afl-material: comparison slides/slides01.tex

equal deleted inserted replaced

-:db5cb071644d
+:99d2bb1f145c
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 \begin{frame}[t]
 \frametitle{Why Study Compilers?}
-John Regehr {\small(LLVM compiler hacker)}\smallskip\\
+John Regehr {\small(Univ.~Utah, LLVM compiler hacker)}\smallskip\\
 \begin{bubble}[10.5cm]
 \bf ``\ldots{}It’s effectively a perpetual
 employment act for solid compiler hackers.''
 \end{bubble}
 matching \texttt{[a?]\{n\}[a]\{n\}} and \texttt{(a*)*b}
 against $\underbrace{\texttt{a}...\texttt{a}}_n$
 \end{frame}
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+\begin{frame}[c]
+\frametitle{Evil Regular Expressions}
+\begin{itemize}
+\item \alert{R}egular \alert{e}xpression \alert{D}enial \alert{o}f \alert{S}ervice (ReDoS)\medskip
+\item Evil regular expressions\medskip
+\begin{itemize}
+\item \bl{$(a^{?\{n\}}) \cdot a^{\{n\}}$}
+\item \bl{$(a^*)^*\cdot b$}
+\item \bl{$([a$\,-\,$z]^+)^*$}
+\item \bl{$(a + a \cdot a)^*$}
+\item \bl{$(a + a^?)^*$}
+\end{itemize}
+\item sometimes also called \alert{catastrophic backtracking}
+\item this is a problem for \alert{N}etwork \alert{I}ntrusion
+\alert{D}etection systems, StackExchange, Atom editor
+\item \url{https://vimeo.com/112065252}
+\end{itemize}
+\end{frame}
+%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 \begin{frame}[c]
 \frametitle{The Goal of this Module}
 node/.style={
 rectangle,rounded corners=3mm,
 very thick,draw=black!50,minimum height=18mm, minimum width=20mm,
 top color=white,bottom color=black!20}]
-\node at (3.05, 1.8) {\Large\bf Write a compiler};
+\node at (3.05, 1.8) {\Large\bf write a compiler};
 \node (0) at (-2.3,0) {};
+\node [above=5mm of 0]
+{\makebox[0mm]{\footnotesize
+\begin{tabular}{@{}l@{}}input\\[-1mm]program\end{tabular}}};
 \node (A) at (0,0)  [node] {};
 \node [below right] at (A.north west) {lexer};
 \node (B) at (3,0)  [node] {};
 \node [below right=1mm] at (B.north west) {\mbox{}\hspace{-1mm}parser};
 \node (C) at (6,0)  [node] {};
 \node [below right] at (C.north west) {\mbox{}\hspace{-1mm}code gen};
 \node (1) at (8.4,0) {};
+\node [above=5mm of 1]
+{\makebox[0mm]{\footnotesize
+\begin{tabular}{@{}r@{}}binary\\[-1mm]code\end{tabular}}};
 \draw [->,line width=4mm] (0) -- (A);
 \draw [->,line width=4mm] (A) -- (B);
 \draw [->,line width=4mm] (B) -- (C);
 \draw [->,line width=4mm] (C) -- (1);
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 \begin{frame}[t]
 \frametitle{Familiar Regular Expr.}
 \small
 \begin{center}
-\texttt{[a-z0-9\_.-]+ @ [a-z0-9.-]+ . [a-z.]\{2,6\}}
+\texttt{[a-z0-9\_$\backslash{}$.-]+ @ [a-z0-9$\backslash{}$.-]+ . [a-z$\backslash{}$.]\{2,6\}}
 \end{center}\smallskip
 \begin{center}
 \begin{tabular}{@{}lp{8.5cm}@{}}
 \pcode{re*} & matches 0 or more times\\
 \pcode{re\{n\}}	& matches exactly \pcode{n} number of times\\
 \pcode{re\{n,m\}} & matches at least \pcode{n} and at most {\tt m} times\\
 \pcode{[...]} & matches any single character inside the brackets\\
 \pcode{[^...]} & matches any single character not inside the
 brackets\\
-\pcode{a-zA-Z} & character ranges\\
+\pcode{a-z A-Z} & character ranges\\
 \pcode{\\d} & matches digits; equivalent to \pcode{[0-9]}\\
 \pcode{.} & matches every character except newline\\
 \pcode{(re)}	& groups regular expressions and remembers
 the matched text
 \end{tabular}
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 \begin{frame}[c]
 \frametitle{Today}
 \begin{itemize}
-\item While the ultimate goal is to implement a small compiler
+\item While the ultimate goal is to implement a small compiler for the JVM
-(a really small one for the JVM)\ldots\bigskip
+\ldots\bigskip
 \end{itemize}
 Let's start with:
 \begin{itemize}

changeset 560	99d2bb1f145c
parent 559	db5cb071644d
child 576	550186034b6e