skip to main content
10.1145/1190216.1190225acmconferencesArticle/Chapter ViewAbstractPublication PagespoplConference Proceedingsconference-collections
Article

Dynamic heap type inference for program understanding and debugging

Published:17 January 2007Publication History

ABSTRACT

C programs can be difficult to debug due to lax type enforcement and low-level access to memory. We present a dynamic analysis for C that checks heap snapshots for consistency with program types. Our approach builds on ideas from physical subtyping and conservative garbage collection. We infer a program-defined type for each allocated storage location or identify "untypable" blocks that reveal heap corruption or type safety violations. The analysis exploits symbolic debug information if present, but requires no annotation or recompilation beyond a list of defined program types and allocated heap blocks. We have integrated our analysis into the GNU Debugger (gdb), and describe our initial experience using this tool with several small to medium-sized programs.

References

  1. L. O. Andersen. Program Analysis and Specialization for the C Programming Language. PhD thesis, DIKU, University of Copenhagen, May 1994.Google ScholarGoogle Scholar
  2. T. M. Austin, S. E. Breach, and G. S. Sohi. Efficient detection of all pointer and array access errors. In PLDI '94: Proceedings of the ACM SIGPLAN 1994 conference on Programming language design and implementation, pages 290--301, New York, NY, USA, 1994. ACM Press. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. H.-J. Boehm and M. Weiser. Garbage collection in an uncooperative environment. Software: Practice & Experience, 18(9):807--820, 1988. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. L. Cardelli. Structural subtyping and the notion of power type. In POPL '88: Proceedings of the 15th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pages 70--79, New York, NY, USA, 1988. ACM Press. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. S. Chandra and T. W. Reps. Physical type checking for C. In Workshop on Program Analysis For Software Tools and Engineering, pages 66--75, 1999. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. B. Demsky, M. D. Ernst, P. J. Guo, S. McCamant, J. H. Perkins, and M. Rinard. Inference and enforcement of data structure consistency specifications. In ISSTA 2006, Proceedings of the 2006 International Symposium on Software Testing and Analysis, Portland, ME, USA, July 18--20 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. D. Evans. Static detection of dynamic memory errors. In PLDI '96: Proceedings of the ACM SIGPLAN 1996 conference on Programming language design and implementation, pages 44--53, New York, NY, USA, 1996. ACM Press. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. EXIF tag parsing library. http://libexif.sf.net/.Google ScholarGoogle Scholar
  9. Free Software Foundation, Inc., Boston, MA, USA. The GNU C Library, 0.10 edition, July 6 2001.Google ScholarGoogle Scholar
  10. J. Gilmore and S. Shebs. GDB Internals, Feb. 2004.Google ScholarGoogle Scholar
  11. R. Hastings and B. Joyce. Purify: Fast detection of memory leaks and access errors. In Proceedings of the USENIX Winter Conference, pages 125--138, San Francisco, CA, USA, 1992. USENIX Association.Google ScholarGoogle Scholar
  12. M. Hutchins, H. Foster, T. Goradia, and T. Ostrand. Experiments on the effectiveness of dataflow- and control-flow-based test adequacy criteria. In Proceedings of the 16th International Conference on Software Engineering, pages 191--200. IEEE Computer Society Press, May 1994. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. International Organization for Standardization. ISOslash IEC 9899:1999: Programming Languages --- C. International Organization for Standardization, Geneva, Switzerland, Dec. 1999.Google ScholarGoogle Scholar
  14. T. Jim, J. G. Morrisett, D. Grossman, M. W. Hicks, J. Cheney, and Y. Wang. Cyclone: A safe dialect of C. In Proceedings of the General Track: 2002 USENIX Annual Technical Conference, pages 275--288, Berkeley, CA, USA, 2002. USENIX Association. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. R. W. M. Jones and P. H. J. Kelly. Backwards-compatible bounds checking for arrays and pointers in C programs. In AADEBUG, pages 13--26, 1997.Google ScholarGoogle Scholar
  16. S. Kaufer, R. Lopez, and S. Pratap. Saber-C: An interpreter-based programming environment for the C language. In Proceedings of the USENIX Summer Conference, pages 161--171, San Francisco, CA, USA, June 1988. USENIX Association.Google ScholarGoogle Scholar
  17. A. Loginov, S. H. Yong, S. Horwitz, and T. W. Reps. Debugging via run-time type checking. In FASE '01: Proceedings of the 4th International Conference on Fundamental Approaches to Software Engineering, pages 217--232, London, UK, 2001. Springer-Verlag. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. G. C. Necula, J. Condit, M. Harren, S. McPeak, and W. Weimer. CCured: Type-safe retrofitting of legacy software. ACM Transactions on Programming Languages and Systems, 27(3):477--526, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. N. Nethercote and J. Seward. Valgrind: A program supervision framework. Electronic Notes in Theoretical Computer Science, 89(2), 2003.Google ScholarGoogle Scholar
  20. M. Polishchuk, B. Liblit, and C. Schulze. WhatsAt: Dynamic heap type inference for program understanding and debugging. Technical Report 1583, University of Wisconsin--Madison, Oct. 2006.Google ScholarGoogle Scholar
  21. M. Siff, S. Chandra, T. Ball, K. Kunchithapadam, and T. W. Reps. Coping with type casts in C. In O. Nierstrasz and M. Lemoine, editors, ESEC/SIGSOFT FSE, volume 1687 of Lecture Notes in Computer Science, pages 180--198. Springer, 1999. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. G. Smith and D. Volpano. A sound polymorphic type system for a dialect of C. Science of Computer Programming, 32(1-3):49--72, 1998. Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. B. Steensgaard. Points-to analysis in almost linear time. In Symposium on Principles of Programming Languages, pages 32--41, 1996. Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. J. L. Steffen. Adding run-time checking to the portable C compiler. Software: Practice & Experience, 22(4):305--316, 1992. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. T. Zimmermann and A. Zeller. Visualizing memory graphs. In Software Visualization, International Seminar Dagstuhl Castle, Germany, May 20--25, 2001, Revised Lectures, volume 2269 of Lecture Notes in Computer Science, pages 191--204. Springer, May 2001. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Dynamic heap type inference for program understanding and debugging

              Recommendations

              Comments

              Login options

              Check if you have access through your login credentials or your institution to get full access on this article.

              Sign in

              PDF Format

              View or Download as a PDF file.

              PDF

              eReader

              View online with eReader.

              eReader
              About Cookies On This Site

              We use cookies to ensure that we give you the best experience on our website.

              Learn more

              Got it!