Programming Paradigms Final

What do pointer types store?

Memory addresses and NULL (provides indirect addressing)

What is a dangling pointer?

A pointer that points to a heap-dynamic variable that has been deallocated

What is a lost heap-dynamic variable?

A heap-dynamic variable that is no longer accessible to the user program (AKA garbage). The process of losing these variables is called memory leakage.

Does C check array bounds?

No, C does not check array bounds

Does Java check array bounds?

Yes, Java is strongly typed and enforces bounds

What is coercion in type checking?

Implicit/automatic conversion from one type to another

When is static type checking done?

At compile time

When is dynamic type checking done?

At run time

What is explicit static type binding?

Program statement used to declare the types of variables

What is implicit static type binding?

Specifies types through default conventions; provides greater writability but less reliability

What are the characteristics of dynamic type binding?

Flexible, but high in cost and difficult to detect errors

What is a buffer overflow?

When a program writes more data to a block of memory or buffer than it was allocated for

Describe the stack smashing process

1) Buffer overflow - excess data flows into adjacent memory, 2) Overwriting control data - overflow overwrites critical control data, 3) Manipulating program flow - redirects program's execution flow, 4) Execution of arbitrary code - introduces attacker's own code

List 5 ways to prevent stack smashing

1) Bounds checking, 2) Safe string functions (strncpy vs strcpy), 3) Address space randomization, 4) Stack Canaries, 5) Non-executable stack

What are stack canaries?

Random values placed between buffer and control data, used to flag if there's an overflow

How do you prevent format string vulnerabilities? (List 5 methods)

1) Avoid user-controlled format strings, 2) Validate and sanitize input, 3) Use explicit format strings, 4) Limit permissions, 5) Static code analysis

What is RAD (Return Address Defender)?

Saves copies of a function's return address; checks when a function finishes

What does DEP (Data Execution Prevention) do?

Makes stack and heap non-executable

What are gadgets in ROP (Return Oriented Programming)?

Operations where complex code is transformed into a sequence of primitive operations

Describe a Ret2LibC attack

1) Exploit buffer overflow to overwrite return address, 2) Set return address (EIP) to a function in LibC, 3) Prepare fake stack frame with arguments, 4) Program returns to LibC function and executes with attacker's arguments

What are the three main Java security components?

1) Class loaders (sandbox), 2) Bytecode verifier, 3) Security manager (policy and enforcement)

What are the three types of Cross-Site Scripting (XSS)?

1) Reflected XSS: sent in url and reflected onto page

2) Stored XSS: persistent in server, shown to every visitor most dangerous

3) DOM XSS: javascript on the page itself does damage

What are two solutions to XSS attacks?

1) SOP (Same Origin Policy), 2) Secure Input Handling (Encoding & Validation)

What is the key property of functional programming regarding side effects?

No side effects - output depends only on inputs, functions change nothing in the evaluation, can be evaluated in any order

How are complex functions built in functional programming?

Based on recursion

List the historical progression of functional programming languages

Lambda calculus (1930s) → Lisp (1950s) → Meta Language (1970s) → Haskell (1990s) → Python, Scala, Java, C++

What are the three key properties of Lambda Calculus?

1) Anonymous, 2) Immutable, 3) First-class citizen (functions treated like other variables)

What does 'cons' do in list processing?

Takes an element and adds the element to front of list

What does 'car' do in list processing?

Retrieves the 1st element in list/pair

What does 'cdr' do in list processing?

Retrieves rest of elements in a list/pair after 1st element

What does 'append' do?

Concatenates lists

What does 'map' do?

Applies a given function to each element of a list and returns the new list

What does 'filter' do?

Applies a given predicate function to each element of a list and returns a new list containing only true elements

What does 'foldl' do?

Applies a given binary function to the elements cumulatively, reduces to single value

How many arguments does 'if' take in Racket?

3 arguments (must have else)

How many arguments does 'when' take in Racket?

2 arguments (no else)

What does 'for/list' do?

Accumulates body results into a list

What does 'for*' do?

Nests multiple clauses instead of running them in parallel

Difference between 'display' and 'print' output functions?

Display - human-readable, no quotes; Print - Racket readable, adds quotes

Difference between 'printf' and 'write' output functions?

Printf - human-readable, like display. NOT SAFE!; Write - C++ readable, like print. SAFER!

What does 'eval' do?

By default 1st list element is evaluated as a function, remainder of elements are arguments to that function

What does 'let' do?

Binds variables to values within a specific block of code

What does 'begin' do?

Groups multiple expressions into a single body

What are the key paradigms of logic programming?

Rules, Declarative nature, Inference and Backtracking, Pattern Matching, Non-Procedural Symbolic Reasoning

What are Prolog clauses?

Unit of logic programming made of facts and rules

What are facts in Prolog?

Statements about relationships between entities (Ex: happy(Bob))

What are rules in Prolog?

Express relationships based on conditions (Ex: eatsPizza(Bob) :- happy(Bob))

What are predicates in Prolog?

A logical statement defining a condition or property

What is arity in Prolog?

The number of arguments taken by a predicate

How are variables denoted in Prolog?

Using capital letter or underscore

What can an underscore alone be used for in Prolog?

As a placeholder

What operator is used for conjunction in Prolog?

, (comma)

What operator is used for disjunction in Prolog?

; (semicolon)

What operator is used for implication in Prolog?

:- (colon-dash)

What is unification in Prolog?

The process of finding substitutions for variables in order to make two terms identical (using the given rules)

What search strategy does Prolog use?

Depth-first search strategy with backtracking

Is the order of clauses important in Prolog?

Yes, the order of clauses is crucial

How are lists constructed in Prolog?

Using the Head (1st element of list) and Tail (the rest of the list)

What is the cut operator in Prolog?

! (exclamation mark) - Prevents backtracking over specific branches

What does \+ represent in Prolog?

Negation (the absence of whatever is specified)

What is the scope of a variable in Prolog?

A single clause (fact or rule) or a single query

What inference method does Prolog use?

Backward chaining

What is the use of "is" in Prolog?

Arithmetic evaluation

Can the cut (!) in Prolog be backtracked?

No, it always succeeds but cannot be backtracked

In return-oriented programming, can a return from a hijacked function be controlled by the hijacker?

TRUE (the hijacker CAN control returns)

How can a stack buffer overflow hijack the control flow of a program?

By overwriting the return address AND function pointer on the stack

How may an attacker overflow the buffer in ROP?

By appending 1 or more fake calling frames

In ROP, is it possible to invoke an arbitrary function by placing a fake frame in stack memory?

TRUE

What checks code fragments for illegal code in Java?

Bytecode verifier

In CFI, do direct calls to functions need to be monitored?

FALSE, only indirect

Which statement is WRONG about orchestrating gadgets in ROP?

"Some gadgets can be injected onto the stack" (gadgets are found in existing code, not injected)

What leads to portability and security of Java?

Bytecode is executed by JVM

Do sandbox restrictions provide strict limitations on system resources an applet can access?

TRUE

In hardware-enforced NX bit, can the EIP jump to executable regions?

TRUE

Can lambda special form be used to define anonymous functions in Lisp?

TRUE!

What is the output of: (cons (car '(a b)) (cdr '(p q)))?

'(a q)

Are functions considered first-class citizens in functional programming?

Yes - they can be passed as arguments, returned as results, and assigned to names

Output of: (define (b p) (+ p p)) (define z 1) (b z)?

2

Output of:

(define thing 'sphere)
(define r 2)

(cond
  [(eq? thing 'circle)
   (3 r r)]
  [else
   (4 3 r r)])

48

Output of: (define (multiply p q) (* p q)) (cons 4 (multiply 2 4))?

'(4 . 8)

Output of: (define x 'outside) (let ((x 'inside) (y x)) (list x y))?

'(inside outside)

Output of: (define (aaa-x x) (lambda(y)(+ x y))) (define add-d (aaa-x 7)) (add-d 15)?

22

Output of: (define whole-list '(monday tuesday wednesday thursday friday)) (define (mystery) (cons (first whole-list) (last whole-list))) (mystery)?

'(monday . friday)

Write the addition of four numbers using maximum possible braces?

(+ (+ 1 2) (+ 3 4))

For ?-[[X,Y],Z|R] = [[a,b],[1,2],[c,d]], which binding applies?

X=a, Y=b, Z=[1,2], R=[[c,d]]

Output of: ?- f(a,b) = f(Y,X)?

X=b, Y=a

Which returns true? boy(john,123). girl(jane,234). student(john,123).

boy(john, 123)

What does r(X, Y) :- parent(Z,X), parent(Z,Y), male(X), X \= Y represent?

X is the brother of Y

What are call stacks used for?

Save execution status of the caller, pass parameters, pass return address to the callee, transfer control to the callee

What is the purpose of a bytecode verifier in Java?

Checks code fragments for illegal code

What does SOP stand for?

Same Origin Policy

What library attack exploits buffer overflow?

Ret2LibC (Return to LibC)

What makes Java code portable?

Bytecode is executed by JVM (Java Virtual Machine)

What does NX bit stand for?

Non-executable bit (prevents code execution in certain memory regions)

What is the purpose of address space randomization?

Makes it harder for attackers to predict memory addresses for exploits

Difference between static and dynamic type binding?

Static - done at compile time; Dynamic - done at run time

What is garbage in programming?

Lost heap-dynamic variables that are no longer accessible

What does CFI stand for?

Control Flow Integrity

What is the main advantage of functional programming?

No side effects, making code more predictable and easier to reason about

What does "first-class citizen" mean for functions?

Functions can be treated like any other variable - passed as arguments, returned from functions, assigned to names