ì

Computer Systems and Networks

ECPE 170 – Jeff Shafer – University of the Pacific

C Programming
 2

Lab Schedule

Activities Deadlines
ì This Week ì Lab 3 – Feb 6th 2017
ì Intro to C by 5am
ì Intro to Build Tools and
ì Lab 4 – Feb 20th 2017
Makefiles
by 5am
ì Lab 3 – Build Tools

ì Next Week
ì Lab 4 – C Programming
Project

Computer Systems and Networks Spring 2017

 3

Person of the Day: Dennis Ritchie

ì Creator of C programming
language

ì Co-creator of Unix
(with Ken Thompson, Brian
Kernighan, and others at Bell
Labs)

ì Winner of ACM Turing

Award

ì 9/9/1941—10/12/2011

Computer Systems and Networks Spring 2017

 4

Person of the Day: Dennis Ritchie

ì “Pretty much everything on the web uses

those two things: C and UNIX. The
browsers are written in C. The UNIX
kernel — that pretty much the entire
Internet runs on — is written in C. Web
servers are written in C, and if they’re not,
they’re written in Java or C++, which are
C derivatives, or Python or Ruby, which
are implemented in C. And all of the
network hardware running these
programs I can almost guarantee were
written in C. It’s really hard to overstate
how much of the modern information
economy is built on the work Dennis did.”
ì Rob Pike, Bell Labs / Google

Computer Systems and Networks Spring 2017

 5

Dennis Ritchie and Ken Thompson use a teletypewriter to run a program on a UNIX-based
computer system they co-founded at Bell Labs in New Jersey. Their development work
more than 40 years ago facilitated the realization of the Internet.
Computer Systems and Networks Spring 2017
 6

ì
C Programming
Computer Systems and Networks Spring 2017
 7

C++ Features Not in C

ì No classes / object-oriented programming

ì No new / delete

ì No stream operators (<< and >>), cin, cout, …

ì No C++ Standard Libraries (e.g. iostream)

ì bool keyword
ì Added in C99 standard

ì Declare variables anywhere inside function

ì Added in C99 standard

Computer Systems and Networks Spring 2017

 8

Output with printf()

ì printf("This is a string\n");

ì printf("The integer is %i\n", num);

ì printf("The floating-point values

are %g and %g\n", num1, num2);

Computer Systems and Networks Spring 2017

 9

Output with printf()

Format “Type” Code Corresponding Variable Type
d or i int (interpret as signed 2’s comp)
u int (interpret as unsigned)
x int (print as hexadecimal)
f or g float/double
c char
s string (null-terminated array of chars)
Prefix with l or ll (i.e. “long” or “long long” for larger 64-bit data types)

ì Lots of formatting options not listed here…

ì # of digits before / after decimal point?
ì Pad with zeros?
Computer Systems and Networks Spring 2017
 10

Input with scanf()

ì Input from console

ì scanf("%d %c", &myint, &mychar)

ì Requires the address of the destination variable

ì Use the & operator to obtain address

ì Caveat: Array names are already the “address of”!

ì char myarray[8];
scanf("%s", myarray)
No & needed here!

Computer Systems and Networks Spring 2017

 11

Documentation

ì Man(ual) pages exist for common programming

functions too
ì unix> man printf

ì unix> man scanf

Computer Systems and Networks Spring 2017

 12

Structures
struct database
{
int id_number;
int age;
float salary;
};

int main()
{
struct database employee;
employee.age = 22;
employee.id_number = 1;
employee.salary = 12000.21;
}

Computer Systems and Networks Spring 2017

 13

ì
C-Strings (Arrays of Characters)
Computer Systems and Networks Spring 2017
 14

C Strings

ì There is no such thing as a “string” in C!

ì What do you get? An array of characters

ì Terminated by the null character '\0'

ì Must manipulate element by element…

ì Not enough room in the array? Need a bigger array

Computer Systems and Networks Spring 2017

 15

Arrays of Characters

ì char phrase[]="Math";

phrase

phrase[0] phrase[1] phrase[2] phrase[3] phrase[4]

M A T H \0

Null terminator character

(End of string)
Computer Systems and Networks Spring 2017
 16

Arrays of Characters

ì char phrase[8]="Math";
phrase

phrase[0] phrase[1] phrase[2] phrase[3] phrase[4] phrase[5] phrase[6] phrase[7]

M A T H \0 ??? ??? ???

printf("%s\n", phrase); Prints until it reaches

the \0 character!
Computer Systems and Networks Spring 2017
 17

Helpful Library for Character Arrays

ì #include <string.h>

ì Useful functions
ì strcpy - String copy
ì strcmp - String compare
ì strlen - String length
ì strcat - String concatenate

Computer Systems and Networks Spring 2017

 18

String Copy

ì char phrase1[] = "Math";

ì char phrase2[8];

ì strcpy(phrase2, phrase1);
phrase phrase1[0] phrase1[1] phrase1[2] phrase1[3] phrase1[4]

1
M A T H \0

phrase phrase2[0] phrase2[1] phrase2[2] phrase2[3] phrase2[4] phrase2[5] phrase2[6] phrase2[7]

2
M A T H \0 ??? ??? ???
Computer Systems and Networks Spring 2017
 19

String Concatenation

ì char phrase1[8] = “Comp”;

ì char phrase2[] = “Sci”;

ì strcat(phrase1, phrase2);
phrase phrase1[0] phrase1[1] phrase1[2] phrase1[3] phrase1[4] phrase1[5] phrase1[6] phrase1[7]

1
C O M P S C I \0

phrase phrase2[0] phrase2[1] phrase2[2] phrase2[3]

2 You cannot do this:

S C I \0 phrase2=
phrase1+phrase2;
Computer Systems and Networks Spring 2017
 20

ctype Library

ì Useful for character manipulation

ì #include <ctype.h>

ì toupper(char) / tolower(char) – Converts

character to uppercase or lowercase
ì Example:

char c = toupper('a');
printf("%c", c); // A

Computer Systems and Networks Spring 2017

 21

ctype Library

ì isalpha(char) – Is the character a letter?

ì isdigit(char) – Is the character a number 0-9?

ì isspace(char) – Is the character whitespace?

(space or newline character)

ì ispunct(char) – Is the character punctuation?

(technically, a visible character that is not whitespace, a
letter, or a number)

ì … and several other variations

Computer Systems and Networks Spring 2017

 22

ì
Memory Management
Computer Systems and Networks Spring 2017
 23

Memory Allocation with malloc()

ì #include <stdlib.h>

ì void * malloc(int size)

ì Allocate region in memory (aka “new”)
ì Argument: Size of region in bytes to allocate
ì Return value: Pointer to the region

ì void free(void * ptr)

ì De-allocate region in memory (aka “delete”)
ì Argument: Pointer to the region

Computer Systems and Networks Spring 2017

 24

Memory Allocation with malloc()

ì void * calloc(int count, int size)

ì Basically the same as malloc!
ì Imagine you want an array of elements…
ì Argument 1: # of elements to allocate
ì Argument 2: Size of each element in bytes
ì Return value: Pointer to the region

Computer Systems and Networks Spring 2017

 25

Memory Allocation with malloc()

ì void * realloc(void *ptr, int size);

ì Resize a dynamic region of memory
ì Note that it might move to a new address!
ì Argument: Pointer to the original region
ì Argument 2: Desired size in bytes of new region
ì Return value: Pointer to the new region
ì It might be at the same address if you made it smaller
ì It might be at a new address if you made it larger

Computer Systems and Networks Spring 2017

 26

Memory Management

ì Who implemented malloc()?

ì C Standard Library: #include <stdlib.h>

ì There are different C Standard Library

implementations!
ì Android: Bionic
ì Apple: BSD-based / Proprietary
ì Microsoft: Proprietary C Runtime Library
ì Linux: GNU C Library (glibc)
http://www.gnu.org/software/libc/

Computer Systems and Networks Spring 2017

 27

Memory Management

ì Where does the malloc() memory come from?

ì The Heap:
ì A region of memory for dynamic memory allocation
ì Per-process – each program gets its own heap
ì Managed by malloc() and related functions
ì Different from the stack, which is for static variables
(known at compile-time)

Computer Systems and Networks Spring 2017

 28

Memory Management

ì malloc() outline:
1. Call malloc() and request memory

2. malloc() checks existing heap size

ì Sufficient? Update bookkeeping to mark space as
“used” and return address to your program
ì Insufficient?
1. Call operating system via brk()/nmap() to grow
the heap (plus a little extra for future requests)
2. Update bookkeeping and return address to your
program

Computer Systems and Networks Spring 2017

 29

Memory Management

ì Why do we need to call free() after calling

malloc()?
ì Memory leak
ì malloc() cannot re-use that space ever, because
its internal bookkeeping still thinks that region is
used
ì Will only be recovered upon terminating program
ì Operating system wipes out all the memory allocated
to your process (stack, heap, etc…)

Computer Systems and Networks Spring 2017

 30

Memory Management
0xFFFFFFFFFFFFFFFF (32 or 64 bit)
ì OS creates virtual
memory space for
process when started

ì Region is huge (full 32 Virtual Memory Space

or 64 bit space)
for new process
ì Not fully mapped to
physical memory
ì Otherwise you
could only fit 1
program in memory

0x0000000000000000
Computer Systems and Networks Spring 2017
 31

Memory Management
0xFFFFFFFFFFFFFFFF (32 or 64 bit)
ì OS loads in the
program from
disk

ì “Text” region
ì Program code

ì “Data” region
ì Program fixed
data Data (Program data)

Text (Program code)

0x0000000000000000
Computer Systems and Networks Spring 2017
 32

Memory Management
0xFFFFFFFFFFFFFFFF (32 or 64 bit)
ì Stack created to Stack
track program
function calls
and local
variables

Data (Program data)

Text (Program code)

0x0000000000000000
Computer Systems and Networks Spring 2017
 33

Memory Management
0xFFFFFFFFFFFFFFFF (32 or 64 bit)
ì Heap created to Stack
store dynamic
memory from
malloc()and
(Unused / unmapped virtual memory)
related functions

ì Not to scale –
this unused Heap
region is huge!
Data (Program data)

Text (Program code)

0x0000000000000000
Computer Systems and Networks Spring 2017
 34

Memory Management
0xFFFFFFFFFFFFFFFF (32 or 64 bit)
ì Program starts Stack
running

ì malloc()
allocates some (Unused / unmapped virtual memory)
memory

Heap

Data (Program data)

Text (Program code)

0x0000000000000000
Computer Systems and Networks Spring 2017
 35

Memory Management
0xFFFFFFFFFFFFFFFF (32 or 64 bit)
ì Original heap Stack
space eventually
fills up
(Unused / unmapped virtual memory)
ì malloc()
requests New
space
additional space Heap
from the kernel
by using brk()
system call Data (Program data)

Text (Program code)

0x0000000000000000
Computer Systems and Networks Spring 2017
 36

Memory Management
0xFFFFFFFFFFFFFFFF (32 or 64 bit)
ì free() Stack
deallocates
blocks from the
heap (Unused / unmapped virtual memory)

Heap

Data (Program data)

Text (Program code)

0x0000000000000000
Computer Systems and Networks Spring 2017
 37

Memory Management
0xFFFFFFFFFFFFFFFF (32 or 64 bit)
ì Program Stack
terminates

ì OS expunges (Unused / unmapped virtual memory)

entire virtual
address space
ì Everything is Heap
deleted

Data (Program data)

Text (Program code)

0x0000000000000000
Computer Systems and Networks Spring 2017
 38

Buffer Overflow Vulnerability

ì What is a buffer overflow bug?

ì char buf1[8]=“”;
char buf2[8]=“”;
strcat(buf1, “excessive”);

ì End up overwriting two characters beyond buf1!

Computer Systems and Networks Spring 2017

 39

Buffer Overflow Vulnerability

ì Why is a buffer overflow bug dangerous?

ì What is beyond my buffer in memory?

ì Other variables and data? (probably buf2)
ì The stack? (further out)
ì The return address to jump to after my function
finishes?

ì If app is running as administrator, attacker now has

full access!

Computer Systems and Networks Spring 2017

 40

Memory Management

ì Limitless opportunities in C for errors regarding memory

L
ì Forgetting to free() some dynamic memory
ì Trying to free() dynamic memory more than once
ì Losing a pointer to dynamic memory (memory is “lost”)
ì Accessing array elements past the end of the array
ì Mis-calculating array pointers that miss their desired
target

ì Will learn a tool (Valgrind) in Lab 5 to analyze your

program and detect / trace errors

Computer Systems and Networks Spring 2017

 41

What’s the Error?

char *a = malloc(128*sizeof(char));
char *b = malloc(128*sizeof(char));
b = a;
free(a);
free(b);

http://www.yolinux.com/TUTORIALS/C++MemoryCorruptionAndMemoryLeaks.html

Computer Systems and Networks Spring 2017

 42

What’s the (Potential) Error?

char *a = malloc(128*sizeof(char));

dataLen = <some value...>

// Copy “dataLen” bytes

// starting at *data to *a
memcpy(a, data, dataLen);

http://www.yolinux.com/TUTORIALS/C++MemoryCorruptionAndMemoryLeaks.html
Computer Systems and Networks Spring 2017
 43

What’s the Error?

ptr = (char *) malloc(strlen(string_A));

strcpy(ptr, string_A);

http://www.yolinux.com/TUTORIALS/C++MemoryCorruptionAndMemoryLeaks.html

Computer Systems and Networks Spring 2017

 44

What’s the Error?

int *get_ii()
{
int ii = 2; // Local stack variable
return &ii;
}
main()
{
int *ii;
ii = get_ii();
... Do stuff using ii pointer
}

http://www.yolinux.com/TUTORIALS/C++MemoryCorruptionAndMemoryLeaks.html
Computer Systems and Networks Spring 2017
 45

http://xkcd.com/371/

Computer Systems and Networks Spring 2017

 46

Memory Management

ì What’s a NULL pointer?

ì Pointer value is 0x000000000
ì Meaning is that the pointer is not pointing anywhere

ì What happens if you dereference a NULL pointer?

ì Telling the computer to read from (or write) to the
value stored in the pointer, which is 0x000000000
ì Behavior undefined and generally unpleasant on
various computer systems

Computer Systems and Networks Spring 2017

 47

Memory Management

ì “Segfault” = Segmentation Fault

ì Your program tried to read or write a virtual memory

address that is not allowed
ì Tried to read memory outside of program bounds?
ì Tried to write read-only memory regions? (used for
program data)

ì “Segmentation” was the name of an old system (back

before Intel 386 processors) used to divide physical
computer memory into many virtual address regions,
one per application process
ì The Segfault name stuck even though we now use paging
to manage virtual memory

Computer Systems and Networks Spring 2017