And, Yes, I am still in love with her. Especially, the last weeks
this feeling of being in love has been growing stronger again.

If a stack runs downward, and you have a procedure having
a local string buffer (and that is often the case), and
if the procedure does not check against buffer overflows,
you can overwrite the return address on the run-time stack.
Such a hole can be used to call a system procedure.
If the run-time stack grows upward, this can never happen.

## Monday, December 23, 1996

Only two days working left this year. Many of my colleages have taken of
some days. And because the students are also off, it is rather quiet in
the building.
### The Art of Programming

Programming is sometimes called an art. Lately, I have been wondering
whether it is an art, or a technique. For example, what do the
following two programs in common?
void main()
{ int n500 = 0, n250 = 0, n100 = 0, n25 = 0,
n10 = 0, n5 = 0, a = 500, m = 0;
while (a >= 0)
{ while (a >= 0)
{ while (a >= 0)
{ while (a >= 0)
{ while (a >= 0)
{ m++;
n10++; a -= 10;
}
a += 10 * n10; n10 = 0; n25++; a -= 25;
}
a += 25 * n25; n25 = 0; n100++; a -= 100;
}
a += 100 * n100; n100 = 0; n250++; a -= 250;
}
a += 250 * n250; n250 = 0; n500++; a -= 500;
}
printf("Number of combinations is %d\n", m);
}

void main()
{ int m[100][5];
int i,j;
int v[] = { 2, 5, 20, 50, 100 };
for (i = 0; i < 100; i++)
for (j = 0; j < 5; j++)
m[i][j] = 0;
for(i = 0; i <=500; i++)
for (j = 0; j < 5; j++)
m[i%100][j] = (j == 0 ? 1 : m[i%100][j-1])
+ m[(i + 100 - v[j])%100][j];
printf("Number of combinations is %d\n", m[500%100][4]);
}

The answer is that these programs both print the value of
`c(500, {5, 10, 25, 100, 250, 500})`

,
where the function `c`

is defined as follows:
c(a : posint, {v_1, .. , v_n} : P posint)
= count({ { (v_1, c_1), .. , (v_n, c_n) } : P (posint, posint)
| v_1 * c_1 + .. + v_n * c_n = a })

*(*