(id)obj { [_object release]; _object = [obj retain]; } @end Container *create() { Container *c = [[Container alloc] init]; NSObject *o = [[NSObject alloc] init]; [c setObject:o]; [o release]; return c; } int main(...) { Container *c = create(); … [c release]; }
  • 24. Detecting leaks is easy, fixing them is hard @interface Container:NSObject { id _object; } @end @implementation Container - (void) dealloc { //[_object release]; [super dealloc]; } - (void) setObject:(id)obj { [_object release]; _object = [obj retain]; } @end Container *create() { Container *c = [[Container alloc] init]; NSObject *o = [[NSObject alloc] init]; [c setObject:o]; [o release]; return c; } int main(...) { Container *c = create(); … [c release]; } leaks: This object is leaked
  • 25. Leakpoint overview Discover where the last pointer to un-freed memory is lost
  • 26. Leakpoint overview Assign taint marks Propagate taint marks Check taint marks ptr1 = malloc(...) ➔ ptr1 ptr2 = calloc(...) ➔ ptr2 ptr3 = ptr1 ➔ ptr3 , ptr1 ptr1 = NULL ➔ ptr1 , ptr3 ptr4 = ptr2 + 1 ➔ ptr4 , ptr2 Report error if taint mark’s count is zero and memory has not been freed. 1 1 1 Discover where the last pointer to un-freed memory is lost
  • 27. Leakpoint overview Assign taint marks Propagate taint marks Check taint marks ptr1 = malloc(...) ➔ ptr1 ptr2 = calloc(...) ➔ ptr2 ptr3 = ptr1 ➔ ptr3 , ptr1 ptr1 = NULL ➔ ptr1 , ptr3 ptr4 = ptr2 + 1 ➔ ptr4 , ptr2 Report error if taint mark’s count is zero and memory has not been freed. 2 1 1 1 1 2 2 2 1 1 2 2 Discover where the last pointer to un-freed memory is lost
  • 28. Leakpoint overview Assign taint marks Propagate taint marks Check taint marks ptr1 = malloc(...) ➔ ptr1 ptr2 = calloc(...) ➔ ptr2 ptr3 = ptr1 ➔ ptr3 , ptr1 ptr1 = NULL ➔ ptr1 , ptr3 ptr4 = ptr2 + 1 ➔ ptr4 , ptr2 Report error if taint mark’s count is zero and memory has not been freed. 2 1 1 1 1 2 2 2 1 1 2 2 In general propagation follows standard pointer arithmetic rules Discover where the last pointer to un-freed memory is lost
  • 29. Leakpoint overview Assign taint marks Propagate taint marks Check taint marks ptr1 = malloc(...) ➔ ptr1 ptr2 = calloc(...) ➔ ptr2 ptr3 = ptr1 ➔ ptr3 , ptr1 ptr1 = NULL ➔ ptr1 , ptr3 ptr4 = ptr2 + 1 ➔ ptr4 , ptr2 Report error if taint mark’s count is zero and memory has not been freed. 2 3 1 1 1 1 2 2 2 1 1 2 2 In general propagation follows standard pointer arithmetic rules Discover where the last pointer to un-freed memory is lost
  • 30. @interface Container:NSObject { id _object; } @end @implementation Container - (void) dealloc { [super dealloc]; } - (void) setObject:(id)obj { [_object release]; _object = [obj retain]; } @end Container *create() { Container *c = [[Container alloc] init]; NSObject *o = [[NSObject alloc] init]; [c setObject:o]; [o release]; return c; } int main(...) { Container *c = create(); … [c release]; } Detecting leaks is easy, fixing them is easier
  • 31. @interface Container:NSObject { id _object; } @end @implementation Container - (void) dealloc { [super dealloc]; } - (void) setObject:(id)obj { [_object release]; _object = [obj retain]; } @end Container *create() { Container *c = [[Container alloc] init]; NSObject *o = [[NSObject alloc] init]; [c setObject:o]; [o release]; return c; } int main(...) { Container *c = create(); … [c release]; } leakpoint: This object is leaked Detecting leaks is easy, fixing them is easier
  • 32. @interface Container:NSObject { id _object; } @end @implementation Container - (void) dealloc { [super dealloc]; } - (void) setObject:(id)obj { [_object release]; _object = [obj retain]; } @end Container *create() { Container *c = [[Container alloc] init]; NSObject *o = [[NSObject alloc] init]; [c setObject:o]; [o release]; return c; } int main(...) { Container *c = create(); … [c release]; } leakpoint: Last reference was lost here leakpoint: This object is leaked Detecting leaks is easy, fixing them is easier
  • 33. @interface Container:NSObject { id _object; } @end @implementation Container - (void) dealloc { [super dealloc]; } - (void) setObject:(id)obj { [_object release]; _object = [obj retain]; } @end Container *create() { Container *c = [[Container alloc] init]; NSObject *o = [[NSObject alloc] init]; [c setObject:o]; [o release]; return c; } int main(...) { Container *c = create(); … [c release]; } [_object release]; leakpoint: Last reference was lost here leakpoint: This object is leaked Detecting leaks is easy, fixing them is easier
  • 34. Leakpoint implementation • Implemented as aValgrind tool (www.valgrind.org) ■ intercept libc memory management functions ■ instrument binary instructions to perform propagation
  • 35. Lost pointer to 0x1C93AC0 (16 bytes)  allocated at:   at calloc+105   by _internal_class_createInstanceFromZone+149   by _internal_class_createInstance+31   by +[NSObject allocWithZone:]+155 (NSObject.m:445)   by +[NSObject alloc]+41 (NSObject.m:432)   by create+97 (main.m:29)   by main+17 (main.m:38)  leaked at:   at free+103   by _internal_object_dispose+81   by NSDeallocateObject+223 (NSObject.m:207)   by -[Container dealloc]+53 (container.m:13)   by main+43 (main.m:40) Leakpoint implementation • Implemented as aValgrind tool (www.valgrind.org) ■ intercept libc memory management functions ■ instrument binary instructions to perform propagation
  • 36. leaks Lost pointer to 0x1C93AC0 (16 bytes)  allocated at:   at calloc+105   by _internal_class_createInstanceFromZone+149   by _internal_class_createInstance+31   by +[NSObject allocWithZone:]+155 (NSObject.m:445)   by +[NSObject alloc]+41 (NSObject.m:432)   by create+97 (main.m:29)   by main+17 (main.m:38)  leaked at:   at free+103   by _internal_object_dispose+81   by NSDeallocateObject+223 (NSObject.m:207)   by -[Container dealloc]+53 (container.m:13)   by main+43 (main.m:40) Leakpoint implementation • Implemented as aValgrind tool (www.valgrind.org) ■ intercept libc memory management functions ■ instrument binary instructions to perform propagation
  • 37. leakpoint leaks Lost pointer to 0x1C93AC0 (16 bytes)  allocated at:   at calloc+105   by _internal_class_createInstanceFromZone+149   by _internal_class_createInstance+31   by +[NSObject allocWithZone:]+155 (NSObject.m:445)   by +[NSObject alloc]+41 (NSObject.m:432)   by create+97 (main.m:29)   by main+17 (main.m:38)  leaked at:   at free+103   by _internal_object_dispose+81   by NSDeallocateObject+223 (NSObject.m:207)   by -[Container dealloc]+53 (container.m:13)   by main+43 (main.m:40) Leakpoint implementation • Implemented as aValgrind tool (www.valgrind.org) ■ intercept libc memory management functions ■ instrument binary instructions to perform propagation
  • 39. Leakpoint: current status Handle basic C / C++ / Objective C
  • 40. Leakpoint: current status Handle basic C / C++ / Objective C✔
  • 41. Leakpoint: current status Handle basic C / C++ / Objective C✔ Handle CoreFoundation
  • 42. Leakpoint: current status Handle basic C / C++ / Objective C✔ Handle CoreFoundation✔
  • 43. Leakpoint: current status Handle basic C / C++ / Objective C Handle Cocoa ✔ Handle CoreFoundation✔
  • 44. Need to investigate approximately 40 false positive (probably) leak reports • Interface Builder unarchiving • CoreData Leakpoint: current status Handle basic C / C++ / Objective C Handle Cocoa ✔ Handle CoreFoundation✔
  • 45. Need to investigate approximately 40 false positive (probably) leak reports • Interface Builder unarchiving • CoreData Leakpoint: current status Handle basic C / C++ / Objective C Handle Cocoa ✔ Handle CoreFoundation✔ 64bit compatible
  • 46. Need to investigate approximately 40 false positive (probably) leak reports • Interface Builder unarchiving • CoreData Leakpoint: current status Handle basic C / C++ / Objective C Handle Cocoa ✔ Handle CoreFoundation✔ 64bit compatible✔
  • 47. A real leak?: _NSImageMalloc void *_NSImageMalloc(NSZone* zone, size_t size) { // allocate storage aligned to 32 bytes. we do this by // allocating an extra 32 bytes, finding the address in the proper // location and storing the delta in one of the previous 32 bytes. void *unaligned = NSZoneMalloc(zone, size + BITMAP_DATA_ALIGNMENT); if(unaligned != NULL) { uintptr_t aligned = ((uintptr_t)unaligned + BITMAP_DATA_ALIGNMENT) & ~(BITMAP_DATA_ALIGNMENT - 1); (unsigned char*)aligned[-1] = aligned - (uintptr_t) unaligned; return (void*)aligned; } else { return NULL; } }
  • 48. Overhead Powerful but expensive 50 -100x overheads are common
  • 49. Overhead Powerful but expensive 50 -100x overheads are common Recommended usage: run cheap tools to check for errors run expensive tools to diagnose errors
  • 52. Future work • Apple ■ new leak detection tool ■ experience with dynamic taint analysis Impact + Leakpoint ( )
  • 53. Future work • Apple ■ new leak detection tool ■ experience with dynamic taint analysis • Me ■ experience withValgrind ■ experience analyzing large commercial code base Impact + Leakpoint ( )