Week 4

linear search

binary search

bubble sort

selection sort

insertion sort

merge sort

n²

n log n

n

log n

1

…​

O, worst-case running time

Ω, best-case running time

Θ, if both of those are the same

It looks like this program takes two strings from the user and compares them.

But it doesn’t work, when we put in two strings that look the same.

Now we’re getting a string s from the user, copying it to a string called t, and then making the first letter of t uppercase.

But when we run the program, it again doesn’t behave like we might expect. Both s and t are capitalized!

We have a function called swap that’s supposed to take two values, a and b, and swaps them. It takes a, puts the value into a temporary variable called tmp, and then stores the value of b into a. Then the value of tmp, which is the original a, is stored into b.

But when we run this program, too, it doesn’t swap the values of x and y in main.

If we think about memory as a rectangle, a grid of bytes, each area (comprised of many many bytes) can be labeled as above.

At the top is a chunk called "text," and that’s actually where the machine code for your program is put in memory.

Below that is the data, or variables, your program is using.

Then on top, the next function called, such as swap, will have its own chunk of memory.

swap has its arguments passed in as copies.

Now that we know what get_string actually returns, we can set the type of our variable s to char *, or a pointer to a character. (And indeed the CS50 Library has just been mapping all mentions of string to char * this whole time!)

Turns out, there exists a library function called strcmp that compares strings, and returns 0 if they’re the same. And strcmp probably does that with a loop looking at the ith character in each string, comparing them one at a time.

We get s as usual, but then for t we use another C library function called malloc, which allocates some memory for us to use. The amount of memory we ask for is the length of s (plus 1 for \0 to end the string), times the size of a single character. And if malloc returns NULL for t, that means something went wrong (perhaps we ran out of memory), so our program too needs to check for that and return an error if so.

Now we can deliberately go through the entire string, and one past the end of the string, to copy the \0 character. Then we’ll have a copy of s in t, and changing something in t will no longer change s.

Finally, at the end of our program, we should make the habit of calling free on our manually allocated memory, which marks it as usable again.

Now we’re passing in pointers to our main function’s x and y, and swapping their values directly. The syntax to get an address of variable is with &, and to go the other way and get the value at some address is with a *. (Not to be confused with declaring a pointer, which would be using char * or int * to say "I would like a new variable that stores a pointer to a char or int.")

This program just prints a string, one character at a time. Since s is a pointer to the first character (the address of the first character), adding i to it means we’ll get the address i characters down. For example, if the first character started at address 123, the third character (2 down) will be at address 125. And so we can use our * notation to access the character at that address. (And we’ve used s[i] before, which actually means the exact same thing. The C language has this feature as "syntactic sugar" which means that it’s convenient and easy to read, but not necessary to have, since we can express it otherwise.)

We allocate memory that can hold an int, and point x to it. Then we set that to 42 with *x = 42, since we got a chunk of memory to use.

But the next line will not work and even crash our program, because y is pointing to …​ somewhere in memory, and we’re just changing that random value to 13. When we declare a variable, we have some area of memory allocated to it, but the value inside is some random garbage value.

We’re going to call some function f that allocates memory for 10 integers, but never frees it. f also tries to access the "10"th element of that array of integers, but since we start counting at 0, x[10] is actually the 11th element, which we did not allocate, and so actually holds something else in memory that could be important.

If we save this as memory.c and make memory, we can run valgrind --leak-check=full ./memory.

Then we’ll see something like:

Invalid write of size 4
    at 0x4005FF: f (memory.c:21)
    by 0x400623: main (memory.c:26)
...
40 bytes in 1 blocks are definitely lost in loss record 1 of 1
    at 0x4C2AB80: malloc in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
    by 0x4005F6: f (memory.c:20)
    by 0x400623: main (memory.c:26)

We see that the output is a little hard to read, but ultimately the source of these errors come from some lines in memory.c.

We can fix this program by changing f:

...
void f(void)
{
    int *x = malloc(10 * sizeof(int));
    x[9] = 0;
    free(x);
}
...

We see buffer overflow in a program like this. main calls the function foo and passes in whatever the command-line argument to it is. foo then copies it to a char array c, but c can only hold 12 characters. (memcpy copies from bar into c, for as many bytes as strlen(bar). And our friendly man pages tells us this and more.) So if the command-line argument is too long, then the rest it will "overflow" and be written to the chunk of memory right after what’s allocated to c.

The bottom, "Parent Routine’s Stack," is like the code for main. On top of that is the "Return Address," or the location of the code the function should return to, once it’s done (since it could be called somewhere different in main each time).

Now let’s look in the stack of our function. We see char *bar, the argument to foo, first, because the stack grows upwards. Then we have the array char c[12], with a grid representing the first character c[0] and a grid for the last, c[11], and the rest in between. And if we start writing to c, we might start overwriting other values.

The return address is actually overwritten with the address of the beginning of the string, so our program will actually go back to that and execute the string there as machine code.

Each grid is a pixel, since an image has a finite size and thus finite information in it.

With the bit 1 to represent black and 0 for white, we can create a "bitmap" image.

Files are just a sequence of bits, and if we think of each byte as having some offset from the beginning, we can specify exactly what should be in a file for it to be valid.

We see a few fields we might be able to guess the values for, like biWidth and biHeight.

But the most interesting part is the repeating sequence at the end, an RGBTRIPLE comprised of three bytes that each represent the colors blue, green, and red. With those three colors in various amounts, we can display millions of different colors.

To represent a student, we can include two pieces of information, string name and string dorm.

We can create an array of student structs called students, with STUDENTS number of elements.

We used #define STUDENTS 3 to set a constant, STUDENTS, to the value 3. This prevents having to make a variable that might otherwise be changed.

Then we can access properties in the structs with syntax like students[i].name, since students is an array and students[i] gets an individual student struct for us to use.

Here we are using the FILE type, part of C, and a library function fopen, that allows us to open files. "w" allows us to write to the file.

After we use fprintf, another library function to write to the file, we close the file.