Dr. Dobb's Journal April 2000
If you're in the market for a job as a web or Internet developer (or for virtually any programming job these days), be prepared to answer a lot of technical questions during the job interview. It's true that interviewers might throw in a fun question such as, "Why don't kitchen sinks have an overflow mechanism?" or "When a fly alights on the ceiling, does it perform a loop or a roll to get upside down?" but for the most part they're interested in your technical savvy. So here is a sampling of questions you should be able to answer.
Q: How does the free() call know how many bytes to free?
A: The malloc/free implementation keeps an inventory of memory allocations.
Q: What parameters does the free() call accept?
A: A pointer to the memory to be freed.
Q: Is the pointer to memory that was freed set automatically to 0?
A: No. free(ptr) will simply release the memory for future usage. The pointer ptr will have exactly the same value as prior to the call to free(ptr).
Q: What is the difference between malloc and calloc?
A: calloc allocates enough memory to hold an array of objects of the specified size. The storage is initialized to zero.
Q: What does extern mean in a function declaration?
A: It provides a hint that the function's definition is probably in a different source file. However, there is no formal difference between int test(); and extern int test();.
Q: Does *p++; increment p, or what it points to?
A: Operators *, ++, and -- have the same precedence and evaluate from right to left. Therefore, *p++ increments p (and returns the value pointed to by p before the increment).
Q: Can you pass a constant, such as 7, to a function that accepts a pointer to an int?
A: You cannot do it directly. You first have to create a temporary variable, assign it the value 7, and then pass that variable as a parameter to a function.
Q: Does sizeof properly report the size of an array that is a parameter to a function?
A: No. The compiler pretends that the array parameter was declared as a pointer and sizeof reports the size of the pointer.
Q: Is sizeof('c') equal to sizeof(char) or sizeof(int)?
A: sizeof('c') is equal to sizeof(int) since in C, character constants are of type int.
Q: What feature of C++ would you use if you wanted to design a member function that guarantees to leave "this" object unchanged?
A: It is const as in: int MyFunc (int test) const.
Q: What is the difference between MyClass p; and MyClass p();?
A: MyClass p; creates an instance of class MyClass by calling the default constructor for MyClass. MyClass p(); declares function p, which takes no parameters and returns an object of class MyClass by value.
Q: What is the difference between assignment and initialization in C++?
A: Assignment changes the value of the object that has already been constructed. Initialization constructs a new object and gives it a value at the same time.
Q: When are copy constructors called?
A: Copy constructors are called in three cases: when a function returns an object of that class by value, when the object of that class is passed by value as an argument to a function, and finally, when you construct an object based on another object of the same class (Circle c1=c2;).
Q: What does extern "C" int func(int*, Foo) accomplish?
A: It will turn off "name mangling" for this function so that you can link to code compiled by the C compiler.
Q: What is the difference between a pointer and a reference?
A: A reference must always refer to some object; therefore, it must always be initialized, while pointers do not have such restrictions. A pointer can be reassigned to point to different objects, while a reference always refers to an object with which it was initialized.
Q: What comprises a function's signature?
A: A function's signature is its name plus the number and types of parameters it accepts and a const. It is important to note that a return type is not part of a signature.
Q: What is the difference between delete and delete[]?
A: delete deletes one object while delete[] deletes an array of objects.
Q: Name two cases where you must use an initialization list as opposed to an assignment in constructors.
A: Both nonstatic const data members and reference data members cannot be assigned values; instead, you must use an initialization list to initialize them.
Q: How do you know that your class needs a virtual destructor?
A: If your class is to be a base class and if it has at least one virtual function, you should include a virtual destructor even if the destructor function has an empty function body. This allows you to delete a dynamic object of a derived type through a pointer to the base class. If the base class destructor is nonvirtual, the compiler invokes only the base class destructor when you delete the dynamic object, which is not what you want. If the base class destructor is virtual, the compiler invokes the destructor of the type of the object itself, even though the pointer is of the base class type, which properly destroys the object.
Q: Why are Java compatibility issues not as serious as Javascript compatibility issues?
A: The problem with Javascript is that the two major players, Microsoft and Netscape, have two different document object models. Java, on the other hand, has a standard that is controlled by one source -- Sun Microsystems Inc.
Q: What is a JAR file?
A: A JAR file is basically an archive file that is used to combine files that come with an applet (image files and so on).
Q: Identify the type mentioned in the list that is not a primitive data type in Java: boolean, char, byte, short, int, long, real, double.
A: real is not a Java primitive data type; however, float is one of the Java primitive data types.
Q: Specify a legal signature for the main() method of Java application.
A: public static void main().
Q: Is there a Java keyword that would make an access level of class variables the same as the default access level?
A: No. The default access level in Java is "Friendly," which is not a Java keyword. This means that the only way to make class-level variables having a "Friendly" access level is not to explicitly specify the access level. This is different than in C++ where the default access level for a class is private and "private" is a C++ keyword.
Q: What can you do to ensure that class EternalStudent cannot be subclassed?
A: You have to make it final.
Q: What do you need to do in order to ensure that an exception is caught even if there is no appropriate catch block for it?
A: You need to specify the finally {...} block.
Q: In C++, polymorphism is accomplished with the help of the keyword "virtual." How do you accomplish polymorphic behavior in Java?
A: In Java there is no keyword "virtual." Polymorphic behavior (or late binding) is built into Java. You just have to make sure that methods are overriden appropriately.
Q: Does calling start() on a thread ensure that the thread will run immediately?
A: No. The thread will enter the ready-to-run state. It is going to remain in that state until the scheduler moves it to running state.
Q: Given the following code: String test1=foo+bar; String test2=new String(test1); what will if (test1==test2) evaluate to and what will if (test1 .equals(test2)) evaluate to?
A: if (test1==test2) will evaluate to false, while if (test1.equals(test2)) will evaluate to true.
Q: How can you clear the contents of a TextArea?
A: myarea.setText("");.
Q: What is the difference between an application, applet, and servlet?
A: An application is a standalone program that runs on the top of an operating system; an applet is a program that runs only within the web browser. A servlet is like an application that runs within a web-server process space. A servlet is utilizing Java technology. A Java applet runs on a client side while a servlet runs on a web-server side.
Q: What do you need to do with an applet so that it is allowed to perform file I/O on a system where the applet is downloaded remotely?
A: You need to digitally sign it. This does not guarantee that the applet will be able to do I/O on every system it is downloaded to, but if it is unsigned it will not be able to do I/O on any system.
Q: What kind of Java applets are allowed to access to vital local computer resources?
A: In a nutshell, local code is trusted to have full access to vital system resources, such as the file system. Downloaded remote code (an applet) is only trusted if it is signed (signed applet). In JDK 1.2 this all can be controlled via the Security Policy, which defines the set of permissions available for code from various signers or locations and can be configured by a user or a system administrator.
Q: How can you exchange the data between Java and Javascript?
A: HTML can access public variables of an applet; therefore, if you had: var shared = document.appletname.variable_name, then the value of the Javascript variable shared would be set to the value of the Java applet variable variable_name.
Q: How can you design an HTML page to let clients know whether their browser supports JavaScript?
A: You can use <NOSCRIPT>...</NOSCRIPT>. The NOSCRIPT tag specifies the content for a browser to display when JavaScript is not available or enabled.
Q: How can you code a link within the HTML page so that when users click on this link, the web-server log reflects whether the client's browser supports JavaScript?
A: <A HREF="TestPage.htm" onClick= "this.href='TestPage.htm?JavaScript=true'">...</A>. If the client's browser supports Javascript, the server log is going to have an entry that contains "...TestPage.htm?JavaScript=true." If the client's browser does not support JavaScript, the web server's access log is going to have an entry that contains: "...TestPage.htm" (without ?JavaScript= true portion).
Q: How should you code a link within the HTML page so that it points to two different locations depending on whether the browser supports Javascript or not? The link explanation on the status bar should reflect the actual location.
A: <a href="http://www.NoJavaScript .com" onMouseOver="window.status= 'www.YesJavaScript.com';return true" onclick="this.href='http://www.YesJavaScript.com'">Take me there </A>.
Q: What's the difference between Active Server Pages, client-side JavaScript, and server-side JavaScript?
A: ASP is a Microsoft technology that runs on a server. Client-side JavaScript runs on a client. Server-side JavaScript is Netscape technology that runs on a server. Both ASP and server-side JavaScript can contain client-side JavaScript.
Q: Where do you need to place the JavaScript code so that it executes immediately after the HTML page is completely loaded?
A: You need to execute it when an onload event is triggered, such as in: <BODY onLoad="NameOfFunction()">.
Q: How can you detect whether a document has frames in it?
A: If frames.length returns the value of 0, then there are no frames.
Q: What Javascript code do you need to write so that the resulting page displays only that part of the URL that begins after the "?" character?
A: document.write(window.location.search .substring(1));.
Q: What does 751 permission of a file mean?
A: Read/write/execute for the owner; read/execute for the group; execute for others.
Q: What will the following command sequence do: ls * | grep -v "\."?
A: It will list all files in the directory that do not have a dot in their names.
Q: How can you find all the files with the extension .cpp in the current directory and in all of its subdirectories?
A: find <path> -follow -name '*.cpp' -print #-follow option is needed in case some directories are links.
Q: In a UNIX shell of your choice, how do you incorporate today's date into a file name?
A: If you wanted the file to be called testdata.<today_date> then you could do it like this: name_of_file= testdata.`date '+%d%m%y'`.
Q: A URL looks like this: http:// johnb:y2ktoday@www.mydomain.com/. What does the johnb:y2ktoday portion of the URL represent?
A: johnb is the user name and y2ktoday is the password.
Q: A URL looks like this: http://www .mydomain.com:8081/. What does the :8081 portion of the URL represent?
A: :8081 is the port number.
Q: A URL looks like this: http://www .mydomain.com/. What will be the most likely name of the HTML page that the server will send to the browser?
A: The most common name of the default HTML document is index.htm.
Q: A URL looks like this: https://www .mydomain.com/. What port on the web server will be contacted?
A: Because the protocol is HTTPS, the default port is 443.
Q: The web server NYCServer.com is physically located in New York City. Page www.NYCServer.com/time.htm contains a JavaScript code that displays the current time of day based on the computer clock. CGI page www.NYCServer.com/ time.cgi also displays the time of day based on the computer clock. Two users, User A and User B, are located in Los Angeles. At 12:00pm Pacific Standard Time (3:00pm Eastern Standard Time), User A and User B simultaneously point their browsers at www.NYCServer.com/ time.htm and http:// www.nycserver.com/ time.cgi, respectively. What time is reported to User A and what time is reported to User B?
A: Since user A will see the time based on JavaScript, he will see 12:00pm. This is because JavaScript executes within a browser. Since User B will see the time based on the CGI page, he will see 3:00pm. This is because CGI runs on the server side.
Q: What kind of security does SSL provide?
A: The SSL protocol includes provisions for server authentication (verifying the server's identity to the client), encryption of data in transit, and optional client authentication (verifying the client's identity to the server).
Q: What purpose does the server's digital certificate accomplish?
A: The server's digital certificates authenticate the server to the client.
Q: Name two methods of submitting the data from the browser to a web server.
A: POST and GET.
Q: What does a CGI program need to do in order to tell the browser to expect MIME content of type text/html?
A: A CGI program needs to print "Content-type:text/html" followed by the two blank lines.
Q: How can you pass information from one CGI program to another?
A: You can either use hidden fields of POST requests or you can pass the appropriate set of name=value pairs in every GET URL.
Q: One method of identifying your users is by using cookies. Name one potential problem with this method.
A: Users can configure their browsers not to accept cookies. This would make it impossible for your CGI program to identify those users.
Q: How can you ensure that the data is submitted to a server via the POST command only?
A: The value of the environment variable REQUEST_METHOD indicates the method used. If the value of REQUEST_METHOD is not equal to POST, your program may produce an error message.
Q: Which environment variables need to be inspected in order to retrieve the data sent to a server via the GET or POST methods?
A: Information sent via the GET method is stored in the QUERY_STRING environment variable. If the data was sent via the POST method, it is sent to Standard Input. In this case, the environment variable CONTENT_LENGTH needs to be inspected in order to determine the length of the input.
Q: Which environment variable needs to be inspected in order to determine the type of visitor's browser and platform?
A: HTTP_USER_AGENT.
Q: What environment variable reflects the strength of the encryption used by the visitor's browser?
A: HTTPS_SECRETKEYSIZE.
Q: Is it possible for the user to change the values in hidden form variables?
A: Yes. The user can save source HTML files to his computer and then use any editor to change the value of hidden variables (such as changing "price=$1250.00" to "price=$50.00"). Then the user can submit the edited page to a server.
Q: Is the POST method of submitting the data to the server more secure then the GET method?
A: From a security standpoint, the only difference between the two is that the data submitted via the GET method will be stored in the web server's access log, while this is not the case with the POST method.
Q: What security flaws can be introduced if the user's input is passed to a CGI program unchecked?
A: First of all, assumptions should never be made about the size of the user's input. If the user's input length exceeds the memory buffer allocated to store the input (buffer overflow) then this situation can be used by hackers to execute commands remotely on the server. Second, user's input should never be passed unchecked to a shell command. In C this includes system() and popen() commands.
How did you do? Why don't you try just one last question: Why are military medals worn on the left? If you would like to see the answers to the fun questions, read the book: "Why do clocks run clockwise? And other Imponderables" by David Feldman. I can also recommend, as a side reading (the main reading is, of course, Feldman's book) the following book titles and web sites:
C Programming Language, Second Edition, by Brian Kernighan and Dennis Ritchie. Prentice Hall, 1988, ISBN 0131103709.
C++ Programming Language, by Bjarne Stroustrup. Addison-Wesley, 1997, ISBN 0201889544.
C++: The Core Language, by Gregory Satir and Doug Brown. O'Reilly & Associates, 1995, ISBN 156592116X.
C++ FAQs, by Marshall P. Cline and Greg A. Lomow. Addison-Wesley, 1998, ISBN 0201309831.
Effective C++, by Scott Meyers. Addison-Wesley, 1997, ISBN 0201924889.
More Effective C++, by Scott Meyers. Addison-Wesley, 1995, ISBN 020163371X.
Comp.lang.c++ and comp.lang.c++ .moderated internet news groups.
The UNIX Programming Environment, by Brian Kernighan and Rob Pike. Prentice Hall, 1984, ISBN 013937681X.
Best UNIX Tips Ever, by Kenneth Rosen, Richard Rosinski, and Douglas Host. Osborne, 1994, ISBN 0-07-881924-5 (out of print).
Perl and CGI for the World Wide Web, by Elizabeth Castro. Addison-Wesley, 1995, ISBN 020135358X.
Java.sun.com/.
Javascript Bible, Third Edition by Danny Goodman and Brian Eich. IDG Books Worldwide, 1998, ISBN 0764531883.
Developer.netscape.com/.
http://www.w3.org/Security/faq/. The World Wide Web Security FAQ.
Thanks to Motti Shimoni for his assistance with this article.
DDJ