Pascal Fradet, Ronan Gaugne, and Daniel Le Metayer. An inference algorithm for the static verification of pointer manipulation. Technical Report 980, IRISA, 1996.  Home/Search   Document Details and Download   Summary   Related Articles   Check

....15 and Figure 16 in the appendix. We use the exception value illegal to denote the result of a computation involving the dereference of an invalid pointer. The language considered here does not include procedure calls and gotos but both are treated in the full version of the analysis described in [7]. We also ignore arithmetic operations on pointers and we assume that only one field of a record can be of type pointer. Due to this simplification, we can omit the field names in access chains without ambiguity (writing, for instance, v for v.cdr if v is a variable of type list with list = ....

....the post condition property Q. Corollary 2.2 if fPg S fQg then 8E ; 8SD : CV (P; E ; SD ) E stat S; SD 6; illegal: Corollary 2.2 is a direct consequence of Theorem 2.1. It shows that the logic can be used to detect illegal pointer dereferences. The proof of Theorem 2. 1 can be found in [7]. 3 A static debugger for pointer errors The system presented in the previous section is a specification of a static analyser. The next step consists in the derivation of an algorithm from the specification. The derivation follows the method presented in [10] to get a decidable and deterministic ....

P. Fradet, R. Gaugne and D. Le M'etayer, An inference algorithm for the static verification of pointer manipulation, INRIA Research Report 2895, Jun. 1996.

....relations between pointer variables. The specification is proved correct with respect to the operational (natural) semantics of the program. The specification is then refined to obtain an algorithm which is in turn proved correct with respect to its specification. This analyser is described in [3] with a non trivial example manipulating circular lists, which illustrates its accuracy. Such accuracy has a potentially high computational cost. In order to design a realistic tool, we have to find a compromise between efficiency and accuracy. We choose a flexible solution by offering an ....

P. Fradet, R. Gaugne, and D. Le Metayer. An inference algorithm for the static verification of pointer manipulation. Technical Report 2895, INRIA, June 1996.

....We use the exception value illegal to denote the result of a computation involving the dereference of an RR n3232 6 Ronan Gaugne invalid pointer. The language considered here does not include procedure calls and gotos but both are treated in the full version of the analysis described in [7]. We also ignore arithmetic operations on pointers and we assume that only one field of a record can be of type pointer. Due to this simplification, we can omit the field names in access chains without ambiguity (writing, for instance, v for v.cdr if v is a variable of type list with list = ....

....the post condition property Q. Corollary 2.2 if fPg S fQg then 8E ; 8SD : CV (P; E ; SD ) E stat S; SD 6; illegal: Corollary 2.2 is a direct consequence of Theorem 2.1. It shows that the logic can be used to detect illegal pointer dereferences. The proof of Theorem 2. 1 can be found in [7]. 3 A static debugger for pointer errors The system presented in the previous section is a specification of a static analyser. The next step consists in the derivation of an algorithm from the specification. The derivation follows the method presented in [10] to get a decidable and deterministic ....

P. Fradet, R. Gaugne and D. Le M'etayer, An inference algorithm for the static verification of pointer manipulation, INRIA Research Report 2895, Jun. 1996.

....the dereference of an invalid pointer. The set of valid pointers of the store SD is D. The effect of alloc (resp. free) is to add an address in (resp. to remove an address from) D. This paper is concerned with the analysis of blocks of instructions excluding procedure calls and gotos (see [13] for extensions) This allows us to focus on the essential issues of pointer analysis and to keep the presentation simpler. We also ignore arithmetic operations on pointers and we assume that only one field of a record can be of type pointer. Due to this simplification, we can omit the field names ....

....by inspection of the different cases in the definition of v[ v 2 =v 1 ] V P . The correctness of the dereference case (id) follows from the lemma: Lemma 5. CV ( v = undef) E ; SD ) Val(v; E ; SD ) 2 D More details about the proofs of properties stated in this paper can be found in [13]. 3 A Checking Algorithm As a first stage to get an effective algorithm from the previous logic, we restrict the set of properties which may appear as pre post conditions. For a given program Prog , let us call Var Prog the set of variables 1 occurring in Prog and their suffixes (plus undef) ....

[Article contains additional citation context not shown here]

P. Fradet, R. Gaugne and D. Le M'etayer, An inference algorithm for the static verification of pointer manipulation, IRISA Research Report 980, 1996.

No context found.

Pascal Fradet, Ronan Gaugne, and Daniel Le Metayer. An inference algorithm for the static verification of pointer manipulation. Technical Report 980, IRISA, 1996.

No context found.

Pascal Fradet, Ronan Gaugne, and Daniel Le Metayer. An inference algorithm for the static verification of pointer manipulation. Technical Report 980, IRISA, 1996.

No context found.

Pascal Fradet, Ronan Gaugne, and Daniel Le Metayer. An inference algorithm for the static verification of pointer manipulation. Technical Report 980, IRISA, 1996.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC