Posts Tagged ‘high level language’

A compiler that translates a high level-language into another high-level language is called a source-to-source translator. What advantages are there to using C as a target language for a compiler?

Security is a big issue for programmers, but few know how to secure themselves because they don’t know anything about vulnerabilities or exploits in their programs. Whether you are a C++ programmer coding applications for a client, or a PHP programmer developing a secure website for your customers. You must learn to look for certain coding errors and unsafe techniques.

Programmers create bad habits, they try to use shortcuts all the time.

One wise man once said “Programmers are actually the laziest people you know”. This is true for many programmers, because they always look for a faster easier way to do something.

The root of all evil of course, is input validation. The programmer is too quick to trust its users. He takes a shortcut instead of encrypting something, leaves it in plain text. Maybe he uses a cheap shortcut in programming and uses a function incorrectly.

Let me show you some examples. If a programmer uses sprintf and printf a lot in his C++ code. He may use it without the formats.

printf(stringText);, instead of using the natural printf(“%s”, stringText); they both work but the first one is extremely vulnerable. This is called a format exploit . Someone can begin to insert his own %s and %x characters and other special characters to grab where in memory that text is. Then he can use that to inject code into your program. This applies to PHP as well, as a hacker can use %s to inject his own SQL injection to hack your database.

Stay away from shortcuts, and be careful when using char arrays as your strings. If you create an array char string[50], your users may type something string[55] length, and it will crash your program, or in other cases overwrite other characters to gain upper level access to your software. This is called a Buffer Overflow Exploit in C++ and it’s very widespread.

And don’t think you’re safe just because you use Java or Python or some other high level language, they have their own set of exploits. In fact, the easier the coding, the more likely there will be mistakes and exploits.

Every exploit is different, and you need to have an imagination to imagine a sort of attack someone can do. In order to do this you need to study other exploits, and you need to stop assuming how your customer will use your program. You should aggressively test your program for wild inputs. Filter every sort of input through some functions for possible attacks.

Author: Brian O’Brien
Article Source: EzineArticles.com
Provided by: Digital TV, HDTV, Satellite TV

The basic principle of any compiler is to read the source file and to generate compiled code. In practice the compilation process is not so simple. There is a huge leap between the source code written in a high-level language and the desired target code for a particular platform. In general, each high-level statement will be translated to many low-level instructions for our target microprocessor.

In theory, it is possible to directly translate each source code statement to a sequence of microprocessor instructions which will perform the desired result. However, in practice it is better to perform the compilation in two steps. The first step is to process the source code and generate an intermediate code, and in the second step to process this code to generate the final executable code for our target microprocessor. There are many advantages in this approach.

It is a very good idea to have a target-independent intermediate code. This code is usually a description of the high-level statements with some simpler instructions that accurately represent the operations of the source code statements. This code will not execute in a real processor, it is only an internal representation of our high-level program. Since it uses simpler constructs than the high-level language it is much easier to determine the data and control flow. This is very important for optimization algorithms.

Target-independent intermediate code means that for each high-level language that needs to be supported we only have to write the first part of the compiler, the code generator is already written for the intermediate code which does not change. The same applies to the second part, the code generator. If we need to port our compiler to another platform, we only need to write a new code generator for the new processor.

The choice for intermediate code representation is not a simple task. We need to define a language that will be platform independent, will support all the features of desired processor families and will be easy to analyze for code optimizations.

Author: Igor Funa
Article Source: EzineArticles.com
Provided by: Latest trends in mobile phone