a type system for format strings
play

A Type System for Format Strings Konstantin Weitz weitzkon@uw.edu - PowerPoint PPT Presentation

Sep 25, 2022 •195 likes •791 views

A Type System for Format Strings Konstantin Weitz weitzkon@uw.edu Gene Kim genelkim@uw.edu Siwakorn Srisakaokul ping128@uw.edu Michael D. Ernst mernst@uw.edu 1 Format String APIs printf(name: %s age: %d, Konstantin, 25);

  1. A Type System for Format Strings Konstantin Weitz weitzkon@uw.edu Gene Kim genelkim@uw.edu Siwakorn Srisakaokul ping128@uw.edu Michael D. Ernst mernst@uw.edu 1

  2. Format String APIs printf(“name: %s age: %d”, “Konstantin”, 25); “name: Konstantin age: 25” 2

  3. Format String APIs printf(“name: %s age: %d”, “Konstantin”, 25); “name: Konstantin age: 25” Problem: easy to misuse 3

  4. Implications of Misuse ● Unintelligible Output printf(“cannot open %s”); > cannot open �oN� 4

  5. Implications of Misuse ● Unintelligible Output ● Program Crash printf(“%d”, “str”); 5

  6. Implications of Misuse ● Unintelligible Output ● Program Crash ● Security Vulnerability printf(“%.*d%n”, attack_code, 0, return_addr); 6

  7. Root Causes of Misuse ● Invalid Format String Syntax printf(“%y”); 7

  8. Root Causes of Misuse ● Invalid Format String Syntax ● Wrong Number of Arguments printf(“%d %s”, 42); 8

  9. Root Causes of Misuse ● Invalid Format String Syntax ● Wrong Number of Arguments ● Wrong Type of Arguments printf(“%d”, 7.0); 9

  10. Goal Statically guarantee that format methods are not misused 10

  11. Goal Statically guarantee that format methods are not misused ● Verify Format String Syntax 11

  12. Goal Statically guarantee that format methods are not misused ● Verify Format String Syntax ● Verify Number of Arguments 12

  13. Goal Statically guarantee that format methods are not misused ● Verify Format String Syntax ● Verify Number of Arguments ● Verify Type of Arguments 13

  14. Goal Statically guarantee that format methods are not misused ● Verify Format String Syntax ● Verify Number of Arguments ● Verify Type of Arguments ● Ease of Use 14

  15. Types Prevent Errors var fs; printf(fs, 5); 15

  16. Types Prevent Errors var fs; fs = 42; fs = “%y”; fs = “%d %c”; fs = “%f”; fs = “%d”; printf(fs, 5); 16

  17. Types Prevent Errors var fs; fs = 42; fs = “%y”; // invalid syntax fs = “%d %c”; // invalid number of args fs = “%f”; // invalid type of args fs = “%d”; printf(fs, 5); 17

  18. Types Prevent Errors String fs; fs = 42; fs = “%y”; // invalid syntax fs = “%d %c”; // invalid number of args fs = “%f”; // invalid type of args fs = “%d”; printf(fs, 5); 18

  19. Types Prevent Errors @Format String fs; fs = 42; fs = “%y”; // invalid syntax fs = “%d %c”; // invalid number of args fs = “%f”; // invalid type of args fs = “%d”; printf(fs, 5); 19

  20. Types Prevent Errors @Format(INT) String fs; fs = 42; fs = “%y”; // invalid syntax fs = “%d %c”; // invalid number of args fs = “%f”; // invalid type of args fs = “%d”; printf(fs, 5); 20

  21. Types Prevent Errors Conversion Category @Format(INT) String fs; fs = 42; fs = “%y”; // invalid syntax fs = “%d %c”; // invalid number of args fs = “%f”; // invalid type of args fs = “%d”; printf(fs, 5); 21

  22. Java Conversion Categories printf (“%d”, (T)v ); T ∈ = {Byte, Short, Integer, Long} 22

  23. Java Conversion Categories printf (“%f”, (T)v ); T ∈ = = {Byte, Short, Integer, Long} {Float, Double} 23

  24. Java Conversion Categories printf (“%s”, (T)v ); T ∈ = {Object, ...} = = {Byte, Short, Integer, Long} {Float, Double} 24

  25. Java Conversion Categories = {Object, ...} = = {Byte, Short, Integer, Long} {Float, Double} 25

  26. Java Conversion Categories = {Object, ...} = = {Byte, Short, Integer, Long} {Float, Double} 26

  27. Java Conversion Categories 27

  28. Subtyping @Format(FLOAT) String fs; printf (fs, 3.14); 28

  29. Subtyping @Format(FLOAT) String fs; fs = “%f” // ok fs = “%s” // ok: %s weaker than %f fs = “ ” // ok: argument ignored printf (fs, 3.14); 29

  30. Subtyping @Format(FLOAT) String fs; fs = “%f” // ok fs = “%s” // ok: %s weaker than %f fs = “ ” // ok: argument ignored printf (fs, 3.14); 30

  31. Subtyping @Format(FLOAT) String fs; fs = “%f” // ok fs = “%s” // ok: %s weaker than %f fs = “ ” // ok: argument ignored printf (fs, 3.14); 31

  32. Polymorphism void log(String fs, Object... args) { printf(fs, args); } log(“%f”, 3.14); log(“%d”, 1337); 32

  33. Polymorphism void log(@FormatFor(“args”) String fs, Object... args) { printf(fs, args); } log(“%f”, 3.14); log(“%d”, 1337); 33

  34. Complex Format Strings @Format(FLOAT,GENERAL) String fs = “%2$s = %1$+10.4f”; printf(fs, 3.14, “pi”); 34

  35. Type System Instantiation ● C's printf API “%s” ● Go's fmt module “%[1]s” ● Java's i18n API “{0}” ● Java's Formatter API “%1$s” 35

  36. Goal Statically guarantee that format methods are not misused ● Verify Format String Syntax ● Verify Number of Arguments ● Verify Type of Arguments ● Ease of Use 36

  37. Goal Statically guarantee that format methods are not misused ✔ Verify Format String Syntax ● Verify Number of Arguments ● Verify Type of Arguments ● Ease of Use 37

  38. Goal Statically guarantee that format methods are not misused ✔ Verify Format String Syntax ✔ Verify Number of Arguments ✔ Verify Type of Arguments ● Ease of Use 38

  39. Goal Statically guarantee that format methods are not misused ✔ Verify Format String Syntax ✔ Verify Number of Arguments ✔ Verify Type of Arguments ● Ease of Use ? 39

  40. Evaluation Project LoC Bugs Submit Fixed Hadoop 678k 3 2 Hive 538k 1 0 Lucene 664k 0 0 HBase 569k 2 2 Daikon 205k 95 95 FindBugs 122k 3 3 Total 2777k 104 102 Total 40

  41. Evaluation - Usage Efgort Project Format Type Annotations False Positives Bugs Calls @Format @FormatFor @Suppress Warnings Hadoop 332 20 6 22 3 Hive 213 0 1 7 1 Lucene 148 2 0 0 0 HBase 96 0 0 1 2 Daikon 1583 0 30 7 95 FindBugs 133 7 1 3 3 Total 2505 29 38 40 104 Total 41

  42. Evaluation - Usage Efgort Project Format Type Annotations False Positives Bugs Calls @Format @FormatFor @Suppress Warnings Hadoop 332 20 6 22 3 Hive 213 0 1 7 1 Lucene 148 2 0 0 0 HBase 96 0 0 1 2 Daikon 1583 0 30 7 95 FindBugs 133 7 1 3 3 Total 2505 29 38 40 104 Total Annotation Burden 107 42

  43. Evaluation - Usage Efgort Project Format Type Annotations False Positives Bugs Calls @Format @FormatFor @Suppress Warnings Hadoop 332 20 6 22 3 Hive 213 0 1 7 1 Lucene 148 2 0 0 0 HBase 96 0 0 1 2 Daikon 1583 0 30 7 95 FindBugs 133 7 1 3 3 Total 2505 29 38 40 104 Total Annotation Burden 107 Bugs Revealed 104 43

  44. Evaluation - Usage Efgort Project Format Type Annotations False Positives Bugs Calls @Format @FormatFor @Suppress Warnings Hadoop 332 20 6 22 3 Hive 213 0 1 7 1 Lucene 148 2 0 0 0 HBase 96 0 0 1 2 Daikon 1583 0 30 7 95 FindBugs 133 7 1 3 3 Total 2505 29 38 40 104 Total Annotation Burden 107 = = 1.0 Bugs Revealed 104 44

  45. Evaluation - Usage Efgort Project Format Type Annotations False Positives Bugs Calls @Format @FormatFor @Suppress Warnings Hadoop 332 20 6 22 3 Hive 213 0 1 7 1 Lucene 148 2 0 0 0 HBase 96 0 0 1 2 Daikon 1583 0 30 7 95 FindBugs 133 7 1 3 3 Total 2505 29 38 40 104 Total 45

  46. Evaluation – False Positives Project Constant Dynamic Exception Misc Propagation Width Handled Hadoop 10 6 0 6 Hive 3 2 1 1 Lucene 2 0 0 0 HBase 0 0 0 1 Daikon 0 6 0 1 FindBugs 0 0 3 0 Total 13 14 4 9 Total 46

  47. Evaluation – False Positives Project Constant Dynamic Exception Misc Propagation Width Handled Hadoop 10 6 0 6 Hive 3 2 1 1 Lucene 2 0 0 0 HBase 0 0 0 1 Daikon 0 6 0 1 FindBugs 0 0 3 0 Total 13 14 4 9 Total printf(“%”+“d”, 42); 47

  48. Evaluation – False Positives Project Constant Dynamic Exception Misc Propagation Width Handled Hadoop 10 6 0 6 Hive 3 2 1 1 Lucene 2 0 0 0 HBase 0 0 0 1 Daikon 0 6 0 1 FindBugs 0 0 3 0 Total 13 14 4 9 Total String fs = “%” + width + “d”; printf(fs, 42); 48

  49. Evaluation – False Positives Project Constant Dynamic Exception Misc Propagation Width Handled Hadoop 10 6 0 6 Hive 3 2 1 1 Lucene 2 0 0 0 HBase 0 0 0 1 Daikon 0 6 0 1 FindBugs 0 0 3 0 Total 13 14 4 9 Total try { printf(userInput, 4.12); } catch (FormatExp e) { /*error handling*/ } 49

  50. Evaluation – False Positives Project Constant Dynamic Exception Misc Propagation Width Handled Hadoop 10 6 0 6 Hive 3 2 1 1 Lucene 2 0 0 0 HBase 0 0 0 1 Daikon 0 6 0 1 FindBugs 0 0 3 0 Total 13 14 4 9 Total <T> void f(String fs, Iterator<T> iter) { System.out.format(fs, iter.next()); } 50

  51. Goal Statically guarantee that format methods are not misused ✔ Verify Format String Syntax ✔ Verify Number of Arguments ✔ Verify Type of Arguments ● Ease of Use 51

  52. Goal Statically guarantee that format methods are not misused ✔ Verify Format String Syntax ✔ Verify Number of Arguments ✔ Verify Type of Arguments ✔ Ease of Use 52

Recommend

Chapter 9 Strings 1 C-Strings vs C++ Strings T wo string types: C-strings Array

Chapter 9 Strings 1 C-Strings vs C++ Strings T wo string types: C-strings Array

Chapter 9 Strings 1 C-Strings vs C++ Strings T wo string types: C-strings Array with base type char End of string marked with null, \0 Older method inherited from C C++ strings Objects of string class 2

469 views • 18 slides
HANDOUT 1 Strings STRINGS Weve already introduced the string data type a few lectures ago.

HANDOUT 1 Strings STRINGS Weve already introduced the string data type a few lectures ago.

HANDOUT 1 Strings STRINGS Weve already introduced the string data type a few lectures ago. Strings are subtypes of the sequence data type. Strings are written with either single or double quotes encasing a sequence of characters. s1 =

470 views • 25 slides
A first look at string processing Python Strings Basic data type in Python Strings are

A first look at string processing Python Strings Basic data type in Python Strings are

A first look at string processing Python Strings Basic data type in Python Strings are immutable, meaning they cannot be shared Why? Its complicated, but string literals are very frequent. If strings cannot be changed, then

500 views • 22 slides
Strings &amp; Branching Strings and input We talked about basic types.... what type can store

Strings &amp; Branching Strings and input We talked about basic types.... what type can store

Strings &amp; Branching Strings and input We talked about basic types.... what type can store letters? What about words? Input and output Strings and input char can only hold a single letter/number, but one way to hold multiple is a string

574 views • 22 slides
61A Extra Lecture 4 Announcements Encoding Strings Representing Strings: UTF-8 Encoding 4

61A Extra Lecture 4 Announcements Encoding Strings Representing Strings: UTF-8 Encoding 4

61A Extra Lecture 4 Announcements Encoding Strings Representing Strings: UTF-8 Encoding 4 Representing Strings: UTF-8 Encoding UTF (UCS (Universal Character Set) Transformation Format) 4 Representing Strings: UTF-8 Encoding UTF (UCS

1.62k views • 99 slides
with f-Strings Format Stings in Python Building up str values via concatenation can involve a

with f-Strings Format Stings in Python Building up str values via concatenation can involve a

String Interpolation with f-Strings Format Stings in Python Building up str values via concatenation can involve a lot of syntax (and work)! Especially when you're concatenating non-str types and must construct str values Python has a

264 views • 4 slides
Morteza Noferesti No explicit type, instead strings are maintained as arrays of characters

Morteza Noferesti No explicit type, instead strings are maintained as arrays of characters

Morteza Noferesti No explicit type, instead strings are maintained as arrays of characters Representing strings in C stored in arrays of characters array can be of any length end of string is indicated by a delimiter , the zero

690 views • 43 slides
Arrays (and strings) Ch 7 Highlights - arrays - string functions string We have been using

Arrays (and strings) Ch 7 Highlights - arrays - string functions string We have been using

Arrays (and strings) Ch 7 Highlights - arrays - string functions string We have been using strings to store words or sentences for a while now However, when we type string x it does not turn blue, as it is not a fundamental type

543 views • 19 slides
V3 1/3/2015 Programming in C 1 Strings Hello is string Weve used strings literal

V3 1/3/2015 Programming in C 1 Strings Hello is string Weve used strings literal

V3 1/3/2015 Programming in C 1 Strings Hello is string Weve used strings literal constant Array with base type char One character per element One extra character: '\0' Called null character End marker

344 views • 8 slides
Lists more versatile sequences l Lists are another sequential data type l But unlike strings,

Lists more versatile sequences l Lists are another sequential data type l But unlike strings,

Starting chapter 4 Lists more versatile sequences l Lists are another sequential data type l But unlike strings, lists can hold any type of data (not just characters) are mutable legal to change list elements l Use square

532 views • 19 slides
Introduction to C Programming Characters and Strings Waseda University Todays Topics

Introduction to C Programming Characters and Strings Waseda University Todays Topics

Introduction to C Programming Characters and Strings Waseda University Todays Topics Characters and Strings ASCII (American Standard Code for Information Interchange) Type of char Strings (special character Y0 or \ 0)

711 views • 13 slides
Sequences Motivation for this Video Series Strings are a very, very useful type But they

Sequences Motivation for this Video Series Strings are a very, very useful type But they

Module 15 Sequences Motivation for this Video Series Strings are a very, very useful type But they are also very limited Break everything into individual letters What if we want to work with numbers? Or if want to work with

602 views • 35 slides
C PROGRAMMING Characters and Strings File Processing Exercise CHARACTERS AND STRINGS

C PROGRAMMING Characters and Strings File Processing Exercise CHARACTERS AND STRINGS

C PROGRAMMING Characters and Strings File Processing Exercise CHARACTERS AND STRINGS A single character defined using the char variable type Character constant is an int value enclosed by single quotes E.g. a

654 views • 27 slides
Intro to Strings Lecture 7 COP 3252 Summer 2017 May 23, 2017 Strings in Java In Java, a

Intro to Strings Lecture 7 COP 3252 Summer 2017 May 23, 2017 Strings in Java In Java, a

Intro to Strings Lecture 7 COP 3252 Summer 2017 May 23, 2017 Strings in Java In Java, a string is an object. It is not a primitive type. The String class is used to create and store immutable strings. Immutable objects are objects

465 views • 20 slides
Strings String: Text as a Value String are quoted characters Type : str 'abc d' (Python

Strings String: Text as a Value String are quoted characters Type : str 'abc d' (Python

Mini-Lecture 5 Strings String: Text as a Value String are quoted characters Type : str 'abc d' (Python prefers) &quot;abc d&quot; (most languages) How to write quotes in quotes? Char Meaning \' single quote Delineate with

449 views • 9 slides
Strings Testing for equality with strings. Lexicographic ordering of strings. Other

Strings Testing for equality with strings. Lexicographic ordering of strings. Other

Strings Testing for equality with strings. Lexicographic ordering of strings. Other string methods. 1 Strings and Testing for Equality The == operator is also not appropriate for determining if two objects , such as strings, have

380 views • 13 slides
Python:Strings Strings

Python:Strings Strings

Python:Strings Strings Source:https://ocw.mit.edu/courses/electrical-engineering-and-computer-science/6-0001-introduction-to-computer-science-and- programming-in-python-fall-2016/lecture-slides-code/ Strings String is a sequence of

293 views • 13 slides
String Objects: The string class library Lecture 23 COP 3014 Spring 2017 March 7, 2017

String Objects: The string class library Lecture 23 COP 3014 Spring 2017 March 7, 2017

String Objects: The string class library Lecture 23 COP 3014 Spring 2017 March 7, 2017 C-strings vs. string objects In C++ (and C), there is no built-in string type Basic strings (C-strings) are implemented as arrays of type char that

775 views • 18 slides
String Objects: The string class library Lecture 12 COP 3014 Spring 2018 March 26, 2018

String Objects: The string class library Lecture 12 COP 3014 Spring 2018 March 26, 2018

String Objects: The string class library Lecture 12 COP 3014 Spring 2018 March 26, 2018 C-strings vs. string objects In C++ (and C), there is no built-in string type Basic strings (C-strings) are implemented as arrays of type char that

778 views • 18 slides
Strings [Andersen, Gries, Lee, Marschner, Van Loan, White] Today Return to the string ( str )

Strings [Andersen, Gries, Lee, Marschner, Van Loan, White] Today Return to the string ( str )

CS 1110: Introduction to Computing Using Python Lecture 5 Strings [Andersen, Gries, Lee, Marschner, Van Loan, White] Today Return to the string ( str ) type Learn several new ways to use strings See more examples of functions

416 views • 24 slides
A Recursive Type System with Type Abbreviations and Abstract Types Keiko Nakata Institute of

A Recursive Type System with Type Abbreviations and Abstract Types Keiko Nakata Institute of

A Recursive Type System with Type Abbreviations and Abstract Types Keiko Nakata Institute of Cybernetics, Tallinn Joint work with Hyeonseung Im and Sungwoo Park 18 May 2014, Narva-J oesuu The ML module system The ML module system supports

603 views • 19 slides
Strings l Chapter 3s problem context is cryptography, but mostly it is about strings and

Strings l Chapter 3s problem context is cryptography, but mostly it is about strings and

Starting chapter 3 Strings l Chapter 3s problem context is cryptography, but mostly it is about strings and related ideas l Strings are basically sequences of characters l A string literal is enclosed in quotes ( '' or in Python):

292 views • 12 slides
ARM Assembler Strings Strings p. 1/16 Characters or Strings A string is a sequence of

ARM Assembler Strings Strings p. 1/16 Characters or Strings A string is a sequence of

Systems Architecture ARM Assembler Strings Strings p. 1/16 Characters or Strings A string is a sequence of characters ASCII 7-bit (American) character codes ( char ) One byte per character Unicode International character

901 views • 61 slides
TYPES, LISTS, AND STRINGS CSSE 120 Rose-Hulman Institute of Technology Outline More on

TYPES, LISTS, AND STRINGS CSSE 120 Rose-Hulman Institute of Technology Outline More on

TYPES, LISTS, AND STRINGS CSSE 120 Rose-Hulman Institute of Technology Outline More on Numeric Types Long Integers vs. Floats Type Conversion Lists and Strings Lab Time Program Grade Components Percent Feature 70

528 views • 23 slides

More recommend