Candidate Screening Challenges (Was: Crazy idea from a recruiter)

Sasha Pachev sasha at
Thu Mar 28 12:40:35 MDT 2013

>> - Assuming you are on a reasonable Unix platform, can you add some
>> magic around the code without inserting anything in between the above
>> two lines so that it would actually print Hello, world! in spite of
>> the egregious error?

>Sure. Above it define a macro named 'strcpy' that ignores its first
>parameter and simply calls printf("%s", b) with its second parameter

The above can work just as well on any platform, not just Unix.  Now
we need to clarify - without the use of #define black magic, can we
make this happen. Hint:

can you make the following C code print "Hello, world" on  a
reasonable Unix platform by adding some actual code before it:

a = b/0;


> - Barring a compiler bug, CPU malfunction or memory corruption is the
> following possible, in which language, and how? You have the code that
> says:
>   s.a = 43;
>   printf("s.a=%u\n",s.a);
> Those lines result in the following message:
> s.a=11

> There are likely other possibilities, but some that comes to mind are:
> 1) this could be a threaded process in C/C++ missing a lock around
> these two lines--another thread changed it between them.
> 2) this could be C++ where s.a is an instance of a class that
> overloads operator= to do something non-obvious
> 3) s.a represents a memory-mapped IO location--reads and writes may
> mean very different things

1 is a possibility, but rather unlikely in a real world. At least the
probability of reproducing it consistently is next to zero. Although I
will not go far as to say it cannot be done, but I think Robert should
tell his clients to offer a job immediately and give the guy anything
he wants to anybody who is able to write such code that will reproduce
the behavior even 50% of the time.  Again to clarify - we want a race
that will somewhat consistently overwrite the variable between a
variable assignment and the time printf gets its hands on the
variable. I started thinking - my first idea was to redirect STDOUT to
something that can block and make it block at the perfect time, but
then I realized that printf() will read the variable first, create a
formatted string, put it in the I/O buffer, and only then will try to
flush the buffer. So this idea is out. So far the best I could think
of is to have a wild loop in one thread that keeps setting s.a to 11
while the other will execute the code above. But how do you
orchestrate the context-switch at the right time? Maybe borrow some
code from GDB and do your own watchpoint?

For 2 I would like to see some sample code that compiles. s.a could be
an object, but then you need to implicitly cast it to unsigned int, or
at least something that would make printf() think it is unsigned int.
I am not sure if this can be done, although I have not given this much

3 I think is most reasonable of all of the above. But providing some
sample code that will actually make it happen is enough of a challenge
that anybody who passes could be offered a kernel driver development
job based on the merits of meeting that challenge alone.

4 was offered in another post with s.a being a bitfield, and that is
the one that is the most reasonable. I've actually run into it while
adding a custom feature to InnoDB and then porting the change from
MySQL 5..5.8 to 5.5.23. What used to be an int became a bitfield in
the new code base, and the meaning of the values of that field has
changed. I had a lot of fun debugging. Sample code for 4 is by far the

That said, after two days I was expecting to see more challenges in
this thread.  So far only two people proposing solutions to the
challenges I've posted, but no new ones. Come on guys, among all of us
we have solved a good number interesting problems, have seen others
run into difficulties in a humorous but educational way, and have
entertained ourselves while actually doing something code or system
productive. Let's share!

Sasha Pachev

Fast Running Blog.
Run. Blog. Improve. Repeat.

More information about the PLUG mailing list