important from last time
play

Important From Last Time Embedded C Pros and cons Macros and how - PowerPoint PPT Presentation

Sep 07, 2023 •218 likes •669 views

Important From Last Time Embedded C Pros and cons Macros and how to avoid them Intrinsics Interrupt syntax Interrupt syntax Inline assembly Today Advanced C What C programs mean How to create C

  1. Important From Last Time Embedded C � � Pros and cons Macros and how to avoid them � Intrinsics � Interrupt syntax Interrupt syntax � � Inline assembly �

  2. Today Advanced C � What C programs mean � How to create C programs that mean � nothing The point: Embedded systems need to work � all the time � You cannot create systems that really work unless you understand your programming language and your tools � This is a major theme for the rest of this class

  3. Is the assembly code right? int my_loop (int base) { int index, count = 0; for (index = base; index < (base+10); index++) index++) count++; return count; } my_loop: movl $10, %eax ret

  4. Is the assembly code right? int my_compare (void) { signed char a = 1; unsigned char b = -1; return (a > b); } } my_compare: movl $1, %eax ret

  5. Which compiler is right? int another_compare (void) { return -1 < (unsigned short)1; } another_compare: movl $1, %eax gcc 4.3.2 for x86: ret another_compare: gcc 3.2.3 for msp430: mov #llo(0), r15 ret

  6. $ gcc foo.c –o foo $ ./foo Segmentation fault (core dumped) $ gcc –O2 foo.c –o foo $ ./foo Hello, world. Is it OK for the optimizer to turn a broken program into a working one? What about the other way around– is it OK for the optimizer to break a working program?

  7. What mathematical function is equivalent to this C function? unsigned foo (unsigned a, unsigned b) { return a+b; } CHAR_BIT * sizeof(uns igned) foo ( a , b ) ( a b ) mod 2 = +

  8. How about this function? int foo (int a, int b) { return a+b; } � a b if INT_MIN (a b) INT_MAX + ≤ + ≤ � foo ( a , b ) = � undefined otherwise

  9. What mathematical function is equivalent to � Internet Explorer 7?

  10. What does each of these mean? � x = y = z; � v++ � v + v++ � � *p + (i=1) *p + (i=1) � (x=0) + (x=0) � i = i + 1; � i = (i = i + 1);

  11. Point of all this? Arithmetic, logical, and comparison � operators are not equivalent to their mathematical counterparts Expression evaluation is nontrivial � Other parts of the C language have similar Other parts of the C language have similar � � counterintuitive behavior We need a way to figure out what programs � mean � The C standard is an English language description of this � It is a free download

  12. How To Think About C The C standard describes an “abstract � machine” � Think of it as a simple interpreter for C For everything your program does, the C � abstract machine tells us the result C implementation has to act “as if” it C implementation has to act “as if” it � � implements the computation described by the abstract machine � But actually, it may do things very differently

  13. int my_loop (int base) { int index, count = 0; for (index = base; index < (base+10); index++) count++; return count; } my_loop: movl $10, %eax ret

  14. However… If you program breaks certain rules, the C � implementation can do anything it wants � It’s very hard to create C programs that provably don’t break the rules Let’s look in more detail about things you � can do in C � 4 basic categories

  15. Some operations are defined to behave in a � certain way for all C implementations (1+1) a[5]=3; where a[5] is in-bounds where p is “int *p” and p points to an int where p is “int *p” and p points to an int *p if (z) { … } where z is initialized As a programmer your goal is to execute � mostly operations with well-defined behavior

  16. Some operations have implementation- � defined behavior � The C implementation chooses how to implement the behavior � The choice must be consistent and documented Examples � � Sizes of various integers (long, short, etc.) � Integer representation � Integer representation � Two’s complement? Ones’ complement? Sign magnitude? � Effect of bitwise operations on signed values � Floating-point rounding behavior Use of implementation-defined constructs � in unavoidable in real C programs � This can limit portability of code

  17. Some operations have unspecified behavior � � Implementation has freedom of choice � Can make a different choice each time Examples � � Value of padding bytes in structures � Order of evaluation of subexpressions � Order of evaluation of function arguments Total of 53 kinds of unspecified behavior � mentioned in the C standard Your program must never rely on � something that is unspecified

  18. Code that may depend on unspecified behavior: � foo (x(),y()); Code that definitely has unspecified behavior: � printf (“a”) + printf (“b”) + printf (“c”) Try this code at different optimization levels �

  19. Some operations have undefined behavior � � Consequences are arbitrary � Undefined behavior is always a serious bug Examples � � Null pointer dereference � Improper type cast � Out of bounds array access � Out of bounds array access � Divide by zero � Signed integer overflow � Shift by negative or past bitwidth � Read uninitialized value � Access to dead stack variable � Double-free, use-after-free

  20. Total of about 190 kinds undefined behavior � in the C standard � However, some can be reliably detected at compile time In practice, what happens when your � problem executes an operation with undefined behavior? undefined behavior? � Maybe the program does just what you expected � Maybe it crashes � Maybe nothing obvious – program appears to continue normally but it is corrupted somehow The vast majority of security holes in C � applications are the result of undefined behavior

  21. Type 1 Functions Well-defined behavior for all inputs � int32_t safe_div_int32_t (int32_t a, int32_t b) { if ((b == 0) || if ((b == 0) || ((a == INT32_MIN) && (b == -1))) { report_integer_math_error(); return 0; } else { return a / b; } }

  22. Type 3 Functions Function always has undefined behavior � � Never write a function like this! � In practice they happen by accident � Compiler will often silently eliminate some or all code in a function like this code in a function like this int bad (void) { int x; return x; }

  23. Another Type 3 Function void str2 (void) { char *s = "hello"; printf("%s\n", s); s[0] = 'H'; printf("%s\n", s); } Why is it type 3? � What are the compiler’s obligations? �

  24. str2: subq $8, %rsp movl $.LC1, %edx movl $.LC0, %esi movl $1, %edi xorl %eax, %eax call __printf_chk call __printf_chk movl $.LC1, %edx movl $.LC0, %esi movl $1, %edi xorl %eax, %eax addq $8, %rsp jmp __printf_chk

  25. Type 2 Functions Has undefined behavior for some inputs � int32_t div_int32_t (int32_t a, int32_t b) { return a / b; } When is it OK to call this function? � When is it OK to write this function? �

  26. Compiling Type 2 Funcs int stupid (int a) { return (a+1) > a; } What is this function’s precondition? �

  27. Compiling Type 2 Funcs Case 1: a != INT_MAX � � Behavior of + is defined � Computer is obligated to return 1 Case 2: a == INT_MAX � � Behavior of + is undefined � Compiler has no � Behavior of + is undefined � Compiler has no particular obligations Generated code by “gcc –O2”: � stupid: movl $1, %eax ret

  28. Another Type 2 void __devexit agnx_pci_remove (struct pci_dev *pdev) { struct ieee80211_hw *dev = pci_get_drvdata(pdev); struct agnx_priv *priv = dev->priv; if (!dev) return; ... do stuff using dev ... }

  29. Case Analysis Case 1: dev == NULL � � “dev->priv” has undefined behavior � Compiler has no particular obligations Case 2: dev != NULL � � Null pointer check won’t fail � Null pointer check � Null pointer check won’t fail � Null pointer check is dead code and may be deleted This is real Linux kernel code! � � Since 2009 the Linux kernel us compiled using a special GCC flag that say never to delete null pointer checks � Why not just fix the code?

  30. Why not require the C implementation to � emit a compile-time warning when a program might contain undefined behavior? Why not require that the C implementation Why not require that the C implementation � � throw an exception in order to avoid undefined behavior? How should you deal with undefined � behavior?

  31. Signed/Unsigned in C Operators like +, -, <, <= in C have signed � and unsigned versions � The version that gets chosen depends on the signs of the operands � Rule: If at least one operand is unsigned, the operator is unsigned int a,b; unsigned c,d; (a < b) (c < d) (a < c)

  32. Integer Promotion Operators like +, -, <, <= in C have different � versions for different types � float, double � int, long, long long Rule: Both operands are “promoted” to int � before the operator executes before the operator executes char c1, c2; c1 = c1 + c2; Tricky: If an int can hold all of the values in � the original type, a value is promoted to int; if not, it is promoted to unsigned int � So, integer promotions always preserve value

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Time within Distributed Systems Time is important, however, it is problematic in distributed

Time within Distributed Systems Time is important, however, it is problematic in distributed

Time within Distributed Systems Time is important, however, it is problematic in distributed systems as we cannot synchronize time perfectly Introducing Time Time is a quantity that we often want to measure accurately Algorithms that

535 views • 29 slides
Real-Time Mixes for ISDN Requirements of real-time communication Becomes important when

Real-Time Mixes for ISDN Requirements of real-time communication Becomes important when

Real-Time Mixes for ISDN Requirements of real-time communication Becomes important when using services like telephony where a continuous data stream via channels has to be transmitted In order to configure an anonymous channel, the

694 views • 38 slides
Timely Advice Time Occurs 599 Times In 546 Verses Time Is Important ! In The

Timely Advice Time Occurs 599 Times In 546 Verses Time Is Important ! In The

Timely Advice Time Occurs 599 Times In 546 Verses Time Is Important ! In The Year 2019 365 Days 8,760 Hours 525,600 Minutes 31,536,000 Seconds Timely Advice Yesterday is a cancelled check; tomorrow is a promissory

453 views • 18 slides
Important Concepts Some important concepts in financial and derivative markets Lecture 2.2:

Important Concepts Some important concepts in financial and derivative markets Lecture 2.2:

Important Concepts Some important concepts in financial and derivative markets Lecture 2.2: Basic Principles of Option Pricing Concept of intrinsic value and time value Concept of time value decay Effect of volatility on an option

273 views • 8 slides
How to Knock 20 Seconds Off f Your Average Handling Tim ime Paul Weald What is AHT? And why

How to Knock 20 Seconds Off f Your Average Handling Tim ime Paul Weald What is AHT? And why

How to Knock 20 Seconds Off f Your Average Handling Tim ime Paul Weald What is AHT? And why is it important? Average Handle Time is composed of three elements 1. Talk time 2. Hold time 3. Wrap time It is important from a workforce

338 views • 8 slides
Why Is This Important? DB performance depends on time it takes to get the data from storage

Why Is This Important? DB performance depends on time it takes to get the data from storage

Why Is This Important? DB performance depends on time it takes to get the data from storage system and time to process Overview of Storage and Indexing Choosing the right index for faster access can speed up queries significantly

476 views • 6 slides
As a PhD student we have to much to handle and not enough time to get it all done Time

As a PhD student we have to much to handle and not enough time to get it all done Time

As a PhD student we have to much to handle and not enough time to get it all done Time management (Getting more done) Showan Asyabi- Shain Roozkhosh Time Management Techniques Urgent Not Urgent Important Paper Deadlines Quality Time

565 views • 15 slides
1 Response Time Det tar 4 mnader att odla fram en tomat How long does it take for my job

1 Response Time Det tar 4 mnader att odla fram en tomat How long does it take for my job

Foto: Hughes Leglise-Bataille some rights reserved How do we define (speed) performance ? Response time (aka execution time) the time between the start and the Thus, to maximize completion of a task performance, need to Important to

66 views • 5 slides
Logical time and logical clocks Knowing the ordering of events is important not enough with

Logical time and logical clocks Knowing the ordering of events is important not enough with

Logical time and logical clocks Knowing the ordering of events is important not enough with physical time Two simple points [Lamport 1978] the order of two events in the same process the event of sending message always happens

542 views • 17 slides
Why i is q quality a assurance i important? A lot of time and effort goes into setting up

Why i is q quality a assurance i important? A lot of time and effort goes into setting up

Why i is q quality a assurance i important? A lot of time and effort goes into setting up placements. If an employer has a bad experience they close the door to future opportunities We expect demand to outstrip supply for this

226 views • 7 slides
the most precious and important in your life: Your Family, Your Home and Your Time Your

the most precious and important in your life: Your Family, Your Home and Your Time Your

is a new concept, developed to taking care of the most precious and important in your life: Your Family, Your Home and Your Time Your to do list is our business You name it we do it LuxAdministration Group Mission is to provide

427 views • 19 slides
Time Management One very IMPORTANT Life Skills Time Management The 80:20 Rule Typically 80% of

Time Management One very IMPORTANT Life Skills Time Management The 80:20 Rule Typically 80% of

Time Management One very IMPORTANT Life Skills Time Management The 80:20 Rule Typically 80% of unfocussed effort generates only 20% of results. The remaining 80% of results are achieved with only 20% of the effort . Time Management

161 views • 13 slides
Discuss what you know about time. True or False: Learning about time is not important. 1 maths

Discuss what you know about time. True or False: Learning about time is not important. 1 maths

maths time.notebook April 30, 2020 LO: To identify the time on Steps To Success: I can distinguish between the minute hand and the hour hand on an analogue clock an analogue clock I can tell the time on an analogue clock using o'clock and

1.27k views • 64 slides
Why is this important? Why is this important? Anyone know what song this is? Yes thats right,

Why is this important? Why is this important? Anyone know what song this is? Yes thats right,

Why is this important? Why is this important? Anyone know what song this is? Yes thats right, Crowded House Weather With You UK release in 1992. I was 5 years old. Why is this important? The estimated average annual economic

332 views • 16 slides
Important From Last Time A system is safety critical when its failure may result in injuries

Important From Last Time A system is safety critical when its failure may result in injuries

Important From Last Time A system is safety critical when its failure may result in injuries or deaths Verification and validation can dominate overall development effort Today Embedded system security General principles

599 views • 27 slides
Time Series Analysis using Hilbert-Huang Transform [HHT] is one of the most important

Time Series Analysis using Hilbert-Huang Transform [HHT] is one of the most important

Time Series Analysis using Hilbert-Huang Transform [HHT] is one of the most important discoveries in the field of applied mathematics in NASA history. Presented by Nathan Taylor &amp; Brent Davis Terminology Hilbert-Huang Transform (HHT)

518 views • 50 slides
Refunctionalization at Work Olivier Danvy University of Aarhus, Denmark (danvy@daimi.au.dk)

Refunctionalization at Work Olivier Danvy University of Aarhus, Denmark (danvy@daimi.au.dk)

Refunctionalization at Work Olivier Danvy University of Aarhus, Denmark (danvy@daimi.au.dk) MPC06 July 3, 2006 1 Defunctionalization: a change of representation Enumerate inhabitants of function space. Represent function space as

920 views • 69 slides
Construction of a Semantic Model Construction of a Semantic Model for a Typed Assembly Language

Construction of a Semantic Model Construction of a Semantic Model for a Typed Assembly Language

Construction of a Semantic Model Construction of a Semantic Model for a Typed Assembly Language Gang Tan, Andrew Appel, Kedar Swadi and Dinghao Wu Princeton University Jan 11, 2004 Extensible systems Extensible systems code extensions host

228 views • 22 slides
AM A O SAbstract Machine for Xcerpt Principles Architecture PPSWR 06, Budva,

AM A O SAbstract Machine for Xcerpt Principles Architecture PPSWR 06, Budva,

AM A O SAbstract Machine for Xcerpt Principles Architecture PPSWR 06, Budva, Montenegro, June 11th, 2006 Franois Bry, Tim Furche , Benedikt Linse Abstract Machine(s) Definition and Variants abstract machine :=

339 views • 21 slides
1 Model of OO Computation: Transitions Model of OO Computation: Transitions cont. Let cs = (sh,

1 Model of OO Computation: Transitions Model of OO Computation: Transitions cont. Let cs = (sh,

Eiffel Approach to @pre/old Restrict post-conditions to formulas of the form: t [ (t 1 )@pre/x 1 ,..., (t n )@pre/x n ] An Abstract Machine for the Old Compute and save values of t 1 ,..., t n when the constrained Value Retrieval method

244 views • 3 slides
The Translation of C Saarbrcken + Mnchen 1 Structure of a compiler: Internal representation

The Translation of C Saarbrcken + Mnchen 1 Structure of a compiler: Internal representation

Reinhard Wilhelm + Helmut Seidl The Translation of C Saarbrcken + Mnchen 1 Structure of a compiler: Internal representation Source program Frontend (Syntax tree) Optimizations Internal representation Code Program for generation

1.24k views • 89 slides
Compiler Construction Lecture 17: Code Generation III (Implementation of Static Data Structures)

Compiler Construction Lecture 17: Code Generation III (Implementation of Static Data Structures)

Compiler Construction Lecture 17: Code Generation III (Implementation of Static Data Structures) Thomas Noll Lehrstuhl f ur Informatik 2 (Software Modeling and Verification) noll@cs.rwth-aachen.de

295 views • 25 slides
Operating System Basics CS 111 Operating Systems Peter Reiher Lecture 2 CS 111 Page 1 Fall

Operating System Basics CS 111 Operating Systems Peter Reiher Lecture 2 CS 111 Page 1 Fall

Operating System Basics CS 111 Operating Systems Peter Reiher Lecture 2 CS 111 Page 1 Fall 2015 Outline Important properties for an operating system Critical abstractions for operating systems System services Lecture 2 CS 111

656 views • 64 slides
Cyclone: Safe Programming at the C Level of Abstraction Dan Grossman Cornell University Joint

Cyclone: Safe Programming at the C Level of Abstraction Dan Grossman Cornell University Joint

Cyclone: Safe Programming at the C Level of Abstraction Dan Grossman Cornell University Joint work with: Trevor Jim (AT&amp;T), Greg Morrisett, Michael Hicks (Maryland), James Cheney, Yanling Wang A safe C-level language Cyclone is a

860 views • 83 slides

More recommend