CS216: Program and Data Representation University of Virginia Computer Science Spring 2006 David Evans Lecture 10: *&!%[]++

Slides:



Advertisements
Similar presentations
Dynamic Memory Allocation in C.  What is Memory What is Memory  Memory Allocation in C Memory Allocation in C  Difference b\w static memory allocation.
Advertisements

David Notkin Autumn 2009 CSE303 Lecture 13 This space for rent.
1 Lecture 4: Procedure Calls Today’s topics:  Procedure calls  Large constants  The compilation process Reminder: Assignment 1 is due on Thursday.
Prof. Necula CS 164 Lecture 141 Run-time Environments Lecture 8.
CS216: Program and Data Representation University of Virginia Computer Science Spring 2006 David Evans Lecture 11: Managing Memory
Kernighan/Ritchie: Kelley/Pohl:
Memory allocation CSE 2451 Matt Boggus. sizeof The sizeof unary operator will return the number of bytes reserved for a variable or data type. Determine:
Chapter 10.
CS 330 Programming Languages 10 / 16 / 2008 Instructor: Michael Eckmann.
C For Java Programmers Tom Roeder CS sp. Why C? The language of low-level systems programming  Commonly used (legacy code)  Trades off safety.
CS 536 Spring Run-time organization Lecture 19.
3/17/2008Prof. Hilfinger CS 164 Lecture 231 Run-time organization Lecture 23.
CS 61C L4 Structs (1) A Carle, Summer 2005 © UCB inst.eecs.berkeley.edu/~cs61c/su05 CS61C : Machine Structures Lecture #4: Strings & Structs
CS 61C L03 C Arrays (1) A Carle, Summer 2005 © UCB inst.eecs.berkeley.edu/~cs61c/su05 CS61C : Machine Structures Lecture #3: C Pointers & Arrays
CS 61C L03 C Pointers (1)Garcia / Patterson Fall 2002 © UCB CS61C - Machine Structures Lecture 3 C pointers  Dan Garcia (
Run-time Environment and Program Organization
CS216: Program and Data Representation University of Virginia Computer Science Spring 2006 David Evans Lecture 9: Low-Level Programming
U NIVERSITY OF M ASSACHUSETTS A MHERST Department of Computer Science Computer Systems Principles C/C++ Emery Berger and Mark Corner University of Massachusetts.
CS 61C L03 C Arrays (1) A Carle, Summer 2006 © UCB inst.eecs.berkeley.edu/~cs61c/ CS61C : Machine Structures Lecture #3: C Pointers & Arrays
David Evans CS201j: Engineering Software University of Virginia Computer Science Lecture 22: Low-Level Programming in.
Cs1120 Fall 2009 David Evans Lecture 19: Stateful Evaluation.
CS 11 C track: lecture 5 Last week: pointers This week: Pointer arithmetic Arrays and pointers Dynamic memory allocation The stack and the heap.
Cs3102: Theory of Computation Class 18: Proving Undecidability Spring 2010 University of Virginia David Evans.
Chapter 6 Buffer Overflow. Buffer Overflow occurs when the program overwrites data outside the bounds of allocated memory It was one of the first exploited.
Cs205: engineering software university of virginia fall 2006 Data Abstraction David Evans
Compiler Construction
Dynamic Memory Allocation Conventional array and other data declarations An incorrect attempt to size memory dynamically Requirement for dynamic allocation.
David Evans CS150: Computer Science University of Virginia Computer Science Lecture 35: Cookie Monsters and Semi-Secure.
IT253: Computer Organization Lecture 3: Memory and Bit Operations Tonga Institute of Higher Education.
Computer Science Detecting Memory Access Errors via Illegal Write Monitoring Ongoing Research by Emre Can Sezer.
CMPSC 16 Problem Solving with Computers I Spring 2014 Instructor: Tevfik Bultan Lecture 12: Pointers continued, C strings.
1 C - Memory Simple Types Arrays Pointers Pointer to Pointer Multi-dimensional Arrays Dynamic Memory Allocation.
Chapter 0.2 – Pointers and Memory. Type Specifiers  const  may be initialised but not used in any subsequent assignment  common and useful  volatile.
Netprog: Java Intro1 Crash Course in Java. Netprog: Java Intro2 Why Java? Network Programming in Java is very different than in C/C++ –much more language.
Computer Science and Software Engineering University of Wisconsin - Platteville 2. Pointer Yan Shi CS/SE2630 Lecture Notes.
David Evans CS200: Computer Science University of Virginia Computer Science Lecture 18: Think Globally, Mutate Locally.
University of Washington Today Finished up virtual memory On to memory allocation Lab 3 grades up HW 4 up later today. Lab 5 out (this afternoon): time.
1 Homework HW5 due today Review a lot of things about allocation of storage that may not have been clear when we covered them in our initial pass Introduction.
Pointers in C Computer Organization I 1 August 2009 © McQuain, Feng & Ribbens Memory and Addresses Memory is just a sequence of byte-sized.
Topic 3: C Basics CSE 30: Computer Organization and Systems Programming Winter 2011 Prof. Ryan Kastner Dept. of Computer Science and Engineering University.
David Evans CS200: Computer Science University of Virginia Computer Science Lecture 19: Environments.
Pointers *, &, array similarities, functions, sizeof.
Computer Organization and Design Pointers, Arrays and Strings in C Montek Singh Sep 18, 2015 Lab 5 supplement.
Topics memory alignment and structures typedef for struct names bitwise & for viewing bits malloc and free (dynamic storage in C) new and delete (dynamic.
1 Lecture07: Memory Model 5/2/2012 Slides modified from Yin Lou, Cornell CS2022: Introduction to C.
ICOM 4035 – Data Structures Dr. Manuel Rodríguez Martínez Electrical and Computer Engineering Department Lecture 2 – August 23, 2001.
David Evans CS201j: Engineering Software University of Virginia Computer Science Lecture 9: Designing Exceptionally.
1 C Basics Monday, August 30, 2010 CS 241. Announcements MP1, a short machine problem, will be released today. Due: Tuesday, Sept. 7 th at 11:59pm via.
CSE 303 Concepts and Tools for Software Development Richard C. Davis UW CSE – 10/11/2006 Lecture 7 – Introduction to C.
Announcements Assignment 2 Out Today Quiz today - so I need to shut up at 4:25 1.
What do I need to Know For My Assignment?. C Pointer Review To declare a pointer, we use the * operator. This is similar to but different from using *
CS216: Program and Data Representation University of Virginia Computer Science Spring 2006 David Evans Lecture 12: Automating Memory Management
1 Compiler Construction Run-time Environments,. 2 Run-Time Environments (Chapter 7) Continued: Access to No-local Names.
Windows Programming Lecture 03. Pointers and Arrays.
CSE 374 Programming Concepts & Tools Hal Perkins Fall 2015 Lecture 17 – Specifications, error checking & assert.
Language-Based Security: Overview of Types Deepak Garg Foundations of Security and Privacy October 27, 2009.
Memory-Related Perils and Pitfalls in C
Dynamic Allocation in C
Dynamic Storage Allocation
What the (Pointers in Rust)
Run-time organization
Pointers.
C Basics.
CS 465 Buffer Overflow Slides by Kent Seamons and Tim van der Horst
Memory Allocation CS 217.
Software Security Lesson Introduction
CSE 303 Concepts and Tools for Software Development
Lecture 18: Deep C Garbage Collection CS201j: Engineering Software
CS216: Program and Data Representation
SPL – PS2 C++ Memory Handling.
Presentation transcript:

CS216: Program and Data Representation University of Virginia Computer Science Spring 2006 David Evans Lecture 10: *&!%[]++

2 UVa CS216 Spring Lecture 10: Pointers C Bounds Non-Checking int main (void) { int x = 9; char s[4]; gets(s); printf ("s is: %s\n“, s); printf ("x is: %d\n“, x); } > gcc -o bounds bounds.c > bounds abcdefghijkl s is: abcdefghijkl x is: 9 > bounds abcdefghijklm s is: abcdefghijklmn x is: > bounds abcdefghijkln s is: abcdefghijkln x is: > bounds aaa... [a few thousand characters] crashes shell (User input) = 0x6d = 0x6e Note: your results may vary (depending on machine, compiler, what else is running, time of day, etc.). This is what makes C fun! What does this kind of mistake look like in a popular server?

3 UVa CS216 Spring Lecture 10: Pointers Code Red

4 UVa CS216 Spring Lecture 10: Pointers Reasons Not to Use C No bounds checking –Programs are vulnerable to buffer overflow attacks No automatic memory management –Lots of extra work to manage memory manually –Mistakes lead to hard to find and fix bugs No support for data abstraction, objects, exceptions

5 UVa CS216 Spring Lecture 10: Pointers So, why would anyone use C today?

6 UVa CS216 Spring Lecture 10: Pointers Good Reasons to Use C Legacy Code: Linux, apache, etc. Simple, small –Embedded systems, often only have a C compiler Low-level abstractions –Performance: typically 20-30x faster than interpreted Python –Sometimes we need to manipulate machine state directly: device drivers Lots of experience –We know pitfalls for C programming –Tools available that catch them

7 UVa CS216 Spring Lecture 10: Pointers What are those arrows really? s “hello ” Stack Heap s = “hello”

8 UVa CS216 Spring Lecture 10: Pointers Pointers In Python, an object reference is really just an address in memory s Stack Heap 0x80496f8 0x80496f0 0x80496f4 0x80496fb 0x x x x80496f8 hell o\0\0\0

9 UVa CS216 Spring Lecture 10: Pointers Pointers in C Addresses in memory Programs can manipulate addresses directly &exprEvaluates to the address of the location expr evaluates to *exprEvaluates to the value stored in the address expr evaluates to

10 UVa CS216 Spring Lecture 10: Pointers int f (void) { int s = 1; int t = 1; int *ps = &s; int **pps = &ps; int *pt = &t; **pps = 2; pt = ps; *pt = 3; t = s; } s == 1, t == 1 s == 2, t == 1 s == 3, t == 3 s == 3, t == 1

11 UVa CS216 Spring Lecture 10: Pointers Rvalues and Lvalues What does = really mean? int f (void) { int s = 1; int t = 1; t = s; t = 2; } left side of = is an “lvalue” it evaluates to a location (address)! right side of = is an “rvalue” it evaluates to a value There is an implicit * when a variable is used as an rvalue!

12 UVa CS216 Spring Lecture 10: Pointers Parameter Passing in C Actual parameters are rvalues void swap (int a, int b) { int tmp = b; b = a; a = tmp; } int main (void) { int i = 3; int j = 4; swap (i, j); … } The value of i (3) is passed, not its location! swap does nothing

13 UVa CS216 Spring Lecture 10: Pointers Parameter Passing in C void swap (int *a, int *b) { int tmp = *b; *b = *a; *a = tmp; } int main (void) { int i = 3; int j = 4; swap (&i, &j); … } The value of &i is passed, which is the address of i Is it possible to define swap in Python?

14 UVa CS216 Spring Lecture 10: Pointers Beware! int *value (void) { int i = 3; return &i; } void callme (void) { int x = 35; } int main (void) { int *ip; ip = value (); printf (“*ip == %d\n", *ip); callme (); printf ("*ip == %d\n", *ip); } *ip == 3 *ip == 35 But it could really be anything!

15 UVa CS216 Spring Lecture 10: Pointers Manipulating Addresses char s[6]; s[0] = ‘h’; s[1] = ‘e’; s[2]= ‘l’; s[3] = ‘l’; s[4] = ‘o’; s[5] = ‘\0’; printf (“s: %s\n”, s); s: hello expr1[expr2] in C is just syntactic sugar for *(expr1 + expr2)

16 UVa CS216 Spring Lecture 10: Pointers Obfuscating C char s[6]; *s = ‘h’; *(s + 1) = ‘e’; 2[s] = ‘l’; 3[s] = ‘l’; *(s + 4) = ‘o’; 5[s] = ‘\0’; printf (“s: %s\n”, s); s: hello

17 UVa CS216 Spring Lecture 10: Pointers Fun with Pointer Arithmetic int match (char *s, char *t) { int count = 0; while (*s == *t) { count++; s++; t++; } return count; } int main (void) { char s1[6] = "hello"; char s2[6] = "hohoh"; printf ("match: %d\n", match (s1, s2)); printf ("match: %d\n", match (s2, s2 + 2)); printf ("match: %d\n", match (&s2[1], &s2[3])); } &s2[1]  &(*(s2 + 1))  s2 + 1 match: 1 match: 3 match: 2 The \0 is invisible!

18 UVa CS216 Spring Lecture 10: Pointers Condensing match int match (char *s, char *t) { char *os = s; while (*s++ == *t++); return s – os - 1; } int match (char *s, char *t) { int count = 0; while (*s == *t) { count++; s++; t++; } return count; } s++ evaluates to s pre, but changes the value of s Hence, C++ has the same value as C, but has unpleasant side effects.

19 UVa CS216 Spring Lecture 10: Pointers Quiz What does s = s++; do? It is undefined! If your C programming contains it, a correct interpretation of your program could make s = s pre + 1, s = 37, or blow up the computer.

20 UVa CS216 Spring Lecture 10: Pointers Type Checking in C Java: only allow programs the compiler can prove are type safe C: trust the programmer. If she really wants to compare apples and oranges, let her. Python: don’t trust the programmer or compiler – check everything at runtime. Exception: run-time type errors for downcasts and array element stores.

21 UVa CS216 Spring Lecture 10: Pointers Type Checking int main (void) { char *s = (char *) 3; printf ("s: %s", s); } Windows XP (SP 2)

22 UVa CS216 Spring Lecture 10: Pointers Type Checking int main (void) { char *s = (char *) 3; printf ("s: %s", s); } Windows 2000 (earlier versions of Windows would just crash the whole machine)

23 UVa CS216 Spring Lecture 10: Pointers Python’s List Implementation (A Whirlwind Tour) trunk/Objects/listobject.c

24 UVa CS216 Spring Lecture 10: Pointers listobject.c /* List object implementation */ #include "Python.h" #ifdef STDC_HEADERS #include #else #include /* For size_t */ #endif /* Ensure ob_item has room for at least newsize elements, and set ob_size to newsize. If newsize > ob_size on entry, the content of the new slots at exit is undefined heap trash; it's the caller's responsiblity to overwrite them with sane values. The number of allocated elements may grow, shrink, or stay the same. Failure is impossible if newsize <= self.allocated on entry, although that partly relies on an assumption that the system realloc() never fails when passed a number of bytes <= the number of bytes last allocated (the C standard doesn't guarantee this, but it's hard to imagine a realloc implementation where it wouldn't be true). Note that self->ob_item may change, and even if newsize is less than ob_size on entry. */ static int list_resize(PyListObject *self, Py_ssize_t newsize) { … We’ll get back to this… but you should be convinced that you are lucky to have been using a language with automatic memory management so far!

25 UVa CS216 Spring Lecture 10: Pointers listobject.h typedef struct { PyObject_VAR_HEAD /* Vector of pointers to list elements. list[0] is ob_item[0], etc. */ PyObject **ob_item; /* ob_item contains space for 'allocated' elements. The number * currently in use is ob_size. * Invariants: * 0 <= ob_size <= allocated * len(list) == ob_size * ob_item == NULL implies ob_size == allocated == 0 * list.sort() temporarily sets allocated to -1 to detect mutations. * * Items must normally not be NULL, except during construction when * the list is not yet visible outside the function that builds it. */ Py_ssize_t allocated; } PyListObject; Now we know our answer to PS1 #6 (Python’ s list implementation is continuous) is correct!

26 UVa CS216 Spring Lecture 10: Pointers Append int PyList_Append(PyObject *op, PyObject *newitem) { if (PyList_Check(op) && (newitem != NULL)) return app1((PyListObject *)op, newitem); PyErr_BadInternalCall(); return -1; }

27 UVa CS216 Spring Lecture 10: Pointers app1 static int app1(PyListObject *self, PyObject *v) { Py_ssize_t n = PyList_GET_SIZE(self); assert (v != NULL); if (n == INT_MAX) { PyErr_SetString(PyExc_OverflowError, "cannot add more objects to list"); return -1; } if (list_resize(self, n+1) == -1) return -1; Py_INCREF(v); PyList_SET_ITEM(self, n, v); return 0; } Checks there is enough space to add 1 more element (and resizes if necessary)

28 UVa CS216 Spring Lecture 10: Pointers app1 static int app1(PyListObject *self, PyObject *v) { Py_ssize_t n = PyList_GET_SIZE(self); assert (v != NULL); if (n == INT_MAX) { PyErr_SetString(PyExc_OverflowError, "cannot add more objects to list"); return -1; } if (list_resize(self, n+1) == -1) return -1; Py_INCREF(v); PyList_SET_ITEM(self, n, v); return 0; } Complicated macro for memory management: needs to keep track of how many references there are to object v

29 UVa CS216 Spring Lecture 10: Pointers Set Item (in listobject.h) /* Macro, trading safety for speed */ #define PyList_SET_ITEM(op, i, v) \ (((PyListObject *)(op))->ob_item[i] = (v)) Macro: text replacement, not procedure calls. PyList_SET_ITEM(self, n, v); (((PyListObject *)(self))->ob_item[n] = (v))

30 UVa CS216 Spring Lecture 10: Pointers Set Item (in listobject.h) (((PyListObject *)(self))->ob_item[n] = (v)) typedef struct { PyObject_VAR_HEAD /* Vector of pointers to list elements. list[0] is ob_item[0], etc. */ PyObject **ob_item; /* ob_item contains space for 'allocated' elements. The number * currently in use is ob_size. * Invariants: … */ Py_ssize_t allocated; } PyListObject; Now we can be (slightly) more confident that our answer to PS1 #4 (append is O(1)) was correct!

31 UVa CS216 Spring Lecture 10: Pointers list_resize static int list_resize(PyListObject *self, Py_ssize_t newsize) {... /* This over-allocates proportional to the list size, making room for additional growth. The over-allocation is mild, but is enough to give linear-time amortized behavior over a long sequence of appends()... */ Monday’s class will look at list_resize

32 UVa CS216 Spring Lecture 10: Pointers Charge This is complicated, difficult code –We could (but won’t) spend the rest of the semester without understanding it all completely Now we trust PS1 #4 –But...only amortized O(1) – some appends will be worse than average! –We shouldn’t trust Python’s developers’ comments Exam 1 is out now, due Monday –Work alone, read rules on first page carefully No regularly scheduled Small Hall and office hours while Exam 1 is out

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.