• About Me
  • Blog
  • Home

Eric Hokanson

~ E's little space in cyberspace

Eric Hokanson

Category Archives: Software Development

An Interesting “Gotcha” in C

19 Tuesday Aug 2014

Posted by Eric Hokanson in Algorithms, C Programming, Computer Programming, Computer Science, Programming, Software Development

≈ 4 Comments

Tags

Arrays, Arrays and pointers, Arrays passed into functions, C gotchas, C programming, Calculating the size of an array, Pointers, sizeof()

Consider the following function:

Screen Shot 2014-08-19 at 2.57.34 PM

The function takes an array and uses recursion to check if that array is in sorted order.  For example, an array containing: {1, 2, 3, 4} is in sorted (ascending) order.  So is the array: {2, 2}, or an array with only one element, such as: {0}.  But the array: {44, 3, 25, 88} is not.  A pretty simple, elegant, little function, right?  But, there is a potential danger.  Can you spot the problem?

I have been doing a lot of C programming for a project this summer (C is a customer requirement) and I have run across lots of libraries, and functions similar to the one above.  Namely, some function passing in an array, then iterating over the values of that array to print the contents or perform some computation over the elements.  In C, if you pass in an array as a function argument, you must also pass in the number of elements or size of the array.  Why?  In C, array parameters are treated as pointers and with out n, the size or number of elements contained in the array, we have no way of calculating the size of an array given its pointer.

A common mistake made by inexperienced C developers is to do:Screen Shot 2014-08-19 at 3.27.11 PM

That only works if you are dealing with arrays that are NOT received as parameters.  An array passed in as a parameter is treated as a pointer, the sizeof function will return the pointer’s size instead of the array’s.  Not what we want.

The potential danger of the function above, and consequently many functions that take in arrays (at least in C that I have noticed), is the assumption that the caller will do the right thing.   But accidents happen.  What happens when a caller passes in an array that is smaller than the size (e.g. isArrayInSortedOrder(A[2], 5) )?  We wind up exceeding the bounds of the array and crash the program and that belongs in the “bad things” category.

So how does one perform some form of sanity check when passing in an array and a size?  Don’t use C, use C++ or Java where array objects natively “know” their size?  Would if I could but customer constraint, remember?  Must be in C.  Convince the customer not to use C?  Fine, but what if you are developing on an embedded system?

Ok so we are stuck with C, a non-reflective language where objects don’t automatically know about themselves like their sizes.  One solution: we could write a macro to wrap the call, calculate the size of the native array before passing it in as a parameter, then adding our calculated size as a parameter.  That way, the caller would only need to pass in the array and not have to worry about getting the size right.  Something like the following:

Screen Shot 2014-08-19 at 3.55.00 PM

Notice the #define on line 15.  We name our wrapper function with one parameter in terms of our original but slightly modified array checking function.   The size of the native array is calculated first and then passed in as the second parameter, the int n.  One other note:  obviously a developer can see the original function declaration and there is nothing preventing the developer from calling that function directly bypassing my wrapped solution.  We would need to do a better job of “hiding” the original.  But for demonstration purposes, this will suffice.

In our modified implementation, we can add some sanity checks to deal with empty arrays or if n becomes a negative number for some weird reason:

Screen Shot 2014-08-19 at 4.02.30 PM

By wrapping our function in a macro, we simplify the implementation a bit for the user. They only have to pass in an array and the wrapper will calculate the size on behalf of the caller thus potentially minimizing our risk of passing in an incorrect array size.

To test our solution, we can do:

Screen Shot 2014-08-19 at 4.12.21 PM

Since array3 is empty, the above should print that the array is not sorted.  Change the array parameters and you should find that arrays 1, 2, and 4 should print that the arrays are sorted, while array 5 is not sorted.

An interesting little conundrum in C that I never really put much thought into until I started doing more intensive C programming projects.  I would be interested in hearing your thoughts on handling situations like the above, or others gotchas.  Feel free to drop me a line.  Until next time, we’ll C you later.

Quote

Debugging

08 Thursday May 2014

Posted by Eric Hokanson in Programming, Reverse Engineering, Software Development

≈ Leave a comment

Tags

Brian Kernighan, Debugging, programming, Reverse Engineering

Debugging is twice as hard as writing the code in the first place.  Therefore, if you write the code as cleverly as possible, you are, by definition, not smart enough to debug it.

Brian Kernighan

An Idea on How to Learn Programming and Software Development?

27 Wednesday Nov 2013

Posted by Eric Hokanson in Programming, Software Development

≈ 2 Comments

Tags

How to Learn How to Program, programming, Software Development

How to learn — or not learn software development

Been reading a lot about the healthcare.gov software development headaches lately.  I am using it as a personal case study of how/when/why software development goes wrong, and how I might be able avoid these issues in any of my projects at the labs.  I have been using the Mythical Man-Month (MMM) as my guide and it is very enlightening how one can learn by observing the examples or misfortunes of others.

What would I do different?

I would seek out the expertise of anyone who has had the experience of rolling out a massively wide scale web service.  Hmmmm… who could that be?  Amazon.com immediately comes to mind.  I am very surprised that the administration didn’t seek them out.  I am not privy to the bidding process so maybe they did; maybe they didn’t.  I get the sense (and this is just my opinion) the administration believes that if you throw a bunch of tech-savvy people at a problem, magical and amazing things will happen.  Obviously that is not always the case and it violates of one of the tenets of MMM.  Another idea: tour several silicon valley companies; how do they utilize the power of the tech-savvy to create amazing things?

An Idea on How to Learn How to Program

Seeking the guidance of an experienced expert, such as Amazon is also a great way to improve your programming skills.  I had the opportunity to meet a few developers at the Amazon booth at a security conference last August.  They had these programming puzzles similar to below (can you spot the issues?):

wchar_t *fillString(wchar_t content, unsigned int repeat)
{
    wchar_t *buffer;
    size_t size;
    if (repeat > 0x7fffffffe)
        return 0;
    size = ( repeat + 1 ) * sizeof content;
    buffer = (wchar_t *) malloc ( size );
    if ( buffer == 0 )
        return 0;
    wmemset(buffer, content, repeat);
    buffer[ repeat ] = 0;
    return buffer;
}

They had many of these and I had fun solving them; learned some new programming techniques in the process.  I thought: wouldn’t this be a great way to learn how to program?  What if we compiled a puzzle book of code with various topics and challenges?  One chapter could be on proper syntax and constructs to help with spotting common errors and to teach debugging strategies.  Another chapter could be on pointers where you play the role of the compiler/computer and “run” the program to see if you understand pointer arithmetic.  A chapter on simple data structures where you draw out the logical implementation of a linked-list or a hash table.  And of course a chapter on security with snippets like those above.  And if we could format the book in such a way that at the start, you are ignorant of the language, but by the end, you could start using your new skills to make things.

I have several friends who play chess and they use puzzle books to improve their game play.  They claim they learn how to spot patterns for end-game scenarios and how to mate in 3 or 4 moves.  Perhaps we could do something similar  but with code.  Perhaps I should consult Amazon.com and see if any such books already exist.

Related articles
  • The Healthcare.gov Debacle and Why We Should Open-Source Everything (businessweek.com)
  • My experience in Software Development without being a Developer – The Beginners Guide (msayem.wordpress.com)
  • It’s an agile world – the sooner you get used to it, the better (venturebeat.com)

Subscribe

  • Entries (RSS)
  • Comments (RSS)

Archives

  • May 2016
  • May 2015
  • April 2015
  • March 2015
  • September 2014
  • August 2014
  • June 2014
  • May 2014
  • April 2014
  • March 2014
  • February 2014
  • January 2014
  • December 2013
  • November 2013

Categories

  • Alan Turing
  • Algorithms
  • Apollo 17
  • C Programming
  • Christmas
  • Computer Programming
  • Computer Science
  • Computer Security
  • Current Events
  • Cyber Security Research
  • Education
  • Freedom of choice
  • Freewill
  • Hacking
  • Holidaze
  • Learning
  • Malware RE
  • Math
  • NASA
  • Pen-testing
  • Philosophy
  • Pi Day
  • procrastination
  • Programming
  • Python
  • Quine programs
  • Quotes
  • Random Stuff
  • Research
  • Reverse Engineering
  • Shopping
  • Smithsonian National Air and Space Museum
  • Software Development
  • Star Wars
  • Success
  • Uncategorized

Meta

  • Register
  • Log in

Blog at WordPress.com.

  • Follow Following
    • Eric Hokanson
    • Join 44 other followers
    • Already have a WordPress.com account? Log in now.
    • Eric Hokanson
    • Customize
    • Follow Following
    • Sign up
    • Log in
    • Report this content
    • View site in Reader
    • Manage subscriptions
    • Collapse this bar
 

Loading Comments...