ABSTRACT
C programs can be difficult to debug due to lax type enforcement and low-level access to memory. We present a dynamic analysis for C that checks heap snapshots for consistency with program types. Our approach builds on ideas from physical subtyping and conservative garbage collection. We infer a program-defined type for each allocated storage location or identify "untypable" blocks that reveal heap corruption or type safety violations. The analysis exploits symbolic debug information if present, but requires no annotation or recompilation beyond a list of defined program types and allocated heap blocks. We have integrated our analysis into the GNU Debugger (gdb), and describe our initial experience using this tool with several small to medium-sized programs.
- L. O. Andersen. Program Analysis and Specialization for the C Programming Language. PhD thesis, DIKU, University of Copenhagen, May 1994.Google Scholar
- T. M. Austin, S. E. Breach, and G. S. Sohi. Efficient detection of all pointer and array access errors. In PLDI '94: Proceedings of the ACM SIGPLAN 1994 conference on Programming language design and implementation, pages 290--301, New York, NY, USA, 1994. ACM Press. Google Scholar
Digital Library
- H.-J. Boehm and M. Weiser. Garbage collection in an uncooperative environment. Software: Practice & Experience, 18(9):807--820, 1988. Google Scholar
Digital Library
- L. Cardelli. Structural subtyping and the notion of power type. In POPL '88: Proceedings of the 15th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pages 70--79, New York, NY, USA, 1988. ACM Press. Google Scholar
Digital Library
- S. Chandra and T. W. Reps. Physical type checking for C. In Workshop on Program Analysis For Software Tools and Engineering, pages 66--75, 1999. Google Scholar
Digital Library
- B. Demsky, M. D. Ernst, P. J. Guo, S. McCamant, J. H. Perkins, and M. Rinard. Inference and enforcement of data structure consistency specifications. In ISSTA 2006, Proceedings of the 2006 International Symposium on Software Testing and Analysis, Portland, ME, USA, July 18--20 2006. Google Scholar
Digital Library
- D. Evans. Static detection of dynamic memory errors. In PLDI '96: Proceedings of the ACM SIGPLAN 1996 conference on Programming language design and implementation, pages 44--53, New York, NY, USA, 1996. ACM Press. Google Scholar
Digital Library
- EXIF tag parsing library. http://libexif.sf.net/.Google Scholar
- Free Software Foundation, Inc., Boston, MA, USA. The GNU C Library, 0.10 edition, July 6 2001.Google Scholar
- J. Gilmore and S. Shebs. GDB Internals, Feb. 2004.Google Scholar
- R. Hastings and B. Joyce. Purify: Fast detection of memory leaks and access errors. In Proceedings of the USENIX Winter Conference, pages 125--138, San Francisco, CA, USA, 1992. USENIX Association.Google Scholar
- M. Hutchins, H. Foster, T. Goradia, and T. Ostrand. Experiments on the effectiveness of dataflow- and control-flow-based test adequacy criteria. In Proceedings of the 16th International Conference on Software Engineering, pages 191--200. IEEE Computer Society Press, May 1994. Google Scholar
Digital Library
- International Organization for Standardization. ISOslash IEC 9899:1999: Programming Languages --- C. International Organization for Standardization, Geneva, Switzerland, Dec. 1999.Google Scholar
- T. Jim, J. G. Morrisett, D. Grossman, M. W. Hicks, J. Cheney, and Y. Wang. Cyclone: A safe dialect of C. In Proceedings of the General Track: 2002 USENIX Annual Technical Conference, pages 275--288, Berkeley, CA, USA, 2002. USENIX Association. Google Scholar
Digital Library
- R. W. M. Jones and P. H. J. Kelly. Backwards-compatible bounds checking for arrays and pointers in C programs. In AADEBUG, pages 13--26, 1997.Google Scholar
- S. Kaufer, R. Lopez, and S. Pratap. Saber-C: An interpreter-based programming environment for the C language. In Proceedings of the USENIX Summer Conference, pages 161--171, San Francisco, CA, USA, June 1988. USENIX Association.Google Scholar
- A. Loginov, S. H. Yong, S. Horwitz, and T. W. Reps. Debugging via run-time type checking. In FASE '01: Proceedings of the 4th International Conference on Fundamental Approaches to Software Engineering, pages 217--232, London, UK, 2001. Springer-Verlag. Google Scholar
Digital Library
- G. C. Necula, J. Condit, M. Harren, S. McPeak, and W. Weimer. CCured: Type-safe retrofitting of legacy software. ACM Transactions on Programming Languages and Systems, 27(3):477--526, 2005. Google Scholar
Digital Library
- N. Nethercote and J. Seward. Valgrind: A program supervision framework. Electronic Notes in Theoretical Computer Science, 89(2), 2003.Google Scholar
- M. Polishchuk, B. Liblit, and C. Schulze. WhatsAt: Dynamic heap type inference for program understanding and debugging. Technical Report 1583, University of Wisconsin--Madison, Oct. 2006.Google Scholar
- M. Siff, S. Chandra, T. Ball, K. Kunchithapadam, and T. W. Reps. Coping with type casts in C. In O. Nierstrasz and M. Lemoine, editors, ESEC/SIGSOFT FSE, volume 1687 of Lecture Notes in Computer Science, pages 180--198. Springer, 1999. Google Scholar
Digital Library
- G. Smith and D. Volpano. A sound polymorphic type system for a dialect of C. Science of Computer Programming, 32(1-3):49--72, 1998. Google Scholar
Digital Library
- B. Steensgaard. Points-to analysis in almost linear time. In Symposium on Principles of Programming Languages, pages 32--41, 1996. Google Scholar
Digital Library
- J. L. Steffen. Adding run-time checking to the portable C compiler. Software: Practice & Experience, 22(4):305--316, 1992. Google Scholar
Digital Library
- T. Zimmermann and A. Zeller. Visualizing memory graphs. In Software Visualization, International Seminar Dagstuhl Castle, Germany, May 20--25, 2001, Revised Lectures, volume 2269 of Lecture Notes in Computer Science, pages 191--204. Springer, May 2001. Google Scholar
Digital Library
Index Terms
Dynamic heap type inference for program understanding and debugging
Recommendations
Dynamic heap type inference for program understanding and debugging
Proceedings of the 2007 POPL ConferenceC programs can be difficult to debug due to lax type enforcement and low-level access to memory. We present a dynamic analysis for C that checks heap snapshots for consistency with program types. Our approach builds on ideas from physical subtyping and ...
Dynamic type inference for gradual Hindley–Milner typing
Garcia and Cimini study a type inference problem for the ITGL, an implicitly and gradually typed language with let-polymorphism, and develop a sound and complete inference algorithm for it. Soundness and completeness mean that, if the algorithm succeeds,...
Reducing pause time of conservative collectors
MSP 2002 and ISMM 2002This paper describes an incremental conservative garbage collector that significantly reduces pause time of an existing collector by Boehm et al. Like their collector, it is a true conservative collector that does not require compiler cooperation but ...






Comments