A Run-Time Type-Checking Debugger for C
|
|
- Cory Copeland
- 6 years ago
- Views:
Transcription
1 A Run-Time Type-Checking Debugger for C Alexey Loginov, Suan Yong, Susan Horwitz, and Thomas Reps University of Wisconsin 1 Introduction This document outlines progress to date on the run-time type-checking project funded in part by IBM. The project has been carried out during the last year by Alexey Loginov and Suan Yong, under the supervision of Professors Susan Horwitz and Thomas Reps. The goal of the project is the design and implementation of a debugging tool based on dynamic type checking. The major accomplishment during the last year has been an implementation of the tool for the (complete) ANSI C language. The tool instruments a program to monitor the type stored in each memory location (which may differ from the static type of that location due to the use of unions, pointers, and casting). Whenever a value is written into a location, the location s run-time type tag is updated to match the type of the value. Also, the location s static type is compared with the value s type; if there is a mismatch, a warning message is issued. Whenever the value in a location is used, its run-time type tag is checked, and if the type is inappropriate in the context in which the value is being used, an error message is issued. In preliminary tests, the tool has been used to find bugs in several Solaris utilities. The information provided by the tool is usually succinct and precise in showing the error location. The following activities (discussed in more detail below) are planned for the coming year: We will perform a more thorough testing study using larger input programs to validate the utility of our approach. We will study ways to lower the overhead of instrumentation. We will begin work on extending our tool to provide help in tracking down the original source of an error. 2 Motivation To help in the often frustrating task of debugging programs written in a language like C, we are developing a debugging tool that enforces type consistency at run-time. The tool essentially ensures that an executing C program complies with C s type system, which cannot be fully enforced statically. Features and functionalities like unions, casting of pointers, and pointer manipulation put the responsibility of ensuring type consistency in the hands of the programmer. While the programmer is given the flexibility to ignore types, our hypothesis is that a violation of type consistency is a likely indicator of a programming bug. Other run-time debugging tools, like Purify[4] and Safe Pointers[2], have been proposed, developed, and found to be useful. Our tool, however, can catch subtler bugs that cannot be detected by these tools. Generally, when data of one type is used as a different type, our tool will report an error. If this bug does not violate the spatial constraints of the C semantics (i.e., it does not access a memory location that, according to the C language specification, is undefined ), it will not be detected by the other tools mentioned. Such a situation can arise in programs that perform user-level memory management, simulate object-oriented inheritance with C structures, or simply use unions. 1
2 Consider the following example, which simulates object-oriented inheritance in C: 1: typedef enum { shape, polygon, circle } Type; 2: typedef struct { Type type; int color; } Shape; 3: typedef struct { Type type; int color; int sides; } Polygon; 4: typedef struct { Type type; int color; float radius; } Circle; 5:... 6: Shape * s = inputshape(); 7: switch(s->type){ 8: case polygon: printf(" %d sides\n", ((Polygon *)s)->sides);... 9: case circle: printf("radius = %f\n", ((Circle *)s)->radius); } Here Polygon and Circle are (conceptually) subtypes of Shape, with the two fields type and color common to all three structs. The purpose of the type field is to identify the (dynamic) type of the object, but it is the responsibility of the programmer to ensure that this field is set correctly. If s points to an object of type Circle whose type field is erroneously set to polygon, line 8 would attempt to use its third field, which actually contains a float (its radius), as if it were an int. This type inconsistency would be detected by our tool (but not by either Purify or Safe Pointers). This programming style is common, for example, in networking code, where message headers for different kinds of packet formats are handled in a manner similar to the above example[7]. 3 Implementation Our debugging tool comprises two major components: a compiler front-end that instruments the program, and a run-time system that tracks the dynamic type associated with each memory location. The run-time component is currently implemented by storing type information in a mirror of the memory used by the program. The mirror is allocated in 4K segments as user memory is touched. For a given byte of memory, its associated tag in the mirror is four bits in size, and encodes the type of the data in that memory location. Of these four bits, one is used to encode the extent (0 denotes the start of a new object, 1 denotes a continuation tag) and three are used to encode the six types that we currently track: unallocated, uninitialized, integer, real, pointer, and bit-fields. Different pointer types are not distinguished, since C s casting in a sense makes any pointer a generic pointer. Aggregate objects are broken down into their scalar components, whose types are tracked individually. The interface to the run-time system consists primarily of functions that set and update a tag, retrieve a tag, and verify that a tag agrees with an expected type. We also have a function (verifyptr) to verify that a pointer points to allocated memory before it is dereferenced, and a set of functions to handle the passing of function parameters and return values (their tags are passed in an array via a global pointer). Because these run-time operations are implemented in functions that are written with flexibility in mind, the run-time overhead of our instrumentation is currently exorbitant (up to 100x slowdown). Reducing this overhead (e.g., by converting functions to macros and by using static analysis to identify which instrumentation code can be safely omitted) is a subject of future work, described below in Section 5. To instrument a program, we perform a source-to-source transformation on the C source files using Ckit[3], a C front end written in ML. Working at the source level gives us access to all the source-level type information we need. Also, the flexibility of the comma operator in C makes it possible to preserve the ANSI C semantics of the original program while retaining portability: an instrumented C file can be compiled on multiple platforms. 1 1 Note: the Ckit front end does not currently support C-preprocessor directives, so at present we can only instrument preprocessed C code. This limits portability to some extent, but is not a fundamental limitation of our approach. 2
3 To illustrate the syntax-directed transformations that we perform to instrument C expressions, consider instrumenting the expression x = *p. The instrumentation function, instr, takes as arguments the expression to be instrumented, a boolean (enforce) that specifies whether the expression s run-time type must match its static type, and a (temporary) variable to be set to point to the expression s tag. The rule for instrumenting an id expression is (roughly) as follows: 2 exp instr(exp,enforce,tmp tagptr ) *(tmp tagptr = gettagptr(&id), id verifytag(tmp tagptr, typeof(id)), &id) // omit if tmp tagptr = null // omit if enforce = false The instrumented expression is shown in the right-hand column. First, (if tmp tagptr is not null) tmp tagptr is set to point to the tag of id (obtained using the function gettagptr from our run-time library). Next (if enforce = true) the verifytag function is used to verify that the tag associated with id agrees with its declared type. Overall, the instrumented code has the form *(..., &id); this is so that the instrumented expression is both a valid rvalue and a valid lvalue. The tmp variables are temporaries (of appropriate type), each used only within the scope of an expression. The rules for dereference and assignment are as follows: exp instr(exp,tmp tagptr ) *(tmp e = instr(e, true, null), verifyptr(tmp e, sizeof( e)), e tmp tagptr = gettagptr(tmp e ), verifytag(tmp tagptr, typeof( e)), tmp e ) // omit if tmp tagptr = null // omit if enforce = false (tmp assign = instr(e 1, false, tmp tagptr ) = instr(e 2, true, tmp tagptr2 ), e 1 = e 2 copytag(tmp tagptr, tmp tagptr2, sizeof(e 1 )), tmp assign ) For the dereference case, the subexpression e is first instrumented with enforce = true (since e will be dereferenced, i.e., used ). Next, verifyptr verifies that e does not point to unallocated memory. After that, we set the tag pointer and verify the type, just as in the id case. In the assignment case, we instrument e 1 with enforce = false, since we do not care about the type of the data that is about to be overwritten. The copytag function copies the tag of the right-hand-side expression to the left-hand-side expression, and also issues a warning message if the type of the right-hand-side expression is not compatible with the static type of the left-hand-side expression. Since an assignment cannot be an lvalue, it is not necessary for the instrumented code to have the form *(..., & ). We must, however, still make sure that the instrumented expression is a valid rvalue, which is what tmp assign is for. Using these rules, the expression x = *p, where x is of type int, would be instrumented as follows: (tmp1 = *(tmp2 = gettagptr(&x), &x) = ( tmp4 = ( tmp5 = gettagptr(p), verifytag(tmp5, pointer_type), p), verifyptr(tmp4, sizeof (*e)), tmp3 = gettagptr(tmp4), verifytag(tmp3, int_type), *tmp4), copytag(tmp2, tmp3, sizeof(x)), tmp1) 2 We omit some details that would simply complicate the example. For instance, we actually have two separate functions to instrument lvalues and rvalues. 3
4 Handling the entire C language was non-trivial since a number of C s features make correct instrumentation difficult. The following summary of the instrumentation that the tool performs hints at some of the issues: 1. Each program statement is instrumented using a set of syntax-directed transformations. Code for updating, retrieving, or verifying tags is added to each expression, with the aid of the comma operator (as illustrated in the example given above). 2. For a function call, code is added to store the tags for the actual parameters in an array, whose address is stored in a global pointer. The same pointer is used to extract the tag for the return value. 3. At the head of a function definition, code is added to extract the tags of the parameters passed to the function. At a return statement, the mirror for the entire stack frame of the function is cleared to unallocated, and the tag of the return value is assigned to the global pointer (to be extracted by the caller). 4. Every instance of main is renamed to prog main. Our run-time system defines its own main function, which performs some initialization before calling prog main. This way, we can process command-line arguments for the run-time system, and recursive calls to prog main do not cause any problems. 5. Tags for global and static variables are initialized in a special init function; one such function is created per source file. Our main function calls each of these init functions before calling prog main (these init functions from the different source files are collected at link time). 6. Local variables are tagged uninitialized. A local variable that is initialized is processed as if the initialization expression were assigned to that variable. Because our instrumentation code needs to take the address of all variables, register variables are demoted to regular auto variables. 7. We treat extern variables that are not defined in any of the instrumented source files specially. To allow our instrumented source file to be linked with uninstrumented object code (most commonly library modules), we assume extern variables to be wellbehaved, and so initialize their tags to contain their declared types. A final component necessary for proper type checking is for us to handle malloc functions specially. We replace each call to malloc (and related functions) with its own version which, upon successfully allocating a block of memory, initializes the mirror for that memory block with the uninitialized tag. Similarly, our free function resets the mirror to be of unallocated type. As hinted at by item 7 above, the approach we have taken allows us to link instrumented modules with uninstrumented ones. Our only requirement is that the program s main function must be renamed to prog main. This flexibility is useful if, for example, a programmer only wants to debug one small component of a huge program: they can instrument just the files of interest, and link them in with the other uninstrumented object modules. A caveat when doing this, however, is that type information for the uninstrumented parts of the program is not maintained. In particular, if a reference to a valid object in the uninstrumented portion of the program is passed to an instrumented function, it will think that the object is unallocated, and may output spurious warnings. This problem extends, in general, to library modules. For example, the flow of values in a function like strcpy, and the initialization of values from input in a function like fgets are not currently captured. For library functions that affect type flow, we are in the process of building up a collection of instrumented versions. These are wrappers of the original functions, hand-written to capture their type behavior. 4
5 4 Initial Experiments To test the effectiveness of our debugging tool, we used Fuzz[6] to find Solaris utilities that crash on some inputs, and instrumented five such programs for testing (nroff, plot, ul, units, col). A summary of what our tool revealed about each of the crashing runs is given below. nroff: An array of pointers is accessed with a negative index, and the retrieved word, when dereferenced, causes a segmentation fault. The instrumented program, before crashing, warns that the retrieved word that is about to be dereferenced actually contains an array of characters. plot: A rogue pointer, after passing beyond the bounds of an array, walks up the stack, writing bytes as it goes. It eventually goes past the end of the memory segment, at which point the program crashes. The instrumented program outputs a long list of warnings signaling these writes to unallocated memory, accurately identifying the line of code where this occurs. ul: The original program crashes during a call to fgetwc, while the instrumented program crashes during a call to fprintf as our instrumentation code is attempting to write a warning message. The cause of the crash in the original program was difficult to track down, but dereference to unallocated memory warnings generated by our instrumented program led us to the cause of the crashes: a pointer, after passing beyond the bounds of an array, walks through the bss section and eventually writes to the global iob array (which contains stdin, stdout, and stderr), hence causing the subsequent call to a stdio function to crash. units: In the original program, an errant pointer manages to corrupt the save area of the call stack, resulting in bizarre behavior that was difficult to track down. The instrumented program detects a type-violation error after the character pointer cp is set to point to itself, and is subsequently used to write a character value onto itself. The next dereference of cp generates another error, and then the program crashes. col: The original program crashes on a dereference of a bad pointer, but our instrumented program does not crash; instead, it fails to terminate (at least, after two hours we stopped waiting for it to terminate). The first of many error messages generated by our instrumented program signals a dereference into unallocated memory, and points to the line in the program where the crash occurs (in the uninstrumented code). The point where the error was generated is probably close to where the pointer first stepped out of bounds of the global array to which it pointed. In all cases, the crashes in the test inputs were found to have been caused by a pointer (or array index) that had gone astray. In each case, our tool was able to detect the outof-bounds memory accesses when the type of the pointed-to memory was different from the expected type. While these results are very encouraging, these kinds of errors would also be detected by Purify. We can easily create examples (such as the one given in Section 2) for which our tool is able to detect errors that are not detected by Purify; however, we have not yet found examples of those kinds of bugs in real programs. We suspect that such bugs are more likely to occur in large, complicated programs, but due to limitations of the current version of the Ckit front end (enhancements are pending), we have not been able to successfully compile many large programs. Furthermore, the code that we have used to date for testing our technique is in most cases robust code that has been in use for quite some time. As a result, the likelihood of finding errors is lower than if the tool were applied to code during the software-development cycle. We plan to change our testing strategy to reflect this, as discussed in the next section. 5
6 5 Future Work Our future plans include performing a more thorough testing study, lowering the instrumentation overhead, and developing techniques to help programmers find the original sources of errors that manifest themselves as bad run-time types. Our immediate goal is to search for more buggy source code to gauge the utility of our approach. One potential testing avenue could be an industrial code base complete with revision information and bug logs. The ability of our tool to retrace the error-detection cycle (and possibly find previously undiscovered errors) would be a way of demonstrating the utility of our tool. A second goal is to speed up the execution of instrumented programs. Improvements can be made at two levels. First, our tool was built with a great deal of flexibility in mind. Recently, we have made some decisions that should allow us to dramatically simplify the instrumented code by removing some of the features that we have decided are no longer necessary. In addition, we believe that a significant proportion of the instrumentation code can be statically determined to be unnecessary, and thus be removed. For example, if the value in a location is used multiple times, and there is no possibility that its type is modified between the uses, then only the first use needs to be checked. A fairly standard analysis can be used to identify which locations might be modified and which locations might be used by each expression in the program (with the caveat that any write via a pointer must be treated with special care, since a corrupted pointer can point to an arbitrary location). Once that has been done, it is straightforward to find definition-free paths between uses. We will work on identifying other conditions under which variables need not undergo dynamic type checking, and will formulate appropriate dataflow problems to identify them. Since our technique is of use primarily in programs that make use of pointers and heap-allocated storage, pointer analysis is a prerequisite for this work. We plan to build on our previous results on flow-insensitive points-to analysis[9]; in particular, we will use the pointer-analysis tool implemented as part of that work in this project s static-analysis phase. As discussed above, instrumented code currently issues a warning message when a value of one type is assigned to a location of a different type. It may be useful to add an option so that in such cases control is passed to an interactive debugger like GDB[8] (e.g., by sending a signal that is caught by GDB). This would permit the programmer to use the interactive functionalities of GDB to examine the program state to understand the cause of the type inconsistency warning, and whether it indicates a logical error. The programmer may also want the ability to examine and update type tags (to stop false warnings, for example). We will investigate providing an easy-to-use interface to permit such actions. A much more ambitious goal is to add features to our tool to help programmers identify the errors in their code that (eventually) manifest themselves as bad uses of run-time types. We illustrate this idea by expanding on the example from Section 2 (we assume the same typedef declarations as in that example). 1: Shape s;... 2: float a = area(&s);... 3: float area(circle * c) { 4: float r = c->radius; 5: return PI * r * r; 6: } In this code, the address of s, which is a Shape, is erroneously passed as the argument to function area, which expects a pointer to a circle. (When compiled with gcc, this causes a warning but not an error. Some programmers write code that produces many such warnings, which are ignored.) Note that there are three points of interest in this code: 6
7 1. Line 2 is the real source of the error. This is the point where an argument of the wrong type is passed to function area. 2. On line 4, an incorrect type is written into r, because c->radius accesses a location past the end of the structure. (Our tool would cause a warning message to be issued at this point. Purify would not detect this error since the structure pointed to by c is on the stack.) 3. On line 5, variable r is used in the computation of the return value. However, the value of r has the wrong type (and therefore an error message would be issued by our tool, but not by Purify). The goal of this part of our proposed future work is to develop a methodology for guiding the user to the original source of the error, in this case line 2. (It is worth noting that techniques developed to address this problem would not be limited in applicability to our tool; other debuggers could benefit from the same ideas.) Both static and dynamic program slicing [10, 5, 1] are relevant, and we will investigate their utility in this context. Another possibility is to provide a way for the user to roll back the program state (including the type state) to an earlier point in order to find the source of a problem. This is similar to reverse execution in debuggers and requires a checkpointing scheme. We may be able to build on work currently being done by Glenn Ammons, another graduate student at the University of Wisconsin. As described in Section 4, the behaviors of the test programs ul and col were modified by our instrumentation (Purify also significantly changes those programs behaviors). A potential improvement to the tool would be to reduce or eliminate such interference. These behavioral changes are partly due to the addition of local temporary variables, which are necessary for the instrumented code to preserve the language-level semantics of the original program. Since these temporary variables are currently allocated on the stack, they alter the layout of local variables in a function s activation record. While correct and portable programs do not make any assumptions about the layout of a function s activation record, these changes do affect the behavior of many buggy programs. As a result, the behavior of the original program and that of the instrumented one sometimes differs, even though the cause of the errors is the same. In this case, moving the temporary data to the heap and making use of page-protection tricks can allow us to lower the interference of our instrumentation, as well as to protect the type-state data from buggy code. There are also a few miscellaneous enhancements that can improve error precision. For example, we can obtain more complete information about program behavior by making sure that all memory-allocation operations are visible to our tool. (Presently, this is only the case for memory that is allocated in code that we instrument.) In addition to helping us detect errors in libraries for which we do not have source code, this will allow us to do a better job of selective instrumentation. One key to the tool s success will be the ability to safely focus on code likely to contain errors without having to instrument the complete system. This will greatly improve performance and the ease of use of the tool. To summarize, the short-term emphasis will be on performing more thorough testing and some of the more straightforward hand-optimizations. The basic performance improvements will help us streamline the validation tests. Which of the longer-term goals described above will be addressed subsequently will depend, in part, on the results of those tests. References [1] H. Agrawal, J. Horgan. Dynamic program slicing. In Proceedings of the ACM SIGPLAN 90 Conference on Programming Language Design and Implementation (1990), pp SIG- PLAN Notices 25(6). [2] T. Austin, S. Breach, G. Sohi. Efficient Detection of All Pointer and Array Access Errors. SIGPLAN 94 Conference on Programming Language Design and Implementation,
8 [3] Ckit. [4] R. Hasting, B. Joyce. Purify: Fast Detection of Memory Leaks and Access Errors. Proceedings of the Winter Usenix Conference, [5] B. Korel, J. Laski. Dynamic program slicing. Information Processing Letters 29, 3 (1988), pp [6] B. Miller, D. Koski, C.P. Lee, V. Maganty, R. Murthy, A. Natarajan, J. Steidl. Fuzz Revisited: A Re-examination of the Reliability of UNIX Utilities and Services. University of Wisconsin- Madison, ftp://grilled.cs.wisc.edu/technical papers/fuzz-revisited.ps [7] M. Siff, S. Chandra, T. Ball, K. Kunchithapadam, T. Reps. Coping with type casts in C. In Proceedings of ESEC/FSE 99: Seventh European Software Engineering Conference and Seventh ACM SIGSOFT Symposium on the Foundations of Software Engineering (Toulouse, France, Sept. 6-10, 1999), pp [8] R. Stallman, R. Pesch. Using GDB: A Guide to the GNU Source-Level Debugger. July [9] S. Yong, S. Horwitz, T. Reps. Pointer Analysis for Programs with Structures and Casting. In Proceedings of the 1999 ACM SIGPLAN Conference on Programming Language Design and Implementation (Atlanta GA, May 1-4, 1999), pp [10] M. Weiser. Program slicing. IEEE Transactions on Software Engineering 10, 4 (1984), pp
Debugging via Run-Time Type Checking
Debugging via Run-Time Type Checking Alexey Loginov, Suan Hsi Yong, Susan Horwitz, and Thomas Reps Computer Sciences Department, University of Wisconsin-Madison 1210 West Dayton Street, Madison, WI 53706
More informationDebugging via Run-Time Type Checking
Debugging via Run-Time Type Checking Alexey Loginov, Suan Hsi Yong, Susan Horwitz, and Thomas Reps Computer Sciences Department, University of Wisconsin-Madison 1210 West Dayton Street, Madison, WI 53706
More informationCS201 - Introduction to Programming Glossary By
CS201 - Introduction to Programming Glossary By #include : The #include directive instructs the preprocessor to read and include a file into a source code file. The file name is typically enclosed with
More informationShort Notes of CS201
#includes: Short Notes of CS201 The #include directive instructs the preprocessor to read and include a file into a source code file. The file name is typically enclosed with < and > if the file is a system
More informationCS 261 Fall C Introduction. Variables, Memory Model, Pointers, and Debugging. Mike Lam, Professor
CS 261 Fall 2017 Mike Lam, Professor C Introduction Variables, Memory Model, Pointers, and Debugging The C Language Systems language originally developed for Unix Imperative, compiled language with static
More informationLectures 5-6: Introduction to C
Lectures 5-6: Introduction to C Motivation: C is both a high and a low-level language Very useful for systems programming Faster than Java This intro assumes knowledge of Java Focus is on differences Most
More informationC Introduction. Comparison w/ Java, Memory Model, and Pointers
CS 261 Fall 2018 Mike Lam, Professor C Introduction Comparison w/ Java, Memory Model, and Pointers Please go to socrative.com on your phone or laptop, choose student login and join room LAMJMU The C Language
More informationCCured. One-Slide Summary. Lecture Outline. Type-Safe Retrofitting of C Programs
CCured Type-Safe Retrofitting of C Programs [Necula, McPeak,, Weimer, Condit, Harren] #1 One-Slide Summary CCured enforces memory safety and type safety in legacy C programs. CCured analyzes how you use
More informationLectures 5-6: Introduction to C
Lectures 5-6: Introduction to C Motivation: C is both a high and a low-level language Very useful for systems programming Faster than Java This intro assumes knowledge of Java Focus is on differences Most
More informationProgram Slicing in the Presence of Pointers (Extended Abstract)
Program Slicing in the Presence of Pointers (Extended Abstract) James R. Lyle National Institute of Standards and Technology jimmy@swe.ncsl.nist.gov David Binkley Loyola College in Maryland National Institute
More informationAnnotation Annotation or block comments Provide high-level description and documentation of section of code More detail than simple comments
Variables, Data Types, and More Introduction In this lesson will introduce and study C annotation and comments C variables Identifiers C data types First thoughts on good coding style Declarations vs.
More informationFundamentals of Programming
Fundamentals of Programming Lecture 3 - Constants, Variables, Data Types, And Operations Lecturer : Ebrahim Jahandar Borrowed from lecturer notes by Omid Jafarinezhad Outline C Program Data types Variables
More information12. Debugging. Overview. COMP1917: Computing 1. Developing Programs. The Programming Cycle. Programming cycle. Do-it-yourself debugging
COMP1917 12s2 Debugging 1 COMP1917: Computing 1 12. Debugging Overview Programming cycle Do-it-yourself debugging Debugging withgdb Nastier bugs Memory leaks COMP1917 12s2 Debugging 2 Developing Programs
More informationCSci 4061 Introduction to Operating Systems. Programs in C/Unix
CSci 4061 Introduction to Operating Systems Programs in C/Unix Today Basic C programming Follow on to recitation Structure of a C program A C program consists of a collection of C functions, structs, arrays,
More informationReview of the C Programming Language
Review of the C Programming Language Prof. James L. Frankel Harvard University Version of 11:55 AM 22-Apr-2018 Copyright 2018, 2016, 2015 James L. Frankel. All rights reserved. Reference Manual for the
More informationReducing the Overhead of Dynamic Analysis 1
RV 02 Preliminary Version Reducing the Overhead of Dynamic Analysis 1 Suan Hsi Yong 2 and Susan Horwitz 3 Computer Sciences Department, University of Wisconsin-Madison 1210 West Dayton Street, Madison,
More informationEL2310 Scientific Programming
Lecture 11: Structures and Memory (yaseminb@kth.se) Overview Overview Lecture 11: Structures and Memory Structures Continued Memory Allocation Lecture 11: Structures and Memory Structures Continued Memory
More information[0569] p 0318 garbage
A Pointer is a variable which contains the address of another variable. Declaration syntax: Pointer_type *pointer_name; This declaration will create a pointer of the pointer_name which will point to the
More informationC Programming. Course Outline. C Programming. Code: MBD101. Duration: 10 Hours. Prerequisites:
C Programming Code: MBD101 Duration: 10 Hours Prerequisites: You are a computer science Professional/ graduate student You can execute Linux/UNIX commands You know how to use a text-editing tool You should
More informationFundamental of Programming (C)
Borrowed from lecturer notes by Omid Jafarinezhad Fundamental of Programming (C) Lecturer: Vahid Khodabakhshi Lecture 3 Constants, Variables, Data Types, And Operations Department of Computer Engineering
More informationReview of the C Programming Language for Principles of Operating Systems
Review of the C Programming Language for Principles of Operating Systems Prof. James L. Frankel Harvard University Version of 7:26 PM 4-Sep-2018 Copyright 2018, 2016, 2015 James L. Frankel. All rights
More informationPointers, Dynamic Data, and Reference Types
Pointers, Dynamic Data, and Reference Types Review on Pointers Reference Variables Dynamic Memory Allocation The new operator The delete operator Dynamic Memory Allocation for Arrays 1 C++ Data Types simple
More informationC: Pointers, Arrays, and strings. Department of Computer Science College of Engineering Boise State University. August 25, /36
Department of Computer Science College of Engineering Boise State University August 25, 2017 1/36 Pointers and Arrays A pointer is a variable that stores the address of another variable. Pointers are similar
More informationA Fast Review of C Essentials Part I
A Fast Review of C Essentials Part I Structural Programming by Z. Cihan TAYSI Outline Program development C Essentials Functions Variables & constants Names Formatting Comments Preprocessor Data types
More informationPage 1. Stuff. Last Time. Today. Safety-Critical Systems MISRA-C. Terminology. Interrupts Inline assembly Intrinsics
Stuff Last Time Homework due next week Lab due two weeks from today Questions? Interrupts Inline assembly Intrinsics Today Safety-Critical Systems MISRA-C Subset of C language for critical systems System
More informationHarvard School of Engineering and Applied Sciences CS 152: Programming Languages
Harvard School of Engineering and Applied Sciences CS 152: Programming Languages Lecture 18 Thursday, April 3, 2014 1 Error-propagating semantics For the last few weeks, we have been studying type systems.
More informationC Review. MaxMSP Developers Workshop Summer 2009 CNMAT
C Review MaxMSP Developers Workshop Summer 2009 CNMAT C Syntax Program control (loops, branches): Function calls Math: +, -, *, /, ++, -- Variables, types, structures, assignment Pointers and memory (***
More informationMISRA-C. Subset of the C language for critical systems
MISRA-C Subset of the C language for critical systems SAFETY-CRITICAL SYSTEMS System is safety-critical if people might die due to software bugs Examples Automobile stability / traction control Medical
More informationImportant From Last Time
Important From Last Time Volatile is tricky To write correct embedded C and C++, you have to understand what volatile does and does not do Ø What is the guarantee that it provides? Don t make the 8 mistakes
More informationC: Pointers. C: Pointers. Department of Computer Science College of Engineering Boise State University. September 11, /21
Department of Computer Science College of Engineering Boise State University September 11, 2017 1/21 Pointers A pointer is a variable that stores the address of another variable. Pointers are similar to
More informationLecture Notes on Memory Layout
Lecture Notes on Memory Layout 15-122: Principles of Imperative Computation Frank Pfenning André Platzer Lecture 11 1 Introduction In order to understand how programs work, we can consider the functions,
More informationCSCI 171 Chapter Outlines
Contents CSCI 171 Chapter 1 Overview... 2 CSCI 171 Chapter 2 Programming Components... 3 CSCI 171 Chapter 3 (Sections 1 4) Selection Structures... 5 CSCI 171 Chapter 3 (Sections 5 & 6) Iteration Structures
More informationType Checking and Type Equality
Type Checking and Type Equality Type systems are the biggest point of variation across programming languages. Even languages that look similar are often greatly different when it comes to their type systems.
More informationCSC C69: OPERATING SYSTEMS
CSC C69: OPERATING SYSTEMS Tutorial 1 Thursday, Jan 17, 2013 TA: Ioan Stefanovici (ioan@cs.toronto.edu) HOW DO YOU SUCCEED IN THIS COURSE? Show up to lectures & tutorials (way too much material) Work on
More informationChapter 10. Improving the Runtime Type Checker Type-Flow Analysis
122 Chapter 10 Improving the Runtime Type Checker The runtime overhead of the unoptimized RTC is quite high, because it instruments every use of a memory location in the program and tags every user-defined
More informationA brief introduction to C programming for Java programmers
A brief introduction to C programming for Java programmers Sven Gestegård Robertz September 2017 There are many similarities between Java and C. The syntax in Java is basically
More informationObject Oriented Software Design II
Object Oriented Software Design II Introduction to C++ Giuseppe Lipari http://retis.sssup.it/~lipari Scuola Superiore Sant Anna Pisa February 20, 2012 G. Lipari (Scuola Superiore Sant Anna) C++ Intro February
More informationFundamentals of Programming. Lecture 12: C Structures, Unions, Bit Manipulations and Enumerations
Fundamentals of Programming Lecture 12: C Structures, Unions, Bit Manipulations and Enumerations Instructor: Fatemeh Zamani f_zamani@ce.sharif.edu Sharif University of Technology Computer Engineering Department
More informationArrays and Pointers. CSC209: Software Tools and Systems Programming (Winter 2019) Furkan Alaca & Paul Vrbik. University of Toronto Mississauga
Arrays and Pointers CSC209: Software Tools and Systems Programming (Winter 2019) Furkan Alaca & Paul Vrbik University of Toronto Mississauga https://mcs.utm.utoronto.ca/~209/ Week 2 Alaca & Vrbik (UTM)
More informationHave examined process Creating program Have developed program Written in C Source code
Preprocessing, Compiling, Assembling, and Linking Introduction In this lesson will examine Architecture of C program Introduce C preprocessor and preprocessor directives How to use preprocessor s directives
More informationLecture Notes on Memory Management
Lecture Notes on Memory Management 15-122: Principles of Imperative Computation Frank Pfenning Lecture 21 April 5, 2011 1 Introduction Unlike C0 and other modern languages like Java, C#, or ML, C requires
More informationKurt Schmidt. October 30, 2018
to Structs Dept. of Computer Science, Drexel University October 30, 2018 Array Objectives to Structs Intended audience: Student who has working knowledge of Python To gain some experience with a statically-typed
More informationCSC209: Software tools. Unix files and directories permissions utilities/commands Shell programming quoting wild cards files
CSC209 Review CSC209: Software tools Unix files and directories permissions utilities/commands Shell programming quoting wild cards files ... and systems programming C basic syntax functions arrays structs
More informationCSC209: Software tools. Unix files and directories permissions utilities/commands Shell programming quoting wild cards files. Compiler vs.
CSC209 Review CSC209: Software tools Unix files and directories permissions utilities/commands Shell programming quoting wild cards files... and systems programming C basic syntax functions arrays structs
More informationA classic tool: slicing. CSE503: Software Engineering. Slicing, dicing, chopping. Basic ideas. Weiser s approach. Example
A classic tool: slicing CSE503: Software Engineering David Notkin University of Washington Computer Science & Engineering Spring 2006 Of interest by itself And for the underlying representations Originally,
More information18-600: Recitation #3
18-600: Recitation #3 Bomb Lab & GDB Overview September 12th, 2017 1 Today X86-64 Overview Bomb Lab Introduction GDB Tutorial 2 3 x86-64: Register Conventions Arguments passed in registers: %rdi, %rsi,
More informationHarvard School of Engineering and Applied Sciences CS 152: Programming Languages
Harvard School of Engineering and Applied Sciences CS 152: Programming Languages Lecture 24 Thursday, April 19, 2018 1 Error-propagating semantics For the last few weeks, we have been studying type systems.
More informationBisection Debugging. 1 Introduction. Thomas Gross. Carnegie Mellon University. Preliminary version
Bisection Debugging Thomas Gross School of Computer Science Carnegie Mellon University Pittsburgh, PA 15213 Institut für Computer Systeme ETH Zürich CH 8092 Zürich Preliminary version Abstract This paper
More informationTokens, Expressions and Control Structures
3 Tokens, Expressions and Control Structures Tokens Keywords Identifiers Data types User-defined types Derived types Symbolic constants Declaration of variables Initialization Reference variables Type
More informationLibgdb. Version 0.3 Oct Thomas Lord
Libgdb Version 0.3 Oct 1993 Thomas Lord Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are preserved on all copies.
More informationOutline. Computer programming. Debugging. What is it. Debugging. Hints. Debugging
Outline Computer programming Debugging Hints Gathering evidence Common C errors "Education is a progressive discovery of our own ignorance." Will Durant T.U. Cluj-Napoca - Computer Programming - lecture
More informationadvanced data types (2) typedef. today advanced data types (3) enum. mon 23 sep 2002 defining your own types using typedef
today advanced data types (1) typedef. mon 23 sep 2002 homework #1 due today homework #2 out today quiz #1 next class 30-45 minutes long one page of notes topics: C advanced data types dynamic memory allocation
More information18-642: Code Style for Compilers
18-642: Code Style for Compilers 9/25/2017 1 Anti-Patterns: Coding Style: Language Use Code compiles with warnings Warnings are turned off or over-ridden Insufficient warning level set Language safety
More informationProgramming Languages Third Edition. Chapter 7 Basic Semantics
Programming Languages Third Edition Chapter 7 Basic Semantics Objectives Understand attributes, binding, and semantic functions Understand declarations, blocks, and scope Learn how to construct a symbol
More informationCSC209 Review. Yeah! We made it!
CSC209 Review Yeah! We made it! 1 CSC209: Software tools Unix files and directories permissions utilities/commands Shell programming quoting wild cards files 2 ... and C programming... C basic syntax functions
More informationCS 430 Spring Mike Lam, Professor. Data Types and Type Checking
CS 430 Spring 2015 Mike Lam, Professor Data Types and Type Checking Type Systems Type system Rules about valid types, type compatibility, and how data values can be used Benefits of a robust type system
More informationProgram Slicing in the Presence of Pointers
Program Slicing in the Presence of Pointers James R. Lyle David Binkley jimmy@sst.ncsl.nist.gov binkley@sst.ncsl.nist.gov U.S. Depar tment of Commerce Technology Administration National Institute of Standards
More informationIntroduction to C. Robert Escriva. Cornell CS 4411, August 30, Geared toward programmers
Introduction to C Geared toward programmers Robert Escriva Slide heritage: Alin Dobra Niranjan Nagarajan Owen Arden Cornell CS 4411, August 30, 2010 1 Why C? 2 A Quick Example 3 Programmer s Responsibilities
More informationHigh-performance computing and programming Intro to C on Unix/Linux. Uppsala universitet
High-performance computing and programming Intro to C on Unix/Linux IT Uppsala universitet What is C? An old imperative language that remains rooted close to the hardware C is relatively small and easy
More informationStatic Code Analysis - CERT C Secure Code Checking
Static Code Analysis - CERT C Secure Code Checking Frozen Content Modified by on 6-Nov-2013 Related Videos CERT Code Checking The high-level C code written for an embedded software project can sometimes
More informationLecture 07 Debugging Programs with GDB
Lecture 07 Debugging Programs with GDB In this lecture What is debugging Most Common Type of errors Process of debugging Examples Further readings Exercises What is Debugging Debugging is the process of
More informationCh. 3: The C in C++ - Continued -
Ch. 3: The C in C++ - Continued - QUIZ What are the 3 ways a reference can be passed to a C++ function? QUIZ True or false: References behave like constant pointers with automatic dereferencing. QUIZ What
More informationLecture 03 Bits, Bytes and Data Types
Lecture 03 Bits, Bytes and Data Types Computer Languages A computer language is a language that is used to communicate with a machine. Like all languages, computer languages have syntax (form) and semantics
More informationCS2141 Software Development using C/C++ Debugging
CS2141 Software Development using C/C++ Debugging Debugging Tips Examine the most recent change Error likely in, or exposed by, code most recently added Developing code incrementally and testing along
More informationPointers and References
Steven Zeil October 2, 2013 Contents 1 References 2 2 Pointers 8 21 Working with Pointers 8 211 Memory and C++ Programs 11 212 Allocating Data 15 22 Pointers Can Be Dangerous 17 3 The Secret World of Pointers
More informationProgramming in C++ 6. Floating point data types
Programming in C++ 6. Floating point data types! Introduction! Type double! Type float! Changing types! Type promotion & conversion! Casts! Initialization! Assignment operators! Summary 1 Introduction
More informationC for C++ Programmers
C for C++ Programmers CS230/330 - Operating Systems (Winter 2001). The good news is that C syntax is almost identical to that of C++. However, there are many things you're used to that aren't available
More informationPart V. Memory and pointers. Philip Blakely (LSC) C++ Introduction 145 / 370
Part V and pointers Philip Blakely (LSC) C++ Introduction 145 / 370 Outline 19 20 Function pointers 21 Global variables Philip Blakely (LSC) C++ Introduction 146 / 370 Heap and Stack The stack is a Last-In-First-Out
More informationCSCI-243 Exam 1 Review February 22, 2015 Presented by the RIT Computer Science Community
CSCI-243 Exam 1 Review February 22, 2015 Presented by the RIT Computer Science Community http://csc.cs.rit.edu History and Evolution of Programming Languages 1. Explain the relationship between machine
More informationIntroduction to C. Sean Ogden. Cornell CS 4411, August 30, Geared toward programmers
Introduction to C Geared toward programmers Sean Ogden Slide heritage: Alin Dobra Niranjan Nagarajan Owen Arden Robert Escriva Zhiyuan Teo Ayush Dubey Cornell CS 4411, August 30, 2013 Administrative Information
More informationPage 1. Today. Last Time. Is the assembly code right? Is the assembly code right? Which compiler is right? Compiler requirements CPP Volatile
Last Time Today Compiler requirements CPP Volatile Advanced C What C programs mean int my_loop (int base) { int index, count = 0; for (index = base; index < (base+10); index++) count++; urn count; my_loop:
More informationCS 536 Introduction to Programming Languages and Compilers Charles N. Fischer Lecture 11
CS 536 Introduction to Programming Languages and Compilers Charles N. Fischer Lecture 11 CS 536 Spring 2015 1 Handling Overloaded Declarations Two approaches are popular: 1. Create a single symbol table
More informationIntroduction to C. Ayush Dubey. Cornell CS 4411, August 31, Geared toward programmers
Introduction to C Geared toward programmers Ayush Dubey Slide heritage: Alin Dobra Niranjan Nagarajan Owen Arden Robert Escriva Zhiyuan Teo Cornell CS 4411, August 31, 2012 Administrative Information Outline
More informationChapter 1 Getting Started
Chapter 1 Getting Started The C# class Just like all object oriented programming languages, C# supports the concept of a class. A class is a little like a data structure in that it aggregates different
More informationGuidelines for Writing C Code
Guidelines for Writing C Code Issue 01-bugfix Martin Becker Institute for Real-Time Computer Systems (RCS) Technische Universität München becker@rcs.ei.tum.de June 9, 2014 Contents 1 Introduction 1 2 Pragmatic
More informationLecture 2: C Programm
0 3 E CS 1 Lecture 2: C Programm ing C Programming Procedural thought process No built in object abstractions data separate from methods/functions Low memory overhead compared to Java No overhead of classes
More informationLecture 15: Even more pointer stuff Virtual function table
CIS 330: / / / / (_) / / / / _/_/ / / / / / \/ / /_/ / `/ \/ / / / _/_// / / / / /_ / /_/ / / / / /> < / /_/ / / / / /_/ / / / /_/ / / / / / \ /_/ /_/_/_/ _ \,_/_/ /_/\,_/ \ /_/ \ //_/ /_/ Lecture 15:
More informationCSCI-1200 Data Structures Spring 2016 Lecture 6 Pointers & Dynamic Memory
Announcements CSCI-1200 Data Structures Spring 2016 Lecture 6 Pointers & Dynamic Memory There will be no lecture on Tuesday, Feb. 16. Prof. Thompson s office hours are canceled for Monday, Feb. 15. Prof.
More informationHeap Arrays and Linked Lists. Steven R. Bagley
Heap Arrays and Linked Lists Steven R. Bagley Recap Data is stored in variables Can be accessed by the variable name Or in an array, accessed by name and index Variables and arrays have a type Create our
More informationHeap Management. Heap Allocation
Heap Management Heap Allocation A very flexible storage allocation mechanism is heap allocation. Any number of data objects can be allocated and freed in a memory pool, called a heap. Heap allocation is
More informationCS 161 Exam II Winter 2018 FORM 1
CS 161 Exam II Winter 2018 FORM 1 Please put your name and form number on the scantron. True (A)/False (B) (28 pts, 2 pts each) 1. The following array declaration is legal double scores[]={0.1,0.2,0.3;
More informationAbout Codefrux While the current trends around the world are based on the internet, mobile and its applications, we try to make the most out of it. As for us, we are a well established IT professionals
More informationFast Introduction to Object Oriented Programming and C++
Fast Introduction to Object Oriented Programming and C++ Daniel G. Aliaga Note: a compilation of slides from Jacques de Wet, Ohio State University, Chad Willwerth, and Daniel Aliaga. Outline Programming
More informationPrograms in memory. The layout of memory is roughly:
Memory 1 Programs in memory 2 The layout of memory is roughly: Virtual memory means that memory is allocated in pages or segments, accessed as if adjacent - the platform looks after this, so your program
More informationObjectives. Chapter 4: Control Structures I (Selection) Objectives (cont d.) Control Structures. Control Structures (cont d.) Relational Operators
Objectives Chapter 4: Control Structures I (Selection) In this chapter, you will: Learn about control structures Examine relational and logical operators Explore how to form and evaluate logical (Boolean)
More informationAryan College. Fundamental of C Programming. Unit I: Q1. What will be the value of the following expression? (2017) A + 9
Fundamental of C Programming Unit I: Q1. What will be the value of the following expression? (2017) A + 9 Q2. Write down the C statement to calculate percentage where three subjects English, hindi, maths
More informationLecture Notes on Memory Management
Lecture Notes on Memory Management 15-122: Principles of Imperative Computation Frank Pfenning Lecture 22 November 11, 2010 1 Introduction Unlike C0 and other modern languages like Java, C#, or ML, C requires
More informationConditioned Slicing. David Jong-hoon An. May 23, Abstract
Conditioned Slicing David Jong-hoon An May 23, 2007 Abstract Program debugging is often a tedious and difficult process that requires programmers to inspect complicated code to understand and analyze the
More informationprintf( Please enter another number: ); scanf( %d, &num2);
CIT 593 Intro to Computer Systems Lecture #13 (11/1/12) Now that we've looked at how an assembly language program runs on a computer, we're ready to move up a level and start working with more powerful
More informationCOMP322 - Introduction to C++ Lecture 02 - Basics of C++
COMP322 - Introduction to C++ Lecture 02 - Basics of C++ School of Computer Science 16 January 2012 C++ basics - Arithmetic operators Where possible, C++ will automatically convert among the basic types.
More informationFundamentals of Programming
Fundamentals of Programming Pointers Giuseppe Lipari http://retis.sssup.it/~lipari Scuola Superiore Sant Anna Pisa February 29, 2012 G. Lipari (Scuola Superiore Sant Anna) Pointers February 29, 2012 1
More informationUndefined Behaviour in C
Undefined Behaviour in C Report Field of work: Scientific Computing Field: Computer Science Faculty for Mathematics, Computer Science and Natural Sciences University of Hamburg Presented by: Dennis Sobczak
More informationNEXT SET OF SLIDES FROM DENNIS FREY S FALL 2011 CMSC313.
NEXT SET OF SLIDES FROM DENNIS FREY S FALL 2011 CMSC313 http://www.csee.umbc.edu/courses/undergraduate/313/fall11/" Programming in C! Advanced Pointers! Reminder! You can t use a pointer until it points
More informationA Novel Approach to Explain the Detection of Memory Errors and Execution on Different Application Using Dr Memory.
A Novel Approach to Explain the Detection of Memory Errors and Execution on Different Application Using Dr Memory. Yashaswini J 1, Tripathi Ashish Ashok 2 1, 2 School of computer science and engineering,
More informationThe New C Standard (Excerpted material)
The New C Standard (Excerpted material) An Economic and Cultural Derek M. Jones derek@knosof.co.uk Copyright 2002-2008 Derek M. Jones. All rights reserved. 1456 6.7.2.3 Tags 6.7.2.3 Tags type contents
More informationBLM2031 Structured Programming. Zeyneb KURT
BLM2031 Structured Programming Zeyneb KURT 1 Contact Contact info office : D-219 e-mail zeynebkurt@gmail.com, zeyneb@ce.yildiz.edu.tr When to contact e-mail first, take an appointment What to expect help
More informationQUIZ. What is wrong with this code that uses default arguments?
QUIZ What is wrong with this code that uses default arguments? Solution The value of the default argument should be placed in either declaration or definition, not both! QUIZ What is wrong with this code
More informationHeap Arrays. Steven R. Bagley
Heap Arrays Steven R. Bagley Recap Data is stored in variables Can be accessed by the variable name Or in an array, accessed by name and index a[42] = 35; Variables and arrays have a type int, char, double,
More informationMotivation was to facilitate development of systems software, especially OS development.
A History Lesson C Basics 1 Development of language by Dennis Ritchie at Bell Labs culminated in the C language in 1972. Motivation was to facilitate development of systems software, especially OS development.
More informationM301: Software Systems & their Development. Unit 4: Inheritance, Composition and Polymorphism
Block 1: Introduction to Java Unit 4: Inheritance, Composition and Polymorphism Aims of the unit: Study and use the Java mechanisms that support reuse, in particular, inheritance and composition; Analyze
More information