 We've made it home. This is the end. Or is it the beginning? On your perspective. Alright, last class. Last Friday class. Last 340 class, hopefully. For you. Questions. This is your time. So, I'm going to stand here for 50 minutes. Going to do stuff. Ask questions. Are you a doctor? Yes. What was your thingy that you had to do for that? PhD, you have to do a PhD. My PhD, the dissertation title was Advanced Automated Web Application Vulnerability Analysis, I think. So, it's about how to automatically find vulnerabilities in web applications either through source code analysis which uses these compiler techniques that I've been talking about all semester. So, that's what all of this is based off of. Once you get basically a parse tree or what we call an abstract syntax tree, how do you then be able to try to understand what does this code do? Can this code ever exhibit dangerous behaviors that represent a vulnerability? So, for the web that would be if you're using user input, unsanitized in a SQL query, that's a SQL injection vulnerability. So, I did static analysis and black box analysis. So, these tools you can point to any web application that point and click tools. You say finding all the vulnerabilities you can in this web application. So, they interact with it try to fuzz things. What I did there is I first showed that the commercial tools were garbage. So, we've looked at 11 tools and created a website with 16 known vulnerabilities and showed that that they know tool I think total of the tools did you find over 40% of the vulnerabilities we put in and over combined and no tool found more than 30% of the vulnerabilities on its own. So, in follow up work to that we found that the main problem was these tools just basically like fuzz. Like they just crawl and fuzz and crawl and fuzz and they don't really take they don't really understand that they're interacting with an application. So, what happened with one crawler is it would try to be fuzzing like so it would log into the application because you give it login credentials and then as it's testing it accidentally logs itself out. And then, but it just continues to test. It doesn't realize it's been logged out. So, then we developed follow up work to basically infer in a completely black box manner the state of the web application. So, you can see if you were logged in or logged out and then you can test accordingly. So, you wouldn't just test you'd infer this state model which is basically like a you could think of it as an automata and then you would test the application in every single state. So, we showed that you can exercise more of the web application's functionality and find more bugs. How long did it take between when you got your master's to finish your doctorate and defend your dissertation? Well, I had a year at Microsoft in between there. So, I was at Santa Barbara doing my PhD for four years. I did a total of nine years at Santa Barbara. So, four years undergrad, one year master's one year at Microsoft and then back four years at Santa Barbara. Is 545 structure similar to this class? In what sense? Like, the lectures are kind of are they reporting something? Yes. Yep, yeah. Is that a really, how hard is it to continue this class? Very hard. So, if I spent all winter watching lectures I might be okay. So, grade classes are fundamentally different from undergrad classes, right? So, when I gave you a project I had to have taught you everything. Like, I didn't just give you hey, try doing first and follow sets and you're like, what are first and follow sets, right? We went over that for weeks. In a grad class I might say, hey, do some cool, I have a cool idea for a project do some project where you're parsing out SSHTs and reading postage or something like that. You know, we never talked about them in class so you have to go learn that stuff on your own. But in my 545 class we do hands on packing exercises. So, it's all about low level security vulnerabilities. So, how do, we looked at briefly buffer overflows. So, how do you take a buffer overflow, exploit it? Basically, completely take control of the program. What defenses are for that? What are the new techniques that are on that? Linux x86. Well, because I took the, I took a course on this one. I took the security and I think but it was on much older OS. So, we never got to look at more. Yeah, so we build up. So, we build up, we start super basic and then we add more and more modern defenses and so we see how attackers are found around them. And we do extraction of three parts. Well, I may change things by next semester but we do kind of network insecurity, I call it. So, how do you smith things on the network? How to control, intercept packets? How do you ejecting packets? How to play off packet pool? Yes. And then the second part is binaries. So, we look at binary security and application security. So, that's a lot of operating systems and assembly language. Can you petition them to unsafegrad in many sense because like I never took it and it's fighting over stuff. Yeah, it's good to take that. I mean I go over, it's a great class. So, I go over at a high level. But if you don't know it, it's up to you to then go and learn it at a deeper level. Question really really fast. On the point that you have in Boston, there's like quadruple fighters. Yes. Give me an example. You can't give me that example. What if I come up with one that's going to be on the exam? That'd be great. That would be even better actually. I guess it's like, although the good students show up on the very last day of lecture, I think we would deserve it. Unless there's traffic, I don't want to get one more of it. Yeah. There's at least one that's not here right now. So, let me have an example. Why not star, star, star, star, star, A equals equals 13. It's equal to T and there's about two. Let's see, what do we want? T equals malloc. Let's see, I think we have to cast this and star, star, star. What do we want the size of? No, this would be a double pointer. Because the triple pointer is going to point to something and when we do it inside it would be a double pointer. But aren't a double pointer and a triple pointer the same size? Yes. Do you want to make that an assumption? Why wouldn't we? It could depend on different systems. You want to do the thing that's correct, not the thing that just happens to be correct. Yeah, okay, so this is actually now we have to do a bunch of stuff. Yeah, I think you should do whatever the question was that I wanted to ask. We already did that midterm, right? Well, we could do something like this. I think this would be fun. I said if we had our midterms back, we could do the one that you actually could do that. Oh, we could do that one, that's fine. That's what we said. Midterm two, it wasn't any impossible. Yeah, you could do the actual one from the beginning. Yeah, that's kind of what it was. Does anybody give you crap for finishing your PhDs at the same place you finished your masters? It happens. It's it's not really, nobody gives you crap for it, but it's you know, the department it's a double-edged sort. The department knows you so they want to keep you, right? Especially if you're very good. On the other hand, if they can say hey, our undergrad graduates go do PhDs at CMU or Stanford or other really good schools, that means we have really good undergraduates, right? So if I get on somewhere else, it also reflects very well on the school. The same thing when you graduate, right? So UCSB was unlikely to hire me because if you hire your own, that doesn't really mean that you're any good, but if somebody else is hiring students, then that's a good sign. Consider the following C codes. So we have A, B, C, D, okay, start, start, start, start, start, start, start, start. At memory locations, W, X, Y, Z, right? So we know that these are cool. That's really good. Excellent. Look at them zoomed in. Everything is weird. Okay. Zoom out a little bit. My handwriting does not get better as a pick of the pen gets. Sorry. Oh, I'm sorry. I can't stand this. It's so ugly. It was under tools. Tools? I don't think that, oh, format. How do I format it? I feel like if you just hit a bunch of buttons, it'll work eventually. Oh, maybe that's what I did. Maybe I, well, all right. We live and do our we survive. W, we have A, we're going to have B, we'll have C, we'll have D, W, X, Y, Z. Cool. Okay. So the first thing we have A is equal to malloc size of care, start, start, start. So that means we have a new memory location. We know that in malloc. That is going to be memory location one, right? So memory location one, and this means because malloc returns the address one, so that will be copied into the value of the location associated with A. Well, I guess thought we were done with all that. Precise semantic talk. So that is the number one inside there. Then B, so then we have C is equal to malloc size of character, start. So now we have C, so now we have a new thing of memory location two, and so we will have two inside C. Pretty good. In D, we are saying D is equal to malloc size of character, start. So now we have another one, memory location three is inside B. Okay. Next line. So now we know A star points here, C star points here, and D star points here, right? Any questions so far? This should be the easy bit, right? So here, I don't even care that it starts, starts, starts, starts, starts, starts, starts, starts, starts, starts. All I know, those are just types that help me make sure that I'm not making a mistake. So let's look here. So we have star A is equal to the address of C. So on the right-hand side we have the address of C. What's the address of C? Y. So I take Y and I'm going to put it in what location? Star A. So remember star A refers to an L value, it returns to a location. So star A will refer to this box here. So I'm going to put Y here. The address here and to here. So now we have star A points here, stars, and then star, star, A will point now to here. Did this question ask us for aliases at the bottom? No, that was a different one. I think I separated them now. Yeah, so this is just drawing box or diagram to each of the locations. So at point one, so then we have, so we did this one. Check. So we have star C is equal to D Y. Okay. Equal to D. So we have D. When we say star C, what is that? So what is star C? Yeah, this location here and when we say this is equal to D, what does that mean we're doing? Take the value in the location associated with D which is what? 3 and copy that into the location associated with star C. Right? So we'll draw here. So we have star A. So we're adding star, star, star, star A is equal to the character A. So we have one go star A. Another one is this is going to be star star A. This will be to 2 to 3A and then down here will be 4 and you'll have to trust me that's 4. And so we're copying the character A. So I think what tripped up some things I saw what tripped up people was this part here, this line. So they ended up overwriting this with A. So this is point 1. Snaps out. Good? Questions on that part? I mean you don't have to take a picture of it. So now... Annoying on the exam because then you have to take this entire thing copy it and then start again to get to point 2. It just took the time it seemed unnecessary. I can see that. Next slide. Allocating a new thing for D is equal to that. So we have that here. We're going to put this into D. Now we have another new memory location. Setting that into B. So B now contains about 5. So we're saying the address of D is equal to star B. So where is B point 2? It's 5 right here. So this is where we will put the values. What's the address of D? Z. Now we say star D is equal to the character D. So D reference D. We're here. And 4. I had another question. For those of us that's about continuing academia. We're moving into the industry. Being that you've done both and you had a pretty damn good job at Microsoft what was your motivation to moving back into academia? Good question. So it kind of depends on what you want to do. So I basically did the equivalent of the 4 plus 1 at Santa Barbara. So that, and some of the students who are in the master's program although they may just be starting so they could probably give you some tips. So basically the way I see it the master's, so during undergrad you kind of get a base level of education, right? And then you get to kind of specialize in areas when you take electives, but those are still base. Right? You don't go really far into depth. When you start taking grad classes as a master's student you go right up to the current state of the art and research in that area. So you get to choose different areas to really drill down into. So for instance, the way I have to think of it as architecture, like computer architecture you learned about MIPS machines In theory. You were taught. In theory. You were not exposed to MIPS machines and the MIPS architecture and how MIPS pipelining works, all that stuff. Right? When I took grad architecture the professor put a picture of a P4 die on the screen and was like tell me what all the different parts are on this die and what they do. And so we read research papers starting in the 80s up till the current day about how they design processors all the different types of cash prediction we learned that like real CPUs don't actually execute your assembly code like x86 they translate it down into microcode and execute that microcode and they can play all these kind of tricks about reordering your execution of your instructions if they can prove that they can do that and make things faster. Real things on pipelines like 20 stages anyway so you get to learn the actual complexity and you get to choose the areas so it's an area that you're really interested in. So for me I saw masters, especially when you do 4 plus 1 for me that was a really good time benefit tradeoff. So I got to go through the depth and I only spent an extra year of my time. So I really enjoyed that but PhD is completely different. Masters is more of what you would use to do masters is more of taking classes. So to bring you back to why I went back to Microsoft so at Santa Barbara we have 3 options for our masters, you can do thesis like you can do here, you can do exam which is similar to the MCS there's an option in the middle that's a project so I did a project and I was working with a person who ended up being my PhD advisor and basically we did a research project so this was the study on black box vulnerability scanners. So I created a website with no vulnerabilities, I got into scanners, I tested them, analyzed the results wrote everything up. Anyways, so we submitted that paper I think in June to a conference right when I was graduating and then like 3 or 4 months later we found out that we've been rejected from that conference and this is academic life you do cool research and you submit to conferences with anywhere from 30 to a 10% acceptance rate and so we know not everything to get in so paper got rejected once we submitted it again, it got rejected twice and then I was let's see, on the bus home I remember I was on the bus home so I was living in downtown Seattle working in Redmond taking the bus home reading his paper literally felt like the 30th or 40th time and as I was reading it it kind of hit me like oh wow nobody's ever done this before like this thing that I did is something that fundamentally nobody's ever done and at Microsoft I was solving problems I really like solving problems like give me a problem, let's think of cool ways to solve it algorithm, data structure, whatever and so I enjoyed it I enjoyed my job but I realized I wasn't doing anything new I was building another app people have built apps for a long time right but when I looked at the research I was like literally what makes it research the fact that nobody's done it before and that really appealed to me so then I contacted my advisor asked him about the way back and went to the process and made the decision to pull the trigger oh god please show me no question any class related questions first to kind of change gears will we need to be able to do and fully understand how to beta reduce a lambda expression designed around an arithmetic operation on Church's numerals quite possibly I haven't passed in to be able to go through all the steps so you need to be able to beta reduce lambda expressions so I could give you any lambda expression I'll provide us like the Church's numerals yes you need any of the definitions I will provide them to absolutely no question sure I think so can somebody give me one I'll be able to work on some stuff what are we doing? I'm sorry I was going to get a lambda character we probably start with this so what do you want you came up with, you asked you got to come up with an example I got one lambda a lambda b lambda c let broken close and then close the whole thing and now open parentheses lambda x lambda y cool so can we do a beta reduction instead of writing out like true would you just write t or something on the test like instead of writing out the definition for true you know what I'm saying I think I'll still go with what I said if you need any of the definitions I will give them to you so are there any beta reductions yes so we have one beta reduction so we have an application the left hand side of the application is an abstraction so we're going to take the body here and we'll go pretty slow on this we have lambda b am I doing this backwards lambda b dot lambda c dot lambda b a b c and this whole thing we are replacing a substituting thank you lambda x dot lambda y dot x y so the thing about ways I can make this faster are there any free variables in this no so do I have to worry then about doing any remaining operation while I'm doing this no cool so then I can actually just look in here and I could keep applying my rules and doing the substitution further and further but what does the substitution mean putting what replacing all a's all the free a's yes so I know I don't have to do any remaining operations if this doesn't have any free variables since it doesn't I know I will never have to worry about that so what I can do I can look in here and replace all three a's with this expression that's the semantics if you were to do this step by step you do lambda b dot lambda c dot b a b c and you would say substitute this a with lambda x dot lambda y dot x y and then you would apply the rule again you would get to an application you would apply it to the left and the right you would keep going through until you got to the a and replace that so I have the c dot b so now here comes the important part right do I so I know I'm replacing a with this so do I do this what's the problem here well the thing you substituted was the dome of it yes the thing we substituted needs to be a dome lambda expression right we can't change the way we parse this a b c it should still parse as we know the first thing is going to happen first so it should be application a b and then application the result of that is c because if we do it like that then we'd be done well there's this whole thing the problem is this body here exactly this body is all the body of this abstraction so we've essentially we've not only changed the original expression we've changed what we substituted in we were only supposed to substitute in lambda x dot lambda y dot x y but now we've changed its body to say lambda x dot lambda y dot x y b c so we need to be really careful when we do this substitution and one way to do that is when you're replacing this complex expression wherever you have a put parentheses around there an application here where the left side is a lambda expression so now I'm going to do lambda b dot lambda c dot b and so I'm going to take this inside here so that I'm going to say lambda x y replacing b replacing x with b and the reason that we're not replacing it with bc is because our disambiguation will say that we started the left to go out we would replace it with bc if these were groups like this yes if we don't write this step we would just go ahead and write them to y dot b y c and we don't do this step where we write out the substitution is that fine to show our work? if it's done correctly yes you're showing less work right so there's a couple ways you can do this you can just jot down the answer let's find a couple of the answers write it down but if that's wrong then it's completely wrong right there's no hard to get partial credit for that you know the more steps you show the more partial credit you can give you for seeing hey this was a mistake here but actually that was all correct so in here so now we do have a free b in here do we have any meta variables or anything that's going to clash in here? no so we don't have to worry about that so we can replace this x with b so we will have lambda b dot lambda c dot b we will have lambda y dot b y applied to c are we done? no we still got one more we have application here lambda expression on the left so we will substitute this y for this c right inside here we will replace we will substitute this y with c sorry y with c can't remember maybe double identity I would say it takes two parameters and returns them right so lambda x dot x is an id this is a function that takes in two parameters and returns them in the same order you can have a cool one where you take it and switch them swap the arguments do we have more beta reductions here? when do we have beta reductions? there's an application there's an application and what's the condition? the left-hand side is an abstraction the left-hand side is an abstraction so this is an abstraction this is an abstraction okay so because there's no application on that that's why there's no abstraction yes exactly and it's tactically the only way that we can make this an application would be to put parentheses around the whole thing and that is going to be put in the body if we had x, y, z here at the end these will all be in the body because of our disambiguation so we have to add parentheses like this for us to do another step we'll have one but we do one and then we see what happens and then we do the next one yeah but we have three possible if there were three then we could essentially expect the first yes that's what will happen okay yes I remember you said whenever we have a choice for which better resolution to apply first then it won't actually matter yes could you run through some .3 on the sample there's a kind of there's a choice which better resolution to apply so I'm not sure of that you said 1.3 you chose the easy one how many combinations is it plus bigger, there we go so what do we have here we have lambda x dot lambda y dot y we have lambda x dot x lambda x dot y dot y lambda y dot lambda x dot y what is this one is this true what is this one false we substitute that in there so we have false false true so that would be definitely one way to do this if you can use these identities it doesn't matter what what the names of these are they could be x's, y's, a's and b's as long as they are different and this one always returns the second one that's a false and you know the behavior of that that's alpha equivalent yes false always returns the second argument so you're applying false to the inputs false and true yes this is but wait what is this this is not function I think this right here taking the input in if it's true return the first one which is false if it's false return the second one which is true this is the same thing as what we done in class of not false so in general if we had to err on one side or the other do you recommend spending more time just like getting the base steps down cold or spend more time trying to get a feel for these higher level constructs and recognizing them and using those no I would focus on the basics because you don't need to know that for this you can just do this substitution so if I can do it a little bit quicker if I'm copying and pasting here just for lack oh man it's almost 240 if I were to do that in here so I do have an application here so here I do have a choice I can do this application here I can do the outside one it won't matter which one I choose so what do you guys want to do we already did the outside listen to the inside we lost I will basically replicate this whole thing and I will take this I know it's a combinator it doesn't refer to anything else those are the things I think you should remember and focus on ok this doesn't refer to anything so then I can take that and in here I can replace X in here with that well there's nothing in there so that goes away so can I do this application can I beta reduce this application no no because it's an application but the left is not a lambda the left is not an abstraction yes so now in here I replace X with this oh good call yes I was yes we're going to end up in a horrible horrible train wreck very good good catch ok so very good we have here three things three lambda expressions we have basically X foo and bar where foo is this and bar is this right so we know that this is left associated so we cannot reduce this foo and bar so definitely I made a mistake yes because this is how we parse this right so this is not well this will be the body of an abstraction of you know this is the body of each of these abstractions this is the body of this abstraction yeah that's a great call yeah I was looking ahead we're getting the wrong answer did I lie all those ok there's only one way we can do this we replace we take this body this side here we're going to replace all free X's with this combinator so this is another important thing just make sure you know down cold looking at this expression what are the free X's right there are many X's here only one of them is free right now I get to a case where now I have to do this one first so again just in the same thing these are groups first this has to happen first to do with that are the in a case where we were circling things and underlining things are the those are good questions is this a free variable is it a bound variable sort of is it a variable it's a magic variable see I asked most of them about this and like well no because what I initially thought was that it says underlined bound variables all three ones are going to be I underlined the bound ones and then I did arrows pointing to the lambda to which it was bound to and then I asked you about it and you even slowed it up so I went and I underlined them all because I was like is it okay to do the arrows and not underline them did you ask that during the test yeah I did I think I just told you I can't give you any information but it looks like you're done well I don't know maybe you misinterpreted my look but the point is before the exam we didn't we didn't get into the minutia because it's a variable because we call it a meta variable yeah that's why I underlined it and we assume that if the bound variables are bound to it that it's also bound to the bound variables and there's this symbiotic like symbiotic relationship between two ways or one way I would say it's a one way area but that's not a variable it's a meta variable so in class we did an exercise with the free variables and circled them but we never did an actual distinct example with underlining specifically bound variables so I think there was a little level of I don't know what to do it didn't come up at all so that's why I was hoping to get the tests back because if that came back and I got really happy points on that I was going to be like well everyone will be great at the same because there's no curve so there might be the midterm you had a free variable and now it's like a different context of free variable because I thought of free variable like that outside lambda on the variable x right here there that landed x on that same line I found x would not be 3 because of that landing but we're like erasing lambda context exactly yes so the questions on the midterm are in this lambda expression what is a free variable right when we're doing substitution we're saying in the body of this abstraction so thinking of this body as just one lambda expression what is the free x in there right so just considering this on its own free x is on the left yes just looking at that I could ask you yeah so if you're like asking me something in here like if there was correct those are meta variables yes no it's not nothing it's a meta variable right of free and bound yes it is neither free nor bound because it is a meta variable and it's also not a variable do we get partial variables for that because to be clear do we say underline all bound variables do we say don't underline anything else we're going to underline the entire thing and I have like if I come at like 1% that's going to be our structure yes that is exactly why so I mean that's why it was wrong that I did that beta reduction this inner beta reduction you cannot do this you have to do this one first and you can't do that right this is exactly the same thing as this the next step so the next step here exactly the same thing well similar thing right by associativity this thing happens first so if you think about looking at this as an expression so we have an application here with a sorry with an abstraction on the right and an application on the left so we cannot beta we have to reduce this because the left side is an application not an abstraction that whole thing I just want to clarify three variables bound variables these are meta variables they are not variables okay that's why I just want to make sure I made three you need to expect to be able to compute first and follow sets for this exam like is that realistically is that a question it's fair game after first and follow would be given the steps for first and follow kind of similar to the first and then yes so in mid-term one you also do write a puzzle for an ambiguous term so what are you supposed to write for that or can you just write that in terms of USM no you should have been able to write it because the non-terminal was ambiguous for was not the one we asked you to write technically with those variables if it's ambiguous I agree it was a mistake but it didn't affect the actual writing of those problems the intent is not to check you on that because we had other problems to check for ambiguous grammar this was writing with parser the focus was parser writing how long do you have how long is the final an hour and 15 minutes 15 minutes like an hour difference if I can answer questions about what's on or the length of the midterm those are all can you give us the answers to the midterm no next question I did argue give you all the answers to the midterm yes I am pushing for it yeah hopefully soon they're 80% rated 7 what oh the grades yeah that's a good question I don't know I have to check on that I didn't realize they were posted you know man I can check on that anything else 2 minutes yes in 2 minutes how far in which one midterm 2 midterm 2 midterm 1 no it was midterm 2 because we had an extra one are there things under on the test is it going to give a sensation in the parse tree I'd be like all the exams when we give it a parse tree so like this yes so we have number 1 2 3 4 5 6 7 8 so I have variables I have F A so these are all the things I need to know types for right so I know from this definition I know that F is a function that takes in some type T1 well I know T A type T A type T B type T C we actually know in a class after here so we can say and returns what type T1 whatever this node returns right I can do this but I know A B and C so I would write here T A I'd write here T B I'd write here T C so then we look at node 1 so I have to go top to bottom so we have node 1 as type 1 we have an addition does this constraint get us about our direct children 2 and 3 2 and 3 have to be the same as what what? no not hints we don't know anything about hints yet right all we're looking at is this node and these two children so the key is they're all the same right not only do the children have to be the same but they have to be they have to be the same as the parent right so this means type node 2 must have type T1 and node 3 must have type T1 exactly this is how you have to tackle these problems you can't look ahead to try to think about what the type is going to be we're going to get there and we'll propagate that type yes you can also do bottom that's totally fine I just like for no reason I don't know it just makes more sense to me to go top down okay so then we'll go to 2 since 2 is the next node so 2 is an addition so what does that mean about it and its children 2, 4 and 5 are the same now we go to node 3 and now what is node 3 what is the type of node 3 it has to be an int so in order to satisfy that what is the type of node 3 have to be has to be an int which means T1 has to be an int T1 is super broad T1 means it could literally be any type but we know that's not true we know it has to actually be an int so we have to go from this super general type now to an incredibly specific type of int so now we go through our thing and we replace all T1's with ints just like in your project 4 when you saw that actually these two types are the same you can get rid of them and change all of one type to the other type all of your variables are now this int type everything that was a T1 is now okay we just did 3 now we're going to do 4 so what's the type of this node wait what is the type of this node C what's the type of C TC but we also know that node 4 has to be an int so we have a really general type very specific type specific type so TC is now int so everywhere I'm going to get rid of all the TC's and I'm going to put int maybe on the final as we're doing this will there be a possibility I don't know if I can answer that then we go to 5 and we look at node 5 what is this, what does this apply what does that mean in general what is it this is a function it's a function what call yes this is a function definition this is a function call right so it's a function call so what does that mean about the relationship between it and its children the function is 6 the function is 6 the function is 6 so 6 is a function that takes in 7 and returns 5 so we can look at that here it kind of makes sense when you look at this we have whatever this is is being called as a function being passed in A so this is that A node 7 so that we know that this node here means that 6 that takes in T7 and returns 5 which is an int and right now we don't know anything about T7 we just know it's 7 what is 6 an array access so what does that mean yes the right is the index operation so this is an index operation we're indexing into an array on the left is the array on the right is an int so that means T9 has to be an int so now what does this mean about T8 node 8 is what array of 6 yeah so node 8 is an array what is node 6 functions cool so we just did 6 now we visit 7 so we see that 7 is type A so we see type A here so now we know type 7 and type A are the same type so everywhere we see type 7 we're going to erase it and put type A yes you can do it the other way as long as it's the same yes because we're saying they're unconstrained we don't know what A has to be we just know that node we just know that the type of A has to be the same as the type of this node 7 that's all we know right so up in some places we're using the type of node 7 now we need to make sure we're using that in the same place so we can just call the type of A now as type 7 it doesn't matter as long as they're all the same just did 7 we look at 8 so what's the type of 8 to B it's TB the type of B so we say the type of B but we say the node 8 we already know node 8 is an array of functions that take in TA and return an int so between B, TB and arrays of TA return an int that's the most specific type of those two the second one TB could be anything TB can be arrays, functions integers, strings, whatever no constraints but this is a constraint that says the type of node 8 has to be an array that's smaller and not just any type of array it has to be an array an array of functions and those functions must take in a TA so I'm harping on this because that is so you know that that's more specific so that's the one you want to go with that's your constraint so you say type B must be an array of TA goes to 8 is it a type mismatch of a function that it takes in itself it was an array of functions that take in its own type is that evaluated for mismatch? so no more TBs damn only because I'm lazy and don't want to write that again don't do this you don't have pencils that are four times as thick as your lines at least I hope not don't take an example like this, this would be insane okay we visit node 8 can we visit node 9? what does node 9 say? an integer, so what's the type of seed? an int, so we have an int and an int, those are the same thing they're the same amount of specific we've gone all the way through so these are our types so we know on here we'd say the type of A is what? TA type of B array of functions that take in TA and returns int the type of C int what does F return? yes so when we say what type does F return should you write this whole thing? yes because it's a function that takes in all that junk and returns type that F returns well it's inconsistent though because half the time you ask for what is the type of F but the other half you ask for what is the type of F you can't read it for exactly what it's asking you for but it's on the other exam so the third midterm they did ask for the type of F yes because I realized that it was ridiculous because you're rewriting text A, B, and C so I changed it out to future midterm exams for the type of F so are we going to expect to write the type of F? I expect you to read the question okay important things here before we stop really important thing it does not matter that this is TA this could be T7 it could be T20 the important thing is it has to be the same here right? if they're not the same then you did something wrong right? I think we're doing an industry up here PhD and working in a research lab president working here, give it up exactly I should leave and go to the industry just do it for me it was more an opportunity thing so it's easy to leave academia and go into industry especially nowadays and especially in security everybody's interested in security they all everybody has problems would you make more money that way? I would make a lot more money that way but I love you guys but the flip side is more difficult if you go into industry so you get a professor job because you can do research you can teach and you can bring in grants and work with students part of that is your publications so when you go into industry you publish a lot less if at all because your employer depending on where you work with may not value publications as much as actually doing research stuff but you are interacting with the user your thing is going interacting with the user yes, so I'm just saying it's happened I've seen it happen, the professor's going to industry and then going to academia, it's harder though so for me it was hey this is the time of my life I've just got my PhD I should see if I can do professoring and be a professor and then completely different jobs like insanely different like so at an industrial research lab I would be doing more of a research myself like coding and doing all that stuff as a professor and some of my PhD students are in this class I don't I get to do very very little actual coding and research I'm more of a manager and say like, hey these are what I think are really interesting problems and I try to help the students work through their problems but fundamentally the PhD students do the research my job is to really go to national science foundation government agencies, the military, the navy and try to get money to fund the students so my job is to get the money to fund the students the university takes about half all the money I get as an overhead and so yeah so that funds my research so that funds the students and I'm also expected to teach and serve on program committees so I review probably oh god I don't want to count probably 30 to 40 maybe 50 papers a year that are submitted to conferences I have to read them, write reviews decide if they should be accepted or not so yeah it's just I have a lot more different things I work on but it's cool because I get to be involved in web security research, mobile security research forensics, low level trust zone research, all kinds of stuff and if I was in industry I would be very much focused on one thing yeah so yes yes so we've done actually a lot of work one of the big things we've done is we are towards the end of my PhD I developed a crawler to crawl the Google Play Store and download Android apps so we now have 1.5 million Android apps and we actually just bought this really sweet 4U server so it's like this big that can hold 45 hard drives and so we've got 13 4 terabyte hard drives to start with because we want to read so this is, we've got 1.5 million distinct ATK ID apps and so we want to go through but those are from 2012 up till now so we want to go through and download all new versions and be continuously downloading versions of apps so we can see how apps change over time but yeah we've done SAC analysis work to identify vulnerable Android apps, there's so many ways that developers can mess up how they're doing mobile development and that impacts you user and you'll never know it so we want to develop tools to find them and to let developers know that they're being secure and how to do it secure find those apps so you just keep it indefinitely or it's good you can actually set an artifact for that yeah it should be fun, actually my long long term plan is we're going to try to do an open app analysis platform so that other people can run analyses static or dynamic on our apps and then when they publish those results they'll get kind of like a DOI tag with a unique identifier that links to the exact data set of apps they ran against so that follow up research can improve on it and run against those exact same apps so we can do fair comparisons of future research so that's kind of long term goals of that if you give the link to the website or I guess next semester for a setup could you post on that site some of the topics that we should do and then in addition to that could you post like good resources just like you like for networking I don't know nothing about networks I could have a business degree as a master's student so it's like I only took my deficiencies that I was required to take just because of the cost but like if you could post like if you know any good text books or good books on networks that I could look at because I just put there's a lot of good data to expose I don't want to invest in the book it's a hundred dollars and it's not going to move so just that would be really helpful if you send me an email I'll be much more likely to do it than if I just say yes now okay I don't think it's all video on that it's for your videos oh my videos yeah yeah the 545 videos are on YouTube I don't I'll have to dig up if there's like a good condensed verb and I don't know I think my slides look pretty good on networking we kind of walk you through it but like a deeper understanding is always better like networking is the big thing so I'll go right now oh that's right I saw that I don't think I've touched the first half of that Humblebundle.com Humblebundle here I can open that oh although is this going to open up there again Humblebundle hi oh Unix Bundle there we go Unix Bundle yeah personally though I can't read text books on digital copies that's just me I need like a physical copy but this would be great I think for like was it $15 we'd get you can get a digital copy of all these books which could be a great reference when you're looking up goodbye