ࡱ> $!"#F*Nт۳ Y*JFIF`WANG2 CREATOR: XV Version 3.10a Rev: 12/29/94 (PNG patch 1.2) Quality = 75, Smoothing = 0 C    $.' ",#(7),01444'9=82<.342 i }!1AQa"q2#BR$3br %&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz?Ѷm:LREQEQE܍L-QMM/L3NQLy5=XMqq' X?|%bVX?|# rgK6 ¢G4'  ͷy!HAx"I9ϙ6kR,cT]cnAJ,1Ymi鷾lFƻcTQ = *HVA\RqIQӬY!/PdJA5o:MfӮ+u~$=kwkV/nF )s4ޚcS.* |WB襎Xuu# ԔQEQEQEQEQERQEQKEQEQEQEQEQE! s[څF@3ɯWNjˢ^L|9M$K^ៀk3ϖzk <9SI 9MvQQ5EQ( s2f&K>ҷTr rEr4_^Z fmX6%2J:״+2#"z6ycOh[jtj?k:"ߺox~4Etrkc9unp?*xE2q(@¹:mkrQy"jo⻟@#mOS^V~iVQ@qL4H/`[$6+3Q4Z&K(f ܼu~$*inֳu5!a? H4(r%4xNt5]>34ף2K]6Pۆmkw:FCoT4gr=+pjxU ?*? 6#^%1׬xR.4EB2Mp+*Q GtR1G,O#c ¾CQ>'%7A|XQkpf=6V%*E|.'PӭnapTs򯡭mm*U=MZxA)@-nI#+ſ 5 3M-sj"X S<'K]l 2E} 7ɝb }* -QEQEQEQEQEQEQEQEQEQEQHzkM+̲(rs_9ǚߍ/v4 8?`{}м/xr R%hw2Xڤvq 'sIK5FH6*? h^'RW!~VV+|-]E1&=mR5E(WcIh/޵? $ 6%ٌD}*Oxz/ecm:r1{׿ibL$J +ʾngC^5TWxݲSRJ'K?4b\۵} {-GCӂ fAWVj]/ڍ66~5|;:3I+:Mg3sonMڑ׌pmoZq\\JҊJul&]!qYfXSpѱ#XHG*9,/_In|^ xs_nFJk< 1i }­u-%!J(((((((((()@Ҽ[/;Lr(9 4sZKoF7}31uy2^: ڕWnaZQ^cxZC5 #{y~hq4n٬|\qҾw+M\S ⾗VWPAdyYzݨom2W+/jZ]QX(uiؽ*иL ̺ cg+0$5~{y Oz'58𽿊=qg"5Ah xxKIJxgX-}_5b:aՁR2=k>3,>p%F>Z|%`4 ָd ƼoZ?!62GAaKM m^Sy>w ѥHc]Er3 7w{pCQO^:ϊ5+^M>/0dtm졊_:UP}kGc4; rTaG"y #gdJ<UmY_Mcźglub@~e5QEQEQEQEQEQEQEQEQEQTyG c+築?Z]+CdI0<ҹ_;|ev;0ْgJc|3`}G+TA'.xͯkHۡDoG9h$<+q;(P9$N/\jVf;N/zNWUC۹\U#+7^O|S tqGnk`Mn$#pZOKi V׊m*(/. 0ֹ/2ҼW($^IPbxcږi>%ɶ&|xᯌ5kUKłMqs^yYV5@ 1׼[Y4rVQ7c!ul)?_TcYۅ%\~:QLwTFf` OJoֱI}M{4<9[i n u5cmj6ڎ!Jx|H|\ RyWDktG2^5 j:,k ,с+t_[.2A4M 6(VE"'EQEQEQEQEQEQEQEQETI.%_ďW$M7Nш$dsĒǩjHir_Iime)HEhqA/jmnOGc/Դ<hM ނo豓yBU5ɏ31oՎfV7 4L:ҴW?&owSђ E|cZtMnTNA_FitW$jq*ʹwVA.J:=NgúLq9,qQ?P)䢂IP=jڥ􂩟9n>2<xӓŚ [fufwI?-AZ r#XڃW7xcKuK۸CMlۑȮc-yŏp#9S{xP?ɯl"F5u'/ v Si^ɵCv7G$;hZY3tg'WUËXıj 2y]k"d=W?~!YRi_x-QEQEQEQEQEQEQEQEV+hi$H2OJĩCw.R3`>|/_T)`*>}'imvGP8W;yhPy o#I]G{k%˺9)5ZvSO^ZIc#]W¦r~lk-;6ifx*e7EWv]wJmcJNNVF@kZ,g&YFI5*F bczou(UUk>9Xh]:\o];I"~|G՜5+১Vu1;ո~ig៼9?_?AQyWj{|j|Fmu˸{U)>xMoxWQ;3?5Vm>4jk<@}E?һⷅu;ՂCq]ݽbKyD=5ltV>{e,S"-mo 5"ws)נs66g+cw>0Ք~[ts./ ߵaש5R2[A!yz54k.xMP\%` #_zr=ih((((((()ŘI=oyt-&l@HJ]l?j xE$U\|qikCPbWMq'Éj]#4NUМ0?Jk6:=7w1ƈ3 7ѧvhaֿ|su=^OX8~wpk>LBVJ5k51x퍬.+on<;Isr"f[>2ibŚt|0+i+6yzyjsJѰSWjռ5OFBmZkTExr.b xVγa+ح-" (UQLu m6K(MxcǖX+CYaxn7ۻRpG;źd*#k;Pռ P4St9WEb^6yv^4jvu2W`: Z(#{Zi=C[xDbPng5-B)μTQv j2Ǵ V|;r{[xKKv?ZmB.-fIbq)Yx $QeB"Ny-*[ǜk&Ծ+kei-?t+Yxke孔A#D k7'|}us:Hϧ^t/hOhf");s׵E4w,0daa^Ucz&a]B >7o<-@[d5}gjvƟ C iEQEQEQEQEQEQEQA\|UoMk\y"%'MFR}p3_Wx3С X֝a][NpvƤ?GS-k)m.Y!qiMgƫ.M*M?ƻ߃VΟ& f2r^8mj;\_؆kHzG_ʽӌgj6]^Lă%׊jF7IvKZC_k5?wr8ׅEp~;e2u'A\1)xOvmq^[ë~ex!;H6yG>64=Bb-?,~( QEQEQEQEQEQEQET,$N)UWcelB}kվ t-uP-{;tƋ[]_HLVk,q^OA9mm2yS]+?R-uk)m/"YaU|  5'KM'=Sǚd6̻nf샽z<e8E.fiRkK~(3p>T,k?|]9B7 ? _K͒X@||konfQOݦm97$}szP !x6UK(sYk C\\n>|Q}lBMGQף 59j4 㷒:v ?Wc]FCQ^y^yOxYG\֦Mrpj# BےU-x1oK"_\wqDeQɌ4RZσ|U%,,pƀҼCڼ/Ֆf ~t.g^<ϳ lo/m|95M( | [_ ev/3LܜoKQk]: 6a <]K"RH=kt5K lPZVƛrq a 8+WŚ LRosGu &hyCjMT^/Zkvicf?vOŲxwB֙7ן5 NwjW_;uJ%vEx-rY3<֨'d3EX: }S!8ߎi~EaԠ>~7\S:W|]ާ}&Ny3e#'"+^0l>6X4Y=֡r  ~'x#ðJv^=/ÏKPcS m+~(x:?jcYlr}x)ܲ }}yaAYCwT UҊ((((((+?SMn/ep…M|}}f>-nvM/^3_M;~1;y[kc:s UI=Myx#Ŗ7(;3;RxŖקMfϛIpzޥkdrSE"vq^[=JӮ6ڽ2AJqO3_^:F XWiVgW7ţ߻ ^img[Ek(EV^Mze!#0 s6UI֋ˤOBӚ]kD3ۈ|C:/DRk !7?fn/dDu x'Ě*3(2޽VWW+o>&_~U/.'7:&n?y]~i^{URh>QTGV-nzQ1yfdGkz(u+s~*_vZ1j#[f;vX:Ljt.|< tq3zwzrּMߋ>(}X-V[DqJG&| r+>Q%eP1jk^:&uKhktrp8VW~ݦs&f((((((+ž;;HMLMs̀\? k {O}>v^mmحTVC7e^Mж:vuj.-2F E<|?eˋ-6dl4,zUi_j`;r {W=sV<o4f6M"9x Az$#FrTJox [٣ҭ+oz֑i}{oy6rYi#{ƛnEBKWm_^7G'oagmuM 89>DvO F+f?d/Ү^T]cP_WWk:**yoa^ QM.IB[۞ M{-EtH֬69Q0S}k%BH-,,dAֻxŚ$w! X5*") ⻋%9{ 3';Ew𭷄? 4c'dҞE|;tgz*Vg%Ք4L35DƓ,;Gn=+%_QU4]f8U#=E'҉C&Q^ڕ9o5 Qx87ľ#ƻ0Ѯam)Z7enດw? ~2k,o-ﬡ*R 6->."VI>(oheT$^?,M;I,Y#A]Ox~oQrbg^ooa!Qs1Vy]h@;5zKíLhp3W@(((((;W^~ Tkݧ5 |: "n_[*(*N:dSrsw a|z0kzkP)+wc j/kiu,Mz~>$&pAjτ~Q~Ɉ8=kXeX~j> oI$:5Ǽ^)vi5Myxwz&c]-n[|n6{\/&aBB=Hz$Y۴Hkbz X Yz'~G3$2s[KGtE+s=V#EyKu$W"P$ՏbToTsФ ߻aSGҵQel?rLӴ֯Nb? 鱎_Nv%_4ؚ- t\*1f{!{?LXՏirkǩ&vgZ4>yMr@C]Ay4Z>ﬥVGySW"w0Ĩ6[hk1dV81!QߏtZ_5/j knLH-8"^W%e#K(фF}%Cj񯆡O,Am-w \?Kg4\g"HhڂF"cĖߠndӝ*_ ƕzy|358q8WXZKs1csjfk1Z˾\wſsw4qn<Wďː]4((((((ȯ~<{XV˒]R꒡ܷԵ-A46_ #ֲ-o1@Uw n~{Qǵ~=-<3b |ώ벽7&!Tu5kWpxn.$A+حn`gD6 "J,(WzbG?`Yrl)e2Mx_O{ wO by^XxCL /v5q+[98Y~ /GN q]ei/)*?xu';xl攅 I^T|7 D1f}9 "{q^Vw,-C&@$WTkAhV׿h7Q>S3}\qkKm:[$1.I'mͦY6UP*;Wf&0Vms[Iӄs;Ivt71=OL,ed0 SE⏴[B~A蠚'Stom\4R`G8{z֯cv0tP`ڇ CF9ci յQjr#$g> ^&ݶ*A?<9;SlOWZ:k |'2c`2]<][:"NNϯJF>'jwTbdcJZ }+w^~H"81Iף\4|5{Tm#_UxXMw}X+((((({tvS9ƌğa_2Ɠ6Kg_^xgLO21!u gqt.Akw|7Ϧ]m/<,::g~h4&m%aҺ~(xk"[ubGL}+o̺,&7OjZZ//@=)9תM㒅8Y/qs\<xɺPa$AcO5$o[hsK/$.z2[r|yZ~+x]>)j7ggAx" i+5n$#VW0oåj*lH77/^ Ct9t_|Ga#}?k?ɑ_Z]#DAw+WVZ%׊_ 0zQ⻏j;TcҺxW^*Ok?-Nr[WuԺ圂n<;x#7EƯoho4Oפ͢xFfc$W1O~$6icbGZkZƐuy9*IT o h;+!\>2hZeÍ0q,uO4%hB:W7xO[8O/8HsM?H!FyW>> o>O 9A^Z0Ad\V Iq3Xx^cpV~:f/[rZωP}Α>Y+!c!|Wզ6C=@)8Eb{Ӊ:lrzҮ~am3!Ҋ(((((;W SV]#n_<%=) uvG?6@h~+>WYSOgWxh63i,:\3_AVKaZ"E? ڃ:bKO 2^[gHm`|s^p4_|D?M?MȀFp\d^ii:jZķ ~3\Kf|c]p‰EgP3X$ sN,jpsڼᖉ?YRG]7Voi887z.j=SF"⧃naDwVH|gz~G]qOV.{MgVY Zb8'ں1rV&uuv>bȥȮG)>κ 'A_?WIc\+a׺!k3-.Ogm/ XG,5tWK4p^GTP9,p+>!i_c_<}ki#TϨ!=sR J,>&h h(O#41*i\j|#h|,{)7fH¬CK<w5~2xj-gmoRO_ŤwSr c"/x'9 :g-OW{cvZb%B+_Km+~Cgۏ]d-!a¾9wQ| n5 yzd5}?zYMRg^pȬ"4Ka!w}kh&}-@9eɮុ/eLA?Ȯƚ%V"ϭpƋw:/%-u h֟'R=4j~ĖX[lW :j7V0_3>3Z.~!x Z[wH98ֽ+V#4 s^;*]D,:׹+Fu4\<-xՉ+5!NJJKwbo-4F܋z{ױk"/6R(_j._[C 2Fps\2ַ$<s槬$ 7@.HX5T[լfᢶm Wfuow-lFckc$sϪ1777kM͌m9]L^H@XmUyo|cOMw kgivpo[x\5Xƪ}gO e{-]lF_h}(=+E}i|C! 9gְu?M񞋪rZZkmb:|$~5ƟHGae(J|Cڴq[Of?o/.bU x{u+ ϮYC= ƣ<'}eiMRqXc3V]Fw[|qsZ~jFDxf_ƻQR{ K]o$.]hlC_ײl*0BY:|?VCd2|J%w2 Cl/SPXDW`;א3;/W&;RW.ZҊ(#}3vczWkVڷkvϦ6d3Wg4, }*ޟ=LU[m6qܦMjX]B"AYAk;kUD=@}寏:x*OI$׭|&&*(((((V <&,_s('}[@ +ɭjGNh.%&GpHֶ<j\w:%ܗ+k)sI{Q7Z߇NםKzgXXm1)obkpX ]7Qeq `oEݤcuxiö pť0%#j4 ~`n-bF4 ?SL46GEe#FA?Ox]ktGF03^-'$=X6*Ww4:\N]q?V!Q}*iffvZFWڹ/Bκ (#LAwn"ZRzW|OHH FT)ָ C㟉/1٪[„?G?B@j(]T8;Nq^&7ާ'^0á{X״]?R1 gV gmD\&~aڕp}___񭶏ak s-ܻ0thpZd=xIs^EQEQEQEQEQT'1 6`x|ů_i٨K8#QW|{eMJb@In;] ;/ʚ?UKIMJطt@J#Xy5@kx#1so@!A5'孚H(,~_ c }*x>ɩ]%ˮ'r? ZytZOl[Kp~ +_o)-ZR.bŝٷq9>"i{!i{\cQې> Ȭhb!\v<W"tmƖ'k'V{--Լ~VKn/n)cR:&p-杇ʋް'sɫf6ZW{yLTqNԾ%\i#%u/ @ ^c,Xy91S+]F!Zf Y*-IA|u ݵw pqZGXլ@p=EYv_Gko9!PxSҼKkxLK8dY𷇾xqVC{kup:!'v‚8KdU* q?‘HPژ~*xETy{"֎m+ReKApP9t;1ιoN:4vc&s9+L-gW]B8ܟ¼Tx|%!oN-kʷfb[yzcpuO]Y^Ǧ&-\O+~:Ϣ%4c<r8p5;d {eku^>+)Ͻm?oJCs*ך(}kmѫzkh}Nq9ʻ5H^EQEQEQEQEQYz>5} /t{bYg k=Yi UpdE|}Fhn]O`븏_ᶳ]cJ!km5ŶE9#\U*+ {-4WxOZf]>_¼ ߎ:̬ ~D׼y)kd1z5?4Iav֤Vgw{{Zܐ; ʒjNw-q`p \gl#݆FbA OR?:jI{-A~&k5[y#0u,$cH]mVjpN%aj};z[!x;~ė c03of1+(՗崻no5IE61Ut[MSM2I ]^0*Oxm`uijey4KN:H85ھ}iq{B_'yŚ ]>w_QBkY.KAk<()ҡt,+h-l0e@**c6x:C'4W '>0k}&5KZWg[klcm#ci'EtT(?j|5X|rndB- T]ڶZl"P8~n%wd8x/tM2OJJt#T hœ85l^'>it?Q^X*HG<:'Yg"^]}XGѣm='+OuI5G@9et}+>>6k5Ze,OWxƱ<,pRMq%cSr׾1#1+׮bZmD)ɵWX7𯞙wcZSOM,H0H@NL1JFU8k ҷAں}n1LH5(Q+!Tui8Ȳ?V#vB3A1sJ|9g^^E}]׃|l֯t/iW#>Kḳ~_ t?-pan᫧mATsَ+zZn/|Ă㬨< 9qWoP?#Hʺ#)dW#xC՝/٧<`;Nk ìFվn~چ{6I\#~nT~/q7! _X4)"m$y4mNKh$91 ?/ _}yMwQw[y3tV_P8 :(((((u-ꎦF9nzA}t*U.=B-Ṿ* 7FӴ87}jZa|15xW`sWA=cgDg^iiS-ĐD+~}Y5Mnw8xNs=›:PxWKi=F'`ɭU`2 xg[7 pg_ֽcږ}iQ;W|⼔ F1sk *0ʀ7Z{M99)H KVV+"I\b?X/m[ܸHFf'\?<˫iM=:_.+MzaF1ʳ-nY?UZ MxŶ!Vo%U:4O |,V15C gGT|* 4'V_ \nfZe5dQ:^݁ƹ$w.}JUXC+jvOAζ#TsFK;KƔȏ^޼㴅C7//zސNfq"xHxiT3u=EuY[EooQTp*;Ra}/j?Ez;sVG⟿[?}EQEQEQEQEQU̲OFKׯ4]C +P oFnjkbTMWN5s~5=P,?wy&~'1ku} 5Qx1_v~ ߘlKk wFxsI#dL?y׈>I 跗8W++Y 0A'-vӯ [57@e ?VӴ:5=svv[¹\o7Qz \U?o5EC o8n Hs^\ l69o!-CY./[tyKimMqg>HSMsTPӬDKҘ=ƩikVEp/=i$ Ecs.~&w;ִ5[]^%ôI_硫nZ?!!(;dk#z4Bg=t񖣯_^LdXPFW :oH״?GՃNneHӖ栓UѴ3@l kޡqx#IA<5yiEDY#w~w |c,;NCDV/>u` =㵌 $Oeow@:|?Gf{M+kAE ºG!v6?_^ 1PҼg/|=umS^w70^jQGjܼ8zV=īH2YOvq뫲IfYbnC)ȫhɶåEnZYx((((()2z/d*s -I9y*_jMzFZ(Z¾Ծ$K6^J9#$~ k>H\<%IJ6y?{WvvV:[İkZ9h^g2Ӄ`G^ WosT_/G? u/daH;|Q Ed:ɎGhզGyg(x~^Ƽ㝳K 5^Ch67L"gVC`z8-kz_PH@Mx>9^,?/zy6[ꗑ M&q־q2.;D_ݏmf˦<3[Ն8W'eˢk:4MxҴz](7kh wQgt+m8EvatCJORj|2lpXJ;kᯇZ+#37Ax~NV2uh汴_6m^]K}7):jv7GeҐ ~Oҍ T/9Kg}|/=}b|;ahiS)rƼ~{K2/kVZ|k׭kU!N2Pvc.+OWlb^lVJ#}F[Kּ?OoexgF H$WSZ|SM9eSM3Ym{ J%Mѣ_n?_XLӦ-4}2i H >Cފ~\zF]Z ['^@j&ut# @7t=GX2ʻw?ZuDŽ|{uᕙ?6;C|C^x=Cfa,s^EQEQEQEQEQA_$k6^?|af]5 uOv9tOš 4'5|7f*(&t=r87~,JM.n$epp^k 3oks/2R λ\B[ysA)OQֺ?u1TާXc90=L1Pƣy '̈Bi~ eaxv֬Eq,j)Wx#$;4[͍ # ٹ W9S]7m6fHb^y-Ċ3JkǚΦZ\;|ipG] wjz{Wu)ΈARď]:g@R1q^iJ"1ҩg ;Dd690`z 8|E!Tui8Ȳ KI)qHG/Z~R$HH ǿ5zu4s\"Wz>'i>" mrMFolנRQX^'F.3+>\.+; ⦭seᆲ25S\FSVʹ6$.#DuPda$8"o!xNg}*ki,@Xбx{v~ kE?t=wQoᑴ@mgaOXtI{hMy ] B66d%jNYb2I^W^oWkezq^?|> !9XF07~QEQEQEQEQE|C5]?Pa?t'Չ9xdHbϴ, bsMkUY ႀݓ] 2YCWKa *#nâvOQXZ74;:fomkv,W AٲZ0knb͞ED25ZVw kjЬC]F23Uiz֭}b&kч!y׫>wt,˂پ|_cPl=9fҬ y ~_ʴx8bDOEyUTdڼK?^ yY&^7Ω~\s+)RxkźՍIF,j$;H cAxԧTFy"GR`7/ݶehMK|#7/*kAOӭ#Pz™D;#!5=?tʩ*;tPp7 OPsjKVp+>4jS >mqn7_+oVn(^Upd#ǂ3@yl)"Xھ2麲yEp?Ǻ^$w H-9+$cwجjP Pyeş=Zu#3G_K֗2ZȞa3<I|w=`Fz~yo3i [AݹwwFi5':X6$8FA xMg y⻽7K,$*cc? [?|헐uj&`V<"?|Kruݹ%뭃}}!c> Q٢(((((& kgx^w W[O`ͅN=}9ڠwyQn9l f{maiR4fc+̼CD{{{N~7n:fv'N_N,Y,W{QҼ#4 _zg`bpֽ?k?\2"주̄1^x[(/>d⭷/yږW|NԡlM^:]x.'< c X}narq]G_ IJ7e 2خN{BD$^C]_<A-pw4-֮9*zfVMEE^ (> yV>*#HبX0yeJ~ʠ7-ԛm{Pk-ɾz ԑRIX4ڌo4gL&'*sqo@Mb8k!:/Dnu"H*58K6Lc"X j4K?g~l]bڬM] mHͥۂɽQQaSK/jh-׬FR2j6qrcKg=kƾ^*NE״wO<=+l>i:5yIخ_he bD*/#יW1Ck <70s-oC}HͻnH UMka.+>:xYXihiWEᏎaVD_O4Mn :2g` oAKQ|q J>[Z{;ۦٱ)QEQEQEQEQEL: B/#M͜1\yo?¾͂d9ǥxſZxWG/vɰ< M-b7!MzlVV;x@r)ml>hf`*x}Zm?P'BżsޛOÃDy =qx¿Bok2ko--[<lEmI/EQRM,pHʨ$9&U5YGFk?FQyeq( 86(_0ޕxCZ悗{7SW޼_%-ofK .y5^,A ۆG+dI|RGgI;mLK,jLI +2V༷`J_D-LW(q\y#~dE?5<32ohu^únyj7;Z-[Ð?;6~vjO~1\V}Zus%,sj/+zW]x.ħZOHb ʨo/B Hq^q| 4^Nqʦ fE>"+y+)k>24[cfNޣҽxQ+>cZlm~Gq4qs+I+nZ((((()0kω<*lfewvW$j#qJ xO"=W⎹^|k) qs^E&xL?[xy2L֯g4'GPU(O^6Rnzku^GҸOn,$=^uK{[ 5&?>0Lӭ~+g|QMcp,#cjo> o A^#$WRr+uռcx>^M= { <9]7b pB>f>qcW7Kcה.Tާ'Zo~ E$ ˌhI}8UπlGjٟYw0^/^GA bebF\}?W<\m~>d?6zZxn%Z/:>,C9S\7Q&t9=z W|PvI[~UTh]_;CJ_R٘rSXxvkHn_b;^[u 4,̮ x&f%t.yZVo^[8hPC#Hl:@ׅmmvbWPs]x#RъLJ{h.P$Pk| 㛽n("p? Ofu_Ih]) 'q:m9J((((((xOlӘ3FC>x8+ȴwyM렂Km? hO4粑gk 鷚Ov Xu&cy_ I׸\^Z~6*{O8܊HSGZƩ[=֛pۧN}EUimt<g\|ALjk}>& WA vQT@Ҧ#">kA0s\<{s^ t2|~+L!<2659#it$մ>!x[4m=sGQ;{xG¨y]7v3]H ]<73mb.Ҝu5EiX=uF𽍒.ݑ ܊:~l um9/K"2BTÊP3Qqd5>/c.Tvt5nM[×9Y!rUM{5E}+7k7ˣ˟n碷{Ҳ-*T1\*WW7xZ[ɎF:Wl^)e ,R2@A\ΡGREc+):<+/Bk,7vAJXֶ~7bX$l~WꚔF=˅$,rk<c?}q[&Ȅ7JSW6Ǧ[sll MFfI#;WJk6\ Z6]#}\׊&.y~d+{ uqߌ}GivֈXc VQEQEQEQEQEPzW;5 X:/+WZq1%^m3_cj:|d O|O3f9;z_xJ-o퓄9${> zd>(i$;brGZ>giYıƒIu}mcN;Wsc& ex믇^=VrQd^ݤ֙ UV쌛yc?ʬ)R0x,|ahTCz1̽s^sx\{ 1%;b9}kb״}:Y%LVt2 *-^,{k_#nN:Wzcx5umlʷwUJ=K:8A {XPxFeж\qu{^/6"]?i_z%+mz|:T`b8ѝ?uaV%KC|dpNkH#hC Ic]{ęT~Bׯ* 8S>(^:3\2 x~ |27:hjv]i+G$T8+ςEΖK%?ѼoO5Ő9|muGKm`}IT1NEղ1^kFSaN7_@ O߉ɥCW1k֦BRa2;Ҁ t((((()|Ÿ$т=|W|A<>t{5aXf[;UmooP51\?>!Cn:qs^ox%:05 bx@>t$t> /~x+; 9;(xgM%j"c_=,znrp>xO2ގ$f7zteXȘWSA:|v;cƶ3\?iZ}3^ڼM<7ƕ+;#>v:$܏{V4]HxpE]gtp*0>W=O]͎"CMyƯ/MtptȯG_Í/‘1qxF^w9AKER1WKgMkKWߨ܍"T*M6ٵUwj76[תqҗ`T34r"2+[sCU,YrC'BkuxcO쯶lE {/ 1H?[ԍK1>?qOYZO.!gῇÞ)CqMvQEQEQEQEQEQE|L70$y㜊 ^/g܊ys)}yeyWhP5JdH|[^OS /y\] +Wm<7e>m#K';N3y[v(j+1+.Z'."m9q4.Fes\ÏOouD^ I(p})C( W⟅ݥ}%c$?K}FNN+WK,-IMg( wx:*jz+ⲷhFk G+c^ rCklుa#F pcڗ42`GRxŶ^dUQ5ugU"H GYzvcOq V;KAY?k"l;^-,>)~/Oo+UUT` ?0Ўm 7\6*_|&VI= WJ1ҝEQEQEQEQEQEQE5*As_,dFڅx;FKoq^H*y_>|Ix/?oA'{|9\P𪂀k;N43dص~ϺaCԝ~y'Wꚵf7 H9,kt?C':-ܘ,A*=s^oq)4.7PGz󯈿VYxߊ4?Pq E: 񦕪&y߀v u(Ԁ3ßĒh"_&4R ^W FG=iJ =+U𾏭!}5j7u!զ~Y"m#ēEflLtjTҾ/.j%k&_֝_5/)µ>i*VMJNGuOp^&DB;jiMJLbº;_@~35yn}iͽ1oV6k.x%}k<9ͤhZM3*[ [?z[<.,Ƽz+C2鱶b#Z=œ2 > ~<-O4&y74>`lཷKyVHd25x:w"+veITa]T}4ifKnmީAܾBĚŚό|[$2ģ5Ï -onT y[k(((((((ҹOfxvDaRbltjVPOnh :dfοoM PpC3i۬c ؊ƨ 㟴Ӂ;8R*| r}쩹 ,xt xj^&Kk xKº,)hl>Z:Զ;hQ.^Gj+ 6hڎ>ϪE#/4CpbLf%7WF A=+|y;Bkk YU1mF㻵k4I!u"AxQЭIR2qW>|A SXp4ZF>o<ѵl#nrXhCKMN1FGQ(ڎFOݱYZϋI҈\f<[X Ge$vVcJiu=sƞ#[FK=*7,J~fi=>_د3O׼OizYeaL0{΂PIF\l`mҸoEӼ%fM|G מxkߏu/[=ۢnvXGoo4UQwTFa7{o?yi+ >Ycq |WφӅ?,L3Ǩ⺻OXK [v=&//Gq /[.,)b(,l4Rvڳ/cc5e&Jj^َ/ֺ?4zZvIP?|UYE·G&㪹zJՎ`|)Y;$r=EbxEYk4xj5kbڗb[FŋN+WZNEu4riv8B ziwt]:]Z1Z|-k-E[?xHEq^ݵCCsq -,*F,q?|ZyNX1FB7d_&M&-{qq"U?QH@$l4h IDSn\+\6l* k~,(,"5|צ[gCQWpGA_0}U) }k I>".l/Tc;=+ڻW -,"snJ-QEi6Zū[0Wk _6)+Wß]7Ķct)r0 S!IgXd`j(hʞbTM^n!cf,7dj%\e.Z'`R1>][ԏ6rx5ү7 O<1YOq"+k!w"["(9=Mz_è5I1n7_#FWogkuq|jO NծSCb*_4{cY\|GY|ɷֻmk4N8hZvA%Q2H_|Nм4\]tX993e+&ߌ/|>)ngIuS8v t(K2k^P^y?ɱ-hv\N0+ۆ6Yޱk]ȫ`OZ+>%@]џd1¾W4𾊗WHGz`Җ(((((((J|S_X]v>9S_'ZV?4/nxLq([Y[޽jZ(3Epk/_Dq*5yρ|iu纶>Kp+OGַ|rdہ}'Ś.cR 4[kyABۢcՂWDӓQ{i\a&ܖЬj͸W8v+B3Q-gr[@FXcPԬ#/ws*W`+2hN,zd~> ;X_MӛxcHzB^ 1A*"Q*P-dQEZ$ #V'|1aI G.G$ֹFs1=fNVRl(}k9-uXs~((((((()O-`9W'A๷~Wa_Ox6~2ҖU%%<]#(UZXU@',EC'Y(x[G"x-[pk_Ф~bB fŧo _0F]H>F4RSmֶM>Tw`9}ϊx9o'`lZ|%+`[iֺ**P>(]ZY-۪@-_&x]ֵ }tI_ |DZ¸ˮ{קTnbAh2ǁ_<|Tɣ貕^%O/X x/oQӐ嘏}+ >L!Q@QEQEQEQEQEQEQEQEQE!+;"9}oèF27{[[/-aoa_Exem`TN7}+҇AKHyx3Kִ{á+&>l1߅fGf9o0pGTy /zt[Wyr -<+V,*<I? iX|t(=*դ7qIꧡ+Ŀ5}KKm(g +# H aT 7 A(d;xY̋$%1ι^y;Ld ' ^\B"l2=qEQQIrEǰZ,+x"pP3}+KX@6ƁGSH8ERMxz׶ZeshP:R(x6N@!W|(oNuWrDC{WјA5_W?'gBT̥C޻/|EC4 lTQG5?yncVSE gŽsIlmInWx͗.E_f=5)  `:~5reܟE$t ( TQETM,,qVc+ǼwK2X.n@~Umwq#{?;Y#!+֕* ?QEQEQEQEQEQEQEQEQEQER`TSC4Rtad|Ԍ*nycx#V$'F]gE%i|:ne[W1 [5KEW^ֿ vQ$_/7.$|ڽss^2xk×Z?: 5b牙RcNъQKᆭHZXW׾x7^_fSd_{դ K$mXdi:zp<Ҿvau~9V`ׯ,2A#}XHS&kĶ2Ga]Gmj>(EsdEe w(4 )$+gĽвp3HpFNO֭x/6YR6',9j'Ҽ+nX[(`>iHqREQEQEQEQEQEQEQEQEQEQER0x wW^PI>9x_4z+zG s^6E=ū#s{m)oBc~>_tf%)ʶ◵QY!+) O^νn#/`8'Ʃy:5ɂ|ֽy2}G?fh[yQ}=v[u".2ɞ^{~hGu}J((T Q*J((((((((((((R0kt?}f#0>( {h^CϋzH5'#<[QR^g+м3rme>: \`{S$8q\εh?ڵ8wk̵-ѥzIҼ\oV[U_99Ğ%rڼ1&Y<+KH.5/˅i(5p6,QT`U8((((((((((((1H@KEHW֑N̼כFO%<:f\)}-FqH|57KFQEQEQEQEQEQEQEQEQEQEQEQEQEQE*JZC0?L%|%K9j5?NiD}뗿6Pʽ;uw6_/Ys=up1U-86zgя?Y<5/Ɣh,'gԿ?zz\WK?[6Wr}pKښN0u\N_KHYs]$qh4U_E&((((((((((((((((QE`S4QO"ȣȋy'*LQ(((((((((((((((((((((((((((((`( &  :http://coverity.com/main.html:http://coverity.com/main.htmlv/ 0DTimes New Romantt/ 0DTahomaew Romantt/ 0" DArialew Romantt/ 0"0DWingdingsRomantt/ 0@DVerdanasRomantt/ 0"PDHelveticaRomantt/ 0 "`DCourier Newmantt/ 01pDMS Minchowmantt/ 0DComic Sans MSntt/ 0B A .  @n?" dd@  @@`` p Jm$     ( %,-o%, ""R  $-(F &8OcV+   .0<<Uk    0m -+0^      0J?D$$$$$$$$$$$$$$$$$$R$Nт۳ Y*2 AA1?`f3ff3f@8()dg4HdHdQ{ 0ppp@  S ʚ; v3ʚ;<4dddd@l 0@<4BdBd@l 0@b%0___PPT10 ___PPT9nnIt>"ՌPNG  IHDR +tsRGB PLTEfffm cmPPJCmp0712 7tRNS@fIDATWc`  SP1H $XLIENDB`?  O =H!AvBugs as deviant behavior  Inferring errors in systems codeqD. Engler, D. Chen, S. Hallem, B. Chelf, A. Chou Stanford University SOSP 2001 Presented by: Fabian Bustamante rP">KL\ Core ideaq Programmers are usually right. If they are not, then we have much bigger concerns than a few concurrency bugs.rr#C,Goal - find as many serious bugs as possible--Problem: what are the rules?!?! 100-1000s of rules in 100-1000s of subsystems. To check, must answer: Must a() follow b()? Can foo() fail? Does bar(p) free p? Does lock l protect x? Manually finding rules is hard; repeat for each new release Instead infer what code believes, cross check for contradiction Linux-like development  end result is an ad-hoc collection of conventions encoded in millions of LOC w/o much doc. Intuition: how to find errors w/o knowing truth? Contradiction - To find lies: cross-examine. Any contradiction is an error. Deviance - To infer correct behavior: if 1 person does X, might be right or a coincidence. If 1000s do X and 1 does Y, probably an error. Crucial - We know contradiction is an error w/o knowing the correct belief!^ PP1P&P 1&  ~"B%Context: Finding OS bugs w/ compilers&&Systems have many ad hoc correctness rules  acquire lock l before modifying x ,  cli() must be paired with sti(),  don t block with interrupts disabled One error = crashed machine If we know rules, can check with extended compiler Rules map to simple source constructs Use compiler extensions to express them Positives Scales  it statically find 1000s of errors Precise  it says exactly what error was Static  it does not require running code Effective  it found 1500+ errors in Linux source code +PP4PRP PPP+4N     ,Q$D%Cross-checking program belief systems&&cTwo classes of beliefs MUST beliefs: Inferred from acts that imply beliefs code *must* have. Check using internal consistency: infer beliefs at different locations, then cross-check for contradiction MAY beliefs: could be coincidental Inferred from acts that imply beliefs code *may* have Check as MUST beliefs; rank errors by belief confidence. vZZZ$ZtZ$  t7W Related work&Higher level languages  TypeState, Vault Many program restrictions are too rich for it Required programmer participation, rewrites, & . Specification  Bandera, Slam, formal verification Difficult and costly Specification scales with code size Derivation  Houdini, Daikon, Eraser Less noisy samples for deriving rule templates (Houdini) Dynamic monitoring can only see executed paths (Daikon, Eraser) *Z^Z3Z9Z&ZzZ*^39 &z> s %E"Trivial consistency: NULL pointers## *p implies MUST belief  p is not null A check (p == NULL) implies two MUST beliefs: POST: p is null on true path, not null on false path PRE: p was unknown before check Cross-check these for three different error types Check-then-use  p believed to be null is subsequently dereferenced (in Linux 2.4.7  79/26 false) Use-then-check  p dereferenced and then checked for null (102/4) Redundant checks  p known to be null/not-null and then checked (24/10)UU2./2  , 3 kIYGeneral internal consistencyTemplate, e.g must be paired with Do not reference null pointer

Example of use, lock must be paired with unlock & are called slots, lock/unlock and all pointers are slot instances Consistency checkers are defined by The rule template T The valid slot instances for T The code actions that imply beliefs Rules for how beliefs combine Rules for belief propagation z B > p   rM]Internal consistency&FNull pointer fun XUse-then-check: 102 bugs, 4 false Contradiction/redundant checks (24 bugs, 10 false)YY'GRedundancy checkingAssume: code supposed to be useful Useless actions = conceptual confusion. Like type systems, high level bugs map to low-level redundancies Identity operations:  x = x ,  1 * y ,  x & x ,  x | x Assignments that are never read: l#j:"#j:  "(H,Internal Consistency: finding security holes--Applications are bad: Rule:  do not dereference user pointer <p> One violation = security hole Detect with static analysis if we knew which were  bad Big Problem: which are the user pointers??? Sol n: forall pointers, cross-check two OS beliefs  *p implies safe kernel pointer  copyin(p)/copyout(p) implies dangerous user pointer Error: pointer p has both beliefs. Implemented as a two pass global checker Result: 24 security bugs in Linux, 18 in OpenBSD (about 1 bug to 1 false positive) 32#3  2#PH$*J)Cross checking beliefs related abstractly**Common: multiple implementations of same interface. Beliefs of one implementation can be checked against those of the others! User pointer (3 errors): If one implementation taints its argument, all others must How to tell? Routines assigned to same function pointer More general: infer execution context, arg preconditions& Interesting q: what spec properties can be inferred?V4J4J  :E.N,Statistical: deriving routines that can fail--Traditional: Use global analysis to track which routines return NULL Problem: false positives when pre-conditions hold, difficult to tell statically ( return p->next ?) Instead: see how often programmer checks. Rank errors based on number of checks to non-checks. Algorithm: Assume *all* functions can return NULL If pointer checked before use, emit  check message If pointer used before check, emit  error Sort errors based on ratio of checks to errors Result: 152 bugs, 16 false.+52+5  2JZGeneral statistical analysisConceptually, a statistical checker == internal consistency checker w/ three modif. Applies check to all potential slots instances combinations, i.e. assume all combinations are MUST beliefs Indicates how often a specific slot instance combination was checked & how often it faile the check Augmented w/  rank function that uses count info to rank errors Practical differences Statistical analysis needs large set of cases To make universe of slot instances manageable, use pre-processingVTpTp  ,M+KHandling MAY beliefs\MUST beliefs: only need a single contradiction MAY beliefs: need many examples to separate fact from coincidence Conceptually: Assume MAY beliefs are MUST beliefs Record every successful check with a  check message Every unsuccessful check with an  error message Use the test statistic to rank errors based on ratio of checks (n) to errors (err) Intuition: the most likely errors are those where n is large, and err is small.*//N^Statistical analysis0PLDeriving  A() must be followed by B() '' a(); & b(); implies MAY belief that a() follows b() Programmer may believe a-b paired, or might be a coincidence. Algorithm: Assume every a-b is a valid pair (reality: prefilter functions that seem to be plausibly paired) Emit  check for each path that has a() then b() Emit  error for each path that has a() and no b() Rank errors for each pair using the test statistic z(foo.check, foo.error) = z(2, 1) Results: 23 errors, 11 false positives.6> "(6>   "(>   4K[!Some implementations/eval details  Analysis written in  metal a high-level state machine language Syntactically similar to yacc specs Extensions are dynamically linked into xgcc Small, 50-200 LOC per extension Easily written by systems implementers Systems checked Linux 2.4.1 & 2.4.7 OpenBSD 2.8v@$,G @$,G  >Y.l3SExample null checker &2RSummary: Belief AnalysisKey ideas: Check code beliefs: find errors without knowing truth. Beliefs code MUST have: Contradictions = errors Beliefs code MAY have: check as MUST beliefs and rank errors by belief confidence Secondary ideas: Check for errors by flagging redundancy. Analyze client code to infer abstract features rather than just implementation. Spec = checkable redundancy. Can use code for same.V    HX ConclusionGoal  automatically find bugs w/o a priori knowledge of correctness rules the system should obey Idea  use static analysis to extract programmer beliefs from source code Specify a general template for a rule Use automatic analysis to specialize template (portable) Two general techniques for implementing these derivative analyses Internal consistency for MUST belief Statistical analysis for MAY beliefe Successfully used to find bugs in Linux and OpenBSD OSs There s money on this! http://coverity.com/main.html FMPJPnPMJnX- 0/489:;<=>?C E"F#(   0` .T3f` T3f3f` 999MMM` lff3f3޲` eoHff33Ҷ` ff!` T3f3f___>?" dd@$?nPd@ d " @ ` n?" dd@   @@``PR   @ ` `(p>>  H@ (    s *v "0@ { T Click to edit Master title style! !  c $p{ "0j  RClick to edit Master text styles Second level Third level Fourth level Fifth level!     S  Nff??"?  Nff??"? F  "  Nff??"  Nff??"   Nff??"  Nff??"?  c $Dy{ "` { b*(2Z  B޽h))? ? T3f3f___ 0___PPT10.[p1q___PPT92p22 aqualab01U   0  C(  ~  Hff??"A  0~ "G  ~ ,   <~ "  ~ T Click to edit Master title style! ! T    "  TD~ff??"  @   T~ff??"  @ ~  Hff??"A~  Hff??"A  RA)\ :?nwu-seal-gray"@)i%   # l~ 1?"g: NCS 443 Advanced OS (2 f  # lh~ 1?"3 o!Fabin E. Bustamante, Spring 20052" 2 f' fZ  B޽h))? ? T3f3f___80___PPT10.[p1q" 0 P2( "   0P P    Z*   0     \* d  c $ ?    0`  @  RClick to edit Master text styles Second level Third level Fourth level Fifth level!     S  6,, `P   Z*   6 `   \* H  0޽h ? ̙3380___PPT10.[Na 0 `$(  r  S t~f ~ r  S ~G  ~ H  0޽h ? f3<$  0 0$(  r  S 0@   r  S 0j  H  0޽h ? T3f3f___80___PPT10.\&a  0 $(  r  S  0@   r  S  0j  H  0޽h ? f3<   0  I(  r  S 0@   r  S {0j  8 u  sn g  Z<{ Ԕ? u  Slock_kernel(); if (!de->count) { printk("free!\n"); return; } unlock_kernel();2T S',#   Z1 Ԕ?XL  Linux fs/proc/ inode.c,x   HԔ?     Z8 Ԕ? g FGNU C compiler   N@< Ԕ?RC   X" missing unlock! B  TDԔ?3 ^ B  TDԔ?    fH?1?"` m I  B Lock checker (2 H  0޽h ? f3<   0 1) (  r  S W0@   r  S X0j  Q  HlF Ԕ? x = *p / z; // MUST belief: p not null // MUST: z != 0 unlock(l); // MUST: l acquired x++; // MUST: x not protected by l,  T_ Ԕ? x h  7A(); // MAY: A() and B() B(); // must be paired,87  TI Ԕ? f u  t,{A(); B();}1000s // probably a valid belief,-,  Tlj Ԕ?5 y   o'{A(); B();}1 // probably a coincidence,('68 z v  v z B   fD1?z v o v P  # BCYDE(FAA1? !BPO^DW.jYLR @   "` v H  0޽h ? f3<y___PPT10Y+D=' = @B +m  0 `p$(  pr p S {0@   r p S {0j  H p 0޽h ? f3<y___PPT10Y+D=' = @B +  0 X(  r  S d0@   r  S @0j  ,  H Ԕ? Eo /* 2.4.1: drivers/isdn/svmb1/capidrv.c */ if(!card) printk(KERN_ERR,  capidrv-%d: &  , card->contrnr& ) i ,' '&' ' '  >6  H  0޽h ? f3<y___PPT10Y+D=' = @B +$  0 $(  r  S 0@   r  S ̩0j  H  0޽h ? T3f3f___80___PPT10. [4'  0 @/'(  r  S |0@      ! #""IJIIC    # l@„1?%   t,Must always use IS_ERR Must never use IS_ERR-- @`  # lHĄ1?O%   s+Checked with IS_ERR Not checked with IS_ERR,, @`f  # lք1?% O  z Must IS_ERR be used to check routine <F> s returned result? >> @`    # lׄ1? %  |4Is a dangerous user pointer Is a safe system pointer55 @`+   # lЄ1?O %  p passed to copyout/copyin *p  @`0   # l@1? O%  D Is <P> a dangerous user pointer? ## @`   # l<1?e  s+Is not null Null on true, not-null on false,, @`   # l1?Oe  U *p p == null? @`  # l1?eO  x0 Is <P> a null pointer?  @`  # l1?e PBelief @`  # l!1?Oe PAction @`  # ll*1?Oe RTemplate   @`B  To ?~B  N1 ?ee~B  N1 ?  ~B  N1 ?% % B  To ?  B  To ? ~B  N1 ?OO ~B  N1 ? B  To ?  )  f-1? [)Some questions that can be inferred w/ it* 2* , 3 rd41?* ( / 3 r 81? (H  0޽h ? T3f3f___80___PPT10.\K  0 (  r  S $#0@   r  S F0j    H Ԕ?g /* 2.4.7: drivers/char/mxser.c */ struct mxser_struct *info = tty->driver_data; unsigned flags; if(!tty || !info->xmit_buf) return 0;f >    t    ~  HP Ԕ? x  /* 2.4.7/drivers/video/tdfxfb.c */ fb_info.regbase_virt = ioremap_nocache(...); if(!fb_info.regbase_virt) return -ENXIO; fb_info.bufbase_virt = ioremap_nocache(...); /* [META: meant fb_info.bufbase_virt!] */ if(!fb_info.regbase_virt) { iounmap(fb_info.regbase_virt);2 '  %H  0޽h ? f3<y___PPT10Y+D=' = @B +  0   (   ~   s *h0@   ~   s *i0j     H Ԕ? ,  R/* 2.4.5-ac8/net/appletalk/aarp.c */ da.s_node = sa.s_node; da.s_net = da.s_net;XS ' & 1'    P&     Hp Ԕ?o  Dfor(entry=priv->lec_arp_tables[i];entry != NULL; entry=next){ next = entry->next; if (& ) lec_arp_remove(priv->lec_arp_tables, entry); lec_arp_unlock(priv); return 0; }4 ' ' b @H   0޽h ? f3<y___PPT10Y+D=' = @B +m  0 @($(  (r ( S 0@   r ( S l0j  H ( 0޽h ? f3<y___PPT10Y+D=' = @B +J " 0 p 4(  4r  4 S t0@   r  4 S L0j   4 H Ԕ?~  e  2  $ 4 H` Ԕ? k  foo_write(void *p, void *arg,& ){ copy_from_user(p, arg, 4); disable(); & do something & enable(); return 0; }Z} 6''A'6 D 4 HԪ Ԕ? D x  bar_write(void *p, void *arg,& ){ *p = *(int *)arg; & do something & disable(); return 0; }Zg )'33 '0'3333>3xB  4 BDԔ?" t t H 4 0޽h ? f3<P # 0 D(  Dr  D S Ⱦ0@   r D S 0j   D TƆԔ?"   &P = foo(& ); *p = x;  D ZˆԔ?"X $  |Dp = bar(& ); If(!p) return; *p = x;## D Z8цԔ?"y < E  |Dp = bar(& ); If(!p) return; *p = x;## D ZԆԔ?"y Z E  |Dp = bar(& ); If(!p) return; *p = x;## D ZӆԔ?"   ^&p = bar(& ); *p = x;H D 0޽h ? f3<0  0 0(  x  c $0@   x  c $|0j  H  0޽h ? T3f3f___80___PPT10. [4  0 8$(  8r 8 S 40@   r 8 S 0j   8 TDԔ?" t'  f,z(n, err) = ((n-err)/n-p0)/sqrt(p0*(1-p0)/n)--H 8 0޽h ? f3<!  0 t l `'I (  x  c $0@  ~  \  I #"."rrrrrrr   6 # l1?V   Pa called   @`  4 # l"1? V  i!a called with interrupts disabled"" @` 2 # l,1?   t,Must be called with interrupts disabled?-- @` / # l&1?V   ZError paths with a @`  - # l?1?  V  gError paths with a and b paired   @` + # l\:1?  ]Does reverse ? @` ( # lXQ1?VX   IX @` & # lZ1? X V  Zy checked before x @` $ # l\1?X   l$Does security check protect ?%% @`  # l^1?VX  XResult of f used @`   # l`o1? VX  fResult of f checked before use @`  # l 1? X  ]Can routine fail? @`  # l<1?V T Paths with a   @`  # lD1? V aPaths with a and b paired @`   # lT1?  dMust be paired with ? @`   # lp1?V Q Uses of v   @`   # lx1? V `Uses of v protected by l @`   # l1?  aDoes loc protect ? @`   # l1?V\ T Population   @`  # lʇ1? \V QExample @`  # llӇ1?\  RTemplate   @`B  To ?\\~B  N1 ?~B  N1 ?~B  N1 ?B  To ?  B  To ?\ ~B  N1 ? \  ~B  N1 ?V\V B  To ?\ ~B % N1 ?X X ~B , N1 ?  ~B 3 N1 ?     fd؇1? [)Some questions that can be inferred w/ it* 2*  3 rhއ1?* (  3 r81? (H  0޽h ? T3f3f___80___PPT10.\K   0   L1 (  Lr L S 0@   r L S Ç0j  F +Z   L P   L T,Ԕ?"+Z   ~*foo(p, & ) bar(p, & );B L HDԔ?"$0 \<  L TԔ?"9r   z  check foo-bar F of C   L p X,    L TDԔ?"of   C x(); y();  B  L HDԔ?"< H   L T0Ԕ?" r C   P check x-y  F )Z    L l    L TԔ?")Z P  jfoo(p, & ); &  B L HDԔ?"$0 \< " L TԔ?"9r   . error:foo, no bar!  B L NDԔ?"z %%6 B L NDԔ?"z 6 H L 0޽h ? f3<$  0 $(  r  S 0@   r  S 0j  H  0޽h ? T3f3f___80___PPT10.\pm   0 X(  Xr X S 0@   r X S 0j   X T! Ԕ?R*  sm internal_nul_checker { state decl any_pointer v; start: { (v == NULL) } ==> true=v.null, false=v.stop | { (v != NULL) } ==> ture=v.stop, false=v.null ; v.null: { *v } ==> { err( Dereferencing NULL ptr! );} ; }R V    7  X T0 Ԕ?   b v.freed>  X  f461? i7Flags when pointers compared to null are de-referenced.8 28H X 0޽h ? f3<  0 T$(  Tr T S >0@   r T S ?0j  H T 0޽h ? f3<$  0 $(  r  S O0@   r  S 890j  H  0޽h ? T3f3f___80___PPT10.[sA 0 pX(  p  0 ? )   I  B(  6  I  H  0޽h ? ̙33(B 0 x(  p  0 ? )     B-  6   > H  0޽h ? ̙33C 0 X(  p  0 ? )     BR  6    H  0޽h ? ̙33D 0 ia (   p   0 ? )   I   BtX  6   Specification = checkable redundancy. Can cross check code against itself for same effect. Others: that x was not already equal to value.H   0޽h ? ̙33E 0 X(  p  0 ? )     B`  6    H  0޽h ? ̙33F 0 X(  p  0 ? )     BDd  6    H  0޽h ? ̙33*G 0 0$z(  $p $ 0 ? )    $ Bi  6   @ 2 H $ 0޽h ? ̙33H 0 |P,(  ,p , 0 ? )   d , Bp  6   nFirst pass: mark all pointers treated as user pointers. Second pass: make sure they are never dereferenced. .n(2n` H , 0޽h ? ̙33nS 0 x~(  xX x C     x S Hz @   Simple. Have had freshman write these and post bugs to linux groups. Three parts: start state. Pattern; raw c coede or wildcards., match does a transition, callouts. Scales with sophistication of analysis. System will kill variable, track when assigned to others.  ,83H x 0޽h ? ̙3380___PPT10.Z:N(J 0 8(  X  C      S  @   : H  0޽h ? ̙3380___PPT10.Z o{N 0 (  X  C      S Ċ @   Can also use consistency: if a routine calls a routine that fails, then it to can fail. Similarly, if a routine checks foo for failure, but calls bar, which does not, is a type error. (In a sense can use witnesses: take good code and see what it does, reapply to unknown code) 8 2xH  0޽h ? ̙3380___PPT10.Z3Mr&Rv( `l!||$('* m.0e2 7'Wg(8!j#C6&E )+Hp͛5^h~Y_/N1Oh+'0Ux   , 8 D P\dWelcomeDistributed SystemsFabian E. Bustamante AquaLab05Fabian E. Bustamante71Microsoft PowerPoint@0WQ@}@ OQ@`W\GSg  )'    """)))UUUMMMBBB999|PP3f333f3333f3ffffff3f̙3ff333f333333333f33333333f33f3ff3f3f3f3333f33̙33333f333333f3333f3ffffff3f33ff3f3f3f3fff3ffffffffff3ffff̙fff3fffff3fff333f3f3ff3ff33f̙̙3̙ff̙̙̙3f̙3f333f3333f3ffffff3f̙3f3f3f333f3333f3ffffff3f̙3f3ffffffffff!___wwwm4'A x(xKʦ """)))UUUMMMBBB999|PP3f3333f333ff3fffff3f3f̙f3333f3333333333f3333333f3f33ff3f3f3f3333f3333333f3̙33333f333ff3ffffff3f33f3ff3f3f3ffff3fffffffff3fffffff3f̙ffff3ff333f3ff33fff33f3ff̙3f3f3333f333ff3fffff̙̙3̙f̙̙̙3f̙3f3f3333f333ff3fffff3f3f̙3ffffffffff!___wwweeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeϮϮϮϮϮϮϮϮϮϮϮϮϮϮϮϮϮϮϮϮ՜.+,D՜.+,H    On-screen ShowEast Texas Data ServiceJ   Times New RomanTahomaArial WingdingsVerdana Helvetica Courier New MS MinchoComic Sans MS aqualab01<Bugs as deviant behavior Inferring errors in systems code Core idea-Goal - find as many serious bugs as possible&Context: Finding OS bugs w/ compilers&Cross-checking program belief systems Related work#Trivial consistency: NULL pointersGeneral internal consistencyInternal consistencyNull pointer funRedundancy checking-Internal Consistency: finding security holes*Cross checking beliefs related abstractly-Statistical: deriving routines that can failGeneral statistical analysisHandling MAY beliefsStatistical analysis'Deriving A() must be followed by B()"Some implementations/eval detailsExample null checkerSummary: Belief Analysis Conclusion  Fonts Used Design Template Slide Titles 8@ _PID_HLINKSAthttp://coverity.com/main.html,_+00Fabian E. BustamanteFabian E. Bustamante  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~      %Root EntrydO)Pictures2Current UserSummaryInformation(DUPowerPoint Document(MO0DocumentSummaryInformation8