Midterm II: Required Topics

Unit 8: Structs and Unions

  • Computing the padding of structs to align (1) each member to a multiple of its size and (2) the start/end of each nested struct to a multiple of its largest member.
  • Using unions to read/write the same region of memory as variables with different types or size.

Unit 8: Buffer Overflow Attacks

  • Vulnerable and safe library functions (e.g., scanf/gets/strcpy/strcat vs getline+sscanf/strncpy/strncat).
  • Protection mechanisms: canary values, address space layout randomization, non-executable memory pages.
  • Understanding the amount of padding needed to fill the buffer (from the assembly code).
  • Code injection attacks: overwriting the return address for the execution of binary code injected on the stack.
  • Return-oriented programming: preparing a sequence of return addresses triggering the execution of multiple gadgets; how to pop data from the stack using gadgets.

Unit 9: Introduction to ARM64

  • Arithmetic/logic operations between registers (slide 9.7)
  • Using shift or rotate on the second input operand (slide 9.6)
  • Memory load/store operations (slide 9.9)
  • Examples on slides 8.8, 9.10
  • Addressing modes (slide 9.11)
  • Function call and return mechanisms (slide 9.18)

Unit 10: Memory

  • Understanding latency and throughput.
  • The principles of spatial and temporal locality.
  • The memory hierarchy and caching: how size, latency and cost vary.
  • Some latency numbers every programmer should know: L1 (1 ns), RAM (100 ns), SSD random read (20 $\mu$s), datacenter roundtrip (0.5 ms), rotating disk seek (3 ms), US-EU roundtrip (150 ms).

Unit 10: Caching

  • Splitting the memory in cache blocks: entire blocks transferred from memory to cache (spatial locality), least-recently used blocks evicted (temporal locality).
  • Write-through and write-back policies.
  • Replacement policies: FIFO, LRU, random.
  • Cache organization: direct-mapped (1 set for each line), set-associative (S sets and K ways, i.e., entries per set), fully-associating (1 set for entire cache).
  • Splitting the physical address into tag/set-index/block-offset to search into the cache and to simulation a trace of memory accesses.
  • Average access time $T = (\textrm{hit time}) + (\textrm{miss rate}) \times (\textrm{miss penalty})$
  • How associativity, size, block size influence the average access time.
  • Principle of inclusion.
  • Cache conscious programming: hits/misses in loops over 1D and 2D data structures.

Unit 11: Virtual Memory

  • Motivation: isolate memory regions of different processes; control r/w/x access to pages; use main memory as a cache of pages persisted on disk.
  • Address translation: physical vs virtual address space, MMU and page tables (one for each process), splitting the address in VPN and page offset.
  • Saving space with multi-level page tables.
  • Saving time with TLBs: VPN is split in tag and set index to search for a page table entry (PTE) in the TLB. To distinguish PTEs of different processes, add the process ID to the TLB or flush the TLB; set lookup in the cache (using the physical address PPN|PAGE_OFFSET) can be overlapped with the VPN ⟹ PPN translation in the TLB if the set index of the cache is contained int the PAGE_OFFSET.