Final exam

Due 9:00PM Wednesday, 13 March 2024

Submit via Moodle as final.tar. Include your answers in final.pdf or final.txt, with source code and/or data (if any) in appropriately named files.

This is a takehome exam. You may use your textbook and other online sources, as long as you cite them clearly. You may not speak with anyone other than Jeff Ondich about the content of this exam. That means in particular that you may not talk with your classmates or post questions on online forums. You may, however, ask questions during class and via the #questions channel of our class Slack workspace (and, of course, via Slack direct message to Jeff). You may also ask Kaitlyn general course content questions, and she'll use her judgment about what she can and can't answer.

When you draw a diagram for any of these problems, you may of course use drawing software. But if it's easier, feel free to draw your diagrams by hand and include images in your PDF submission. Regardless of how you present your diagrams, please make sure they are easy to read.

When answering questions on this exam, you should show your work to get full credit. For example, in the very first question 1(a), it's not sufficient to provide the correct 8-digit hexadecimal number. You must also explain (concisely and clearly) why that particular 32-bit number represents the given real number.

  1. Floating point numbers

    Read Real Numbers in Binary from Dive Into Systems. You might also find parts of the Wikipedia page on floating point helpful. All of the following questions refer to the IEEE 754 single precision (32-bit) representation of real numbers.

    1. [2] What is the representation of the real number -37.625? Write your 32-bit answer as a single 8-digit hexadecimal number.
    2. [2] To what real number does the 32-bit IEEE 754 representation 0x4059999a correspond? Please express your answer as a fraction. (Note: since the significand appears to have a repeating pattern, you may find that extending that pattern infinitely gives you a much simpler fraction than the rounded off version stored in this 32-bit float.)
    3. [0.5] Give a 32-bit representation of NaN (i.e., "not a number"). Show your answer as an 8-digit hexadecimal number.
    4. [0.5] Show a small amount of C code that can be used to cause a float-type variable x to contain NaN. (You can test this using a printf("%f", x); statement.)
    5. [0.5] Give a 32-bit representation of -Inf (i.e., negative infinity). Show your answer as an 8-digit hexadecimal number.
    6. [0.5] Show a small amount of C code that can be used to cause a float-type variable y to contain -Inf.
    7. [1] Describe what multiplying a float variable by 2.0 does to its 32-bit representation.

  2. Bytes in context

    Suppose we start with this code on mantis:

    char s[100] = "estás bien";
    1. [1] What are the contents of the first 8 bytes in memory starting at the address s? Write your answer as a sequence of two-digit hexadecimal numbers, like "01 23 45 67...".
    2. [1] Consider the first four bytes starting at the address s as a single 4-byte int. What is its value (in decimal), and why?
    3. [1] Show a short snippet of C code that will print the int starting at the address s. This code should work no matter what string we initialize s to.
    4. [1] Consider the chunk of memory represented by s as a sequence of x86-64 instructions. What is the first such instruction? How did you figure that out?
    5. [1] In one sentence, describe the lesson this problem is trying to illustrate.

  3. Pipes, redirects, and file descriptors

    Suppose you have a CSV file named alumni.csv with this structure:

    email,name,country_abbreviation,graduation_year vostinar@carleton.edu,Anya Vostinar,US,2012 marie@versailles.fr,M. Antoinette,FR,1783 ...

    Consider this command:

    grep 2015 < alumni.csv | grep -v US | sort > list.csv
    1. [1] What is this command line intended to compute?
    2. [1] How many child processes does bash fork when executing this command line?
    3. [4] Draw a diagram, in the style I've been using in my classroom drawings, showing the file descriptor table for each of the child processes while they are all still running. I recommend drawing shared objects (if any) in a central location of your diagram, with the various file descriptor tables around the edges, pointing when appropriate to the shared objects in the middle.

  4. Educating Jeff. [2] Is there a book, a movie, a podcast, a website, a game, a writer, a musician, etc. you think I should know about? Let me know about it!

  5. Exploring an executable

    Consider the executable program mystery If you run this program on mantis like so:

    ./mystery

    it will tell you only that the expected command-line syntax is:

    ./mystery string

    If you then run it with a command-line argument, you'll see some output, but apparently whoever wrote this program didn't get around to finishing the user interface yet, so it can be a little unclear what's going on. All part of the mystery, I guess.

    For the questions below, you will investigate what this program does, how it does it, and how it might be vulnerable to a buffer overflow attack.

    1. [1] If you view the first few bytes of mystery, you'll see that three of those bytes spell "ELF". What is ELF, and why does it show up in this executable program?
    2. [1] Provide a list of functions contained in mystery. (Don't include obvious system functions like printf or exit.) How did you obtain this list?
    3. [1] What does the function mystery1 do? How do you know?
    4. [1] What does the function mystery2 do? How do you know?
    5. [1] In the middle of this program, you may see an assembly instruction callq 0x4010c0 <__ctype_b_loc@plt>. What is the purpose of this function?
    6. [3] The main function has the two usual parameters plus some local variables. Draw a picture of main's stack frame, identifying clearly exactly where in the stack frame each variable/parameter resides, how big each one is, etc. If I were drawing this, I would probably use colored pencils or the digital equivalent to clarify what's what.

    7. [4] This program is vulnerable to a buffer overflow. By exploiting this vulnerability, it is possible (for example), to specify a carefully-crafted command-line argument for which mystery runs to completion without crashing but prints the wrong answer.

      Show me a command-line invocation of this for which the correct answer for "LABEL 1" should be 1, but for which mystery prints an answer of 33. Include a detailed explanation of why your input file produces this result.

      One final note. If you don't succeed in getting the program to print the desired wrong answer, you can get partial credit by explaining in detail what you were trying to do and what you have learned about the structure of the relevant stack frame.

  6. Have a great break! Thanks for being a wonderful class. It was fun working with you.