DOCSLIB.ORG

Code-Reuse Attacks and Defenses, © April 2015 Phd Referees: Prof

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Code-Reuse Attacks and Defenses, © April 2015 Phd Referees: Prof CODE-REUSEATTACKSANDDEFENSES Vom Fachbereich Informatik (FB 20) an der Technischen Universität Darmstadt zur Erlangung des akademischen Grades eines Doktor-Ingenieurs genehmigte Dissertation von: MSc. Lucas Vincenzo Davi Geboren am 27. April 1984 in Duisburg, Deutschland Referenten: Prof. Dr.-Ing. Ahmad-Reza Sadeghi (Erstreferent) Prof. Hovav Shacham (Zweitreferent) Tag der Einreichung: 22. April 2015 Tag der Disputation: 3. Juni 2015 CASED/System Security Lab Intel Collaborative Research Center for Secure Computing Fachbereich für Informatik Technische Universität Darmstadt Hochschulkennziffer: D17 Lucas Vincenzo Davi: Code-Reuse Attacks and Defenses, © April 2015 phd referees: Prof. Dr.-Ing. Ahmad-Reza Sadeghi (1st PhD Referee) Prof. Hovav Shacham (2nd PhD Referee) further phd commission members: Prof. Dr. Dr. h.c. Johannes A. Buchmann Prof. Dr. Stefan Katzenbeisser Prof. Dr.-Ing. Matthias Hollick Darmstadt, Germany April 2015 ABSTRACT Exploitation of memory corruption vulnerabilities in widely used software has been a threat for almost three decades and no end seems to be in sight. In particular, code- reuse techniques such as return-oriented programming offer a robust attack technique that is extensively used to exploit memory corruption vulnerabilities in modern software programs (e. g. web browsers or document viewers). Whereas conventional control-flow attacks (runtime exploits) require the injection of malicious code, code-reuse attacks leverage code that is already present in the address space of an application to undermine the security model of data execution prevention (DEP). In addition, code-reuse attacks in conjunction with memory disclosure attack techniques circumvent the widely applied memory protection model of address space layout randomization (ASLR). To counter this ingenious attack strategy, several proposals for enforcement of control-flow integrity (CFI) and fine-grained code randomization have emerged. In this dissertation, we explore the limitations of existing defenses against code-reuse attacks. In particular, we demonstrate that various coarse-grained CFI solutions can be effectively undermined, even under weak adversarial assumptions. Moreover, we ex- plore a new return-oriented programming attack technique that is solely based on indi- rect jump and call instructions to evade detection from defenses that perform integrity checks for return addresses. To tackle the limitations of existing defenses, this dissertation introduces the design and implementation of several new countermeasures. First, we present a generic and fine-grained CFI framework for mobile devices targeting ARM-based platforms. This framework preserves static code signatures by instrumenting mobile applications on- the-fly in memory. Second, we tackle the performance and security limitations of exist- ing CFI defenses by introducing hardware-assisted CFI for embedded devices. To this end, we present a CFI-based hardware implementation for Intel Siskiyou Peak using dedicated CFI machine instructions. Lastly, we explore fine-grained code randomization techniques. III ZUSAMMENFASSUNG Laufzeitangriffe nutzen Speicher- und Programmierfehler aus, um beliebiges Schadver- halten auf einem Computersystem zu verursachen. Obwohl diese Angriffe seit über zwei Jahrzehnten bekannt sind, stellen sie immer noch eine große Bedrohung für moderne Software-Programme dar. Dabei benutzen heutige Angriffe eine ausgeklügelte Tech- nik, die sich Return-Oriented Programming (ROP) nennt. Im Gegensatz zu klassischen Laufzeitangriffen, die auf das Einschleusen von Schadcode in den Speicher eines Pro- grammes angewiesen waren, können ROP Angriffe allein über das Zusammensetzen von vorhandenen gutartigen Code Schadverhalten erzeugen. Weil hierbei kein neuer Schadcode explizit eingeschleust wird, umgehen ROP Angriffe weit verbreitete Ab- wehrmechanismen wie beispielsweise Ausführungsschutz für den Arbeitsspeicher. Ins- besondere können ROP Angriffe in Kombination mit sogenannten Speicherlecks –in der englischen Fachliteratur häufig als Memory Disclosure bezeichnet– dazu verwendet werden, um Adress Randomisierung zu umgehen. Um effektiv gegen diese neuartigen Laufzeitangriffe vorzugehen, wurden in den letzten Jahre eine Vielzahl an Abwehrmeth- oden vorgeschlagen, die meistens entweder auf Kontrollfluss-Integrität oder auf fort- geschrittenen Speicheradressen Randomisierungstechniken basieren. In dieser Dissertation erforschen wir die Grenzen und Einschränkungen von existieren- den Schutzmechanismen gegen ROP Angriffe und demonstrieren praktische Angriffe gegen kürzlich präsentierte Kontrollfluss-Integritätslösungen sowie Speicheradressen Randomisierungstechniken, die nicht selten mit nur minimalen Anforderungen ange- griffen werden können. Insbesondere präsentieren wir einen neuartigen ROP Angriff, der ausschließlich indirekte Sprungbefehle missbraucht, um Detektion von Schutzmech- anismen zu umgehen, die Integritätsprüfungen für Funktionsrücksprünge ausführen. Um den Sicherheitsproblemen von vorhandenen Schutzmechanismen effektiv entge- genzutreten, stellen wir in dieser Dissertation die Konzepte und die Implementierungen von mehreren neuartigen Abwehrmethoden vor. Zuerst präsentieren wir eine allgemeine und fortgeschrittene Kontrollflussintegritäts-Lösung für mobile Geräte. Unsere Lösung ist kompatibel zu digitalen Code Signaturen, weil sie nur bereits verifizierten Code dynamisch im Adressspeicher um Integritätsprüfungen erweitert. Zudem erforschen wir einen neuen Hardware-basierten Ansatz zur Kontrollflussintegrität, der im Beson- deren die Leistungseinbußen von existierenden Ansätzen löst. Unser Prototyp basiert auf der Intel-basierten Platform Siskiyou Peak, die besonders für eingebettete Systeme geeignet ist. Zuletzt erforschen wir fortgeschrittene Speicheradressen Randomisierung- stechniken. IV ACKNOWLEDGMENTS Foremost, I’d like to thank my advisor Prof. Ahmad-Reza Sadeghi for his support, feed- back, and guidance. I am very grateful for the intensive and fruitful discussions we had with Ahmad during the five years of my PhD research. His passion and dedication for research has highly influenced my career in academia. I am grateful for the numerous opportunities he has given me, particularly for connecting me with outstanding security researchers worldwide. Besides my advisor Ahmad, I want to thank several professors for their support and advices. Prof. Fabian Monrose from the University of North Carolina at Chapel Hill has supported me with great feedback and writing tips. I learned a lot from his accurateness and critical reviews. From the beginning of my PhD, I was privileged to collaborate with Prof. Thorsten Holz from Ruhr-Universität Bochum. Our collaboration with Thorsten’s team resulted in several publications. I’d also like to thank Prof. N. Asokan (Aalto Uni- versity) for working with me on a lecture book on mobile security, and Prof. Yier Jin (University of Central Florida) for collaborating on hardware-assisted control-flow in- tegrity. I am very honored to have Prof. Hovav Shacham from University of California, San Diego as second referee of my PhD dissertation. I was also pleased to collaborate with him on advanced return-oriented programming attacks. This dissertation is a result of collaborations with various co-authors and colleagues. In particular, I’d like to thank all my colleagues at the System Security Lab at Ruhr- Universität Bochum and Technische Universität Darmstadt, Germany. The joint research work with my colleagues Alexandra Dmitrienko, Marcel Winandy, Christopher Liebchen, Steffen Schulz, Thomas Fischer, Matthias Hanreich, Stefan Nürnberger, Sven Bugiel, Bhargava Shastry, Debayan Paul, Mihai Bucicoiu, and Stephan Heuser resulted in several publications. I have been very lucky to work with several excellent researchers. I’d like to partic- ularly thank Ralf Hund from Ruhr-Universität Bochum. For several months we visited each other, and developed a control-flow integrity framework for mobile devices. Spe- cial thanks also go to Kevin Z. Snow from University of North Carolina at Chapel Hill. We presented together just-in-time return-oriented programming attacks at BlackHat USA 2013 and received the best student paper award at IEEE Security & Privacy 2013. There are many other external co-authors I was privileged to work with, particularly Per Larsen, Stephen Crane, Andrei Homescu, Dean Sullivan, Orlando Arias, Mauro Conti, Marco Negro, Stephen Checkoway, Manuel Egele, Blaine Stancill, Nathan Otterness, Fe- lix Schuster, Kari Kostiainen, Elena Reshetova, and Razvan Deaconescu. I had the privilege to supervise and work with several outstanding students. In the bachelor thesis of Daniel Lehmann, we conducted a security analysis of recently pro- posed control-flow integrity schemes. The master thesis of Tim Werthmann introduces fine-grained application sandboxing on iOS. For Christopher Liebchen’s master thesis, we explored fine-grained code randomization and execution-path randomization. V During my PhD, I had the unique opportunity to do a summer internship at the Se- curity Research Lab at Intel Labs in Hillsboro, Oregon. I’d like to thank my manager Anand Rajan and my mentor Manoj Sastry. Both have greatly supported me during my internship. Because of our newly founded Intel Security Institute in Darmstadt (Intel CRI-SC), I had the opportunity to work with Matthias Schunter, Patrick Koeberl, and Steffen Schulz. In particular, I’d like to thank Patrick for his great feedback on the archi- tectural and implementation aspects of hardware-assisted
Load more

Recommended publications
  • New Inheritance Models That Facilitate Source Code Reuse in Object-Oriented Programming
    NEW INHERITANCE MODELS THAT FACILITATE SOURCE CODE REUSE IN OBJECT- ORIENTED PROGRAMMING By HISHAM M. AL-HADDAD Bachelor of Science Yarmouk University lrbid, Jordan 1986 Master of Science Northrop University Los Angeles, California 1988 Submitted to the Faculty of the Graduate College of the Oklahoma State University in partial fulfillment of the requirements for the degree of DOCTOR OF PHILOSOPHY July, 1992 Oklahoma Statt.' Ur1iv. Library NEW INHERITANCE MODELS THAT FACILITATE SOURCE CODE REUSE IN OBJECT- ORIENTED PROGRAMMING C/ wU::r-~ B I A~c;p .... _.-~ Dean of the Graduate CoUege ii PREFACE Code reusability is a primary objective in the development of software systems. The object-oriented programming methodology is one of the areas that facilitate the development of software systems by allowing and promoting code reuse and modular designs. Object-oriented programming languages (OOPLs) provide different facilities to attain efficient reuse and reliable extension of existing software components. Inheritance is an important language feature that is conducive to reusability and extensibility. Various OOPLs provide different inheritance models based on different interpretations of the inheritance notion. Therefore, OOPLs have different characteristics derived from their respective inheritance models. This dissertation is concerned with solutions for three major problems that limit the utilization of inheritance for code reusability. The range of object-oriented applications and thus the usage of object-oriented programming in general is also discussed. The three major problems are: 1) the relationship between inheritance and other related issues such as encapsulation, access techniques, visibility of inheritance, and subtyping; 2) the hierarchical structure imposed by inheritance among classes; and 3) the accessibility of previous versions of the modified methods defmed in classes located at higher levels of the inheritance structure than the parent classes.
    [Show full text]
  • Generic Programming
    Generic Programming July 21, 1998 A Dagstuhl Seminar on the topic of Generic Programming was held April 27– May 1, 1998, with forty seven participants from ten countries. During the meeting there were thirty seven lectures, a panel session, and several problem sessions. The outcomes of the meeting include • A collection of abstracts of the lectures, made publicly available via this booklet and a web site at http://www-ca.informatik.uni-tuebingen.de/dagstuhl/gpdag.html. • Plans for a proceedings volume of papers submitted after the seminar that present (possibly extended) discussions of the topics covered in the lectures, problem sessions, and the panel session. • A list of generic programming projects and open problems, which will be maintained publicly on the World Wide Web at http://www-ca.informatik.uni-tuebingen.de/people/musser/gp/pop/index.html http://www.cs.rpi.edu/˜musser/gp/pop/index.html. 1 Contents 1 Motivation 3 2 Standards Panel 4 3 Lectures 4 3.1 Foundations and Methodology Comparisons ........ 4 Fundamentals of Generic Programming.................. 4 Jim Dehnert and Alex Stepanov Automatic Program Specialization by Partial Evaluation........ 4 Robert Gl¨uck Evaluating Generic Programming in Practice............... 6 Mehdi Jazayeri Polytypic Programming........................... 6 Johan Jeuring Recasting Algorithms As Objects: AnAlternativetoIterators . 7 Murali Sitaraman Using Genericity to Improve OO Designs................. 8 Karsten Weihe Inheritance, Genericity, and Class Hierarchies.............. 8 Wolf Zimmermann 3.2 Programming Methodology ................... 9 Hierarchical Iterators and Algorithms................... 9 Matt Austern Generic Programming in C++: Matrix Case Study........... 9 Krzysztof Czarnecki Generative Programming: Beyond Generic Programming........ 10 Ulrich Eisenecker Generic Programming Using Adaptive and Aspect-Oriented Programming .
    [Show full text]
  • Code Reuse and Refactoring: Going Agile on Complex Products
    Code Reuse and Refactoring: Going Agile on Complex Products Using enterprise Software Version Management to coordinate complex products, seamlessly support Git developers, and solve refactoring problems. Table of Contents Component-Based Development __________________________________________________ 1 CBD Product Model ______________________________________________________________ 1 The Repository Model ____________________________________________________________ 2 Managing CBD in Git _____________________________________________________________ 2 Setting Up the CBD Model _____________________________________________________ 2 Incorporating Non-Software Components ____________________________________ 3 Updating Component Baselines ________________________________________________ 3 Submitting Patches to Components _____________________________________________ 4 Developer View _______________________________________________________________ 4 Refactoring: In Practice ________________________________________________________ 4 Refactoring: Developer Impact _________________________________________________ 4 Managing CBD in Perforce Software Version Management and Perforce Git Fusion ______ 5 Setting Up the CBD Model _____________________________________________________ 5 Incorporating Non-Software Components ____________________________________ 5 Updating Component Baselines ________________________________________________ 5 Submitting Patches to Components _____________________________________________ 5 Developer View _______________________________________________________________
    [Show full text]
  • A Model of Inheritance for Declarative Visual Programming Languages
    An Abstract Of The Dissertation Of Rebecca Djang for the degree of Doctor of Philosophy in Computer Science presented on December 17, 1998. Title: Similarity Inheritance: A Model of Inheritance for Declarative Visual Programming Languages. Abstract approved: Margaret M. Burnett Declarative visual programming languages (VPLs), including spreadsheets, make up a large portion of both research and commercial VPLs. Spreadsheets in particular enjoy a wide audience, including end users. Unfortunately, spreadsheets and most other declarative VPLs still suffer from some of the problems that have been solved in other languages, such as ad-hoc (cut-and-paste) reuse of code which has been remedied in object-oriented languages, for example, through the code-reuse mechanism of inheritance. We believe spreadsheets and other declarative VPLs can benefit from the addition of an inheritance-like mechanism for fine-grained code reuse. This dissertation first examines the opportunities for supporting reuse inherent in declarative VPLs, and then introduces similarity inheritance and describes a prototype of this model in the research spreadsheet language Forms/3. Similarity inheritance is very flexible, allowing multiple granularities of code sharing and even mutual inheritance; it includes explicit representations of inherited code and all sharing relationships, and it subsumes the current spreadsheet mechanisms for formula propagation, providing a gradual migration from simple formula reuse to more sophisticated uses of inheritance among objects. Since the inheritance model separates inheritance from types, we investigate what notion of types is appropriate to support reuse of functions on different types (operation polymorphism). Because it is important to us that immediate feedback, which is characteristic of many VPLs, be preserved, including feedback with respect to type errors, we introduce a model of types suitable for static type inference in the presence of operation polymorphism with similarity inheritance.
    [Show full text]
  • Beginning SOLID Principles and Design Patterns for ASP.NET Developers — Bipin Joshi Beginning SOLID Principles and Design Patterns for ASP.NET Developers
    THE EXPERT’S VOICE® IN .NET DEVELOPMENT Beginning SOLID Principles and Design Patterns for ASP.NET Developers — Bipin Joshi Beginning SOLID Principles and Design Patterns for ASP.NET Developers Bipin Joshi Beginning SOLID Principles and Design Patterns for ASP.NET Developers Bipin Joshi 301 Pitruchhaya Thane, India ISBN-13 (pbk): 978-1-4842-1847-1 ISBN-13 (electronic): 978-1-4842-1848-8 DOI 10.1007/978-1-4842-1848-8 Library of Congress Control Number: 2016937316 Copyright © 2016 by Bipin Joshi This work is subject to copyright. All rights are reserved by the Publisher, whether the whole or part of the material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilms or in any other physical way, and transmission or information storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now known or hereafter developed. Exempted from this legal reservation are brief excerpts in connection with reviews or scholarly analysis or material supplied specifically for the purpose of being entered and executed on a computer system, for exclusive use by the purchaser of the work. Duplication of this publication or parts thereof is permitted only under the provisions of the Copyright Law of the Publisher's location, in its current version, and permission for use must always be obtained from Springer. Permissions for use may be obtained through RightsLink at the Copyright Clearance Center. Violations are liable to prosecution under the respective Copyright Law. Trademarked names, logos, and images may appear in this book. Rather than use a trademark symbol with every occurrence of a trademarked name, logo, or image we use the names, logos, and images only in an editorial fashion and to the benefit of the trademark owner, with no intention of infringement of the trademark.
    [Show full text]
  • Software Reusability: Approaches and Challenges
    International Journal of Research and Innovation in Applied Science (IJRIAS) |Volume VI, Issue V, May 2021|ISSN 2454-6194 Software Reusability: Approaches and Challenges Moko Anasuodei1, Ojekudo, Nathaniel Akpofure2 1Department of Computer Science and Informatics, Faculty of Science, Federal University Otuoke, Nigeria 2Department of Computer Science, Faculty of Natural and Applied Sciences, Ignatius Ajuru University of Education, Nigeria Abstract: Software reuse is used to aid the software phases. Software engineering has been more centered on development process which in recent times can improve the original development which gives an optimal software at a resulting quality and productivity of software development, by faster and less costly price, a design process based on assisting software engineers throughout various software systemic reusable is now recognized. engineering phases to enhance the quality of software, provide quick turnaround time for software development using few Software reuse reduces efforts and cost, because software people, tools, and methods, which creates a good software development costs can be extremely high, but they are quality by enhancing integration of the software system to shared, such that the cost of reuse can be extremely low. provide a competitive advantage. This paper examines the One major advantage of software reuse suggested by concept of software reuse, the approaches to be considered for keswani et al (2014) explains that there is a significant need software reuse, which is broadly shared into three categories: component-based software reuse, domain engineering and for the number of bugs to be reduced during software software product lines, architecture-based software reuse and development process, such that instead of developing an challenges that affect the software reuse development process.
    [Show full text]
  • Using Recursive Java Generics to Support Code Reuse in the CS2 Course
    Using Recursive Java Generics to Support Code Reuse in the CS2 Course J. Andrew Holey and Lynn R. Ziegler Department of Computer Science Saint John’s University and the College of Saint Benedict Collegeville, Minnesota 56321 [email protected] and [email protected] Abstract Showing students examples of code reuse in early Java programming courses is highly desirable, but one significant class of examples, linked data structures, is difficult to reuse and leads to frequent casting. We show a technique for using recursive generic parameters that significantly simplifies the inheritance of linked data structures, and we discuss the use of this technique in the CS2 course. 1 Introduction Java is well-established as the most frequently-used language in the first two programming courses at colleges and universities (CS1 and CS2). While there is serious and well-founded debate about whether other languages may be more appropriate for an introductory programming sequence at the college level, many computer science faculty members have become comfortable with using Java in these courses and are able to teach programming and problem-solving very effectively using this language. One of the advantages of using object-oriented languages like Java for teaching introductory programming is their support for the construction of abstract data types (ADTs). This support was enhanced in Java 5.0 with the introduction of generics. Libraries like the Java Collection Framework have reduced the emphasis on construction of ADTs in many CS2 courses, but most textbooks and instructors still choose to spend considerable time on the implementation of ADTs. It is now possible to guide students to produce simple and elegant implementations of the standards ADTs, including stacks, queues, various types of lists and trees, maps and even graphs.
    [Show full text]
  • A Foundation for Trait-Based Metaprogramming
    A foundation for trait-based metaprogramming John Reppy Aaron Turon University of Chicago {jhr, adrassi}@cs.uchicago.edu Abstract We present a calculus, based on the Fisher-Reppy polymorphic Scharli¨ et al. introduced traits as reusable units of behavior inde- trait calculus [FR03], with support for trait privacy, hiding and deep pendent of the inheritance hierarchy. Despite their relative simplic- renaming of trait methods, and a more granular trait typing. Our ity, traits offer a surprisingly rich calculus. Trait calculi typically in- calculus is more expressive (it provides new forms of conflict- clude operations for resolving conflicts when composing two traits. resolution) and more flexible (it allows after-the-fact renaming) In the existing work on traits, these operations (method exclusion than the previous work. Traits provide a useful mechanism for shar- and aliasing) are shallow, i.e., they have no effect on the body of the ing code between otherwise unrelated classes. By adding deep re- other methods in the trait. In this paper, we present a new trait sys- naming, our trait calculus supports sharing code between methods. tem, based on the Fisher-Reppy trait calculus, that adds deep oper- For example, the JAVA notion of synchronized methods can im- ations (method hiding and renaming) to support conflict resolution. plemented as a trait in our system and can be applied to multiple The proposed operations are deep in the sense that they preserve methods in the same class to produce synchronized versions. We any existing connections between the affected method and the other term this new use of traits trait-based metaprogramming.
    [Show full text]
  • REUSABILITY and MAINTAINABILITY in OBJECT ORIENTED LANGUAGES Suvarnalata Hiremath1, C M Tavade2 1Associate Professor, Dept
    REUSABILITY AND MAINTAINABILITY IN OBJECT ORIENTED LANGUAGES Suvarnalata Hiremath1, C M Tavade2 1Associate Professor, Dept. of CS&E, BKEC, Basavakalyan, India, 2 Professor, Dept of E&TC, SIT-COE, Yadrav, India Abstract In object-oriented languages, inheritance plays an important part for software reusability and maintainability. The separation of sub typing and inheritance makes inheritance a more flexible mechanism reusing code. Object-oriented programming has been widely acclaimed as the technology that will support the creation of reusable software, particularly because of the "inheritance” facility. In this paper, we Object Oriented Programming is a practical and explore the importance of reusability and useful programming methodology that maintainability in object oriented language. encourages modular design and software reuse. KEYWORDS: Object Oriented Object oriented Language make the promises of programming Language, Inheritance, reduced maintainance,code reusability, Software reuse and maintainability. improved reliability and flexibility and easier maintenance through better data encapsulation. I. INTRODUCTION To achieve these gains, object oriented Object-Oriented Programming (OOP) is the term language introduce the concepts of objects, used to describe a programming approach based classes, data abstraction and encapsulation, on objects and classes. The object-oriented inheritance and polymorphism. paradigm allows us to organise software as a collection of objects that consist of both data and In object oriented Language, the objects are behaviour. This is in contrast to conventional well-defined data structures coupled with a set functional programming practice that only of operations, these operations are called loosely connects data and behaviour. behavior and are only visible part of an object The object-oriented programming approach and only these operations can manipulate the encourages: objects.
    [Show full text]
  • 5. Subroutines
    IA010: Principles of Programming Languages 5. Subroutines Jan Obdržálek obdrzalek@fi.muni.cz Faculty of Informatics, Masaryk University, Brno IA010 5. Subroutines 1 Subroutines Subprograms, functions, procedures, . • principal mechanism for control abstraction • details of subroutine’s computation are replaced by a statement that calls the subroutine • increases readability: emphasizes logical structure, while hiding the low-level details • facilitate code reuse, saving • memory • coding time • subroutines vs OOP methods: • differ in the way they are called • methods are associated with classes and objects IA010 5. Subroutines 2 Outline Fundamentals of subroutines Parameter-passing methods Overloaded and generic subroutines Functions – specifics Coroutines IA010 5. Subroutines 3 Fundamentals of subroutines IA010 5. Subroutines 4 Subroutine characteristics • each subroutine has a single entry point • the calling program unit is suspended during subroutine execution (so only one subroutine is in execution at any given time) • control returns to the caller once subroutine execution is terminated • alternatives: • coroutines • concurrent units IA010 5. Subroutines 5 Basic definitions • subroutine definition – describes the interface and actions • subroutine call – an explicit request for the subroutine to be executed • active subroutine – has been executed, but has not yet completed its execution • subroutine header – part of the definition, specifies: • the kind of the subroutine (function/procedure) • a name (if not anonymous) • a list of parameters • parameter profile – the number, order and types of formal parameters • protocol – parameter profile + return type IA010 5. Subroutines 6 Procedures and functions procedures • do not return values • in effect define new statements • as functions: can return a value using • global variables • two-way communication through parameters functions • return values • function call is, in effect, replaced by the return value • as procedures: e.g.
    [Show full text]
  • Code Reuse Between Java and Android Applications
    Code Reuse between Java and Android Applications Yoonsik Cheon, Carlos V. Chavez and Ubaldo Castro Department of Computer Science, The University of Texas at El Paso, El Paso, Texas, U.S.A. Keywords: Code Reuse, Multiplatform Application, Platform Difference, Android, Java. Abstract: Java and Android applications can be written in the same programming language. Thus, it is natural to ask how much code can be shared between them. In this paper we perform a case study to measure quantita- tively the amount of code that can be shared and reused for a multiplatform application running on the Java platform and the Android platform. We first configure a multiplatform development environment consisting of platform-specific tools. We then propose a general architecture for a multiplatform application under a guiding design principle of having clearly defined interfaces and employing loose coupling to accommodate platform differences and variations. Specifically, we separate our application into two parts, a platform-independent part (PIP) and a platform-dependent part (PDP), and share the PIP between platform-specific versions. Our finding is that 37%–40% of code can be shared and reused between the Java and the Android versions of our application. Interestingly, the Android version requires 8% more code than Java due to platform-specific con- straints and concerns. We also learned that the quality of an application can be improved dramatically through multiplatform development. 1 INTRODUCTION ing an experiment to measure quantitatively the de- gree of code reuse possible between Java and An- droid versions of an application. Our experiment is Java is one of the most popular programming lan- a case study developing natively a Java application guages in use today for developing a wide spectrum and its Android version running on mobile devices of applications running on a range of platforms from like smartphones and tablets.
    [Show full text]
  • Compile-Time Reflection and Metaprogramming for Java
    Compile-time Reflection and Metaprogramming for Java Weiyu Miao Jeremy Siek University of Colorado at Boulder {weiyu.miao, jeremy.siek}@colorado.edu Abstract we also likely need to change the hasGetters for that class, therefore Java reflection enables us to write reusable programs that are inde- such implementation is not adaptable to the change of a class. pendent of certain classes. However, when runtime performance is With runtime reflection, we can write a hasGetters that is appli- a big concern, we propose to use compile-time reflection for writ- cable to any class. Following shows the partial implementation of ing metaprograms that generate non-reflective class/type specific the hasGetters. code, which has lower runtime cost. 1 public boolean hasGetters(Class cls) { We proposed both compile-time reflection and metaprogram- 2 Field[] fds = cls.getFields(); ming for Java, and extended our previous work on pattern-based 3 for(int i=0;i < fds.length; ++i) { traits. Pattern-based traits integrate pattern-based reflection with 4 Field fd = fds[i]; flexible composition of traits. They are capable of pattern-matching 5 String mn = ”get”+capitalize(fd.getName()); over class members and generating expressive code. We add and 6 Class fTy = fd.getType(); formalize pattern-based reflection at the statement-level, which 7 try { enables a meta program to generate statements. We add reified 8 Method m = cls.getMethod(mn, new Class[0]); 9 if (! m.getReturnType().equals(fTy)) { generics for pattern-based traits, which enables a pattern to iter- 10 ... /∗ print the message that field fd has no getter ∗/ ate over any class when traits are instantiated.
    [Show full text]