 \section*{Homework 8}
-\item Suppose the following grammar for the WHILE-language:
-$Stmt$ & $\rightarrow$ &  $\text{skip}$\\
-              & $|$ & $Id := AExp$\\
-              & $|$ & $\text{if}\; B\!Exp \;\text{then}\; Block \;\text{else}\; Block$\\
-              & $|$ & $\text{while}\; B\!Exp \;\text{do}\; Block$\medskip\\
-$Stmts$ & $\rightarrow$ &  $Stmt \;\text{;}\; Stmts$\\
-              & $|$ & $Stmt$\medskip\\
-$Block$ & $\rightarrow$ &  $\{ Stmts \}$\\
-                & $|$ & $Stmt$\medskip\\
-$AExp$ & $\rightarrow$ & $AExp + AExp$\\
-               & $|$ & $AExp * AExp$\\
-               & $|$ & $( AExp )$\\
-                & $|$ & $Num$\\
-                & $|$ & $Id$\medskip\\
-$BExp$ & $\rightarrow$ & $AExp = AExp$\\
-                 & $|$ & $AExp \not= AExp$\\
-                  & $|$ & $\text{false}$\\
-                  & $|$ & $\text{true}$\\
-Transform this grammar into Chomsky normalform.
 \item Write a program in the WHILE-language that calculates the factorial function.
+\item What optimisations could a compiler perform when compiling a WHILE-program?
+\item What is the main difference between the Java assembler (as processed by Jasmin) and
+Java Byte Code?
+\item Parser combinators can directly be given a string as input, without the need of a lexer. What are
+the advantages to first lex a string and then feed a sequence of tokens as input to the parser? 
 % beamer stuff 
-\renewcommand{\slidecaption}{AFL 09, King's College London, 28.~November 2012}
+\renewcommand{\slidecaption}{AFL 09, King's College London, 27.~November 2013}
 \newcommand{\dn}{\stackrel{\mbox{\scriptsize def}}{=}}% for definitions
+ \pgfdeclareradialshading{smallbluesphere}{\pgfpoint{0.5mm}{0.5mm}}%
+  {rgb(0mm)=(0,0,0.9);
+  rgb(0.9mm)=(0,0,0.7);
+  rgb(1.3mm)=(0,0,0.5);
+  rgb(1.4mm)=(1,1,1)}
+  \def\myitemi{\begin{pgfpicture}{-1ex}{-0.55ex}{1ex}{1ex}
+    \usebeamercolor[fg]{subitem projected}
+    {\pgftransformscale{0.8}\pgftext{\normalsize\pgfuseshading{bigsphere}}}
+    \pgftext{%
+      \usebeamerfont*{subitem projected}}
+  \end{pgfpicture}}
 % The data files, written on the first run.
 %1 0.234146
   Email:  & christian.urban at\\
-  Of$\!$fice: & S1.27 (1st floor Strand Building)\\
+  Office: & S1.27 (1st floor Strand Building)\\
   Slides: & KEATS (also home work is there)\\
-Imagine the following situation: You talk to somebody
-and you find out that she/he has implemented a compiler.\smallskip
+Using a compiler, \\how can you mount the\\ perfect attack against a system?
-What is your reaction? Check all that apply.\bigskip\pause
+What is a perfect attack?}
+\item you can potentially completely take over a target system
+\item your attack is (nearly) undetectable
- \begin{itemize}
- \item[$\Box$] You think she/he is God
- \item[$\Box$] \"Uberhacker
- \item[$\Box$] superhuman
- \item[$\Box$] wizard
- \item[$\Box$] supremo
- \end{itemize}
+  \begin{center}
+  \begin{tikzpicture}[scale=1]
+  \onslide<1->{
+  \node (A) at (0,0)  [draw=black, rectangle, very thick, minimum height=18mm, minimum width=17mm] {};
+  \node [below right] at (A.north west) {\footnotesize\begin{tabular}{@{}l@{}}clean\\compiler\end{tabular}};}
+  \onslide<2->{
+  \node (B) at (0,3)  [draw=black, rectangle, very thick, minimum height=8mm, minimum width=12mm] {};
+  \node [below right] at (B.north west) {\footnotesize login};
+  \node [above right] at (B.south west) {\footnotesize \alert{infected}};
+  \node [right] at (B.east) {\ldots};
+  }
+  \end{tikzpicture}
+  \end{center}
+  \begin{center}
+  \begin{tikzpicture}[scale=1]
+  \onslide<1->{
+  \node (A) at (0,0)  [draw=black, rectangle, very thick, minimum height=18mm, minimum width=14mm] {};
+  \node [below right] at (A.north west) {\small V0.01};
+  \node [below right] (A1) at (A.south west) {\small Scala};
+  \node [below right] (A1) at (A1.south west) {\small\textcolor{gray}{host language}};
+  \node [above right] at (A.north west) {my compiler (src)};}
+  \onslide<2->{
+  \node (B) at (1.8,0)  [draw=black, rectangle, very thick, minimum height=18mm, minimum width=14mm] {};
+  \node [below right] at (B.north west) {\small V0.02};
+  \node [below right] at (B.south west) {\small Scala};
+  \node at (3,0) {\ldots};
+  \node (C) at (5,0)  [draw=black, rectangle, very thick, minimum height=18mm, minimum width=14mm] {};
+  \node [below right] at (C.north west) {\small V1.00};
+  \node [below right] at (C.south west) {\small Scala};}
+  \onslide<3->{
+  \node (D) at (6.8,0)  [draw=black, rectangle, very thick, minimum height=18mm, minimum width=14mm] {};
+  \node [below right] at (D.north west) {\small V1.00};
+  \node (E) at (6.8,2)  [draw=black, rectangle, very thick, minimum height=18mm, minimum width=14mm] {};
+  \node [below right] at (E.north west) {\small V1.01};}
+  \onslide<4->{
+  \node (F) at (8.6,0)  [draw=black, rectangle, very thick, minimum height=18mm, minimum width=14mm] {};
+  \node [below right] at (F.north west) {\small V1.01};
+  \node (G) at (8.6,2)  [draw=black, rectangle, very thick, minimum height=18mm, minimum width=14mm] {};
+  \node [below right] at (G.north west) {\small V1.02};
+  \node at (9.8,0) {\ldots};
+  \node at (9.8,2) {\ldots};}
+  \end{tikzpicture}
+  \end{center}
+  \mode<presentation>{
+  \begin{frame}<1-3>
+  \frametitle{\LARGE\begin{tabular}{c}Hacking Compilers 
+  \end{tabular}}
+  %Why is it so paramount to have a small trusted code base (TCB)?
+  \bigskip\bigskip
+  \begin{columns}
+  \begin{column}{2.7cm}
+  \begin{minipage}{2.5cm}%
+  \begin{tabular}{c@ {}}
+  \includegraphics[scale=0.2]{../pics/ken-thompson.jpg}\\[-1.8mm]
+  \footnotesize Ken Thompson\\[-1.8mm]
+  \footnotesize Turing Award, 1983\\
+  \end{tabular}
+  \end{minipage}
+  \end{column}
+  \begin{column}{9cm}
+  \begin{tabular}{l@ {\hspace{1mm}}p{8cm}}
+  \myitemi
+  & Ken Thompson showed how to hide a Trojan Horse in a 
+  compiler \textcolor{red}{without} leaving any traces in the source code.\\[2mm]
+  \myitemi
+  & No amount of source level verification will protect 
+  you from such Thompson-hacks.\\[2mm]
+  \myitemi
+  & Therefore in safety-critical systems it is important to rely 
+  on only a very small TCB.
+  \end{tabular}
+  \end{column}
+  \end{columns}
+  \only<2>{
+  \begin{textblock}{6}(4,2)
+  \begin{tikzpicture}
+  \draw (0,0) node[inner sep=3mm,fill=cream, ultra thick, draw=red, rounded corners=2mm] 
+  {\normalsize
+  \begin{minipage}{8cm}
+  \begin{quote}
+  \includegraphics[scale=0.05]{../pics/evil.png}
+  \begin{enumerate}
+  \item[1)] Assume you ship the compiler as binary and also with sources.
+  \item[2)] Make the compiler aware when it compiles itself.
+  \item[3)] Add the Trojan horse.
+  \item[4)] Compile.
+  \item[5)] Delete Trojan horse from the sources of the compiler.
+  \item[6)] Go on holiday for the rest of your life. ;o)\\[-7mm]\mbox{}
+  \end{enumerate}
+  \end{quote}
+  \end{minipage}};
+  \end{tikzpicture}
+  \end{textblock}}
+  \end{frame}}
+  %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%     
