DOCSLIB.ORG

RTFM! Automatic Assumption Discovery and Verification Derivation from Library Document for API Misuse Detection

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
RTFM! Automatic Assumption Discovery and Verification Derivation from Library Document for API Misuse Detection Session 6B: Exploitation and Defenses CCS '20, November 9–13, 2020, Virtual Event, USA RTFM! Automatic Assumption Discovery and Verification Derivation from Library Document for API Misuse Detection Tao Lv1,2, Ruishi Li1,2, Yi Yang1,2, Kai Chen1,2,∗ Xiaojing Liao3, XiaoFeng Wang3, Peiwei Hu1,2, Luyi Xing3 1SKLOIS, Institute of Information Engineering, Chinese Academy of Sciences, China 2School of Cyber Security, University of Chinese Academy of Sciences, China 3Luddy School of Informatics, Computing and Engineering, Indiana University Bloomington {lvtao,liruishi,yangyi,chenkai,hupeiwei}@iie.ac.cn,{xliao,xw7,luyixing}@indiana.edu Abstract Our analysis discovered 193 API misuses, including 139 flaws never To use library APIs, a developer is supposed to follow guidance reported before. and respect some constraints, which we call integration assump- tions (IAs). Violations of these assumptions can have serious conse- CCS Concepts quences, introducing security-critical flaws such as use-after-free, • Security and privacy ! Vulnerability scanners; • Software NULL-dereference, and authentication errors. Analyzing a program and its engineering ! Software safety. for compliance with IAs involves significant effort and needs to be automated. A promising direction is to automatically recover IAs Keywords from a library document using Natural Language Processing (NLP) API misuse; Integration assumption; Verification code generation; and then verify their consistency with the ways APIs are used in a Documentation analysis program through code analysis. However, a practical solution along ACM Reference Format: this line needs to overcome several key challenges, particularly the Tao Lv, Ruishi Li, Yi Yang, Kai Chen, Xiaojing Liao, XiaoFeng Wang, Pei- discovery of IAs from loosely formatted documents and interpre- wei Hu, Luyi Xing. 2020. RTFM! Automatic Assumption Discovery and tation of their informal descriptions to identify complicated con- Verification Derivation from Library Document for API Misuse Detec- straints (e.g., data-/control-flow relations between different APIs). tion. In Proceedings of the 2020 ACM SIGSAC Conference on Computer and In this paper, we present a new technique for automated assump- Communications Security (CCS ’20). ACM, New York, NY, USA, 16 pages. tion discovery and verification derivation from library documents. https://doi.org/10.1145/3372297.3423360 Our approach, called Advance, utilizes a suite of innovations to address those challenges. More specifically, we leverage the obser- 1 Introduction vation that IAs tend to express a strong sentiment in emphasizing Today’s software is more composed than built, with existing pro- the importance of a constraint, particularly those security-critical, gram components, even online services, being extensively reused, and utilize a new sentiment analysis model to accurately recover often through integration of their Application Programming In- them from loosely formatted documents. These IAs are further terfaces (APIs). These APIs may only operate as expected under processed to identify hidden references to APIs and parameters, some constraints (referred to as integration assumptions or IA in through an embedding model, to identify the information-flow re- our research), on their inputs (called pre-conditions, like a limit on lations expected to be followed. Then our approach runs frequent parameter lengths), outputs (called post-conditions, e.g., “return 1 or subtree mining to discover the grammatical units in IA sentences 0”) and invocation context (called context conditions, such as “must that tend to indicate some categories of constraints that could have be called from the same thread”), which their users should be aware security implications. These components are mapped to verification of. Although these IAs are typically elaborated in library documen- code snippets organized in line with the IA sentence’s grammatical tation, they may not be strictly followed by software developers, structure, and can be assembled into verification code executed as reported by prior studies [42, 44]. This affects the functionality through CodeQL to discover misuses inside a program. We imple- of the software using these APIs, and often comes with serious mented this design and evaluated it on 5 popular libraries (OpenSSL, security or privacy implications. As an example, setuid, which SQLite, libpcap, libdbus and libxml2) and 39 real-world applications. temporarily carries a high privilege, is expected to drop its privilege when its task is done, and failing to do so needs to be checked, as ∗Corresponding author. indicated in the libstdc documentation “it is a grave security error to omit to check for a failure return from setuid()”; this instruction, Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed however, has not been respected by PulseAudio 0.9.8, leading to a for profit or commercial advantage and that copies bear this notice and the full citation local privilege escalation risk (CVE-2008-0008). on the first page. Copyrights for components of this work owned by others than ACM The fundamental cause of API misuse is that developers do not must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a follow the IAs of APIs in documents, which therefore becomes the fee. Request permissions from [email protected]. key sources for API misuse discovery. Prior research on API misuse CCS ’20, November 9–13, 2020, Virtual Event, USA detection and API specification discovery21 [ , 30, 37, 41, 52] rely on © 2020 Association for Computing Machinery. ACM ISBN 978-1-4503-7089-9/20/11...$15.00 analyzing a set of code to infer putative IAs, so as to identify API https://doi.org/10.1145/3372297.3423360 misuses. However, these IAs are often less accurate, introducing 1837 Session 6B: Exploitation and Defenses CCS '20, November 9–13, 2020, Virtual Event, USA significant false positives. In the meantime, the limited coverage library documentation to recover and interpret IAs and then trans- of the code set can also cause many real-world misuse cases to fall lating them into verification code executed by CodeQL [4] to find through the cracks (Section 5.3). the API misuses in a program’s API integration. For this purpose, Finding misuse from doc: challenges. Alternatively, one can Advance is designed to overcome the technical barriers mentioned recover their IAs from documentation for a compliance check on earlier, based upon several key observations. More specifically, we the software integrating them, which leverages more semantic in- found that with the diversity in the ways IAs are described, the formation and therefore can be more accurate. Given the size of related sentences are characterized by a strong sentiment to empha- today’s library documents (e.g., 327 pages for OpenSSL), manual size the constraints that API users are expected to follow: e.g., “the inspection becomes less realistic. Prior research seeks to automate application must finalize every prepared statement”; “make sure that this process by inferring these assumptions using natural language you explicitly check for PCAP_ERROR”; “it is the job of the callback processing (NLP) [42, 44, 47]. Particularly, it has been shown that to store information about the state of the last call”. Such sentiments for the well-formatted C# documents, a set of templates that specify cannot be easily described by templates but can be captured using the relations between subject and object are adequate in recovering semantic analysis. In our research, we utilized a Hierarchical Atten- IAs. This simple approach, however, no longer works well on less or- tion Network (HAN)[51] to capture the sentences carrying such ganized documents, like those for most C libraries, such as OpenSSL, a sentiment when the entities (API names, parameters) under the where IA descriptions can be hard to fit into any fixed templates: constraint (as expressed by the sentiment) can be controlled by the as an example, we ran the code released by the prior research on API caller (Section 3.2). This has been done by training a classifier OpenSSL and only observed accuracy of 49% (Section 5.3). How to named S-HAN on 5,186 annotated data items, which is shown to effectively identify the API constraints from such documents turns work effectively in inferring IA sentences from library documents. out to be nontrivial. Also discovered in our research is the pervasiveness of similar IA Also the challenge is to automatically analyze each IA and de- components within a document and in some cases, across different termine a program’s compliance with the assumption. The prior libraries. These components imply common assumption (constraint) research maps a set of predicates on pre- and post-conditions to types for certain kinds of operations, which are often among the formal expressions (e.g., “greater” to “¡”) [44]. Less known is how most important and can be security critical. For example, “... is these predicates are selected and whether they are representative. not threadsafe”, an expression describing thread safety; “... must be Most concerning is the missing of semantic analysis on context freed by...”, an IA asking for resource release – an operation with a conditions (except on API order [42, 54]), which can describe the significant security
Load more

Recommended publications
  • Nix on SHARCNET
    Nix on SHARCNET Tyson Whitehead May 14, 2015 Nix Overview An enterprise approach to package management I a package is a specific piece of code compiled in a specific way I each package is entirely self contained and does not change I each users select what packages they want and gets a custom enviornment https://nixos.org/nix Ships with several thousand packages already created https://nixos.org/nixos/packages.html SHARCNET What this adds to SHARCNET I each user can have their own custom environments I environments should work everywhere (closed with no external dependencies) I several thousand new and newer packages Current issues (first is permanent, second will likely be resolved) I newer glibc requires kernel 2.6.32 so no requin I package can be used but not installed/removed on viz/vdi https: //sourceware.org/ml/libc-alpha/2014-01/msg00511.html Enabling Nix Nix is installed under /home/nixbld on SHARCNET. Enable for a single sessiong by running source /home/nixbld/profile.d/nix-profile.sh To always enable add this to the end of ~/.bash_profile echo source /home/nixbld/profile.d/nix-profile.sh \ >> ~/.bash_profile Reseting Nix A basic reset is done by removing all .nix* files from your home directory rm -fr ~/.nix* A complete reset done by remove your Nix per-user directories rm -fr /home/nixbld/var/nix/profile/per-user/$USER rm -fr /home/nixbld/var/nix/gcroots/per-user/$USER The nix-profile.sh script will re-create these with the defaults next time it runs. Environment The nix-env commands maintains your environments I query packages (available and installed) I create a new environment from current one by adding packages I create a new environment from current one by removing packages I switching between existing environments I delete unused environements Querying Packages The nix-env {--query | -q} ..
    [Show full text]
  • Downloads." the Open Information Security Foundation
    Performance Testing Suricata The Effect of Configuration Variables On Offline Suricata Performance A Project Completed for CS 6266 Under Jonathon T. Giffin, Assistant Professor, Georgia Institute of Technology by Winston H Messer Project Advisor: Matt Jonkman, President, Open Information Security Foundation December 2011 Messer ii Abstract The Suricata IDS/IPS engine, a viable alternative to Snort, has a multitude of potential configurations. A simplified automated testing system was devised for the purpose of performance testing Suricata in an offline environment. Of the available configuration variables, seventeen were analyzed independently by testing in fifty-six configurations. Of these, three variables were found to have a statistically significant effect on performance: Detect Engine Profile, Multi Pattern Algorithm, and CPU affinity. Acknowledgements In writing the final report on this endeavor, I would like to start by thanking four people who made this project possible: Matt Jonkman, President, Open Information Security Foundation: For allowing me the opportunity to carry out this project under his supervision. Victor Julien, Lead Programmer, Open Information Security Foundation and Anne-Fleur Koolstra, Documentation Specialist, Open Information Security Foundation: For their willingness to share their wisdom and experience of Suricata via email for the past four months. John M. Weathersby, Jr., Executive Director, Open Source Software Institute: For allowing me the use of Institute equipment for the creation of a suitable testing
    [Show full text]
  • FFV1, Matroska, LPCM (And More)
    MediaConch Implementation and policy checking on FFV1, Matroska, LPCM (and more) Jérôme Martinez, MediaArea Innovation Workshop ‑ March 2017 What is MediaConch? MediaConch is a conformance checker Implementation checker Policy checker Reporter Fixer What is MediaConch? Implementation and Policy reporter What is MediaConch? Implementation report: Policy report: What is MediaConch? General information about your files What is MediaConch? Inspect your files What is MediaConch? Policy editor What is MediaConch? Public policies What is MediaConch? Fixer Segment sizes in Matroska Matroska “bit flip” correction FFV1 “bit flip” correction Integration Archivematica is an integrated suite of open‑source software tools that allows users to process digital objects from ingest to access in compliance with the ISO‑OAIS functional model MediaConch interfaces Graphical interface Web interface Command line Server (REST API) (Work in progress) a library (.dll/.so/.dylib) MediaConch output formats XML (native format) Text HTML (Work in progress) PDF Tweakable! (with XSL) Open source GPLv3+ and MPLv2+ Relies on MediaInfo (metadata extraction tool) Use well‑known open source libraries: Qt, sqlite, libevent, libxml2, libxslt, libexslt... Supported formats Priorities for the implementation checker Matroska FFV1 PCM Can accept any format supported by MediaInfo for the policy checker MXF + JP2k QuickTime/MOV Audio files (WAV, BWF, AIFF...) ... Supported formats Can be expanded By plugins Support of PDF checker: VeraPDF plugin Support of TIFF checker: DPF Manager plugin You use another checker? Let us know By internal development More tests on your preferred format is possible It depends on you! Versatile Several input formats are accepted FFV1 from MOV or AVI Matroska with other video formats (Work in progress) Extraction of a PDF or TIFF aachement from a Matroska container and analyze with a plugin (e.g.
    [Show full text]
  • Feature-Oriented Defect Prediction: Scenarios, Metrics, and Classifiers
    1 Feature-Oriented Defect Prediction: Scenarios, Metrics, and Classifiers Mukelabai Mukelabai, Stefan Strüder, Daniel Strüber, Thorsten Berger Abstract—Software defects are a major nuisance in software development and can lead to considerable financial losses or reputation damage for companies. To this end, a large number of techniques for predicting software defects, largely based on machine learning methods, has been developed over the past decades. These techniques usually rely on code-structure and process metrics to predict defects at the granularity of typical software assets, such as subsystems, components, and files. In this paper, we systematically investigate feature-oriented defect prediction: predicting defects at the granularity of features—domain-entities that abstractly represent software functionality and often cross-cut software assets. Feature-oriented prediction can be beneficial, since: (i) particular features might be more error-prone than others, (ii) characteristics of features known as defective might be useful to predict other error-prone features, and (iii) feature-specific code might be especially prone to faults arising from feature interactions. We explore the feasibility and solution space for feature-oriented defect prediction. We design and investigate scenarios, metrics, and classifiers. Our study relies on 12 software projects from which we analyzed 13,685 bug-introducing and corrective commits, and systematically generated 62,868 training and test datasets to evaluate the designed classifiers, metrics, and scenarios. The datasets were generated based on the 13,685 commits, 81 releases, and 24, 532 permutations of our 12 projects depending on the scenario addressed. We covered scenarios, such as just-in-time (JIT) and cross-project defect prediction.
    [Show full text]
  • Creating Custom Debian Live for USB FD with Encrypted Persistence
    Creating Custom Debian Live for USB FD with Encrypted Persistence INTRO Debian is a free operating system (OS) for your computer. An operating system is the set of basic programs and utilities that make your computer run. Debian provides more than a pure OS: it comes with over 43000 packages, precompiled software bundled up in a nice format for easy installation on your machine. PRE-REQ * Debian distro installed * Free Disk Space (Depends on you) Recommended Free Space >20GB * Internet Connection Fast * USB Flash Drive atleast 4GB Installing Required Softwares on your distro: Open Root Terminal or use sudo: $ sudo apt-get install debootstrap syslinux squashfs-tools genisoimage memtest86+ rsync apt-cacher-ng live-build live-config live-boot live-boot-doc live-config-doc live-manual live-tools live-manual-pdf qemu-kvm qemu-utils virtualbox virtualbox-qt virtualbox-dkms p7zip-full gparted mbr dosfstools parted Configuring APT Proxy Server (to save bandwidth) Start apt-cacher-ng service if not running # service apt-cacher-ng start Edit /etc/apt/sources.list with your favorite text editor. Terminal # nano /etc/apt/sources.list Output: (depends on your APT Mirror configuration) deb http://security.debian.org/ jessie/updates main contrib non-free deb http://http.debian.org/debian jessie main contrib non-free deb http://ftp.debian.org/debian jessie main contrib non-free Add “localhost:3142” : deb http://localhost:3142/security.debian.org/ jessie/updates main contrib non-free deb http://localhost:3142/http.debian.org/debian jessie main contrib non-free deb http://localhost:3142/ftp.debian.org/debian jessie main contrib non-free Press Ctrl + X and Y to save changes Terminal # apt-get update # apt-get upgrade NOTE: BUG in Debian Live.
    [Show full text]
  • Camcorder Multimedia Framework with Linux and Gstreamer
    Camcorder multimedia framework with Linux and GStreamer W. H. Lee, E. K. Kim, J. J. Lee , S. H. Kim, S. S. Park SWL, Samsung Electronics [email protected] Abstract Application Applications Layer Along with recent rapid technical advances, user expec- Multimedia Middleware Sequencer Graphics UI Connectivity DVD FS tations for multimedia devices have been changed from Layer basic functions to many intelligent features. In order to GStreamer meet such requirements, the product requires not only a OSAL HAL OS Layer powerful hardware platform, but also a software frame- Device Software Linux Kernel work based on appropriate OS, such as Linux, support- Drivers codecs Hardware Camcorder hardware platform ing many rich development features. Layer In this paper, a camcorder framework is introduced that is designed and implemented by making use of open Figure 1: Architecture diagram of camcorder multime- source middleware in Linux. Many potential develop- dia framework ers can be referred to this multimedia framework for camcorder and other similar product development. The The three software layers on any hardware platform are overall framework architecture as well as communica- application, middleware, and OS. The architecture and tion mechanisms are described in detail. Furthermore, functional operation of each layer is discussed. Addi- many methods implemented to improve the system per- tionally, some design and implementation issues are ad- formance are addressed as well. dressed from the perspective of system performance. The overall software architecture of a multimedia 1 Introduction framework is described in Section 2. The framework design and its operation are introduced in detail in Sec- It has recently become very popular to use the internet to tion 3.
    [Show full text]
  • PDF Documentation
    lxml 2019-03-26 Contents Contents 2 I lxml 13 1 lxml 14 Introduction................................................. 14 Documentation............................................... 14 Download.................................................. 15 Mailing list................................................. 16 Bug tracker................................................. 16 License................................................... 16 Old Versions................................................. 16 2 Why lxml? 18 Motto.................................................... 18 Aims..................................................... 18 3 Installing lxml 20 Where to get it................................................ 20 Requirements................................................ 20 Installation................................................. 21 MS Windows............................................. 21 Linux................................................. 21 MacOS-X............................................... 21 Building lxml from dev sources....................................... 22 Using lxml with python-libxml2...................................... 22 Source builds on MS Windows....................................... 22 Source builds on MacOS-X......................................... 22 4 Benchmarks and Speed 23 General notes................................................ 23 How to read the timings........................................... 24 Parsing and Serialising........................................... 24 The ElementTree
    [Show full text]
  • Using XSL and Mod Transform in Apache Applications
    Using XSL and mod_transform in Apache Applications Paul Querna [email protected] What is XSL? ● Extensible Stylesheet Language (XSL) ● A family of Standards for XML by the W3C: – XSL Transformations (XSLT) – XML Path Language (Xpath) – XSL Formatting Objects (XSL-FO) XSLT Example <?xml version="1.0"?> <xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" version="1.0"> <xsl:template match="/"> <html> <head><title>A Message</title></head> <body> <h1> <xsl:value-of select="message" /> </h1> </body> </html> </xsl:template> </xsl:stylesheet> Data Source... <?xml version="1.0"?> <message>Hello World</message> Outputs... <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>A Message</title> </head> <body> <h1>Hello World</h1> </body> </html> Why is XSLT good? ● Mixing Data and Presentation is bad! – Keeps Data in a clean XML schema – Keeps the Presentation of this Data separate ● XSLT is XML ● Easy to Extend ● Put HTML or other Markups directly in the XSLT. – Easy for Web Developers to create a template Why is XSLT bad? ● XSLT is XML ● Complicated XSLT can be slow ● Yet another language to learn Where does Apache fit in this? ● Apache 2.0 has Filters! Input Handlers Client Filters (Perl, PHP, Proxy, File) Output Filters mod_include (SSI) mod_transform (XSLT) mod_deflate (gzip) mod_transform ● Uses libXML2 and libXSLT from Gnome – C API ● Doesn't depend on other Gnome Libs. – Provides: ● EXSLT ● XInclude ● XPath ● Xpointer ● ... and more Static XML Files ● AddOutputFilter XSLT .xml ● TransformSet /xsl/foo.xsl – Only if your XML does not specify a XSL File ● TransformOptions +ApacheFS – Uses Sub-Requests to find files – Makes mod_transform work like Apache AxKit Dynamic Sources ● XML Content Types: – AddOutputFilterByType XSLT application/xml ● Controlled Content Types: – AddOutputFilterByType XSLT applicain/needs- xslt ● Works for Proxied Content, PHP, mod_perl, mod_python, CGI, SSI, etc.
    [Show full text]
  • Xml2’ April 23, 2020 Title Parse XML Version 1.3.2 Description Work with XML files Using a Simple, Consistent Interface
    Package ‘xml2’ April 23, 2020 Title Parse XML Version 1.3.2 Description Work with XML files using a simple, consistent interface. Built on top of the 'libxml2' C library. License GPL (>=2) URL https://xml2.r-lib.org/, https://github.com/r-lib/xml2 BugReports https://github.com/r-lib/xml2/issues Depends R (>= 3.1.0) Imports methods Suggests covr, curl, httr, knitr, magrittr, mockery, rmarkdown, testthat (>= 2.1.0) VignetteBuilder knitr Encoding UTF-8 Roxygen list(markdown = TRUE) RoxygenNote 7.1.0 SystemRequirements libxml2: libxml2-dev (deb), libxml2-devel (rpm) Collate 'S4.R' 'as_list.R' 'xml_parse.R' 'as_xml_document.R' 'classes.R' 'init.R' 'paths.R' 'utils.R' 'xml_attr.R' 'xml_children.R' 'xml_find.R' 'xml_modify.R' 1 2 R topics documented: 'xml_name.R' 'xml_namespaces.R' 'xml_path.R' 'xml_schema.R' 'xml_serialize.R' 'xml_structure.R' 'xml_text.R' 'xml_type.R' 'xml_url.R' 'xml_write.R' 'zzz.R' R topics documented: as_list . .3 as_xml_document . .4 download_xml . .4 read_xml . .5 url_absolute . .8 url_escape . .9 url_parse . .9 write_xml . 10 xml2_example . 11 xml_attr . 11 xml_cdata . 13 xml_children . 13 xml_comment . 14 xml_document-class . 15 xml_dtd . 15 xml_find_all . 16 xml_name . 18 xml_new_document . 18 xml_ns . 19 xml_ns_strip . 20 xml_path . 21 xml_replace . 21 xml_serialize . 22 xml_set_namespace . 23 xml_structure . 23 xml_text . 24 xml_type . 25 xml_url . 25 xml_validate . 26 Index 27 as_list 3 as_list Coerce xml nodes to a list. Description This turns an XML document (or node or nodeset) into the equivalent R list. Note that this is as_list(), not as.list(): lapply() automatically calls as.list() on its inputs, so we can’t override the default. Usage as_list(x, ns = character(), ...) Arguments x A document, node, or node set.
    [Show full text]
  • Vorlage Für Dokumente Bei AI
    OSS Disclosure Document Date: 16-October-2017 BEG-VS OSS Licenses used in Alpine AS1 Project Page 1 Open Source Software Attributions for Alpine AS1 0046_170818 AI_PRJ_ALPINE_LINUX_17.0F17 This document is provided as part of the fulfillment of OSS license conditions and does not require users to take any action before or while using the product. © Bosch Engineering GmbH. All rights reserved, also regarding any disposal, exploitation, reproduction, editing, distribution, as well as in the event of applications for industrial property rights. OSS Disclosure Document Date: 16-October-2017 BEG-VS OSS Licenses used in Alpine AS1 Project Page 2 Table of content 1 Overview ............................................................................................................................................................. 12 2 OSS Licenses used in the project ......................................................................................................................... 12 3 Package details for OSS Licenses usage .............................................................................................................. 14 3.1 7 Zip - LZMA SDK ...................................................................................................................................... 14 3.2 ACL 2.2.51 ................................................................................................................................................... 14 3.3 Alsa Libraries 1.0.27.2 ................................................................................................................................
    [Show full text]
  • Vorlage Für Dokumente Bei AI
    OSS Disclosure Document Date: 27-Apr-2018 CM-AI/PJ-CC OSS Licenses used in Suzuki Project Page 1 Table of content 1 Overview ..................................................................................................................... 11 2 OSS Licenses used in the project ................................................................................... 11 3 Package details for OSS Licenses usage ........................................................................ 12 3.1 7 Zip - LZMA SDK ............................................................................................................. 12 3.2 ACL 2.2.51 ...................................................................................................................... 12 3.3 Alsa Libraries 1.0.27.2 ................................................................................................... 12 3.4 AES - Advanced Encryption Standard 1.0 ......................................................................... 12 3.5 Alsa Plugins 1.0.26 ........................................................................................................ 13 3.6 Alsa Utils 1.0.27.2 ......................................................................................................... 13 3.7 APMD 3.2.2 ................................................................................................................... 13 3.8 Atomic_ops .................................................................................................................... 13 3.9 Attr 2.4.46 ...................................................................................................................
    [Show full text]
  • INSTALL GTK-Ada X11 on MAC OS X
    INSTALL GTK-Ada X11 on MAC OS X 1) Install of GTK-Ada library Binaries for GTK-Ada for Mac aren't included in GPL 2011 release. They can be either built from source code (see next paragraph) or downloaded from Source Forge (what we are going to do in this paragraph). Download the following file on Mac desktop: . GTKAda : "gtkada-gpl-2011-x11-x86_64-apple-darwin10.8.0-bin.tgz", from Source Forge "http://sourceforge.net/projects/gnuada/files/GNAT_GPL %20Mac%20OS%20X/2011-snow-leopard". Launch Terminal from admin and type the following commands to install it for instance at /usr/local: $ cd /usr/local $ sudo tar xzf ~/Desktop/gtkada-gpl-2011-x11-x86_64-apple- darwin10.8.0-bin.tgz GTK, GTKAda and Glade are then installed in directory: /usr/local/gtk-2011 For a common usage, type the following commands: $ echo 'PATH=/usr/local/gtk-2011/bin:$PATH' >> ~/.profile $ echo 'PATH=/usr/local/gtk-2011/bin:$PATH' >> ~/.bashrc $ echo 'export GPR_PROJECT_PATH=/usr/local/gtk-2011/lib/gnat: $GPR_PROJECT_PATH' >> ~/.profile $ echo 'export GPR_PROJECT_PATH=/usr/local/gtk-2011/lib/gnat: $GPR_PROJECT_PATH' >> ~/.bashrc For a temporary usage, type the following commands each time: $ PATH=/usr/local/gtk-2011/bin:$PATH $ export GPR_PROJECT_PATH=/usr/local/gtk-2011/lib/gnat: $GPR_PROJECT_PATH Examples in Ada are available in: usr/local/gtk-2011/share/examples/gtkada. Documentation is available in HTML format in /usr/local/gtk-2011/share/doc/gtkada and /usr/local/gtk-2011/share/ gtk-doc/html: $ open /usr/local/gtk-2011/share/doc/gtkada/gtkada_rm/index.html $ open /usr/local/gtk-2011/share/doc/gtkada/gtkada_ug/gtkada_ug.html $ open /usr/local/gtk-2011/share/gtk-doc/html/gtk/index.html See GTKAda use with an example on Blady.
    [Show full text]