DOCSLIB.ORG

Jump Tables, Nested Loops) – Understanding Complex Data Structures (E.G

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Jump Tables, Nested Loops) – Understanding Complex Data Structures (E.G Advanced Static Analysis Instructor Davide Maiorca Web Security and Malware Analysis M.Sc. in Computer Engineering, Cybersecurity and Artificial Intelligence University of Cagliari, Italy More on Assembly X86: Calling Conventions • The «standard» calling convention is that the first parameter to be pushed to the stack is the last – The parameter that appears first on the function goes to the bottom of the stack • However, a calling convention is much more complex than this • Calling conventions define how functions results are returned and who cleans the stack – The return value is typically stored in the EAX register • Stack cleaning: depending on the program flow, the arguments passed to a specific function must be cleaned up (removed or replaced) • Normally, the caller function is the one that takes care of the cleaning • This convention is called _cdecl • Typically, this is the standard convention in C programs http://pralab.diee.unica.it Web Security and Malware Analysis - Davide Maiorca 2 The _cdecl Convention Return Address Previous EBP EBP 1 2 2 ESP 1 retn immediately transfers the control to the caller http://pralab.diee.unica.it Web Security and Malware Analysis - Davide Maiorca 3 Other Conventions • According to specific needs/function optimization, alternative calls can be used • _stdcall – Like _cdecl, but the stack is cleaned by the function that is called, and not by the caller • _fastcall – It does not push arguments to the stack, but uses registers to store parameters (ecx, edx, eax) – Useful for calls with few arguments (generally two, maximum three) – The stack is cleaned by the called function (like _stdcal) • _thiscall – Only used in object oriented languages – The pointer to the object this is stored in the ecx register • More conventions can be established according to the specific compiler http://pralab.diee.unica.it Web Security and Malware Analysis - Davide Maiorca 4 _cdecl Vs _stdcall Vs _fastcall Adding a number to ret tells the instruction to pop additional bytes (in this case, ret 8 means popping two http://pralab.diee.unica.it blocks) Web Security and Malware Analysis - Davide Maiorca 5 Assembly X64 • Uses 64 bit-registers and 64-bit addressing • Employs more registers (see Chapter 10 of the slides) – 64 bit-registers starting with «r» (rax, rbp, rsp) • Uses different call conventions • The first parameters never go to the stack, but to the registers first – The order is: RCX, RDX, R8, R9 -> Stack – The calling function works on cleaning the stack if available • X64 supports also floating-point numbers – For this purpose, special registers called XMM are employed – These registers were introduced by the SSE extensions – 128-bit registers that can store 2 64 bit values or 4 32 bit values http://pralab.diee.unica.it Web Security and Malware Analysis - Davide Maiorca 6 Funny_Sum vs Funny_Sum_64 - Main X86 X64 The first parameters registers MUST be RCX and RDX http://pralab.diee.unica.it Web Security and Malware Analysis - Davide Maiorca 7 Funny_Sum vs Funny_Sum_64 – Funny_Sum X86 X64 In many cases, the differences between X86 and X64 http://pralab.diee.unica.it are very little Web Security and Malware Analysis - Davide Maiorca 8 Decompilation • Generation of C-code from the original assembly code • Decompilers use custom variables (and sometimes custom types) – You can rename variables, functions and structures • By pressing a button, it is possible to generate a possible C-equivalent of the assembly code • One big advantage of de-compilation is that you can re-compile the whole program by copying and pasting the de-compiled code – In IDA, you can use the «defs.h» library when recompiling the code • An excellent, free decompiler is GHIDRA – Made by the NSA – Great alternative to IDA http://pralab.diee.unica.it Web Security and Malware Analysis - Davide Maiorca 9 Ghidra http://pralab.diee.unica.it Web Security and Malware Analysis - Davide Maiorca 10 Ghidra – Funny Sum Decompilation Ghidra automatically associates the decompiled lines to the assembly code http://pralab.diee.unica.it Web Security and Malware Analysis - Davide Maiorca 11 Ghidra – Funny Sum Function http://pralab.diee.unica.it Web Security and Malware Analysis - Davide Maiorca 12 Recognizing Code Constructs • Decompilation should never be used alone, but in combination with disassembly • Decompilation is not perfect – Distinguishing code from data (a problem also related to disassembling) – Finding the proper return data types – Understanding complex control structures (e.g., jump tables, nested loops) – Understanding complex data structures (e.g. user-defined typedef) • It is important to always compare the disassembly output with the decompiled output – General rule: assembly is often more reliable • It is also critical to recognize where a specific assembly construct starts/ends http://pralab.diee.unica.it Web Security and Malware Analysis - Davide Maiorca 13 If and Nested If Statements Nested if = multiple cmp+j instructions void if_statement() { int x,y,z; • IF instructions work by setting special FLAGS with the CMP instruction if (x==y) { • Decisions are taken if a specific FLAG is SET or not • Flags can change depending on the jump instruction (Zero Flag, Sign Flag…) if(z!=0) { • Careful about JNZ: «JNZ» stands for «jump if the flag ZERO (ZF) is NOT set» puts("z is non-zero and x=y") • If x=y the flag ZERO is set to 1 } • JNZ is taken (green branch) when the flag is NOT set (ZF=0) } • So, if the branch is not taken, it means that x=y • Equivalent to JNE • JZ jumps if the flag ZERO is SET http://pralab.diee.unica.it Web Security and Malware Analysis - Davide Maiorca 14 Recognizing Arrays void array() { int b[5] = {123,87,487,7,978}; int i; //local variable at ebp-4 int a[5]; for(i = 0; i<5; i++) { a[i] = i; //(a is loaded at ebp-44) b[i] = i;// (b is loaded at ebp-24) } } • Arrays are typically assigned sequentially (check what happens at ebp-24, ebp-20, …) • A register is used as an index (in this case, eax, which is often multiplied by 4 in int arrays) http://pralab.diee.unica.it Web Security and Malware Analysis - Davide Maiorca 15 Recognizing For/While Loops void for_loop() { int i; for ( i = 0; i <= 99; ++i ) printf("i equals %d\n", i); } • For loops are typically recognized by the presence of an IF condition that jumps to a specific location + a back-arrow in the block diagram • There is an increment/decrement instruction on the same element of the CMP instruction (in this case, ebp+i) While loops are similar, but they may not feature • The same element is initialized before the the increment CMP http://pralab.diee.unica.it Web Security and Malware Analysis - Davide Maiorca 16 Switch Statements – Jump Tables Jumptables are essentially array of locations to which the program can jump The value of the case in a switch controls the element of the table to which the program jumps The array of address is stored in a pre- determined location in the file (typically, it starts with a ds: ) The next address in the jump table can depend on the size of the assembly code Switch with few cases are translated to nested ifs of the previus case However, switch with many cases are translated to However, these cases may not be jumptables necessarily consecutive http://pralab.diee.unica.it Web Security and Malware Analysis - Davide Maiorca 17 References and Tools • https://docs.microsoft.com/en-us/cpp/cpp/argument-passing-and-naming- conventions?view=vs-2019 • https://docs.microsoft.com/en-us/cpp/build/x64-calling-convention?view=vs-2019 • https://docs.microsoft.com/en-us/cpp/build/x64-software-conventions?view=vs-2019 • Assembly X64 cheatsheet: https://cs.brown.edu/courses/cs033/docs/guides/x64_cheatsheet.pdf • M.Sikorski, A.Honig. Practical Malware Analysis, Chapter 6 • GHIDRA (https://ghidra-sre.org/) http://pralab.diee.unica.it Web Security and Malware Analysis - Davide Maiorca 18.
Load more

Recommended publications
  • X86-64 Calling Conventions
    CSE 351: The Hardware/Software Interface Section 4 Procedure calls Procedure calls In x86 assembly, values are passed to function calls on the stack Perks: Concise, easy to remember Drawbacks: Always requires memory accesses In x86-64 assembly, values are passed to function calls in registers Perks: Less wasted space, faster Drawbacks: Potentially requires a lot of register manipulation 2/23/2014 2 x86 calling conventions Simply push arguments onto the stack in order, then “call” the function! Suppose we define the following function: int sum(int a, int b) { return a + b; } (See also sum.c from the provided code) 2/23/2014 3 x86 calling conventions int sum(int a, int b) { return a + b; } In assembly, we have something like this: sum: pushl %ebp # Save base pointer movl %esp, %ebp # Save stack pointer movl 12(%ebp), %eax # Load b movl 8(%ebp), %edx # Load a addl %edx, %eax # Compute a + b popl %ebp # Restore base pointer ret # Return 2/23/2014 4 x86 calling conventions What is happening with %ebp and %esp? pushl %ebp The base pointer %ebp is the address of the caller, which is the location to which “ret” returns. The function pushes it into the stack so that it won’t be overwritten movl %esp, %ebp Functions often shift the stack pointer to allocate temporary stack space, so this instruction makes a backup of the original location. In the body of the function, %ebp is now the original start of the stack ret When sum() returns, execution picks up at the stored base pointer address.
    [Show full text]
  • Sample Applications User Guides Release 20.05.0
    Sample Applications User Guides Release 20.05.0 May 26, 2020 CONTENTS 1 Introduction to the DPDK Sample Applications1 1.1 Running Sample Applications...............................1 1.2 The DPDK Sample Applications..............................1 2 Compiling the Sample Applications3 2.1 To compile all the sample applications...........................3 2.2 To compile a single application..............................3 2.3 To cross compile the sample application(s)........................4 3 Command Line Sample Application5 3.1 Overview..........................................5 3.2 Compiling the Application.................................5 3.3 Running the Application..................................6 3.4 Explanation.........................................6 4 Ethtool Sample Application8 4.1 Compiling the Application.................................8 4.2 Running the Application..................................8 4.3 Using the application....................................8 4.4 Explanation.........................................9 4.5 Ethtool interface......................................9 5 Hello World Sample Application 11 5.1 Compiling the Application................................. 11 5.2 Running the Application.................................. 11 5.3 Explanation......................................... 11 6 Basic Forwarding Sample Application 13 6.1 Compiling the Application................................. 13 6.2 Running the Application.................................. 13 6.3 Explanation........................................
    [Show full text]
  • X86 Assembly Language Reference Manual
    x86 Assembly Language Reference Manual Part No: 817–5477–11 March 2010 Copyright ©2010 Oracle and/or its affiliates. All rights reserved. This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited. The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing. If this is software or related software documentation that is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, the following notice is applicable: U.S. GOVERNMENT RIGHTS Programs, software, databases, and related documentation and technical data delivered to U.S. Government customers are “commercial computer software” or “commercial technical data” pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, the use, duplication, disclosure, modification, and adaptation shall be subject to the restrictions and license terms setforth in the applicable Government contract, and, to the extent applicable by the terms of the Government contract, the additional rights set forth in FAR 52.227-19, Commercial Computer Software License (December 2007). Oracle USA, Inc., 500 Oracle Parkway, Redwood City, CA 94065.
    [Show full text]
  • Essentials of Compilation an Incremental Approach
    Essentials of Compilation An Incremental Approach Jeremy G. Siek, Ryan R. Newton Indiana University with contributions from: Carl Factora Andre Kuhlenschmidt Michael M. Vitousek Michael Vollmer Ryan Scott Cameron Swords April 2, 2019 ii This book is dedicated to the programming language wonks at Indiana University. iv Contents 1 Preliminaries 5 1.1 Abstract Syntax Trees and S-expressions . .5 1.2 Grammars . .7 1.3 Pattern Matching . .9 1.4 Recursion . 10 1.5 Interpreters . 12 1.6 Example Compiler: a Partial Evaluator . 14 2 Integers and Variables 17 2.1 The R1 Language . 17 2.2 The x86 Assembly Language . 20 2.3 Planning the trip to x86 via the C0 language . 24 2.3.1 The C0 Intermediate Language . 27 2.3.2 The dialects of x86 . 28 2.4 Uniquify Variables . 28 2.5 Remove Complex Operators and Operands . 30 2.6 Explicate Control . 31 2.7 Uncover Locals . 32 2.8 Select Instructions . 32 2.9 Assign Homes . 33 2.10 Patch Instructions . 34 2.11 Print x86 . 35 3 Register Allocation 37 3.1 Registers and Calling Conventions . 38 3.2 Liveness Analysis . 39 3.3 Building the Interference Graph . 40 3.4 Graph Coloring via Sudoku . 42 3.5 Print x86 and Conventions for Registers . 48 v vi CONTENTS 3.6 Challenge: Move Biasing∗ .................... 48 4 Booleans and Control Flow 53 4.1 The R2 Language . 54 4.2 Type Checking R2 Programs . 55 4.3 Shrink the R2 Language . 58 4.4 XOR, Comparisons, and Control Flow in x86 . 58 4.5 The C1 Intermediate Language .
    [Show full text]
  • Usuba, Optimizing Bitslicing Compiler Darius Mercadier
    Usuba, Optimizing Bitslicing Compiler Darius Mercadier To cite this version: Darius Mercadier. Usuba, Optimizing Bitslicing Compiler. Programming Languages [cs.PL]. Sorbonne Université (France), 2020. English. tel-03133456 HAL Id: tel-03133456 https://tel.archives-ouvertes.fr/tel-03133456 Submitted on 6 Feb 2021 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. THESE` DE DOCTORAT DE SORBONNE UNIVERSITE´ Specialit´ e´ Informatique Ecole´ doctorale Informatique, Tel´ ecommunications´ et Electronique´ (Paris) Present´ ee´ par Darius MERCADIER Pour obtenir le grade de DOCTEUR de SORBONNE UNIVERSITE´ Sujet de la these` : Usuba, Optimizing Bitslicing Compiler soutenue le 20 novembre 2020 devant le jury compose´ de : M. Gilles MULLER Directeur de these` M. Pierre-Evariste´ DAGAND Encadrant de these` M. Karthik BHARGAVAN Rapporteur Mme. Sandrine BLAZY Rapporteur Mme. Caroline COLLANGE Examinateur M. Xavier LEROY Examinateur M. Thomas PORNIN Examinateur M. Damien VERGNAUD Examinateur Abstract Bitslicing is a technique commonly used in cryptography to implement high-throughput parallel and constant-time symmetric primitives. However, writing, optimizing and pro- tecting bitsliced implementations by hand are tedious tasks, requiring knowledge in cryptography, CPU microarchitectures and side-channel attacks. The resulting programs tend to be hard to maintain due to their high complexity.
    [Show full text]
  • Differentiating Code from Data in X86 Binaries
    Differentiating Code from Data in x86 Binaries Richard Wartell, Yan Zhou, Kevin W. Hamlen, Murat Kantarcioglu, and Bhavani Thuraisingham Computer Science Department, University of Texas at Dallas, Richardson, TX 75080 {rhw072000,yan.zhou2,hamlen,muratk,bhavani.thuraisingham}@utdallas.edu Abstract. Robust, static disassembly is an important part of achieving high coverage for many binary code analyses, such as reverse engineering, malware analysis, reference monitor in-lining, and software fault isola- tion. However, one of the major difficulties current disassemblers face is differentiating code from data when they are interleaved. This paper presents a machine learning-based disassembly algorithm that segments an x86 binary into subsequences of bytes and then classifies each subse- quence as code or data. The algorithm builds a language model from a set of pre-tagged binaries using a statistical data compression technique. It sequentially scans a new binary executable and sets a breaking point at each potential code-to-code and code-to-data/data-to-code transition. The classification of each segment as code or data is based on the min- imum cross-entropy. Experimental results are presented to demonstrate the effectiveness of the algorithm. Keywords: statistical data compression, segmentation, classification, x86 binary disassembly. 1 Introduction Disassemblers transform machine code into human-readable assembly code. For some x86 executables, this can be a daunting task in practice. Unlike Java byte- code and RISC binary formats, which separate code and data into separate sections or use fixed-length instruction encodings, x86 permits interleaving of code and static data within a section and uses variable-length, unaligned in- struction encodings.
    [Show full text]
  • 8. Procedures
    8. Procedures X86 Assembly Language Programming for the PC 71 Stack Operation A stack is a region of memory used for temporary storage of information. Memory space should be allocated for stack by the programmer. The last value placed on the stack is the 1st to be taken off. This is called LIFO (Last In, First Out) queue. Values placed on the stack are stored from the highest memory location down to the lowest memory location. SS is used as a segment register for address calculation together with SP. X86 Assembly Language Programming for the PC 72 Stack Instructions Name Mnemonic and Description Format Push onto push src (sp)(sp)-2 Stack ((sp))(src) Pop from pop dst (dst)((sp)) Stack (sp)(sp)+2 Push Flags pushf (sp)(sp)-2 ((sp))(psw) Pop Flags popf (psw)((sp)) (sp)(sp)+2 Flags: Only affected by the popf instruction. Addressing Modes: src & dst should be Words and cannot be immediate. dst cannot be the ip or cs register. X86 Assembly Language Programming for the PC 73 Exercise: Fill-in the Stack Stack: Initially: (ss) = F000, (sp)=0008 . F0010 pushf F000E mov ax,2211h F000C push ax F000A add ax,1111h F0008 push ax F0006 . F0004 . F0002 . F0000 pop cx . pop ds . popf . X86 Assembly Language Programming for the PC 74 Procedure Definition PROC is a statement used to indicate the beginning of a procedure or subroutine. ENDP indicates the end of the procedure. Syntax: ProcedureName PROC Attribute . ProcedureName ENDP ProcedureName may be any valid identifier. Attribute is NEAR if the Procedure is in the same code segment as the calling program; or FAR if in a different code segment.
    [Show full text]
  • Hacking the Abacus: an Undergraduate Guide to Programming Weird Machines
    Hacking the Abacus: An Undergraduate Guide to Programming Weird Machines by Michael E. Locasto and Sergey Bratus version 1.0 c 2008-2014 Michael E. Locasto and Sergey Bratus All rights reserved. i WHEN I HEARD THE LEARN’D ASTRONOMER; WHEN THE PROOFS, THE FIGURES, WERE RANGED IN COLUMNS BEFORE ME; WHEN I WAS SHOWN THE CHARTS AND THE DIAGRAMS, TO ADD, DIVIDE, AND MEASURE THEM; WHEN I, SITTING, HEARD THE ASTRONOMER, WHERE HE LECTURED WITH MUCH APPLAUSE IN THE LECTURE–ROOM, HOW SOON, UNACCOUNTABLE,I BECAME TIRED AND SICK; TILL RISING AND GLIDING OUT,I WANDER’D OFF BY MYSELF, IN THE MYSTICAL MOIST NIGHT–AIR, AND FROM TIME TO TIME, LOOK’D UP IN PERFECT SILENCE AT THE STARS. When I heard the Learn’d Astronomer, from “Leaves of Grass”, by Walt Whitman. ii Contents I Overview 1 1 Introduction 5 1.1 Target Audience . 5 1.2 The “Hacker Curriculum” . 6 1.2.1 A Definition of “Hacking” . 6 1.2.2 Trust . 6 1.3 Structure of the Book . 7 1.4 Chapter Organization . 7 1.5 Stuff You Should Know . 8 1.5.1 General Motivation About SISMAT . 8 1.5.2 Security Mindset . 9 1.5.3 Driving a Command Line . 10 II Exercises 11 2 Ethics 13 2.1 Background . 14 2.1.1 Capt. Oates . 14 2.2 Moral Philosophies . 14 2.3 Reading . 14 2.4 Ethical Scenarios for Discussion . 15 2.5 Lab 1: Warmup . 16 2.5.1 Downloading Music . 16 2.5.2 Shoulder-surfing . 16 2.5.3 Not Obeying EULA Provisions .
    [Show full text]
  • 1. (5 Points) for the Following, Check T If the Statement Is True, Or F If the Statement Is False
    CS-220 Spring 2019 Test 2 Version Practice Apr. 22, 2019 Name: 1. (5 points) For the following, Check T if the statement is true, or F if the statement is false. (a) T F : The Gnu Debugger (gdb) works at the C level. If you did not compile with the -g option, the Gnu Debugger is virtually useless. (b) T F : If the zero flag (ZF) is true, then the instruction "jne LINE3" will branch to LINE3. (c) T F : In X86-64 assembler, the memory referenced by -0x1C(%rbp) is the same as the memory referenced by -0x1C(%rbp,%rax,16) if the %rax register contains a zero. (d) T F : The x86/64 "push" instruction always decreases the value in the %rsp register. The "pop" isntruction always increases the value in the %rsp register. (e) T F : After executing a conditional jump instruction, the %rip register always points at the instruction after the jump instruction. (f) T F : In the X86-64 ISA instruction processing cycle, there are four phases of the cycle which potentially read or write from memory: the "fetch instruction" phase, the "evaluate address" phase, the "fetch operands" phase, and the "store results" phase. (g) T F : It is important that an older version of an ISA support everyting in a newer version of the same ISA so that new software can be run on both old and new hardware. (h) T F : The concept of dividing registers into caller-saved registers and callee-saved registers makes the resulting code much more efficient because we never have to save and restore registers that don't need to be saved and restored, and most of the time, no registers need to be saved or restored.
    [Show full text]
  • Sample Applications User Guides Release 18.11.11
    Sample Applications User Guides Release 18.11.11 Jan 20, 2021 CONTENTS 1 Introduction to the DPDK Sample Applications1 1.1 Running Sample Applications............................1 1.2 The DPDK Sample Applications...........................1 2 Compiling the Sample Applications3 2.1 To compile all the sample applications........................3 2.2 To compile a single application............................3 2.3 To cross compile the sample application(s).....................4 3 Command Line Sample Application5 3.1 Overview........................................5 3.2 Compiling the Application...............................5 3.3 Running the Application................................6 3.4 Explanation.......................................6 4 Ethtool Sample Application8 4.1 Compiling the Application...............................8 4.2 Running the Application................................8 4.3 Using the application.................................8 4.4 Explanation.......................................9 4.5 Ethtool interface....................................9 5 Exception Path Sample Application 11 5.1 Overview........................................ 11 5.2 Compiling the Application............................... 12 5.3 Running the Application................................ 12 5.4 Explanation....................................... 12 6 Hello World Sample Application 16 6.1 Compiling the Application............................... 16 6.2 Running the Application................................ 16 6.3 Explanation......................................
    [Show full text]
  • Secure Compilation for Memory Protection Alexandre Dang
    Secure compilation for memory protection Alexandre Dang To cite this version: Alexandre Dang. Secure compilation for memory protection. Cryptography and Security [cs.CR]. Université Rennes 1, 2019. English. NNT : 2019REN1S111. tel-02972693 HAL Id: tel-02972693 https://tel.archives-ouvertes.fr/tel-02972693 Submitted on 20 Oct 2020 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. THÈSE DE DOCTORAT DE L’UNIVERSITÉ DE RENNES 1 COMUE UNIVERSITÉ BRETAGNE LOIRE ÉCOLE DOCTORALE N° 601 Mathématiques et Sciences et Technologies de l’Information et de la Communication Spécialité : (voir liste des spécialités) Par Alexandre DANG Compilation Sécurisée pour la Protection de la Mémoire Thèse présentée et soutenue à Rennes, le 10 Décembre 2020 Unité de recherche : Celtique Thèse N° : Rapporteurs avant soutenance : Tamara Rezk Inria Sofia Antipolis Alejandro Russo Chalmers University of Technology Composition du Jury : Attention, en cas d’absence d’un des membres du Jury le jour de la soutenance, la composition du Jury ne comprend que les membres présents Président : Prénom Nom Fonction et établissement d’exercice (à préciser après la soutenance) Examinateurs : Frédéric Besson Inria Rennes Tamara Rezk Inria Sofia Antipolis Alejandro Russo Chalmers University of Technology Heydemann Karine Université Pierre et Marie Curie Viet Triem Tong Valérie CentraleSupélec Dir.
    [Show full text]
  • United States Patent (10) Patent No.: US 7,111.290 B1 Yates, Jr
    US007 111290B1 (12) United States Patent (10) Patent No.: US 7,111.290 B1 Yates, Jr. et al. (45) Date of Patent: Sep. 19, 2006 (54) PROFILING PROGRAM EXECUTION TO 4,779,187 A 10, 1988 Letwin ....................... 71.2/229 IDENTIFY FREQUENTLY-EXECUTED 4,812,975 A 3, 1989 Adachi ... ... 364/300 PORTIONS AND TO ASSIST BINARY 5,043,878 A 8, 1991 Ooi ........ ... 712/42 TRANSLATON 5,115,500 A 5/1992 Larsen ... ... 711,202 5,127,092 A 6/1992 Gupta ... ... 712/234 (75) Inventors: John S. Yates, Jr., Needham, MA (US); 5,155,835 A 10, 1992 Belsan ....................... 711 114 David L. Reese, Westborough, MA (US); Paul H. Hohensee, Nashua, NH (Continued) (US) FOREIGN PATENT DOCUMENTS (73) Assignee: ATI International SRL. Hastings (BB) EP O 324308 7, 1989 (*) Notice: Subject to any disclaimer, the term of this (Continued) patent is extended or adjusted under 35 OTHER PUBLICATIONS U.S.C. 154(b) by 0 days. Magnusson et al., Efficient Memory Simulation in SimICS, 1995, (21) Appl. No.: 09/425,401 IEEE, p. 62-73.* (22) Filed: Oct. 22, 1999 (Continued) O O Primary Examiner—John Chavis Related U.S. Application Data (74) Tony Agent, or Firm—David E. Boundy; Willkie (63) Continuation of application No. 09/385.394, filed on Farr & Gallagher LLP Aug. 30, 1999, which is a continuation-in-part of application No. 09/322,443, filed on May 28, 1999, (57) ABSTRACT which is a continuation-in-part of application No. 09/239,194, filed on Jan. 28, 1999. A method and a computer with circuitry configured for performance of the method are disclosed.
    [Show full text]