Cogs and Levers A blog full of technical stuff

Approximation with the Monte Carlo method

18 Apr 2015

An interesting way of finding values that fall within a domain is to perform random sample analysis with the Monte Carlo method. This method of finding values relies on random values (lots of them) being measured against some form of deterministic calculation to determine if the value falls within the source function’s scope.

In today’s post, I’m going to illustrate how to use this method in some practical scenarios.

Approximating π

To approximate the value of π, we’re going to treat a square containing a quarter of a unit circle with a lot of random data. We only treat a quarter of a circle (which will contain angles 0 through 90) as we can easily mirror image a single quarter 4 times. Mathematically, you can consider the ratio of the circle’s area with respect to the square that contains it.

Circle area = πr^2
Square area = 2r^2 + 2r^2
            = 4r^2

Ratio       = πr^2 / 4r^2
            = π/4

For every point that we randomly sample, the following must be true in order for us to consider the point as satisfying the circle:

rx^2 + ry^2 <= radius^2

This tells us, that from the midpoint 0,0, if the x and y values that we’ve randomly selected are within the bounds of the radius; we’ll consider it as “in”.

Once we’ve sampled enough data, we’ll take the ratio of points that are “in” and points that are “out”. We are still only dealing with a quarter of a circle, so we’ll multiply our result out as well and we should get close to π if we’ve sampled enough data. Here’s how it looks in python:

runs = 1000000
radius = 1

# get a batch of random points
rand_points = map(lambda x: (random() * radius, random() * radius), range(runs))

# filter out the points that satisfy our equation
in_points = filter(lambda (x, y): ((x * x) + (y * y)) <= (radius * radius), rand_points)

# calculate the ratio of points in the circle vs. points out of the circle
ratio = float(len(in_points)) / float(runs)

# multiply this figure by 4 to get all 4 quadrants considered
estimate = ratio * 4

runs is the number of points that we’re going to sample. radius is only defined to be clear. If you were to change the radius of the tested area, your output ratio would need to be adjusted also.

Running this code a few times, I get the following results:

3.140356
3.14274
3.14064
3.142
3.140664

Area under a curve

When it comes to finding the area under a curve, nothing really beats numeric integration. In some cases though, your source function doesn’t quite allow for integration. In these cases, you can use a Monte Carlo simulation to work it out. For the purposes of this post though, I’ll work with x^2.

Let’s integrate it to begin with and work out what the area is between the x-axis points 0 and 3.

 f(x) = x^2
ʃf(x) = x^3/3

area  = ʃf(3) - ʃf(0)
      = 9

So we’re looking for a value close to 9. It’s also important to note the values of our function’s output at the start of where we want to take the area from to the end as this will setup the bounds of our test:

f(x) = x^2
f(0) = 0
f(3) = 9

The area that we’ll be testing from is 0, 0 to 3, 9. The following code looks very similar to the π case. It has been adjusted to test the area and function:

runs = 1000000
max_x = 3
max_y = 9

# get a batch of random points
rand_points = map(lambda x: (random() * max_x, random() * max_y), range(runs))

# filter out the points that satisfy our equation
in_points = filter(lambda (x, y): y <= (x * x), rand_points)

# calculate the ratio of points in the curve area vs. points outside
ratio = float(len(in_points)) / float(runs)

# the estimate is the ratio over the area of the rectangle
estimate = ratio * (max_x * max_y)

Here’s some example outputs. Remember, our answer is 9; we want something close to that:

9.015219
9.008199
8.986761
8.998317
9.006282
8.995995
9.00693

These are only a couple of the many applications that you can use these for. Good luck and happy approximating.

MZ EXE files

28 Mar 2015

Executable files in MS-DOS come in a few different formats. The original 16-bit version of this file format is referred to as the DOS MZ Executable.

In today’s post, we’re going to dissect the internals of this format.

MZ

This particular gets its name “MZ” due to the first two bytes of the file 0x4d and 0x5a. Translated to ASCII text, these two bytes form the characters “MZ”. This is the opening signature (or magic number) for a file of this format.

The header

The first chunk of an EXE file is the header information. It stores relocation information important to the execution of the file. A few important notes when reading the header:

  • All values spanning more than one byte are stored LSB first
  • A block is 512 bytes in size
  • A paragraph is 16 bytes in size
Offset Description
0x00-0x01 The values 0x4d and 0x5a translating to the ASCII string “MZ”. This is the magic number for the file
0x02-0x03 The number of bytes used in the last block of the EXE. A zero value indicates that the whole block is used
0x04-0x05 The number of blocks that form part of the EXE
0x06-0x07 The number of relocation entries. These are stored after the header
0x08-0x09 The number of paragraphs in the header
0x0A-0x0B The number of paragraphs required for uninitialized data
0x0C-0x0D The number of paragraphs of additional memory to constrain this EXE to
0x0E-0x0F Relative value for the SS register
0x10-0x11 Initial SP register value
0x12-0x13 Word checksum
0x14-0x15 Initial IP register value
0x16-0x17 Relative value for the CS register
0x18-0x19 Offset of the first relocation item
0x1A-0x1B Overlay number

An example

Take the following “Hello, world” program written in x86 assembly language:

section .text

start:

  mov   ax, seg hello
  mov   ds, ax

  mov   dx, hello
  mov   ah, 09h
  int   21h

  mov   ah, 4ch
  xor   al, al
  int   21h

section .data

  hello db 'Hello, world!', 13, 10, '$'

I assembled this file with NASM:

$ nasm -f obj hello2.asm -o hello2.obj

I then transferred the resulting obj file from my linux machine over to a dos machine and ran TLINK which was part of the Turbo Assembler product.

> tlink hello2.obj

Once we’ve assembled and linked this file to produce a 16-bit dos executable, we can pull it apart again with objdump.

$ objdump -s -D -b binary -mi8086 HELLO2.EXE

The output of this dump is quite detailed. I’ve removed a fair bit of it for brevity:

HELLO2.EXE:     file format binary

Contents of section .data:
 0000 4d5a2200 02000100 20000000 ffff0000  MZ"..... .......
 0010 00000000 00000000 3e000000 0100fb50  ........>......P
 0020 6a720000 00000000 00000000 00000000  jr..............
 0030 00000000 00000000 00000000 00000100  ................
 0040 00000000 00000000 00000000 00000000  ................   
  . . .
  . . .

 0200 b801008e d8ba0200 b409cd21 b44c30c0  ...........!.L0.
 0210 cd214865 6c6c6f2c 20776f72 6c64210d  .!Hello, world!.
 0220 0a24                                 .$              

Disassembly of section .data:

00000000 <.data>:
   0: 4d                    dec    %bp
   1: 5a                    pop    %dx
   2: 22 00                 and    (%bx,%si),%al
   4: 02 00                 add    (%bx,%si),%al
   6: 01 00                 add    %ax,(%bx,%si)
   8: 20 00                 and    %al,(%bx,%si)
   a: 00 00                 add    %al,(%bx,%si)
   c: ff                    (bad)  
   d: ff 00                 incw   (%bx,%si)
  ...
  17: 00 3e 00 00           add    %bh,0x0
  1b: 00 01                 add    %al,(%bx,%di)
  1d: 00 fb                 add    %bh,%bl
  1f: 50                    push   %ax
  20: 6a 72                 push   $0x72
  ...
  3e: 01 00                 add    %ax,(%bx,%si)
  ...
 200: b8 01 00              mov    $0x1,%ax
 203: 8e d8                 mov    %ax,%ds
 205: ba 02 00              mov    $0x2,%dx
 208: b4 09                 mov    $0x9,%ah
 20a: cd 21                 int    $0x21
 20c: b4 4c                 mov    $0x4c,%ah
 20e: 30 c0                 xor    %al,%al
 210: cd 21                 int    $0x21
 212: 48                    dec    %ax
 213: 65                    gs
 214: 6c                    insb   (%dx),%es:(%di)
 215: 6c                    insb   (%dx),%es:(%di)
 216: 6f                    outsw  %ds:(%si),(%dx)
 217: 2c 20                 sub    $0x20,%al
 219: 77 6f                 ja     0x28a
 21b: 72 6c                 jb     0x289
 21d: 64 21 0d              and    %cx,%fs:(%di)
 220: 0a 24                 or     (%si),%ah

Focusing on the top representation, we get a direct view of the values in the header.

0000 4d5a2200 02000100 20000000 ffff0000  MZ"..... .......
0010 00000000 00000000 3e000000 0100fb50  ........>......P
0020 6a720000 00000000 00000000 00000000  jr..............
0030 00000000 00000000 00000000 00000100  ................
0040 00000000 00000000 00000000 00000000  ................

(0x00-0x01) 4d5a

The first two bytes are indeed “MZ”, or 0x4d 0x5a. So we’ve got the correct signature.

(0x02-0x03) 2200

This is the number of bytes used in the last block of the EXE. Remember, we’ve got LSB first when we’re dealing with multi-byte values, so this is 0x22 bytes. If you take a look at the resulting code listing above, you’ll see that the code for the executable starts at address 0x200 and ends at 0x220. At the address of 0x220, 2 additional bytes are used.

This is our 0x22 bytes as it is the first, last and only block that we have!

(0x04-0x05) 0200

This is the number of blocks (remember: 512 bytes chunks) that comprise of our EXE. We have 2. Our header is using the first block, our code and data is in the second.

(0x06-0x07) 0100

We have 1 relocation item. A relocation item is just a 16-bit value for the offset followed by a 16-bit value for the segment.

(0x08-0x09) 2000

There are 0x20 paragraphs in the header.

0x20 = 32 (decimal)
paragraph size = 16 bytes

32 * 16 = 512 bytes

This calculates out. 512 bytes in the header. We can see that the file offset starts at 0x00. Code doesn’t appear until 0x200. 0x200 is 512 in decimal.

(0x0A-0x0B) 0000

Our program didn’t define any uninitialized data, only a pre-initialized string: “Hello, world”.

(0x0C-0x0D) ffff

This is the default mode of operation for memory constraints. It says, use everything (i.e. don’t place any constraint).

(0x0E-0x0F) 0000

No translation to the stack segment (SS) will go on here. This value gets added to the segment value of where the program was loaded at and that’s how SS is initialized. The program that we’ve written didn’t define a stack, so no translation required.

(0x10-0x11) 0000

SP’s initial value

(0x12-0x13) 0000

This is the word checksum. It’s seldom used.

(0x14-0x15) 0000

The instruction pointer will start at 0x0000.

(0x16-0x17) 0000

This value would adjust CS.

(0x18-0x19) 3e00

This is the address of the first relocation item in the file. If we take a look back at the dump now, we can see the value sat at that address:

0030 ________ ________ ________ ____0100  ................
0040 0000____ ________ ________ ________  ................

This takes the format of offset:segment here, so we’ve got 0000:0100. This will be used at execution time and will also influence the resulting stack segments and offsets.

(0x1A-0x1B) 0000

Overlay number. Zero indicates that this is the main program.

The rest

Everything from here looks pretty familiar. We can see our assembly code start off and our string defined at the end.

16 bit COM files

26 Mar 2015

COM files are plain binary executable file format from the MS-DOS era (and before!) that provide a very simple execution model.

The execution environment is given one 64kb segment to fit its code, stack and data segments into. This memory model is sometimes referred to as the “tiny” model.

In today’s post, we’re going to write a really simple program; compile it, disassemble it and dissect it. Here’s our program that very helpfully prints “Hello, world!” to the console and then exits.

ORG 100h

section .text

start:
	mov		dx, msg
	mov		ah, 09h
	int		21h

	ret

section .data

	msg DB 'Hello, world!', 13, 10, '$'

Nothing of great interest here. The only thing worth a mention is the ORG directive. This tells the assembler (and therefore the execution environment once executed) that our program starts at the offset 100h. There’s some more information regarding 16bit programs with nasm here.

nasm’s default output format is plain binary so, assembly is very simple:

$ nasm hello.asm -o hello.com

Running our program in dosbox and we’re given our prompt as promised. Taking a look at the binary on disk, it’s seriously small. 24 bytes small. We won’t have much to read when we dissassemble it!

Because this is a plain binary file, we need to give objdump a little help in how to present the information.

$ objdump -D -b binary -mi386 -Maddr16,data16 hello.com

The full output dump is as follows:

hello.com:     file format binary


Disassembly of section .data:

00000000 <.data>:
   0:	ba 08 01             	mov    $0x108,%dx
   3:	b4 09                	mov    $0x9,%ah
   5:	cd 21                	int    $0x21
   7:	c3                   	ret    
   8:	48                   	dec    %ax
   9:	65                   	gs
   a:	6c                   	insb   (%dx),%es:(%di)
   b:	6c                   	insb   (%dx),%es:(%di)
   c:	6f                   	outsw  %ds:(%si),(%dx)
   d:	2c 20                	sub    $0x20,%al
   f:	77 6f                	ja     0x80
  11:	72 6c                	jb     0x7f
  13:	64 21 0d             	and    %cx,%fs:(%di)
  16:	0a 24                	or     (%si),%ah

Instructions located from 0 through to 7 correspond directly to the assembly source code that we’ve written. After this point, the file is storing our string that we’re going to print which is why the assembly code looks a little chaotic.

Removing the jibberish assembly language, the bytes directly correspond to our string:

	"H"
   8:	48                   	
   	"e"
   9:	65                   	
   	"l"
   a:	6c                   	
   	"l"
   b:	6c                   	
   	"o"
   c:	6f                   	
   	", "
   d:	2c 20                	
   	"wo"
   f:	77 6f                	
   	"rl"
  11:	72 6c                	
  	"d!", 13
  13:	64 21 0d             	
  	10, "$"
  16:	0a 24

So, our string starts at address 8 but the first line of our assembly code; the line that’s loading dx with the address of our string msg has disassembled to this:

   0:	ba 08 01             	mov    $0x108,%dx

The address of $0x108 is going to overshoot the address of our string by 0x100! This is where the ORG directive comes in. Because we have specified this, all of our addresses are adjusted to suit. When DOS loads our COM file, it’ll be in at 0x100 and our addresses will line up perfectly.

sysstat utilities

21 Mar 2015

sysstat is a collection of utilities for Linux that provide performance and activity usage monitoring. In today’s post, I’ll go through a brief explanation of these utilities.

iostat

iostat(1) reports CPU statistics and input/output statistics for devices, partitions and network filesystems.

Linux 3.13.0-46-generic (thor) 	21/03/15 	_x86_64_	(8 CPU)

avg-cpu:  %user   %nice %system %iowait  %steal   %idle
           1.53    0.01    0.46    0.09    0.00   97.92

Device:            tps    kB_read/s    kB_wrtn/s    kB_read    kB_wrtn
sda              15.87       216.84       169.79     755449     591528

iostat provides a top level cpu report in its first line with a breakdown percentages for the amount of time the cpu is spent:

  • In user space (%user)
  • In user space with nice priority (%nice)
  • In kernel space (%system)
  • Waiting on I/O (%iowait)
  • Forced to wait from the hypervisor (%steal)
  • Doing nothing (%idle)

Secondly, a breakdown by device is given of disk activity. In this chart, it shows the disk devices’:

  • Transfer per second (tps)
  • Amount of data read per second (kB_read/s)
  • Amount of data written per second (kB_wrtn/s)
  • Total read (kB_read)
  • Total write (kB_wrtn)

mpstat

mpstat(1) reports individual or combined processor related statistics.

Linux 3.13.0-46-generic (thor) 	21/03/15 	_x86_64_	(8 CPU)

15:23:58     CPU    %usr   %nice    %sys %iowait    %irq   %soft  %steal  %guest  %gnice   %idle
15:23:58     all    1.36    0.01    0.41    0.08    0.00    0.00    0.00    0.00    0.00   98.14

mpstat goes a little deeper into how the cpu time is divided up among its responsibilities. By specifying -P ALL on the command line to it, you can get a report per cpu:

Linux 3.13.0-46-generic (thor) 	21/03/15 	_x86_64_	(8 CPU)

16:05:10     CPU    %usr   %nice    %sys %iowait    %irq   %soft  %steal  %guest  %gnice   %idle
16:05:10     all    1.58    0.00    0.42    0.06    0.00    0.00    0.00    0.00    0.00   97.94
16:05:10       0    2.05    0.00    0.74    0.04    0.00    0.00    0.00    0.00    0.00   97.17
16:05:10       1    2.62    0.02    0.58    0.03    0.00    0.00    0.00    0.00    0.00   96.76
16:05:10       2    2.84    0.00    0.59    0.03    0.00    0.00    0.00    0.00    0.00   96.54
16:05:10       3    2.31    0.00    0.67    0.02    0.00    0.00    0.00    0.00    0.00   97.00
16:05:10       4    0.83    0.00    0.18    0.10    0.00    0.00    0.00    0.00    0.00   98.89
16:05:10       5    0.65    0.02    0.20    0.10    0.00    0.00    0.00    0.00    0.00   99.03
16:05:10       6    0.71    0.00    0.20    0.08    0.00    0.00    0.00    0.00    0.00   99.01
16:05:10       7    0.64    0.00    0.17    0.06    0.00    0.00    0.00    0.00    0.00   99.13

pidstat

pidstat(1) reports statistics for Linux tasks (processes) : I/O, CPU, memory, etc.

Linux 3.13.0-46-generic (thor) 	21/03/15 	_x86_64_	(8 CPU)

16:06:19      UID       PID    %usr %system  %guest    %CPU   CPU  Command
16:06:19        0         1    0.00    0.01    0.00    0.02     0  init
16:06:19        0         7    0.00    0.02    0.00    0.02     3  rcu_sched

. . .
. . .

pidstat will give you the utilisation breakdown by process that’s running on your system.

sar

sar(1) collects, reports and saves system activity information (CPU, memory, disks, interrupts, network interfaces, TTY, kernel tables,etc.)

sar requires that data collection is on to be used. The settings defined in /etc/default/sysstat will control this collection process. As sar is the collection mechanism, other applications use this data:

sadc(8) is the system activity data collector, used as a backend for sar.

sa1(8) collects and stores binary data in the system activity daily data file. It is a front end to sadc designed to be run from cron.

sa2(8) writes a summarized daily activity report. It is a front end to sar designed to be run from cron.

sadf(1) displays data collected by sar in multiple formats (CSV, XML, etc.) This is useful to load performance data into a database, or import them in a spreadsheet to make graphs.

nfs and cifs

NFS and CIFS also have monitoring utilities.

nfsiostat-sysstat(1) reports input/output statistics for network filesystems (NFS).

cifsiostat(1) reports CIFS statistics.

These certainly come in handy when you’ve got remote shares running from your machine.

Basic docker usage

15 Mar 2015

Docker is a platform that allows you to bundle up your applications and their dependencies into a distributable container easing the overhead in environment setup and deployment.

The Dockerfile reference in the docker documentation set goes through the important pieces of building an image.

In today’s post, I’m just going to run through some of the commands that I’ve found most useful.

Building a container

# build an image and assign it a tag
sudo docker build -t username/imagename:tag .

Controlling containers

# run a single command
sudo docker run ubuntu /bin/echo 'Hello world'

# run a container in a daemonized state
sudo docker run -d ubuntu /bin/sh -c "while true; do echo hello world; sleep 1; done"

# run a container interactively
sudo docker run -t -i ubuntu /bin/bash

# connect to a running container
sudo docker attach container_id

# stop a running container
sudo docker stop container_name

# remove a container
sudo docker rm container_name

# remove an image
sudo docker rmi image_name

When running a container, -p will allow you to control port mappings and -v will allow you to control volume locations.

Getting information from docker

# list images
sudo docker images

# list running containers
sudo docker ps

# list all containers
sudo docker ps -a

# inspecting the settings of a container
sudo docker inspect container_name

# check existing port mappings
sudo docker port container_name 

# retrieve stdout from a running container
sudo docker logs container_name
sudo docker logs -f container_name