chris davis final

____ are the fundamental means of specifying computations in a programming language

Expressions

Essence of imperative languages is the

domain role of assigning expressions (commands in form of words instead of code)

was one of the motivations for the

development of the first programming languages

Arithmetic evaluation

Arithmetic expressions consist of:

■ Operators

■ Operands

■ Parentheses

■ Function calls

Use of an operator for more than one purpose is called

operator overloading

is one that converts an object to a type that cannot include all of the values of the original type e.g., float to int

A narrowing conversion

is one in which an object is converted to a type that can include at least approximations to all of the values of the original type, e.g., int to float

A widening conversion

is one that has operands of different types

A mixed-mode expression

is an implicit type conversion

A coercion

____ type conversion is called _____

Explicit - Casting

Operands (numbers) are boolean if the operator is || and &&

True

a < b < c is really ___

(a < b) < c

is an expression in which the result is determined without evaluating all of the operands and/or operators

Short Circuit Evaluation

All logic operators in Ruby, Perl, ML, F#, and Python are

shortcircuit evaluated

The assignment operator (Example ■ a = a + b can be written as… ■ a += b)

= Fortran, BASIC, the C-based languages (BAD DESIGN CHOICE)

:= Ada, SQL

is Prolog

■ sum = —-

□ count incremented, then assigned to sum

■ sum = ——

□ count assigned to sum, then incremented

■ count++

□ count incremented

■ -count++

□ count incremented then negated, i.e. -(count++)

++count count++

In Java and C#, only widening assignment coercions are done

■ float f = 2; // legal

■ int i = 2.0; // illegal

Assignment statements can also be

MIXED MODE

Lambda (λ) calculus

■ Anonymous functions ■ Immutibility ■ First-order Functions – Functions are “first class citizens” ■ Currying – All functions take a single argument

The λ-calculus incorporates two simplifications that make this

semantics simple.

■ The first simplification is that the λ-calculus treats functions

“anonymously”, without giving them explicit names.

■ The second simplification is that the λ-calculus only uses

functions of a single input.

Programs in logic languages are expressed in a

form of

symbolic logic

Declarative rather that procedural:

– Only specification of results are stated (not detailed

procedures for producing them)

A logical statement that may or may not be true

Proposition (truth table true and false)

Logic which can be used for the basic needs of formal logic

Symbolic Logic:

Objects in propositions are represented by

Object Representation:

a symbol that represents an object

Constant:

a symbol that can represent different

objects at different times

Variable:

is one element of a mathematical relation, written like a mathematical function

A compound term

Propositions can be stated in two forms:

– Fact: proposition is assumed to be true

– Query: truth of proposition is to be determined

an inference principle that allows inferred propositions to be computed from given propositions

Resolution

The process of determining useful values for variables

Unification

The temporary assigning of

values to variables to allow unification

Instantiation

is a set of strategies that may be used to strengthen the security of applications on a high level by leveraging attributes and properties of particular programming languages

Language-Based Security (LBS)

By evaluating the source code ——, the theory and

implementation of the programming language can also be

considered, and more vulnerabilities can be uncovered

before compiling

 Program Optimization , Program Correctness

Program Analysis

set of tools used to analyze the information flow control in a program, in order to preserve confidentiality and integrity

Information flow analysis

be used by software developers in order to check the security properties of their code.

Security type system

avoid using unsafe languages because hackers might look at vulnerable code and use pointers to get into the deep code

Securing low-level code

is the idea of producing a certificate during compilation of source code

■(Proof-carrying code (PCC)

■ Typed assembly language (TAL)

Certifying compilation

LBS techniques

Program Analysis, Information flow analysis, Security type system, Securing low-level code, Certifying compilation

CMMI measures both

Capability and maturity

CMMI capability levels

1.Initial

2. Managed

3. Defined

CMMI maturity levels

1.Initial

2. Managed

3. Defined

4. Quantitatively Managed

5. Optimizing

is a type of graph used to represent a finite partially ordered set

Hasse diagram

Type Checking

Checking if variables and operations in a program match up in terms of data types.

Strong Typing

Strictly enforcing data types in a language, so you can't mix different types without explicit conversion.

Determining when two types are considered the same.

Type Equivalence

 Math operations like addition, subtraction, etc., with numbers

Arithmetic Expressions

Operators (like + or -) that can behave differently based on the types of values they're applied to

Overloaded operators

Comparing values (relational) or evaluating logical statements (Boolean) to get a true/false result.

Relational and Boolean Expressions

Type Conversions

Changing a value from one type to another, either automatically (implicit) or explicitly done by the programmer.

 It's a trick to speed up code by stopping evaluation early if it's clear what the result will be

Short-circuit evaluation

 Putting values into variables.

Assignment Statements

 Putting different types of values into variables at the same time.

Mixed Mode Assignment

Choosing what code to run based on conditions

Selection Statements

Running the same code multiple times until a condition is met.

Iterative Statements

 The context where variables live and can be used, typically within a function or loop.

Local referencing environments

 Different ways to give information to functions or subroutines

Parameter passing methods

This refers to the presence or absence of security mechanisms within the software. Weak or improperly implemented security features can leave systems vulnerable to attacks.

Security Features

Managing —- is crucial in software development. Errors in handling time-related functions (like timestamps) or managing state transitions can lead to security vulnerabilities

Time and State

this involves handling errors and exceptions within the software. Improper error handling can provide attackers with valuable information or lead to unexpected behaviors that compromise security.

Errors

Ensuring that inputs are properly validated and represented is essential for preventing vulnerabilities like injection attacks

Input Validation and Representation

Insecure use of APIs (Application Programming Interfaces) can introduce vulnerabilities into software systems. This includes misuse of APIs, inadequate access controls, or failing to authenticate API calls properly.

API Abuse

The overall quality of code, including readability, maintainability, and adherence to best practices, significantly impacts security. Poorly written or poorly reviewed code is more likely to contain vulnerabilities.

Code Quality

refers to the practice of hiding implementation details and providing controlled access to components. Failure to encapsulate components properly can lead to unintended interactions and security vulnerabilities.

Encapsulation

The —- in which software operates can both mitigate and exacerbate security risks. Factors such as network configuration, access controls, and deployment environments influence the overall security posture of software systems.

Environment

a nonprofit, public–private partnership that

conducts research for the United States government

Software Engineering Institute (SEI)

Weaknesses Addressed by the SEI CERT C Coding Standard

CWE VIEW ID 1154

An early programming language whose control statements were based on the IBM 704 harware.

Fortran I

A —- provides the means of choosing between two or more paths of execution.

selection statement

If the then reserved word or some other syntactic marker is not used to introduce the 'then' clause, the control expression is placed in

Parenthesis

Unlike the C-family of languages that use curly braces to delineate blocks of code, Python uses _____ to indicate a statement's membership in a block.

Indentation

In Java, the else option of an if control statement is bound to

nearest previous if

What is evaluation of this Racket code?

(define z 2)

(let ((x 3)(y 5))

    (+ (* x y) z))

17

A nested if is one way to implement a multiple-way selection statement.

False

The switch keyword that introduces a clause to handle unrepresented case values in a C++ switch is

default clause

A C++ switch allow more than one case to be executed.

False

A C# switch allow more than one case to be executed.

False

In Racket, an if control statement requires an else option

False

In Racket, a cond control statement requires an else option.

False

In Racket, a when control statement permis an else option

False

In functional programming languages loops are implemented using

Recursion

Which of the following is not a value used by a loop variable in counter-controlled loops?

Recursion value

In C-family for loop syntax, match the elements to their description.

for ( A ; B ; C ) D

Initial / terminal / step size / statement to be executed

It is possible to use a loop counter variable in a recursive loop

True

Range-based loops are not possible in which of the following languages?

c

In C++ and  Java it is possible to unconditionally exit a loop with which keyword?

BREAK

In C++ and  Java it is possible to skip the remainder of the current iteration (but not exit the loop) with which keyword?

CONTINUE

In Perl it is possible to unconditionally exit a loop with which keyword?

last

The Guarded Command Language was introduced by which famous computer scientist?

Dijkstra

Seven Pernicious kingdoms speaks about

the common security vulnerabilities in computer systems. The Seven Pernicious Kindoms consist of 'Pillars', 'Classes', 'Base level weaknesses', 'Variant', 'Chain', 'Composite'