1. David Evans http://www.cs.virginia.edu/evans CS201j: Engineering Software University of Virginia Computer Science Lecture 22: Low-Level Programming in C

2. 20 November 2003CS 201J Fall 20032 Menu PS5 C Programming Language Pointers in C –Pointer Arithmetic Type checking in C Why is garbage collection hard in C?

3. 20 November 2003CS 201J Fall 20033 PS5 Will return in section tomorrow Some very impressive projects! –Will be posted on the course web site soon –Many people demonstrated ability to figure out complicated new things on their own (not a requirement for PS5) Stapling penalty for PS6 will be 25 points

4. 20 November 2003CS 201J Fall 20034 Programming Languages Phylogeny Fortran (1954) Algol (1958) LISP (1957) Scheme (1975) CPL (1963), U Cambridge Combined Programming Language BCPL (1967), MIT Basic Combined Programming Language B (1969), Bell Labs C (1970), Bell Labs C++ (1983), Bell Labs Java (1995), Sun Objective C Simula (1967)

5. 20 November 2003CS 201J Fall 20035 C Programming Language Developed to build Unix operating system Main design considerations: –Compiler size: needed to run on PDP-11 with 24KB of memory (Algol60 was too big to fit) –Code size: needed to implement the whole OS and applications with little memory –Performance –Portability Little (if any consideration): –Security, robustness, maintainability

6. 20 November 2003CS 201J Fall 20036 C Language No support for: –Array bounds checking –Null dereferences checking –Data abstraction, subtyping, inheritance –Exceptions –Automatic memory management Program crashes (or worse) when something bad happens Lots of syntactically legal programs have undefined behavior

7. 20 November 2003CS 201J Fall 20037 Example C Program void test (int x) { while (x = 1) { printf (“I’m an imbecile!”); x = x + 1; } In Java: void test (int x) { while (x = 1) { printf (“I’m an imbecile!”); x = x + 1; } > javac Test.java Test.java:21: incompatible types found : int required: boolean while (x = 1) { ^ 1 error Weak type checking: In C, there is no boolean type. Any value can be the test expression. x = 1 assigns 1 to x, and has the value 1. I’m an imbecile!

8. 20 November 2003CS 201J Fall 20038 Type Checking isn’t Enough… void test (boolean x) { while (x = true) { printf (“I’m an imbecile!”); x = !x; }

9. 20 November 2003CS 201J Fall 20039 Fortran (1954) Algol (1958) C (1970), Bell Labs C++ (1983), Bell Labs Java (1995), Sun CPL (1963), U Cambridge Combined Programming Language BCPL (1967), MIT Basic Combined Programming Language B (1969), Bell Labs LET := = = = =

10. 20 November 2003CS 201J Fall 200310 = vs. := Why does Java use = for assignment? –Algol (designed for elegance for presenting algorithms) used := –CPL and BCPL based on Algol, used := –Thompson and Ritchie had a small computer to implement B, saved space by using = instead –C was successor to B (also on small computer) –C++’s main design goal was backwards compatibility with C –Java’s main design goal was surface similarity with C++

11. 20 November 2003CS 201J Fall 200311 C/C++ Bounds NonChecking # include int main (void) { int x = 9; char s[4]; cin >> s; cout << "s is: " << s << endl; cout << "x is: " << x << endl; } > g++ -o bounds bounds.cc > bounds cs s is: cs x is: 9 > bounds cs201 s is: cs201 x is: 49 > bounds cs201j s is: cs201j x is: 27185 > bounds aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa s is: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa x is: 1633771873 Segmentation fault (core dumped) (User input)

12. 20 November 2003CS 201J Fall 200312 So, why would anyone use C today?

13. 20 November 2003CS 201J Fall 200313 Reasons to Use C Legacy Code –Linux, most open source applications are in C Simple to write compiler –Programming embedded systems, often only have a C compiler Performance –Typically 50x faster than interpreted Java Smaller, simpler, lots of experience

14. 20 November 2003CS 201J Fall 200314 User-Defined Structure Types Use struct to group data Dot (.) operator to access fields of a struct Fields are accessible everywhere (no way to make them private ) typedef struct { char name[10]; int count; } Tally;

15. 20 November 2003CS 201J Fall 200315 Abstract Types in C How can we get most of the benefits of data abstraction in C? Distinguish between client code and implementation code In client code: Check types by name instead of by structure Don’t allow client code to depend on the representation of a type: Make struct fields inaccessible Don’t allow use of C operators

16. 20 November 2003CS 201J Fall 200316 Enforcing Abstract Types Implementation Code –Where datatype is defined (also naming conventions to allow access) –Rep and abstract type are interchangable Client Code –Everywhere else –ADT is type name only: cannot access fields, use C operators, treat as rep –Only manipulate by passing to procedures

17. 20 November 2003CS 201J Fall 200317 What are those arrows really? sb “hello” Stack Heap

18. 20 November 2003CS 201J Fall 200318 Pointers In Java, an object reference is really just an address in memory –But Java doesn’t let programmers manipulate addresses directly (unless they have a hair dryer to break type safety) sb Stack Heap 0x80496f8 0x80496f0 0x80496f4 0x80496fb 0x8049700 0x8049704 0x8049708 0x80496f8 hell o\0\0\0

19. 20 November 2003CS 201J Fall 200319 Pointers in C Addresses in memory Programs can manipulate addresses directly &expr Evaluates to the address of the location expr evaluates to *expr Evaluates to the value stored in the address expr evaluates to

20. 20 November 2003CS 201J Fall 200320 &*%&@#*! int f (void) { int s = 1; int t = 1; int *ps = &s; int **pps = &ps; int *pt = &t; **pps = 2; pt = ps; *pt = 3; t = s; } s == 1, t == 1 s == 2, t == 1 s == 3, t == 3 s == 3, t == 1

21. 20 November 2003CS 201J Fall 200321 Rvalues and Lvalues What does = really mean? int f (void) { int s = 1; int t = 1; t = s; t = 2; } left side of = is an “lvalue” it evaluates to a location (address)! right side of = is an “rvalue” it evaluates to a value There is an implicit * when a variable is used as an rvalue!

22. 20 November 2003CS 201J Fall 200322 Parameter Passing in C Actual parameters are rvalues void swap (int a, int b) { int tmp = b; b = a; a = tmp; } int main (void) { int i = 3; int j = 4; swap (i, j); … } The value of i (3) is passed, not its location! swap does nothing

23. 20 November 2003CS 201J Fall 200323 Parameter Passing in C Can pass addresses around void swap (int *a, int *b) { int tmp = *b; *b = *a; *a = tmp; } int main (void) { int i = 3; int j = 4; swap (&i, &j); … } The value of &i is passed, which is the address of i

24. 20 November 2003CS 201J Fall 200324 Beware! int *value (void) { int i = 3; return &i; } void callme (void) { int x = 35; } int main (void) { int *ip; ip = value (); printf (“*ip == %d\n", *ip); callme (); printf ("*ip == %d\n", *ip); } *ip == 3 *ip == 35 But it could really be anything!

25. 20 November 2003CS 201J Fall 200325 Manipulating Addresses char s[6]; s[0] = ‘h’; s[1] = ‘e’; s[2]= ‘l’; s[3] = ‘l’; s[4] = ‘o’; s[5] = ‘\0’; printf (“s: %s\n”, s); s: hello expr1[expr2] in C is just syntactic sugar for *(expr1 + expr2)

26. 20 November 2003CS 201J Fall 200326 Obfuscating C char s[6]; *s = ‘h’; *(s + 1) = ‘e’; 2[s] = ‘l’; 3[s] = ‘l’; *(s + 4) = ‘o’; 5[s] = ‘\0’; printf (“s: %s\n”, s); s: hello

27. 20 November 2003CS 201J Fall 200327 Fun with Pointer Arithmetic int match (char *s, char *t) { int count = 0; while (*s == *t) { count++; s++; t++; } return count; } int main (void) { char s1[6] = "hello"; char s2[6] = "hohoh"; printf ("match: %d\n", match (s1, s2)); printf ("match: %d\n", match (s2, s2 + 2)); printf ("match: %d\n", match (&s2[1], &s2[3])); } &s2[1]  &(*(s2 + 1))  s2 + 1 match: 1 match: 3 match: 2 The \0 is invisible!

28. 20 November 2003CS 201J Fall 200328 Condensing match int match (char *s, char *t) { char *os = s; while (*s++ == *t++); return s – os - 1; } int match (char *s, char *t) { int count = 0; while (*s == *t) { count++; s++; t++; } return count; } s++ evaluates to s pre, but changes the value of s Hence, C++ has the same value as C, but has unpleasant side effects.

29. 20 November 2003CS 201J Fall 200329 Type Checking in C Java: only allow programs the compiler can prove are type safe C: trust the programmer. If she really wants to compare apples and oranges, let her. Exception: run-time type errors for downcasts and array element stores.

30. 20 November 2003CS 201J Fall 200330 Type Checking int main (void) { char *s = (char *) 3; printf ("s: %s", s); } Windows 2000 (earlier versions of Windows would just crash the whole machine)

31. 20 November 2003CS 201J Fall 200331 In Praise of Type Checking int match (int *s, int *t) { int *os = s; while (*s++ == *t++); return s - os; } int main (void) { char s1[6] = "hello"; char s2[6] = "hello"; printf ("match: %d\n", match (s1, s2)); } match: 2

32. 20 November 2003CS 201J Fall 200332 Different Matching int different (int *s, int *t) { int *os = s; while (*s++ != *t++); return s - os; } int main (void) { char s1[6] = "hello"; printf ("different: %d\n", different ((int *)s1, (int *)s1 + 1)); } different: 29

33. 20 November 2003CS 201J Fall 200333 So, why is it hard to garbage collect C?

34. 20 November 2003CS 201J Fall 200334 Mark and Sweep (Java version) active = all objects on stack while (!active.isEmpty ()) newactive = { } foreach (Object a in active) mark a as reachable foreach (Object o that a points to) if o is not marked newactive = newactive U { o } active = newactive sweep () // remove unmarked objects on heap

35. 20 November 2003CS 201J Fall 200335 Mark and Sweep (C version?) active = all pointers on stack while (!active.isEmpty ()) newactive = { } foreach (pointer a in active) mark *a as reachable foreach (address p that a points to) if *p is not marked newactive = newactive U { *p } active = newactive sweep () // remove unmarked objects on heap

36. 20 November 2003CS 201J Fall 200336 GC Challenges char *f (void) { char *s = (char *) malloc (sizeof (char) * 100); s = s + 20; *s = ‘a’; return s – 20; } There may be objects that only have pointers to their middle!

37. 20 November 2003CS 201J Fall 200337 GC Challenges char *f (void) { char *s = (char *) malloc (sizeof (char) * 100); int x = (int) s; s = 0; return (char *) x; } There may be objects that are reachable through values that have non-pointer apparent types!

38. 20 November 2003CS 201J Fall 200338 GC Challenges char *f (void) { char *s = (char *) malloc (sizeof (char) * 100); int x = (int) s; x = x - &f; s = 0; return (char *) (x + &f); } There may be objects that are reachable through values that have non-pointer apparent types and have values that don’t even look like addresses!

39. 20 November 2003CS 201J Fall 200339 Why not just do reference counting? Where can you store the references? Remember C programs can access memory directly, better not change how objects are stored!

40. 20 November 2003CS 201J Fall 200340 Summary Garbage collection depends on: –Knowing which values are addresses –Knowing that objects without references cannot be reached Both of these are problems in C Nevertheless, there are some garbage collectors for C. –Change meaning of some programs –Slow down programs a lot –Are not able to find all garbage

41. 20 November 2003CS 201J Fall 200341 Charge Friday’s section: practice problems on subtyping and concurrency If you send me questions by Monday, Tuesday’s class will be a quiz review PS6 due Tuesday –Either staple your assignment before class, or you can use my stapler for $5 per staple