CS 345 - Programming LanguagesFall 2010Homework #7Due: 2pm CST (in class), December 2, 2010YOUR NAME:Collaboration policyNo collaboration is permitted on this assignment. Any cheating (e.g., submitting anotherperson’s work as your own, or permitting your work to be copied) will automatically resultin a failing grade. The Computer Science Department Code of Conduct can be found athttp://www.cs.utexas.edu/academics/conduct/.Late submission policyThis homework is due at the beginning of class on December 2. All late submissionswill be subject to the following policy.You start the semester with a credit of 3 late days. For the purpose of counting latedays, a “day” is 24 hours starting at 2pm on the assignment’s due date. Partial days arerounded up to the next full day. You are free to divide your late days among the take-homeassignments any way you want: submit four assignments 1 day late, submit one assignment3 days late, etc. After your 3 days are used up, no late submissions will be accepted and youwill automatically receive 0 points for each late assignment.You may submit late assignments to Vitaly Shmatikov (CSA 1.114—slide under the doorif the office is locked). If you are submitting late, please indicate how many latedays you are using.Write the number of late days you are using:1Homework #7 (35 points)Problem 1 (5 points)The following webpage contains a “cross-site scripting” vulnerability:http://www.cs.utexas.edu/~shmat/courses/cs345/vulnerable.htmlImagine that you want to trick your fellow CS 345 student into believing that the coursehas a different collaboration policy.Craft a URL that will cause the above website to display an alternate collaborationpolicy. You may assume that your victim will visit your webpage and click on a special linkthat you have created. This link must point to the above page. When the victim clicks onit, he should see the above page, but the displayed collaboration policy should be different.IMPORTANT: Do not point your link to a modified copy of the above page. Your linkshould point to http://www.cs.utexas.edu/~shmat/courses/cs345/vulnerable.html, oryou will get no credit for this problem.Problem 2Consider the following PHP script for logging into a website:$username = addslashes($_GET[user]);$password = addslashes($_GET[pwd]);$sql = "SELECT * FROM usertableWHERE username= ’$username’ AND password = ’$password’ ";$result = $db->query($sql);if ($result->num_rows > 0) { /* successful login */ }else { /* login failed */ }Problem 2a (2 points)What does the PHP function addslashes do? What is the purpose of calling it in the abovecode?2Problem 2b (3 points)In Chinese, Korean, and Japanese unicode character sets, some characters are encoded assingle bytes, while others are double bytes. For example, the database interprets 0x5C as \,0x27 as ’, 0x5C27 as \’, but 0xBF5C is interpreted as a single Chinese character.Give an example of a username that will successfully subvert the above authenticationcode.Problem 2c (2 points)How should addslashes be implemented to prevent SQL injection attacks?Problem 3In Simula, a class is a procedure that returns a pointer to its activation record. Simulaprefixed classes are a precursor to C++ derived classes, providing a form of inheritance.This question asks about how inheritance might work in an early version of Simula,assuming that the standard static scoping mechanism associated with activation records isused to link the derived class part of an object with the base class part of the object.Sample Point and ColorPt classes are given in the textbook (Section 11.2). For thepurpose of this problem, assume that if cp is a ColorPt object, consisting of a Point ac-tivation record followed by a ColorPt activation record, the access link of the parent class(Point) activation record points to the activation record of the scope in which the classdeclaration occurs, and the access link of the child class (ColorPt) activation record pointsto the activation record of the parent class.3Problem 3a (3 points)Fill in the missing information in the activation records (depicted below), which are createdby executing the following code:ref(Point) r;ref(ColorPt) cp;r :- new Point(2.7, 4.2);cp :- new ColorPt(3.6, 4.9, red);cp.distance(r);Remember that function values are represented by closures, and that a closure is a pairconsisting of an environment (pointer to an activation record) and compiled code. In thisdrawing, a bullet (•) indicates that a pointer should be drawn from this slot to the appro-priate closure. Since the pointers to activation records cross and could become difficult toread, each activation record is numbered at the far left. In each activation record, place thenumber of the activation record of the statically enclosing scope in the slot labeled “accesslink.” The first two are done for you. Also use activation record numbers for the environmentpointer part of each closure pair. Write the values of local variables and function parametersdirectly in the activation records.Activation records Closures Compiled code(0)r (1)cp (3)(1)Point(. . . ) access link (0)xy h ( ), • i code for equalsequals •distance • h ( ), • i(2)Point part of cp access link (0)xy h ( ), • i code for distanceequals •distance • h ( ), • i(3)ColorPt(. . . ) access link ( )c h ( ), • i code for cpt equalsequals •(4)cp.distance(r) access link ( )q (r)4Problem 3b (2 points)The body of distance contains the expressionsqrt((x - q.x)**2 + (y - q.y)**2)which compares the coordinates of the point containing this distance procedure to thecoordinate of the point q passed as an argument. Explain how the value of x is found whencp.distance(r) is executed, mentioning specific links in your diagram. What value of x isused?Problem 3c (2 points)The above illustration shows that a reference cp to a colored point object points to theColorPt part of the object. Assuming this implementation, explain how the expressioncp.x can be evaluated. Explain the steps used to find the right x value on the stack, startingby following the pointer cp to activation record (3).Problem 3d (2 points)Explain why the call cp.distance(r) only needs access to the Point part of cp and notthe ColorPt part of cp.5Problem 4We can compare Smalltalk interfaces to classes using protocols, which are lists of operationnames (selectors). When a selector allows parameters, as in at: put:, the selector nameincludes the colons but not the spaces. More