PERSONAL CALENDAR

Using personal calendars we can personalise our significant events.This personal calendar is based on java application.

The interface is for regular users to browse and edit their calendars.The initial display consists of one window which consists of two parts:command menu and regular monthly display.

The File menu contains typical commands for manipulating data files . 'File New' opens a new calendar in a new display window. 'File Open' opens an existing calendar from a previously saved file, displaying it in the current display window or a new window as selected by the user. 'File Close' closes the currently active calendar, offering to save if it has been modified since opening. (The currently active calendar is the one on which the user has most recently performed a command.)'File Save' saves the currently active calendar on the file from which it was opened, or on a new file if it was created from a new display.

The View menu allows the user to browse through a calendar in a variety of ways.'View Item' displays the scheduling details for a selected scheduled item. 'View Day' displays details of the currently selected calendar day. 'View Week' displays the seven-day week in which the currently selected day appears, with less detail than the daily display. Weeks can be displayed in tabular or list format.'View Goto Date' displays a dialog for choosing a specific date to become the current date in the active display.

Appointment scheduling is one of the most commonly performed operations with the Calendar system.To schedule an appointment, the user selects the 'Appointment' command in the Schedule menu, In response, the system displays the dialog.The 'Title' field is a one-line string that describes the appointment briefly. The 'Date' field contains the date on which the appointment is to occur.Appointment Security is one of four levels: 'public', 'title only', 'confidential', and private.

VIRTUAL TABLE

(Team 2 : 71,49,31,30,29,23,876).

          A  Virtual Table or Vtable is a mechanism used in a programming language to support dynamic dispatch or dynamic polymorphism where run time binding is done. The virtual table is a lookup table of functions used to resolve function calls in dynamic binding.
          Suppose a program contains several classes in an inheritance hierarchy i.e., a superclass and two subclasses and when the program calls the virtual function on a superclass pointer or any of the subclass pointers,the run time environment must be able to determine which implementation to call,depending on the actual type of the object that is pointed to. There are a variety of different ways to implement such dynamic dispatch,but the vtable solution is common among C++ and its related languages ,because it allows objects to use a different implementation simply by using a different set of method pointers.

        The virtual table is actually quite simple, though it’s a little complex to describe in words.

Implementation of VTABLE:

        Every class that uses virtual functions (or is derived from a class that uses virtual functions) is given it’s own virtual table. This table is simply a static array that the compiler sets up at compile time. A virtual table contains one entry for each virtual function that can be called by objects of the class. Each entry in this table is simply a function pointer that points to the most-derived function accessible by that class. An object's dispatch table or vtable will contain the addresses of the object's dynamically bound methods. Method calls are performed by fetching the method's address from the object's dispatch table. The virtual table is the same for all objects belonging to the same class, and is therefore typically shared between them. Objects belonging to type-compatible classes (for example siblings in an inheritance hierarchy) will have dispatch tables with the same layout: the address of a given method will appear at the same offset for all type-compatible classes. Thus, fetching the method's address from a given dispatch table offset will get the method corresponding to the object's actual class.

       The compiler also adds a hidden pointer to the base class, which we will call  as Vpointer or virtual pointer or vptr .vptr is set (automatically) when a class instance is created so that it points to the virtual table for that class. Unlike the *this pointer, which is actually a function parameter used by the compiler to resolve self-references, vptr is a real pointer. Consequently, it makes each class object allocated bigger by the size of one pointer. It also means that vptr is inherited by derived classes, which is important.  The compiler also generates "hidden" code in the constructor of each class to initialize the vpointers of its objects to the address of the corresponding vtable.

Concept of method overloading in generic units:

In the Barton-Nackman technique, a template class derives from an instantiation of another template, passing itself as a template parameter to that other template as follows:

class A : public base<A> { ... };

The important application of this technique is to give a common “base template” for a set of template classes. One can overload operators and other non-member functions for the common base template; the derived classes will match the definitions. Because it avoids run-time dispatching, this technique is often used in the numerical domain [11–13, 42], The usage of the Barton-Nackman trick is best explainedwith an example,which we take from the domain of linear algebra. Matrix types (dense matrix, diagonal matrix, and triangular matrix) represent different kinds of matrices. Each of these matrix types has a common interface which can be exploited to define functions and operators that work for any matrix type. In this example, our interface is just one function.We overload the function call operator that gives the syntax A(i,j) for accessing the element at row I and column j of matrix A. This interface is defined in the common base template matrix:

template <class Derived>

class matrix {

public:

double operator()(int i, int j) const {

return static cast<const Derived&>(∗this)(i,j);

}

};

The matrix template will always be instantiated in such a way that the template parameter Derived is the type of a derived class. Note the static cast in the definition of operator(). As long as Derived is the actual type of the object, this is a safe downcast to a derived class. The function call operator thus invokes the function call operator of the derived class without dynamic dispatching. Each specialized matrix type must pass itself as a template argument to the matrix template and define the actual implementation of operator():

class dense matrix : public matrix<dense matrix> {

public:

double operator()(int i, int j) { ... }

...

};

class diagonal matrix : public matrix<diagonal matrix> {

public:

double operator()(int i, int j) { ... }

...

};

class triangular matrix : public matrix<triangular matrix> {

public:

double operator()(int i, int j) { ... }

...

};

With this arrangement, one can overload generic functions for the matrix template, instead of separately for each matrix type. For example, the multiplication operator could be defined as:

template<class A, class B>

typename product traits<A, B>::type

operator∗(const matrix<A>& a, const matrix<B>& b);

The product traits template is a traits class to determine the result type of multiplying matrices of types A and B. Such traits classes for deducing return types of operations are common in C++ template libraries [15, 40, 42].We can observe many benefits in this approach. The run-time overhead of virtual function calls is avoided. Several implementation types can be grouped under a common base template, allowing one operator implementation to cover many separate types.We can also identify several problems with the approach: – One needs to be careful not to slice objects. Taking the matrix arguments by copy in the above operator∗ function would not copy the whole object, but only the base class matrix. Thus some data would be lost, leading to undefined behavior at runtime when the object was cast to the actual matrix type in the function call operator of the matrix class . – It is difficult to get the desired overloading behavior if some parameters of a function are instances of “Barton-Nackman powered” types, but others are not. For example, one might want to define multiplication between two matrices, and additionally between a matrix and a scalar with the scalar as either the left or right argument. The straightforward solution is to define three function templates (we leave the return types unspecified):

template<class A, class B>

... operator∗(const matrix<A>& a, const B&b);

template<class A, class B>

... operator∗(const A& a, const matrix<B>& b);

template<class A, class B>

... operator∗(const matrix<A>&m1, const matrix<B>&m2);

The following code demonstrates why this approach does not work:

diagonal matrix A; dense matrix B;

A ∗ B; // error, ambiguous call

The third function is not the best match; insteadthe call is ambiguous. The first two definitions are both better than the third definition, but neither is better than the other. Thus, a compiler error occurs. Even though the typematrix<A> is more specialized than A, the actual argument type is not matrix<A> but diagonal matrix, which derives from matrix<A> where A is diagonal matrix. Therefore, matching diagonal matrix with matrix<A> requires a cast, whereasmatching it with A does not, making the latter a better match. Thus, the second definition provides a better match for the first argument, and the first definition provides a better match for the second argument; this makes the call ambiguous. There are two immediate workarounds: providing explicit overloads for all common scalar types, or overloading for the element types of the matrix arguments. The first solution is tedious and not generic because one cannot know all the possible (user-defined) types that might be used as scalars. The second solution is limiting, as it prevents sensible combinations of argument types, such as multiplying a matrix with elements of type double with a scalar of type int.

– The curiously recurring template pattern is quite a mind-teaser; it significantly adds to the complexity of the code. Type classes and the enable if template solve the above problems. We rewrite our matrix example using type classes. First, all matrix types must be instances of the following type class:

template <class T, class Enable = void>

struct matrix traits {function that uses assignment, and to provide the specialized implementations as overloads.

Without enable if and type class emulation, overloading is limited.for example, it is not possible to define a swap function for all types that derive from a particular class; the generic swap is a better match if the overloaded function requires a conversion from a derived class to a base class (see section 4). Type classes allow us to express the exact overloading rules. First, two type classes are defined. Assignable represents types with assignment and copy construction (as in the Standard Library), and User Swappable is for types that overload the generic swap function:

template <class T, class Enable = void>

struct assignable traits { static const bool conforms = false; };

template <class T>

struct assignable {

BOOST STATIC ASSERT((assignable traits<T>::conforms));

};

template <class T, class Enable = void>

struct user swappable traits { static const bool conforms = false; };

template <class T>

struct user swappable {

BOOST STATIC ASSERT(user swappable traits<T>::conforms);

static void swap(T& a, T& b) {

user swappable traits<T>::swap(a,b);

}

};

The Assignable requirements are assignment and copy construction, which are not subject to overload resolution, and thus need not be routed via the type class mechanism. Second, two overloaded definitions of generic swap are provided. The first is for types that are instances of User Swappable. The function forwards calls to the swap function defined in the User Swappable type class:

template <class T>

typename enable if<user swappable traits<T>::conforms, void>::type

generic swap(T& a, T& b) {

user swappable<T>::swap(a,b); }

};

The second overload is used for types which are instances of Assignable but not instances of User Swappable. The exclusion is needed to direct types that are both Assignable and User Swappable to the customized swap:

template <class T>

typename enable if<

assignable traits<T>::conforms && !user swappable traits<T>::conforms,

void>::type

generic swap(T& a, T& b) {

T temp(a); a = b; b = temp;

}

static const bool conforms = false;

};

template <class T>

struct matrix {

BOOST STATIC ASSERT(matrix traits<T>::conforms);

static double index(const T& M, int i, int j) {

return matrix traits<T>::index(M, i, j);

}

};

Thus, the generic swap function can be defined in the most efficient way possible for each type. There is no fear of overload resolution accidentally picking a function other than that the programmer intended.

SECURE CODING IN C

SECURE CODING IN C

(By team 5: 733007,13,14,40,45,62,63)

ABSTRACT:

C is a high level language developed in early 1970’s.It is a imperative system implementation language and is most popular language of all time. C has more effective concepts such as arrays , structures and pointers. It has formed basis for many other languages like C++, Java and C#. Even though C is used for developing system software, it cannot be used for real time and web applications due to lack of security.

Why do we need secure coding?

Writing a secure code is a big deal despite lot of viruses in world .Most probable solution is to use safer language like java, which runs in protected environment.But for higher performance i.e,coding in C we need to be aware of writing an unexploitable code.

Major obstacles contributing to insecure coding are:

1) Buffer overflow-smashing stack,

2) Double free attack.

A buffer overflow occurs when user tries to enter more data beyond program requirement, thereby allowing arbitrary modifications to memory. Due to the way the stack is setup, an attacker can write arbitrary code into memory.

When functions are called, both the memory to store the variables declared in the function and the memory to store the arguments to the function are pushed onto the stack as part of a "stack frame". This leads to buffer overflow.

Another more sophisticated attack, is the double free attack that affects some implementations of malloc.

The attack can happen when you call free on a pointer that has already been freed before you have reinitialized the pointer with a new memory address.

Other shortcomings encountered are

1)Structure initialization in C,

2)Random number between two integers,

3)Large arrays in C,

4)De-Begging Code before check-in,

5)and security issues in strings .

In this assignment, we deal about the above mentioned problems and how to tackle them in secure way.