DOCSLIB.ORG

Intflow: Integer Error Handling with Information Flow Tracking

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Intflow: Integer Error Handling with Information Flow Tracking IntFlow: Integer Error Handling With Information Flow Tracking Marios Pomonis Theofilos Petsios Kangkook Jee Michalis Polychronakis Angelos D. Keromytis December 7, 2014 Columbia University [email protected] IntFlow Columbia University 1 / 29 Integer Error [email protected] IntFlow Columbia University 2 / 29 Example 1. img t *table ptr; 2. unsigned int num imgs = get num imgs(); 3. unsigned int alloc size = sizeof(img t) * num imgs; 4. table ptr = (img t *) malloc(alloc size); 5. for (i = 0; i < num imgs; i++) 6. table ptr[i] = read img(i); [email protected] IntFlow Columbia University 3 / 29 Integer Errors Mathematical representation vs machine representation Instances: Integer overflow/underflow Precision loss Signedness change [email protected] IntFlow Columbia University 4 / 29 Characteristics Mainly C/C++ specific: Signed integers only (Java, Python) Overflow protection (Python) Undefined: Negative ! unsigned INT MAX + 1 Optimizations Expected behavior [email protected] IntFlow Columbia University 5 / 29 Importance Can lead to buffer overflows, memory leaks etc... Integral part of exploits Erroneous memory allocation Integer overflow in top 25 most dangerous software errors > 50 vulnerability reports (CVE) in 2014 QuickTime ! Signedness change launchd (iOS) ! Integer overflow Wireshark ! Signedness change Google Chrome ! Integer overflow [email protected] IntFlow Columbia University 6 / 29 Integer Overflow Checker (IOC)[ICSE2012] Clang AST /* a = b + c */ Dangerous operation bool error = false; Static: operation ! a = safe add(b, c, error); safe function if (error) Dynamic: detect report(); errors Report and (optionally) abort Clang trunk v3.3 [email protected] IntFlow Columbia University 7 / 29 Integer Overflow Checker (IOC)[ICSE2012] Dynamic detection mechanism Offline use Input set from user [email protected] IntFlow Columbia University 8 / 29 IOC Issue Overly comprehensive Lack of severity level Error 6= vulnerability [email protected] IntFlow Columbia University 9 / 29 Developer Intended Violations Idioms ! errors Examples Controlled umax = (unsigned) -1; Expected bahavior neg = (char) INT MAX; Not affected by smax = 1 << (WIDTH - 1) - 1; attacker smax++; IOC ! report all Large list Manually distill critical errors [email protected] IntFlow Columbia University 10 / 29 Intflow Goals: 1. Eliminate reports of developer intended violations 2. Retain and highlight critical error reports [email protected] IntFlow Columbia University 11 / 29 IntFlow Challenges: 1. Can we identify potential vulnerabilities? 2. Can we identify potentially exploitable vulnerabilities? 3. Can we do it accurately? [email protected] IntFlow Columbia University 12 / 29 Critical Arithmetic Errors An error is potentially critical if: 1. Untrusted source ! arithmetic error e.g. read(), getenv()... OR 2. Arithmetic error ! sensitive sink e.g. *alloc(), strcpy()... [email protected] IntFlow Columbia University 13 / 29 IntFlow: Architecture [email protected] IntFlow Columbia University 14 / 29 Static Information Flow Tracking Set of techniques analyzing data-flow Common compiler methodology Distinguishes flows to/from integer operations Pros Cons 3 No runtime 7 Accuracy overhead 7 Scalability 3 Coverage [email protected] IntFlow Columbia University 15 / 29 IntFlow: Architecture [email protected] IntFlow Columbia University 16 / 29 Backward Slicing: Operation ! Sources [email protected] IntFlow Columbia University 17 / 29 Forward Slicing: Source ! Operation [email protected] IntFlow Columbia University 18 / 29 Forward Slicing: Source ! Operation [email protected] IntFlow Columbia University 19 / 29 Sources Examination If sources = trusted ! result = developer intended [email protected] IntFlow Columbia University 20 / 29 Remove IOC Check [email protected] IntFlow Columbia University 21 / 29 IntFlow: Architecture [email protected] IntFlow Columbia University 22 / 29 Sensitive Operations Dynamic detection Operations ! sensitive functions Operation ! bit Check before a sensitive function Report if any bit set [email protected] IntFlow Columbia University 23 / 29 Modes Of Operation Blacklisting mode Untrusted sources ! operation Whitelisting mode Trusted sources ! operation Sensitive mode Operation ! sensitive sinks Combination of modes Blacklisting/Whitelisting + Sensitive " Confidence - # Completeness [email protected] IntFlow Columbia University 24 / 29 Evaluation Whitelisting mode Flexible Context agnostic 3 Untrusted sources 3 Error propagation Upper bound on report number [email protected] IntFlow Columbia University 25 / 29 SPEC CINT2000 250 IOC Intended IntFlow Intended 200 IOC Critical IntFlow Critical 150 100 40 30 20 10 Number of Reported Arithmetic Errors 0 gzip vpr gcc crafty parser perlbmk gap vortex [email protected] IntFlow Columbia University 26 / 29 Real-world Applications Detected vulnerabilities: CVE Number Application Error Type CVE-2009-3481 Dillo Integer Overflow CVE-2012-3481 GIMP Integer Overflow CVE-2010-1516 Swftools Integer Overflow CVE-2013-6489 Pidgin Signedness Change Produced reports Overall Dillo GIMP Swftools Pidgin IOC 330 31 231 68 0 IntFlow 82 26 13 43 0 [email protected] IntFlow Columbia University 27 / 29 Runtime Overhead Offline use CPU-bound (e.g. grep): 50-80% IO-bound (e.g. nginx): 20% [email protected] IntFlow Columbia University 28 / 29 Summary Coupled IFT with IOC Identified critical errors Focused on potentially exploitable vulnerabilities Code: http://nsl.cs.columbia.edu/projects/intflow [email protected] IntFlow Columbia University 29 / 29 Bonus Backup Slides [email protected] IntFlow Columbia University 29 / 29 Runtime Overhead 2 Whitelisting 1.9 Blacklisting 1.8 Sensitive 1.7 1.6 1.5 1.4 1.3 1.2 1.1 1 0.9 Slowdown (normalized) 0.8 0.7 0.6 0.5 grep wget wwwx zshx tcpdump cher nginx [email protected] IntFlow Columbia University 29 / 29 Additional Evaluation Results Independent stress test (red team) Artificial vulnerabilities in popular applications IO Inputs Good: no exploit ! normal execution Bad: exploit ! detect and abort TP+TN Aggregate result ( Total ): 79.30% [email protected] IntFlow Columbia University 29 / 29.
Load more

Recommended publications
  • Create Union Variables Difference Between Unions and Structures
    Union is a user-defined data type similar to a structure in C programming. How to define a union? We use union keyword to define unions. Here's an example: union car { char name[50]; int price; }; The above code defines a user define data type union car. Create union variables When a union is defined, it creates a user-define type. However, no memory is allocated. To allocate memory for a given union type and work with it, we need to create variables. Here's how we create union variables: union car { char name[50]; int price; } car1, car2, *car3; In both cases, union variables car1, car2, and a union pointer car3 of union car type are created. How to access members of a union? We use . to access normal variables of a union. To access pointer variables, we use ->operator. In the above example, price for car1 can be accessed using car1.price price for car3 can be accessed using car3->price Difference between unions and structures Let's take an example to demonstrate the difference between unions and structures: #include <stdio.h> union unionJob { //defining a union char name[32]; float salary; int workerNo; } uJob; struct structJob { char name[32]; float salary; int workerNo; } sJob; main() { printf("size of union = %d bytes", sizeof(uJob)); printf("\nsize of structure = %d bytes", sizeof(sJob)); } Output size of union = 32 size of structure = 40 Why this difference in size of union and structure variables? The size of structure variable is 40 bytes. It's because: size of name[32] is 32 bytes size of salary is 4 bytes size of workerNo is 4 bytes However, the size of union variable is 32 bytes.
    [Show full text]
  • The Pros of Cons: Programming with Pairs and Lists
    The Pros of cons: Programming with Pairs and Lists CS251 Programming Languages Spring 2016, Lyn Turbak Department of Computer Science Wellesley College Racket Values • booleans: #t, #f • numbers: – integers: 42, 0, -273 – raonals: 2/3, -251/17 – floang point (including scien3fic notaon): 98.6, -6.125, 3.141592653589793, 6.023e23 – complex: 3+2i, 17-23i, 4.5-1.4142i Note: some are exact, the rest are inexact. See docs. • strings: "cat", "CS251", "αβγ", "To be\nor not\nto be" • characters: #\a, #\A, #\5, #\space, #\tab, #\newline • anonymous func3ons: (lambda (a b) (+ a (* b c))) What about compound data? 5-2 cons Glues Two Values into a Pair A new kind of value: • pairs (a.k.a. cons cells): (cons v1 v2) e.g., In Racket, - (cons 17 42) type Command-\ to get λ char - (cons 3.14159 #t) - (cons "CS251" (λ (x) (* 2 x)) - (cons (cons 3 4.5) (cons #f #\a)) Can glue any number of values into a cons tree! 5-3 Box-and-pointer diagrams for cons trees (cons v1 v2) v1 v2 Conven3on: put “small” values (numbers, booleans, characters) inside a box, and draw a pointers to “large” values (func3ons, strings, pairs) outside a box. (cons (cons 17 (cons "cat" #\a)) (cons #t (λ (x) (* 2 x)))) 17 #t #\a (λ (x) (* 2 x)) "cat" 5-4 Evaluaon Rules for cons Big step seman3cs: e1 ↓ v1 e2 ↓ v2 (cons) (cons e1 e2) ↓ (cons v1 v2) Small-step seman3cs: (cons e1 e2) ⇒* (cons v1 e2); first evaluate e1 to v1 step-by-step ⇒* (cons v1 v2); then evaluate e2 to v2 step-by-step 5-5 cons evaluaon example (cons (cons (+ 1 2) (< 3 4)) (cons (> 5 6) (* 7 8))) ⇒ (cons (cons 3 (< 3 4))
    [Show full text]
  • The Use of UML for Software Requirements Expression and Management
    The Use of UML for Software Requirements Expression and Management Alex Murray Ken Clark Jet Propulsion Laboratory Jet Propulsion Laboratory California Institute of Technology California Institute of Technology Pasadena, CA 91109 Pasadena, CA 91109 818-354-0111 818-393-6258 [email protected] [email protected] Abstract— It is common practice to write English-language 1. INTRODUCTION ”shall” statements to embody detailed software requirements in aerospace software applications. This paper explores the This work is being performed as part of the engineering of use of the UML language as a replacement for the English the flight software for the Laser Ranging Interferometer (LRI) language for this purpose. Among the advantages offered by the of the Gravity Recovery and Climate Experiment (GRACE) Unified Modeling Language (UML) is a high degree of clarity Follow-On (F-O) mission. However, rather than use the real and precision in the expression of domain concepts as well as project’s model to illustrate our approach in this paper, we architecture and design. Can this quality of UML be exploited have developed a separate, ”toy” model for use here, because for the definition of software requirements? this makes it easier to avoid getting bogged down in project details, and instead to focus on the technical approach to While expressing logical behavior, interface characteristics, requirements expression and management that is the subject timeliness constraints, and other constraints on software using UML is commonly done and relatively straight-forward, achiev- of this paper. ing the additional aspects of the expression and management of software requirements that stakeholders expect, especially There is one exception to this choice: we will describe our traceability, is far less so.
    [Show full text]
  • Data Structures, Buffers, and Interprocess Communication
    Data Structures, Buffers, and Interprocess Communication We’ve looked at several examples of interprocess communication involving the transfer of data from one process to another process. We know of three mechanisms that can be used for this transfer: - Files - Shared Memory - Message Passing The act of transferring data involves one process writing or sending a buffer, and another reading or receiving a buffer. Most of you seem to be getting the basic idea of sending and receiving data for IPC… it’s a lot like reading and writing to a file or stdin and stdout. What seems to be a little confusing though is HOW that data gets copied to a buffer for transmission, and HOW data gets copied out of a buffer after transmission. First… let’s look at a piece of data. typedef struct { char ticker[TICKER_SIZE]; double price; } item; . item next; . The data we want to focus on is “next”. “next” is an object of type “item”. “next” occupies memory in the process. What we’d like to do is send “next” from processA to processB via some kind of IPC. IPC Using File Streams If we were going to use good old C++ filestreams as the IPC mechanism, our code would look something like this to write the file: // processA is the sender… ofstream out; out.open(“myipcfile”); item next; strcpy(next.ticker,”ABC”); next.price = 55; out << next.ticker << “ “ << next.price << endl; out.close(); Notice that we didn’t do this: out << next << endl; Why? Because the “<<” operator doesn’t know what to do with an object of type “item”.
    [Show full text]
  • Bits, Bytes and Integers ‘
    Bits, Bytes and Integers ‘- Karthik Dantu Ethan Blanton Computer Science and Engineering University at Buffalo [email protected] 1 Karthik Dantu Administrivia • PA1 due this Friday – test early and often! We cannot help everyone on Friday! Don’t expect answers on Piazza into the night and early morning • Avoid using actual numbers (80, 24 etc.) – use macros! • Lab this week is on testing ‘- • Programming best practices • Lab Exam – four students have already failed class! Lab exams are EXAMS – no using the Internet, submitting solutions from dorm, home Please don’t give code/exam to friends – we will know! 2 Karthik Dantu Everything is Bits • Each bit is 0 or 1 • By encoding/interpreting sets of bits in various ways Computers determine what to do (instructions) … and represent and manipulate numbers, sets, strings, etc… • Why bits? Electronic Implementation‘- Easy to store with bistable elements Reliably transmitted on noisy and inaccurate wires 0 1 0 1.1V 0.9V 0.2V 0.0V 3 Karthik Dantu Memory as Bytes • To the computer, memory is just bytes • Computer doesn’t know data types • Modern processor can only manipulate: Integers (Maybe only single bits) Maybe floating point numbers ‘- … repeat ! • Everything else is in software 4 Karthik Dantu Reminder: Computer Architecture ‘- 5 Karthik Dantu Buses • Each bus has a width, which is literally the number of wires it has • Each wire transmits one bit per transfer • Each bus transfer is of that width, though some bits might be ignored • Therefore, memory has a word size from‘-the viewpoint of
    [Show full text]
  • Java for Scientific Computing, Pros and Cons
    Journal of Universal Computer Science, vol. 4, no. 1 (1998), 11-15 submitted: 25/9/97, accepted: 1/11/97, appeared: 28/1/98 Springer Pub. Co. Java for Scienti c Computing, Pros and Cons Jurgen Wol v. Gudenb erg Institut fur Informatik, Universitat Wurzburg wol @informatik.uni-wuerzburg.de Abstract: In this article we brie y discuss the advantages and disadvantages of the language Java for scienti c computing. We concentrate on Java's typ e system, investi- gate its supp ort for hierarchical and generic programming and then discuss the features of its oating-p oint arithmetic. Having found the weak p oints of the language we pro- p ose workarounds using Java itself as long as p ossible. 1 Typ e System Java distinguishes b etween primitive and reference typ es. Whereas this distinc- tion seems to b e very natural and helpful { so the primitives which comprise all standard numerical data typ es have the usual value semantics and expression concept, and the reference semantics of the others allows to avoid p ointers at all{ it also causes some problems. For the reference typ es, i.e. arrays, classes and interfaces no op erators are available or may b e de ned and expressions can only b e built by metho d calls. Several variables may simultaneously denote the same ob ject. This is certainly strange in a numerical setting, but not to avoid, since classes have to b e used to intro duce higher data typ es. On the other hand, the simple hierarchy of classes with the ro ot Object clearly b elongs to the advantages of the language.
    [Show full text]
  • A Metaobject Protocol for Fault-Tolerant CORBA Applications
    A Metaobject Protocol for Fault-Tolerant CORBA Applications Marc-Olivier Killijian*, Jean-Charles Fabre*, Juan-Carlos Ruiz-Garcia*, Shigeru Chiba** *LAAS-CNRS, 7 Avenue du Colonel Roche **Institute of Information Science and 31077 Toulouse cedex, France Electronics, University of Tsukuba, Tennodai, Tsukuba, Ibaraki 305-8573, Japan Abstract The corner stone of a fault-tolerant reflective The use of metalevel architectures for the architecture is the MOP. We thus propose a special implementation of fault-tolerant systems is today very purpose MOP to address the problems of general-purpose appealing. Nevertheless, all such fault-tolerant systems ones. We show that compile-time reflection is a good have used a general-purpose metaobject protocol (MOP) approach for developing a specialized runtime MOP. or are based on restricted reflective features of some The definition and the implementation of an object-oriented language. According to our past appropriate runtime metaobject protocol for implementing experience, we define in this paper a suitable metaobject fault tolerance into CORBA applications is the main protocol, called FT-MOP for building fault-tolerant contribution of the work reported in this paper. This systems. We explain how to realize a specialized runtime MOP, called FT-MOP (Fault Tolerance - MetaObject MOP using compile-time reflection. This MOP is CORBA Protocol), is sufficiently general to be used for other aims compliant: it enables the execution and the state evolution (mobility, adaptability, migration, security). FT-MOP of CORBA objects to be controlled and enables the fault provides a mean to attach dynamically fault tolerance tolerance metalevel to be developed as CORBA software. strategies to CORBA objects as CORBA metaobjects, enabling thus these strategies to be implemented as 1 .
    [Show full text]
  • Fixed-Size Integer Types Bit Manipulation Integer Types
    SISTEMI EMBEDDED AA 2012/2013 Fixed-size integer types Bit Manipulation Integer types • 2 basic integer types: char, int • and some type-specifiers: – sign: signed, unsigned – size: short, long • The actual size of an integer type depends on the compiler implementation – sizeof(type) returns the size (in number of bytes) used to represent the type argument – sizeof(char) ≤ sizeof(short) ≤ sizeof(int) ≤ sizeof(long)... ≤ sizeof(long long) Fixed-size integers (1) • In embedded system programming integer size is important – Controlling minimum and maximum values that can be stored in a variable – Increasing efficiency in memory utilization – Managing peripheral registers • To increase software portability, fixed-size integer types can be defined in a header file using the typedef keyword Fixed-size integers (2) • C99 update of the ISO C standard defines a set of standard names for signed and unsigned fixed-size integer types – 8-bit: int8_t, uint8_t – 16-bit: int16_t, uint16_t – 32-bit: int32_t, uint32_t – 64-bit: int64_t, uint64_t • These types are defined in the library header file stdint.h Fixed-size integers (3) • Altera HAL provides the header file alt_types.h with definition of fixed-size integer types: typedef signed char alt_8; typedef unsigned char alt_u8; typedef signed short alt_16; typedef unsigned short alt_u16; typedef signed long alt_32; typedef unsigned long alt_u32; typedef long long alt_64; typedef unsigned long long alt_u64; Logical operators • Integer data can be interpreted as logical values in conditions (if, while,
    [Show full text]
  • Advanced Programming Techniques (Amazing C++) Bartosz Mindur Applied Physics and Computer Science Summer School '20
    Advanced Programming Techniques (Amazing C++) Bartosz Mindur Applied Physics and Computer Science Summer School '20 Kraków, 2020-07-16 [1 / 37] www.menti.com/28f8u5o5xr Which programming language do you use the most? cpp h s a b python a c v a y j csharp l b m e s s a 18 [2 / 37] Agenda References C++ history C++11/14 - must be used C++17 - should be used C++20 - may (eventually) be used ... [3 / 37] www.menti.com/uaw75janh7 What is your current knowledge of C++? Core C++ 3.1 C++ STL ! e k e 2.2 i l n o d o N C++ 11/14 G 2.4 C++17 1.4 17 [4 / 37] References and tools [5 / 37] C++ links and cool stu C++ links Online tools ISO C++ Compiler Explorer cpp references cpp insights c & cpp programming cpp.sh #include <C++> repl.it LernCpp.com Quick Bench cplusplus.com Online GDB CppCon piaza.io CppCast codiva.io Bartek Filipek ... Oine tools CMake Valgrind GDB Docker Clang Static Analyzer [6 / 37] Things you (probably) already know well [7 / 37] C++ basics variables conversion and casts references implicit pointers explicit functions static statements dynamic loops exceptions declaration function templates initialization class templates operator overloading smart pointers classes basics of the STL constructors & destructor containers fields iterators methods algorithms inheritance building programs types compilation virtual functions linking polymorphism libraries multiple inheritance tools [8 / 37] www.menti.com/32rn4èy3j What is the most important C++ feature? polymorphism templates encapsulation s r e t n i e inheritance o c p n a s w hardware accessibility i e r e s g s n multithreading i a l generic programming c 8 [9 / 37] C++ history [10 / 37] The Design of C++ The Design of C++, a lecture by Bjarne Stroustrup This video has been recorded in March, 1994 [link] The Design of C++ , lecture by Bjarne Stroustr… Do obejrze… Udostępnij [11 / 37] C++ Timeline [link] [12 / 37] C++11/C++14 [13 / 37] Move semantics Value categories (simplied) Special members lvalue T::T(const T&& other) or T::T(T&& other) T& operator=(T&& other) e.g.
    [Show full text]
  • Malloc & Sizeof
    malloc & sizeof (pages 383-387 from Chapter 17) 1 Overview Whenever you declare a variable in C, you are effectively reserving one or more locations in the computerʼs memory to contain values that will be stored in that variable. The C compiler automatically allocates the correct amount of storage for the variable. In some cases, the size of the variable may not be known until run-time, such as in the case of where the user enters how many data items will be entered, or when data from a file of unknown size will be read in. The functions malloc and calloc allow the program to dynamically allocate memory as needed as the program is executing. 2 calloc and malloc The function calloc takes two arguments that specify the number of elements to be reserved, and the size of each element in bytes. The function returns a pointer to the beginning of the allocated storage area in memory, and the storage area is automatically set to 0. The function malloc works similarly, except that it takes only a single argument – the total number of bytes of storage to allocate, and also doesnʼt automatically set the storage area to 0. These functions are declared in the standard header file <stdlib.h>, which should be included in your program whenever you want to use these routines. 3 The sizeof Operator To determine the size of data elements to be reserved by calloc or malloc in a machine-independent way, the sizeof operator should be used. The sizeof operator returns the size of the specified item in bytes.
    [Show full text]
  • Mallocsample from Your SVN Repository
    DYNAMIC MEMORY ALLOCATION IN C CSSE 120—Rose Hulman Institute of Technology Final Exam Facts Date: Monday, May 24, 2010 Time: 6 p.m. to 10 p.m. Venue: O167 or O169 (your choice) Organization: A paper part and a computer part, similar to the first 2 exams. The paper part will emphasize both C and Python. You may bring two double-sided sheets of paper this time. There will be a portion in which we will ask you to compare and contrast C and Python language features and properties. The computer part will be in C. The computer part will be worth approximately 65% of the total. Q1-2 Sample Project for Today Check out 29-MallocSample from your SVN Repository Verify that it runs, get help if it doesn't Don’t worry about its code yet; we’ll examine it together soon. Memory Requirements Any variable requires a certain amount of memory. Primitives, such an int, double, and char, typically may require between 1 and 8 bytes, depending on the desired precision, architecture, and Operating System’s support. Complex variables such as structs, arrays, and strings typically require as many bytes as their components. How large is this? sizeof operator gives the number bytes needed to store a value typedef struct { sizeof(char) char* name; int year; sizeof(char*) double gpa; sizeof(int) } student; sizeof(float) sizeof(double) char* firstName; int terms; sizeof(student) double scores; sizeof(jose) student jose; printf("size of char is %d bytes.\n", sizeof(char)); Examine the beginning of main of 29-MallocSample.
    [Show full text]
  • Chapter 15 Functional Programming
    Topics Chapter 15 Numbers n Natural numbers n Haskell numbers Functional Programming Lists n List notation n Lists as a data type n List operations Chapter 15: Functional Programming 2 Numbers Natural Numbers The natural numbers are the numbers 0, 1, Haskell provides a sophisticated 2, and so on, used for counting. hierarchy of type classes for describing various kinds of numbers. Introduced by the declaration data Nat = Zero | Succ Nat Although (some) numbers are provided n The constructor Succ (short for ‘successor’) as primitives data types, it is has type Nat à Nat. theoretically possible to introduce them n Example: as an element of Nat the number 7 through suitable data type declarations. would be represented by Succ(Succ(Succ(Succ(Succ(Succ(Succ Zero)))))) Chapter 15: Functional Programming 3 Chapter 15: Functional Programming 4 Natural Numbers Natural Numbers Every natural number is represented by a Multiplication ca be defined by unique value of Nat. (x) :: Nat à Nat à Nat m x Zero = Zero On the other hand, not every value of Nat m x Succ n = (m x n) + m represents a well-defined natural number. n Example: ^, Succ ^, Succ(Succ ^) Nat can be a member of the type class Eq Addition ca be defined by instance Eq Nat where Zero == Zero = True (+) :: Nat à Nat à Nat Zero == Succ n = False m + Zero = m Succ m == Zero = False m + Succ n = Succ(m + n) Succ m == Succ n = (m == n) Chapter 15: Functional Programming 5 Chapter 15: Functional Programming 6 1 Natural Numbers Haskell Numbers Nat can be a member of the type class Ord instance
    [Show full text]