DOCSLIB.ORG

Finding Substitutable Binary Code by Synthesizing Adapters

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Finding Substitutable Binary Code by Synthesizing Adapters Finding Substitutable Binary Code By Synthesizing Adapters Vaibhav Sharma Kesha Hietala Stephen McCamant Department of Computer Science and Department of Computer Science Department of Computer Science and Engineering University of Maryland Engineering University of Minnesota College Park, MD 20742 University of Minnesota Minneapolis, MN 55455 [email protected] Minneapolis, MN 55455 [email protected] [email protected] Abstract—Independently developed codebases typically contain by comparing their behavior to known implementations, and many segments of code that perform same or closely related locating multiple versions of a function to be run in parallel to operations (semantic clones). Finding functionally equivalent provide security through diversity [4], and reverse engineering segments enables applications like replacing a segment by a more efficient or more secure alternative. Such related segments a fragment of code to its intended semantic functionality. often have different interfaces, so some glue code (an adapter) is Our technique works by searching for a wrapper that needed to replace one with the other. We present an algorithm can be added around one function’s interface to make it that searches for replaceable code segments at the function level equivalent to another function. We consider wrappers that by attempting to synthesize an adapter between them from some transform function arguments and return values. Listing 1 family of adapters; it terminates if it finds no possible adapter. We implement our technique using (1) concrete adapter enumeration shows implementations in two commonly-used libraries of based on Intel’s Pin framework (2) binary symbolic execution, the isalpha predicate, which checks if a character is a letter. and explore the relation between size of adapter search space and Both implementations follow the description of the isalpha total search time. We present examples of applying adapter syn- function as specified in the ISO C standard, but the glibc thesis for improving security and efficiency of binary functions, implementation signifies the input is a letter by returning 1024, deobfuscating binary functions, and switching between binary implementations of RC4. We present two large-scale evaluations, while the musl implementation returns 1 in that case. (1) we run adapter synthesis on more than 13,000 function int musl_isalpha(int c) { pairs from the Linux C library, (2) using more than 61,000 return ((unsigned)c|32)-’a’ < 26; fragments of binary code extracted from a ARM image built } for the iPod Nano 2g device and known functions from the VLC int glibc_isalpha(int c) { media player, we evaluate our adapter synthesis implementation return table[c] & 1024; on more than a million synthesis tasks . Our results confirm that } several instances of adaptably equivalent binary functions exist int adapted_isalpha(int c) { in real-world code, and suggest that adapter synthesis can be return (glibc_isalpha(c) != 0) ? 1 : 0; applied for reverse engineering and for constructing cleaner, less } buggy, more efficient programs. Listing 1. musl and glibc implementations of the isalpha predicate and a wrapper around the glibc implementation that is equivalent to the musl I. INTRODUCTION implementation When required to write an implementation for matrix The glibc implementation can be adapted to make it equivalent multiplication, the average programmer will come up with to the musl implementation by replacing its return value, if arXiv:1707.01536v3 [cs.SE] 30 Nov 2017 a naive implementation in a matter of minutes. However, non-zero, by 1 as shown by the adapted isalpha function. much research effort has been invested into creating more This illustrates the driving idea of our approach: to check efficient matrix multiplication algorithms [56], [8], [16]. On whether two functions f1 and f2 are different interfaces to the attempting to replace the naive implementation with an imple- same functionality, we can search for a wrapper that allows mentation of a more efficient matrix multiplication algorithm, f1 to be replaced by f2. the programmer is likely to encounter interface differences, We refer to the function being wrapped around as the inner such as taking its arguments in a different order. In this function and the function being emulated as the target func- paper we present a technique that automates the process of tion. In the example above, the inner function is glibc isalpha finding functions that match the behavior specified by an and the target function is musl isalpha. We refer to the existing function, while also discovering the necessary wrapper wrapper code automatically synthesized by our tool as an needed to handle interface differences between the original adapter. Our adapter synthesis tool searches in the space of and discovered functions. Other use cases for our technique in- all possible adapters allowed by a specified adapter family for clude replacing insecure dependencies of off-the-shelf libraries an adapter that makes the behavior of the inner function f2 with bug-free variants, deobfuscating binary-level functions equivalent to that of the target function f1. We represent that such an adapter exists by the notation f1 f2. Note that this Inputs: adaptability relationship may not be symmetric: a b does reference, target code not imply b a. To efficiently search for an adapter, we use adapter family FA The target code is counterexample guided inductive synthesis (CEGIS) [52]. An default adapter substitutable with the adapter family is represented as a formula for transforming empty test list current adapter values controlled by parameters: each setting of these pa- CheckAdapter rameters represents a possible adapter. Each step of CEGIS Q: Is there an input on which the A: No allows us to conclude that either a counterexample exists for reference and target code outputs differ with the current adapter? the previously hypothesized adapter, or that an adapter exists that will work for all previously found tests. We use binary symbolic execution both to generate counterexamples and to A: Yes, A is a A: Yes, x1, …, xn is find new candidate adapters; the symbolic execution engine suitable adapter a counterexample internally uses a satisfiability modulo theories (SMT) solver. (set the current (add x1, …, xn to adapter to A) the test list) We contrast the performance of binary symbolic execution for adapter search with an alternate approach that uses a randomly-ordered enumeration of all possible adapters. We SynthesizeAdapter always restrict our search to a specified finite family of Q: Is there an adapter such that the A: No adapters, and also bound the size of function inputs. output of the reference and target code is the same on all current tests? We show that adapter synthesis is useful for a variety of soft- The target code is not ware engineering tasks. One of our automatically synthesized substitutable with any adapters creates adaptable equivalence between a naive im- adapter in FA plementation of matrix multiplication and an implementation of Strassen’s matrix multiplication algorithm. We also demon- Fig. 1. Counterexample-guided adapter synthesis strate the application of adapter synthesis to deobfuscation by deobfuscating a heavily obfuscated implementation of CRC-32 checksum computation. We find adaptable equivalence modulo Section II presents our algorithm for adapter synthesis and a security bug caused by undefined behavior. Two other pairs describes our adapter families. Section III describes our im- of our automatically synthesized adapters create adaptable plementation, and Section IV presents examples of application equivalence between RC4 setup and encryption functions in of adapter synthesis, large-scale evaluations, and a comparison mbedTLS (formerly PolarSSL) and OpenSSL. We can use of two adapter search implementations. Section V discusses binary symbolic execution both to generate counterexamples limitations and future work, Section VI describes related work, and to find new candidate adapters. Our notion of adapter and Section VII concludes. correctness only considers code’s behavior, so we can de- II. ADAPTER SYNTHESIS tect substitutability between functions that have no syntactic similarity. We explore the trade-off between using concrete A. An Algorithm for adapter Synthesis enumeration and binary symbolic execution for adapter search. The idea of counterexample-guided synthesis is to al- Guided by this experiment, we show that binary symbolic ternate between synthesizing candidate adapter expressions, execution-based adapter synthesis can be used for reverse and checking whether those expressions meet the desired engineering at scale. We use the Rockbox project [49] to create specification. When a candidate adapter expression fails to an a ARM-based 3rd party firmware image for the iPod Nano meet the specification, a counterexample is produced to guide 2g device and identify more than 61,000 target code fragments the next synthesis attempt. We are interested in synthesizing from this image. We extract reference functions from the adapters that map the arguments of the target function to the VLC media player [57]. Using these target code fragments arguments of the inner function, and map the return value and reference functions, our evaluation completes more than of the inner function to that of the target function, in such 1.17 million synthesis tasks. Each synthesis task navigates an a way that the behavior of the two functions match. Our adapter search space of more than 1.353
Load more

Recommended publications
  • An Introduction to Operad Theory
    AN INTRODUCTION TO OPERAD THEORY SAIMA SAMCHUCK-SCHNARCH Abstract. We give an introduction to category theory and operad theory aimed at the undergraduate level. We first explore operads in the category of sets, and then generalize to other familiar categories. Finally, we develop tools to construct operads via generators and relations, and provide several examples of operads in various categories. Throughout, we highlight the ways in which operads can be seen to encode the properties of algebraic structures across different categories. Contents 1. Introduction1 2. Preliminary Definitions2 2.1. Algebraic Structures2 2.2. Category Theory4 3. Operads in the Category of Sets 12 3.1. Basic Definitions 13 3.2. Tree Diagram Visualizations 14 3.3. Morphisms and Algebras over Operads of Sets 17 4. General Operads 22 4.1. Basic Definitions 22 4.2. Morphisms and Algebras over General Operads 27 5. Operads via Generators and Relations 33 5.1. Quotient Operads and Free Operads 33 5.2. More Examples of Operads 38 5.3. Coloured Operads 43 References 44 1. Introduction Sets equipped with operations are ubiquitous in mathematics, and many familiar operati- ons share key properties. For instance, the addition of real numbers, composition of functions, and concatenation of strings are all associative operations with an identity element. In other words, all three are examples of monoids. Rather than working with particular examples of sets and operations directly, it is often more convenient to abstract out their common pro- perties and work with algebraic structures instead. For instance, one can prove that in any monoid, arbitrarily long products x1x2 ··· xn have an unambiguous value, and thus brackets 2010 Mathematics Subject Classification.
    [Show full text]
  • Rockbox User Manual
    The Rockbox Manual for Sansa Fuze+ rockbox.org October 1, 2013 2 Rockbox http://www.rockbox.org/ Open Source Jukebox Firmware Rockbox and this manual is the collaborative effort of the Rockbox team and its contributors. See the appendix for a complete list of contributors. c 2003-2013 The Rockbox Team and its contributors, c 2004 Christi Alice Scarborough, c 2003 José Maria Garcia-Valdecasas Bernal & Peter Schlenker. Version unknown-131001. Built using pdfLATEX. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation; with no Invariant Sec- tions, no Front-Cover Texts, and no Back-Cover Texts. A copy of the license is included in the section entitled “GNU Free Documentation License”. The Rockbox manual (version unknown-131001) Sansa Fuze+ Contents 3 Contents 1. Introduction 11 1.1. Welcome..................................... 11 1.2. Getting more help............................... 11 1.3. Naming conventions and marks........................ 12 2. Installation 13 2.1. Before Starting................................. 13 2.2. Installing Rockbox............................... 13 2.2.1. Automated Installation........................ 14 2.2.2. Manual Installation.......................... 15 2.2.3. Bootloader installation from Windows................ 16 2.2.4. Bootloader installation from Mac OS X and Linux......... 17 2.2.5. Finishing the install.......................... 17 2.2.6. Enabling Speech Support (optional)................. 17 2.3. Running Rockbox................................ 18 2.4. Updating Rockbox............................... 18 2.5. Uninstalling Rockbox............................. 18 2.5.1. Automatic Uninstallation....................... 18 2.5.2. Manual Uninstallation......................... 18 2.6. Troubleshooting................................. 18 3. Quick Start 20 3.1.
    [Show full text]
  • Binary Integer Programming and Its Use for Envelope Determination
    Binary Integer Programming and its Use for Envelope Determination By Vladimir Y. Lunin1,2, Alexandre Urzhumtsev3,† & Alexander Bockmayr2 1 Institute of Mathematical Problems of Biology, Russian Academy of Sciences, Pushchino, Moscow Region, 140292 Russia 2 LORIA, UMR 7503, Faculté des Sciences, Université Henri Poincaré, Nancy I, 54506 Vandoeuvre-les-Nancy, France; [email protected] 3 LCM3B, UMR 7036 CNRS, Faculté des Sciences, Université Henri Poincaré, Nancy I, 54506 Vandoeuvre-les-Nancy, France; [email protected] † to whom correspondence must be sent Abstract The density values are linked to the observed magnitudes and unknown phases by a system of non-linear equations. When the object of search is a binary envelope rather than a continuous function of the electron density distribution, these equations can be replaced by a system of linear inequalities with respect to binary unknowns and powerful tools of integer linear programming may be applied to solve the phase problem. This novel approach was tested with calculated and experimental data for a known protein structure. 1. Introduction Binary Integer Programming (BIP in what follows) is an approach to solve a system of linear inequalities in binary unknowns (0 or 1 in what follows). Integer programming has been studied in mathematics, computer science, and operations research for more than 40 years (see for example Johnson et al., 2000 and Bockmayr & Kasper, 1998, for a review). It has been successfully applied to solve a huge number of large-scale combinatorial problems. The general form of an integer linear programming problem is max { cTx | Ax ≤ b, x ∈ Zn } (1.1) with a real matrix A of a dimension m by n, and vectors c ∈ Rn, b ∈ Rm, cTx being the scalar product of the vectors c and x.
    [Show full text]
  • Making a Faster Curry with Extensional Types
    Making a Faster Curry with Extensional Types Paul Downen Simon Peyton Jones Zachary Sullivan Microsoft Research Zena M. Ariola Cambridge, UK University of Oregon [email protected] Eugene, Oregon, USA [email protected] [email protected] [email protected] Abstract 1 Introduction Curried functions apparently take one argument at a time, Consider these two function definitions: which is slow. So optimizing compilers for higher-order lan- guages invariably have some mechanism for working around f1 = λx: let z = h x x in λy:e y z currying by passing several arguments at once, as many as f = λx:λy: let z = h x x in e y z the function can handle, which is known as its arity. But 2 such mechanisms are often ad-hoc, and do not work at all in higher-order functions. We show how extensional, call- It is highly desirable for an optimizing compiler to η ex- by-name functions have the correct behavior for directly pand f1 into f2. The function f1 takes only a single argu- expressing the arity of curried functions. And these exten- ment before returning a heap-allocated function closure; sional functions can stand side-by-side with functions native then that closure must subsequently be called by passing the to practical programming languages, which do not use call- second argument. In contrast, f2 can take both arguments by-name evaluation. Integrating call-by-name with other at once, without constructing an intermediate closure, and evaluation strategies in the same intermediate language ex- this can make a huge difference to run-time performance in presses the arity of a function in its type and gives a princi- practice [Marlow and Peyton Jones 2004].
    [Show full text]
  • PORTABLE DIGITAL AUDIO PLAYER Basic Model : YH-J70
    PORTABLE DIGITAL AUDIO PLAYER Basic Model : YH-J70 * Application : YH-J70SB/SW[20GB] YH-J70LB/LW[30GB] SERVICE Manual PORTABLE DIGITAL AUDIO PLAYER Features - Mass Storage Device Support - MP3, WMA, Audio ASF and Ogg Playback - USB Host Function Support - Video Playback Function - Image & Text Viewer Function - Direct MP3 Recording - USB 2.0 High Speed Data Transfer - SRS WOW Surround Sound - 1.8-inch Color TFT LCD - Various Games Support - Built-in Rechargeable Li-ion Battery - Playback Speed Control Function Model : YH-J70 - Upgradable - Confidential - YH-J70LB/LW[30GB] YH-J70SB/SW[20GB] ELECTRONICS © Samsung Electronics Co.,Ltd. AUG. 2005 Printed in Korea Code no. AH68-01654S INDEX Ch7 Exploded View & Parts List Ch1 Precautions 1. Total Exploded View 7-1 0. HDD SVC Repair Caution 1-1 2. Parts List 7-2 1-1. Safety Precautions 1-2 1-2. Servicing Precautions 1-3 Ch8 Electrical Parts List 1-3. Precautions for Electrostatically Sensitive Device (ESDs) 1-4 Electrical Parts List 8-1 Ch9 Block Diagram Block Diagram 9-1 Ch2 Product Descriptions 1. Product Feature 2-1 Ch10 Wiring Diagram 2. Specifications 2-2 Wiring Diagram 10-1 3. Accessories 2-3 Ch11 PCB Diagram Ch3 Product Functions 1. MAIN 11-1 1. Basic Functions 3-1 2. SUB 11-2 2. New Functions 3-3 3. PC Connection 3-6 Ch12 Schematic Diagram Ch4 Adjustments 1. MAIN 12-1 1.How to recover the device 4-1 2. SELF-TEST Manual 12-2 Ch5 How to disassemble Ch13 Circuit Description How to disassemble 5-1 Circuit Board Description 13-1 Ch6 Troubleshooting 1.
    [Show full text]
  • Self-Similarity in the Foundations
    Self-similarity in the Foundations Paul K. Gorbow Thesis submitted for the degree of Ph.D. in Logic, defended on June 14, 2018. Supervisors: Ali Enayat (primary) Peter LeFanu Lumsdaine (secondary) Zachiri McKenzie (secondary) University of Gothenburg Department of Philosophy, Linguistics, and Theory of Science Box 200, 405 30 GOTEBORG,¨ Sweden arXiv:1806.11310v1 [math.LO] 29 Jun 2018 2 Contents 1 Introduction 5 1.1 Introductiontoageneralaudience . ..... 5 1.2 Introduction for logicians . .. 7 2 Tour of the theories considered 11 2.1 PowerKripke-Plateksettheory . .... 11 2.2 Stratifiedsettheory ................................ .. 13 2.3 Categorical semantics and algebraic set theory . ....... 17 3 Motivation 19 3.1 Motivation behind research on embeddings between models of set theory. 19 3.2 Motivation behind stratified algebraic set theory . ...... 20 4 Logic, set theory and non-standard models 23 4.1 Basiclogicandmodeltheory ............................ 23 4.2 Ordertheoryandcategorytheory. ...... 26 4.3 PowerKripke-Plateksettheory . .... 28 4.4 First-order logic and partial satisfaction relations internal to KPP ........ 32 4.5 Zermelo-Fraenkel set theory and G¨odel-Bernays class theory............ 36 4.6 Non-standardmodelsofsettheory . ..... 38 5 Embeddings between models of set theory 47 5.1 Iterated ultrapowers with special self-embeddings . ......... 47 5.2 Embeddingsbetweenmodelsofsettheory . ..... 57 5.3 Characterizations.................................. .. 66 6 Stratified set theory and categorical semantics 73 6.1 Stratifiedsettheoryandclasstheory . ...... 73 6.2 Categoricalsemantics ............................... .. 77 7 Stratified algebraic set theory 85 7.1 Stratifiedcategoriesofclasses . ..... 85 7.2 Interpretation of the Set-theories in the Cat-theories ................ 90 7.3 ThesubtoposofstronglyCantorianobjects . ....... 99 8 Where to go from here? 103 8.1 Category theoretic approach to embeddings between models of settheory .
    [Show full text]
  • Rockbox User Manual
    The Rockbox Manual for Ipod Classic rockbox.org December 27, 2020 2 Rockbox https://www.rockbox.org/ Open Source Jukebox Firmware Rockbox and this manual is the collaborative effort of the Rockbox team and its contributors. See the appendix for a complete list of contributors. c 2003–2020 The Rockbox Team and its contributors, c 2004 Christi Alice Scarborough, c 2003 José Maria Garcia-Valdecasas Bernal & Peter Schlenker. Version 3.15p10. Built using pdfLATEX. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation; with no Invariant Sec- tions, no Front-Cover Texts, and no Back-Cover Texts. A copy of the license is included in the section entitled “GNU Free Documentation License”. The Rockbox manual (version 3.15p10) Ipod Classic Contents 3 Contents 1. Introduction 12 1.1. Welcome..................................... 12 1.2. Getting more help............................... 12 1.3. Naming conventions and marks........................ 13 2. Installation 14 2.1. Before Starting................................. 14 2.2. Installing Rockbox............................... 15 2.2.1. Automated Installation........................ 15 2.2.2. Manual Installation.......................... 17 2.2.3. Finishing the install.......................... 19 2.2.4. Enabling Speech Support (optional)................. 19 2.3. Running Rockbox................................ 19 2.4. Updating Rockbox............................... 19 2.5. Uninstalling Rockbox............................. 20 2.5.1. Automatic Uninstallation....................... 20 2.5.2. Manual Uninstallation......................... 20 2.6. Troubleshooting................................. 20 3. Quick Start 21 3.1. Basic Overview................................. 21 3.1.1. The player’s controls.......................... 21 3.1.2. Turning the player on and off....................
    [Show full text]
  • Solving Multiclass Learning Problems Via Error-Correcting Output Codes
    Journal of Articial Intelligence Research Submitted published Solving Multiclass Learning Problems via ErrorCorrecting Output Co des Thomas G Dietterich tgdcsorstedu Department of Computer Science Dearborn Hal l Oregon State University Corval lis OR USA Ghulum Bakiri ebisaccuobbh Department of Computer Science University of Bahrain Isa Town Bahrain Abstract Multiclass learning problems involve nding a denition for an unknown function f x whose range is a discrete set containing k values ie k classes The denition is acquired by studying collections of training examples of the form hx f x i Existing ap i i proaches to multiclass learning problems include direct application of multiclass algorithms such as the decisiontree algorithms C and CART application of binary concept learning algorithms to learn individual binary functions for each of the k classes and application of binary concept learning algorithms with distributed output representations This pap er compares these three approaches to a new technique in which errorcorrecting co des are employed as a distributed output representation We show that these output representa tions improve the generalization p erformance of b oth C and backpropagation on a wide range of multiclass learning tasks We also demonstrate that this approach is robust with resp ect to changes in the size of the training sample the assignment of distributed represen tations to particular classes and the application of overtting avoidance techniques such as decisiontree pruning Finally we show thatlike
    [Show full text]
  • Current Version, Ch01-03
    Digital Logic and Computer Organization Neal Nelson c May 2013 Contents 1 Numbers and Gates 5 1.1 Numbers and Primitive Data Types . .5 1.2 Representing Numbers . .6 1.2.1 Decimal and Binary Systems . .6 1.2.2 Binary Counting . .7 1.2.3 Binary Conversions . .9 1.2.4 Hexadecimal . 11 1.3 Representing Negative Numbers . 13 1.3.1 Ten's Complement . 14 1.3.2 Two's Complement Binary Representation . 18 1.3.3 Negation in Two's Complement . 20 1.3.4 Two's Complement to Decimal Conversion . 21 1.3.5 Decimal to Two's Complement Conversion . 22 1.4 Gates and Circuits . 22 1.4.1 Logic Expressions . 23 1.4.2 Circuit Expressions . 24 1.5 Exercises . 26 2 Logic Functions 29 2.1 Functions . 29 2.2 Logic Functions . 30 2.2.1 Primitive Gate Functions . 31 2.2.2 Evaluating Logic Expressions and Circuits . 31 2.2.3 Logic Tables for Expressions and Circuits . 32 2.2.4 Expressions as Functions . 34 2.3 Equivalence of Boolean Expressions . 36 2.4 Logic Functional Completeness . 36 2.5 Boolean Algebra . 37 2.6 Tables, Expressions, and Circuits . 37 1 2.6.1 Disjunctive Normal Form . 38 2.6.2 Logic Expressions from Tables . 39 2.7 Exercises . 41 3 Dataflow Logic 43 3.1 Data Types . 44 3.1.1 Unsigned Int . 45 3.1.2 Signed Int . 45 3.1.3 Char and String . 45 3.2 Data Buses . 46 3.3 Bitwise Functions . 48 3.4 Integer Functions .
    [Show full text]
  • Can You Put Pictures on Sansa Clip Zip Lemarchal Briser Louanges
    Can You Put Pictures On Sansa Clip Zip ->>->>->> http://tinyurl.com/yao34sr7 1 / 3 Sansa makes various models of MP3 players, media devices that you can use to store and listen to music. .Is Rockbox compatible with Sandisk's Sansa Clip Sport? . I ended up buying a refurbished sansa clip zip and it's worked out better than I expected.Sansa clip+ sd card troubles . Tags . music files or less loaded to the sansa clip itself. if I load more than 25 then the . pictures from old sd .Buy SanDisk 8GB Clip Jam MP3 Player (Black) . I purchased this MP3 after the screen on my Sansa Clip Zip died. Can you put different mood type music in .Toys "R" Us, Inc. is an American toy and juvenile-products retailer founded in 1948 and headquartered in Wayne, New Jersey, in the New York City metropolitan area.Here are some troubleshooting steps you can take if your Sansa Clip won't sync . With the physical exterior of the Sansa Clip checked, .SanDisk Clip Jam MP3 Player. Submit your photos and take part in the storytelling experience. Just tag your photos with #sandiskstories on Twitter and Instagram.Talk:SanDisk Sansa This is the talk . To whom it may concern I'm haveing trouble with my SanDisc Sansa with holding a charge. Can you help me??? . Clip Zip: OLED .besides the album art that is shown when I play music, is there any way at all that I can put pictures on my sansa clip zip?Putting photos/videos on the Sansa e250 Ok, so i can put music on my Sansa e250, .
    [Show full text]
  • Universal Functions Paul B
    Universal Functions Paul B. Larson1 Arnold W. Miller Juris Stepr¯ans William A.R. Weiss Contents 1. Introduction 2 1.1. Cardinal characteristics 4 2. Borel universal functions 5 3. Universal functions and Martin's Axiom 9 4. Universal functions of special kinds 12 5. Abstract universal functions 18 5.1. Property R 28 6. Higher dimensional universal functions 30 7. Model-theoretic universality 43 8. Appendix 50 References 52 Abstract2 A function of two variables F (x; y) is universal if for every function G(x; y) there exists functions h(x) and k(y) such that G(x; y) = F (h(x); k(y)) for all x; y. Sierpi´nskishowed that assuming the Continuum Hypothesis there exists a Borel function F (x; y) which is universal. Assuming Mar- tin's Axiom there is a universal function of Baire class 2. A universal function cannot be of Baire class 1. Here we show that it is consistent that for each α with 2 ≤ α < !1 there is a universal function of class α but none of class β < α. We show that it is consistent with ZFC that there is no universal function (Borel or not) on the reals, and we show that it is consistent that there is a universal function but no Borel universal function. We also prove some results concerning higher-arity 1Research supported in part by NSF Grants DMS-0801009 and DMS-1201494. Much of the writing of the paper was done while all four authors attended the thematic program on Forcing and its Applications at the Fields Institute in Fall 2012.
    [Show full text]
  • Multiclass Classification Using Support Vector Machines
    Georgia Southern University Digital Commons@Georgia Southern Electronic Theses and Dissertations Graduate Studies, Jack N. Averitt College of Fall 2018 Multiclass Classification Using Support ectorV Machines Duleep Prasanna W. Rathgamage Don Follow this and additional works at: https://digitalcommons.georgiasouthern.edu/etd Part of the Artificial Intelligence and Robotics Commons, Other Applied Mathematics Commons, and the Other Statistics and Probability Commons Recommended Citation Rathgamage Don, Duleep Prasanna W., "Multiclass Classification Using Support ectorV Machines" (2018). Electronic Theses and Dissertations. 1845. https://digitalcommons.georgiasouthern.edu/etd/1845 This thesis (open access) is brought to you for free and open access by the Graduate Studies, Jack N. Averitt College of at Digital Commons@Georgia Southern. It has been accepted for inclusion in Electronic Theses and Dissertations by an authorized administrator of Digital Commons@Georgia Southern. For more information, please contact [email protected]. MULTICLASS CLASSIFICATION USING SUPPORT VECTOR MACHINES by DULEEP RATHGAMAGE DON (Under the Direction of Ionut Iacob) ABSTRACT In this thesis we discuss different SVM methods for multiclass classification and introduce the Divide and Conquer Support Vector Machine (DCSVM) algorithm which relies on data sparsity in high dimensional space and performs a smart partitioning of the whole train- ing data set into disjoint subsets that are easily separable. A single prediction performed between two partitions eliminates one or more classes in a single partition, leaving only a reduced number of candidate classes for subsequent steps. The algorithm continues recur- sively, reducing the number of classes at each step, until a final binary decision is made between the last two classes left in the process.
    [Show full text]