Code Analysis
Jun 28, 2015
Code Analysis
Overview
bull Introduction
bull Existing solutions
bull Run time errors
bull Design
bull Implementation
bull Future Work
Code AnalysisDifference between project success amp failure
bull If theres going to be a program there has to be construction
bull Code is often the only accurate description of the software available
bull Code must follow coding standards and code conventions
Source code Conventions
bull 80 of the lifetime cost of a piece of software goes to maintenance
bull Hardly any software is maintained for its whole life by the original author
bull Code conventions improve the readability of the software
bull Source code like any other product should be well packaged
Code optimization based analysis
bull Code Verification and Run-Time Error prediction at compile time using syntax directed translation
bull Predict run time errors without program execution or test cases
bull Uses Intermediate Code
Existing Solutions
Possible Run time Errors
1) Detecting uninitialized Variables
Using variables before they have been initialized by the
program can cause unpredictable results
2) Detecting Overflows Underflows and Divide by
Zeros
Consider pseudo-code
X=X(X-Y)
Identifying all possible causes for error on the
operation
1048707 X and Y may not be initialized
1048707 X-Y may overflow or underflow
1048707 X and Y may be equal and cause a division by
zero
1048707 X(XndashY) may overflow or underflow
All possible values of x amp y in program p
If the value of x amp y both fall on the black line there is a divide by zero error
3) Detecting incorrect argument data types and
incorrect number of arguments
bull Checking of arguments for type and for the correct order of
occurrence
bull Requires both the calling program and the called program to
be compiled with a special compiler option
bull Checks can be made to determine if the number and types
of arguments in function (and subroutine) calls are
consistent with the actual function definitions
4) Detecting errors with strings at run-time
bull A string must have a null terminator at the end of the
meaningful data in the string A common mistake is to not
allocate room for this extra character
This can also be a problem with dynamic allocation
char copy_str = malloc( strlen(orig_str) + 1)
strcpy(copy_str orig_str)
bull The strlen() function returns a count of the data characters
which does not include the null terminator
bull In the case of dynamic allocation it might corrupt the heap
a Detecting Out-of-bounds indexing of statically and
dynamically allocated arrays
A common run-time error is the reading and writing of arrays
outside of their declared bounds
b Detecting Out-of-Bounds Pointer References
A common run-time error for C and C++ programs occurs
when a pointer points to memory outside its associated
memory block
for(i=0ilt5i++)
A[i]=i
p=A
for(i=0ilt=5i++)
p++
a=p
out-of-bounds reading using pointers
Pseudo code for out of bound references
5) Detecting Memory Allocation and Deallocation
Errors
bull A memory deallocation error occurs when a portion of
memory is deallocated more than once
bull Another common source of errors in C and C++ programs
is an attempt to use a dangling pointer A dangling pointer
is a pointer to storage that is no longer allocated
6) Detecting Memory Leaks
bull A program has a memory leak if during execution the program loses
its ability to address a portion of memory because of a programming
error
bull A pointer points to a location in memory and then all the pointers
pointing to this location are set to point somewhere else
bull A functionsubroutine is called memory is allocated during
execution of the functionsubroutine and then the memory is not
deallocated upon exit and all pointers to this memory are destroyed
Source code analyzer predicates
Reliable Proven free of run-time errors and under all
operating conditions within the scope
Faulty Proven faulty each time the operation is
executedDead Proven unreachable (may indicate a functional
issue)Unproven Unproven code
section or beyond the scope of the analyzer
Specifications
bullWhy Java for developing analyser
Specifications
bullWhy CC++ as input language
Design for Code Analyzer
Input program
(C File)
Lexical Analyzer
Parser
Symbol Table
IC(SDT)
Generation
Run Time Error Predictions
Analysis of Code
Input Program
Lexical Analysis-Stream Tokenizer
Parser-Condition = ( Expression (==|=|gt|lt|gt=|lt=) Expression )Expression = Term (+|-) TermTerm = Factor (|) FactorFactor = number | identifier |
Intermediate code generation Postfix Evaluation
3 address code generation
Target Source File
Test(n)
int banj
if(jltn)
a=a+b
argument
operator
operand 1
operand2
result
0 lt j n
1 if 0 gotol0
2 + a b
3 = a 2
l0
Work DoneIntermediate Code
Further Work
bull Evaluation of intermediate code for performing data flow and control flow analysis
bull Prediction of run time errors using intermediate code
bull Using code optimization techniques such as constant folding to predict code behavior
REFERENCESbull A V Aho R Sethi J D Ullman Compilers Principles Techniques
and Tools 2nd ed Addison-Wesley Pub Co
bull G R Luecke J Coyle J Hoekstra ldquoA Survey of Systems for Detecting Serial Run-Time Errorsrdquo The Iowa State Universitys High Performance Computing Group Concurrency and Computation Practice and Experience 18 15(Dec 2006) 1885-1907
bull T Erkkinen C Hote ldquoCode Verification and Run-Time Error Detection Through Abstract Interpretationrdquo AIAA Modeling and Simulation Technologies Conference and Exhibit 21 - 24 Aug 2006 Keystone Colorado
bull PolySpace Client for CC++ 6 datasheet Available HTTP httpwwwmathworkscomproductspolyspaceclientchtml
bull DM Dhamdhere Compiler Construction Tata McGraw-Hill
bull Semantic designs ldquoFlow analysis for control and datardquo Available HTTP httpwwwsemdesignscomProductsDMSFlowAnalysishtml
Overview
bull Introduction
bull Existing solutions
bull Run time errors
bull Design
bull Implementation
bull Future Work
Code AnalysisDifference between project success amp failure
bull If theres going to be a program there has to be construction
bull Code is often the only accurate description of the software available
bull Code must follow coding standards and code conventions
Source code Conventions
bull 80 of the lifetime cost of a piece of software goes to maintenance
bull Hardly any software is maintained for its whole life by the original author
bull Code conventions improve the readability of the software
bull Source code like any other product should be well packaged
Code optimization based analysis
bull Code Verification and Run-Time Error prediction at compile time using syntax directed translation
bull Predict run time errors without program execution or test cases
bull Uses Intermediate Code
Existing Solutions
Possible Run time Errors
1) Detecting uninitialized Variables
Using variables before they have been initialized by the
program can cause unpredictable results
2) Detecting Overflows Underflows and Divide by
Zeros
Consider pseudo-code
X=X(X-Y)
Identifying all possible causes for error on the
operation
1048707 X and Y may not be initialized
1048707 X-Y may overflow or underflow
1048707 X and Y may be equal and cause a division by
zero
1048707 X(XndashY) may overflow or underflow
All possible values of x amp y in program p
If the value of x amp y both fall on the black line there is a divide by zero error
3) Detecting incorrect argument data types and
incorrect number of arguments
bull Checking of arguments for type and for the correct order of
occurrence
bull Requires both the calling program and the called program to
be compiled with a special compiler option
bull Checks can be made to determine if the number and types
of arguments in function (and subroutine) calls are
consistent with the actual function definitions
4) Detecting errors with strings at run-time
bull A string must have a null terminator at the end of the
meaningful data in the string A common mistake is to not
allocate room for this extra character
This can also be a problem with dynamic allocation
char copy_str = malloc( strlen(orig_str) + 1)
strcpy(copy_str orig_str)
bull The strlen() function returns a count of the data characters
which does not include the null terminator
bull In the case of dynamic allocation it might corrupt the heap
a Detecting Out-of-bounds indexing of statically and
dynamically allocated arrays
A common run-time error is the reading and writing of arrays
outside of their declared bounds
b Detecting Out-of-Bounds Pointer References
A common run-time error for C and C++ programs occurs
when a pointer points to memory outside its associated
memory block
for(i=0ilt5i++)
A[i]=i
p=A
for(i=0ilt=5i++)
p++
a=p
out-of-bounds reading using pointers
Pseudo code for out of bound references
5) Detecting Memory Allocation and Deallocation
Errors
bull A memory deallocation error occurs when a portion of
memory is deallocated more than once
bull Another common source of errors in C and C++ programs
is an attempt to use a dangling pointer A dangling pointer
is a pointer to storage that is no longer allocated
6) Detecting Memory Leaks
bull A program has a memory leak if during execution the program loses
its ability to address a portion of memory because of a programming
error
bull A pointer points to a location in memory and then all the pointers
pointing to this location are set to point somewhere else
bull A functionsubroutine is called memory is allocated during
execution of the functionsubroutine and then the memory is not
deallocated upon exit and all pointers to this memory are destroyed
Source code analyzer predicates
Reliable Proven free of run-time errors and under all
operating conditions within the scope
Faulty Proven faulty each time the operation is
executedDead Proven unreachable (may indicate a functional
issue)Unproven Unproven code
section or beyond the scope of the analyzer
Specifications
bullWhy Java for developing analyser
Specifications
bullWhy CC++ as input language
Design for Code Analyzer
Input program
(C File)
Lexical Analyzer
Parser
Symbol Table
IC(SDT)
Generation
Run Time Error Predictions
Analysis of Code
Input Program
Lexical Analysis-Stream Tokenizer
Parser-Condition = ( Expression (==|=|gt|lt|gt=|lt=) Expression )Expression = Term (+|-) TermTerm = Factor (|) FactorFactor = number | identifier |
Intermediate code generation Postfix Evaluation
3 address code generation
Target Source File
Test(n)
int banj
if(jltn)
a=a+b
argument
operator
operand 1
operand2
result
0 lt j n
1 if 0 gotol0
2 + a b
3 = a 2
l0
Work DoneIntermediate Code
Further Work
bull Evaluation of intermediate code for performing data flow and control flow analysis
bull Prediction of run time errors using intermediate code
bull Using code optimization techniques such as constant folding to predict code behavior
REFERENCESbull A V Aho R Sethi J D Ullman Compilers Principles Techniques
and Tools 2nd ed Addison-Wesley Pub Co
bull G R Luecke J Coyle J Hoekstra ldquoA Survey of Systems for Detecting Serial Run-Time Errorsrdquo The Iowa State Universitys High Performance Computing Group Concurrency and Computation Practice and Experience 18 15(Dec 2006) 1885-1907
bull T Erkkinen C Hote ldquoCode Verification and Run-Time Error Detection Through Abstract Interpretationrdquo AIAA Modeling and Simulation Technologies Conference and Exhibit 21 - 24 Aug 2006 Keystone Colorado
bull PolySpace Client for CC++ 6 datasheet Available HTTP httpwwwmathworkscomproductspolyspaceclientchtml
bull DM Dhamdhere Compiler Construction Tata McGraw-Hill
bull Semantic designs ldquoFlow analysis for control and datardquo Available HTTP httpwwwsemdesignscomProductsDMSFlowAnalysishtml
Code AnalysisDifference between project success amp failure
bull If theres going to be a program there has to be construction
bull Code is often the only accurate description of the software available
bull Code must follow coding standards and code conventions
Source code Conventions
bull 80 of the lifetime cost of a piece of software goes to maintenance
bull Hardly any software is maintained for its whole life by the original author
bull Code conventions improve the readability of the software
bull Source code like any other product should be well packaged
Code optimization based analysis
bull Code Verification and Run-Time Error prediction at compile time using syntax directed translation
bull Predict run time errors without program execution or test cases
bull Uses Intermediate Code
Existing Solutions
Possible Run time Errors
1) Detecting uninitialized Variables
Using variables before they have been initialized by the
program can cause unpredictable results
2) Detecting Overflows Underflows and Divide by
Zeros
Consider pseudo-code
X=X(X-Y)
Identifying all possible causes for error on the
operation
1048707 X and Y may not be initialized
1048707 X-Y may overflow or underflow
1048707 X and Y may be equal and cause a division by
zero
1048707 X(XndashY) may overflow or underflow
All possible values of x amp y in program p
If the value of x amp y both fall on the black line there is a divide by zero error
3) Detecting incorrect argument data types and
incorrect number of arguments
bull Checking of arguments for type and for the correct order of
occurrence
bull Requires both the calling program and the called program to
be compiled with a special compiler option
bull Checks can be made to determine if the number and types
of arguments in function (and subroutine) calls are
consistent with the actual function definitions
4) Detecting errors with strings at run-time
bull A string must have a null terminator at the end of the
meaningful data in the string A common mistake is to not
allocate room for this extra character
This can also be a problem with dynamic allocation
char copy_str = malloc( strlen(orig_str) + 1)
strcpy(copy_str orig_str)
bull The strlen() function returns a count of the data characters
which does not include the null terminator
bull In the case of dynamic allocation it might corrupt the heap
a Detecting Out-of-bounds indexing of statically and
dynamically allocated arrays
A common run-time error is the reading and writing of arrays
outside of their declared bounds
b Detecting Out-of-Bounds Pointer References
A common run-time error for C and C++ programs occurs
when a pointer points to memory outside its associated
memory block
for(i=0ilt5i++)
A[i]=i
p=A
for(i=0ilt=5i++)
p++
a=p
out-of-bounds reading using pointers
Pseudo code for out of bound references
5) Detecting Memory Allocation and Deallocation
Errors
bull A memory deallocation error occurs when a portion of
memory is deallocated more than once
bull Another common source of errors in C and C++ programs
is an attempt to use a dangling pointer A dangling pointer
is a pointer to storage that is no longer allocated
6) Detecting Memory Leaks
bull A program has a memory leak if during execution the program loses
its ability to address a portion of memory because of a programming
error
bull A pointer points to a location in memory and then all the pointers
pointing to this location are set to point somewhere else
bull A functionsubroutine is called memory is allocated during
execution of the functionsubroutine and then the memory is not
deallocated upon exit and all pointers to this memory are destroyed
Source code analyzer predicates
Reliable Proven free of run-time errors and under all
operating conditions within the scope
Faulty Proven faulty each time the operation is
executedDead Proven unreachable (may indicate a functional
issue)Unproven Unproven code
section or beyond the scope of the analyzer
Specifications
bullWhy Java for developing analyser
Specifications
bullWhy CC++ as input language
Design for Code Analyzer
Input program
(C File)
Lexical Analyzer
Parser
Symbol Table
IC(SDT)
Generation
Run Time Error Predictions
Analysis of Code
Input Program
Lexical Analysis-Stream Tokenizer
Parser-Condition = ( Expression (==|=|gt|lt|gt=|lt=) Expression )Expression = Term (+|-) TermTerm = Factor (|) FactorFactor = number | identifier |
Intermediate code generation Postfix Evaluation
3 address code generation
Target Source File
Test(n)
int banj
if(jltn)
a=a+b
argument
operator
operand 1
operand2
result
0 lt j n
1 if 0 gotol0
2 + a b
3 = a 2
l0
Work DoneIntermediate Code
Further Work
bull Evaluation of intermediate code for performing data flow and control flow analysis
bull Prediction of run time errors using intermediate code
bull Using code optimization techniques such as constant folding to predict code behavior
REFERENCESbull A V Aho R Sethi J D Ullman Compilers Principles Techniques
and Tools 2nd ed Addison-Wesley Pub Co
bull G R Luecke J Coyle J Hoekstra ldquoA Survey of Systems for Detecting Serial Run-Time Errorsrdquo The Iowa State Universitys High Performance Computing Group Concurrency and Computation Practice and Experience 18 15(Dec 2006) 1885-1907
bull T Erkkinen C Hote ldquoCode Verification and Run-Time Error Detection Through Abstract Interpretationrdquo AIAA Modeling and Simulation Technologies Conference and Exhibit 21 - 24 Aug 2006 Keystone Colorado
bull PolySpace Client for CC++ 6 datasheet Available HTTP httpwwwmathworkscomproductspolyspaceclientchtml
bull DM Dhamdhere Compiler Construction Tata McGraw-Hill
bull Semantic designs ldquoFlow analysis for control and datardquo Available HTTP httpwwwsemdesignscomProductsDMSFlowAnalysishtml
Source code Conventions
bull 80 of the lifetime cost of a piece of software goes to maintenance
bull Hardly any software is maintained for its whole life by the original author
bull Code conventions improve the readability of the software
bull Source code like any other product should be well packaged
Code optimization based analysis
bull Code Verification and Run-Time Error prediction at compile time using syntax directed translation
bull Predict run time errors without program execution or test cases
bull Uses Intermediate Code
Existing Solutions
Possible Run time Errors
1) Detecting uninitialized Variables
Using variables before they have been initialized by the
program can cause unpredictable results
2) Detecting Overflows Underflows and Divide by
Zeros
Consider pseudo-code
X=X(X-Y)
Identifying all possible causes for error on the
operation
1048707 X and Y may not be initialized
1048707 X-Y may overflow or underflow
1048707 X and Y may be equal and cause a division by
zero
1048707 X(XndashY) may overflow or underflow
All possible values of x amp y in program p
If the value of x amp y both fall on the black line there is a divide by zero error
3) Detecting incorrect argument data types and
incorrect number of arguments
bull Checking of arguments for type and for the correct order of
occurrence
bull Requires both the calling program and the called program to
be compiled with a special compiler option
bull Checks can be made to determine if the number and types
of arguments in function (and subroutine) calls are
consistent with the actual function definitions
4) Detecting errors with strings at run-time
bull A string must have a null terminator at the end of the
meaningful data in the string A common mistake is to not
allocate room for this extra character
This can also be a problem with dynamic allocation
char copy_str = malloc( strlen(orig_str) + 1)
strcpy(copy_str orig_str)
bull The strlen() function returns a count of the data characters
which does not include the null terminator
bull In the case of dynamic allocation it might corrupt the heap
a Detecting Out-of-bounds indexing of statically and
dynamically allocated arrays
A common run-time error is the reading and writing of arrays
outside of their declared bounds
b Detecting Out-of-Bounds Pointer References
A common run-time error for C and C++ programs occurs
when a pointer points to memory outside its associated
memory block
for(i=0ilt5i++)
A[i]=i
p=A
for(i=0ilt=5i++)
p++
a=p
out-of-bounds reading using pointers
Pseudo code for out of bound references
5) Detecting Memory Allocation and Deallocation
Errors
bull A memory deallocation error occurs when a portion of
memory is deallocated more than once
bull Another common source of errors in C and C++ programs
is an attempt to use a dangling pointer A dangling pointer
is a pointer to storage that is no longer allocated
6) Detecting Memory Leaks
bull A program has a memory leak if during execution the program loses
its ability to address a portion of memory because of a programming
error
bull A pointer points to a location in memory and then all the pointers
pointing to this location are set to point somewhere else
bull A functionsubroutine is called memory is allocated during
execution of the functionsubroutine and then the memory is not
deallocated upon exit and all pointers to this memory are destroyed
Source code analyzer predicates
Reliable Proven free of run-time errors and under all
operating conditions within the scope
Faulty Proven faulty each time the operation is
executedDead Proven unreachable (may indicate a functional
issue)Unproven Unproven code
section or beyond the scope of the analyzer
Specifications
bullWhy Java for developing analyser
Specifications
bullWhy CC++ as input language
Design for Code Analyzer
Input program
(C File)
Lexical Analyzer
Parser
Symbol Table
IC(SDT)
Generation
Run Time Error Predictions
Analysis of Code
Input Program
Lexical Analysis-Stream Tokenizer
Parser-Condition = ( Expression (==|=|gt|lt|gt=|lt=) Expression )Expression = Term (+|-) TermTerm = Factor (|) FactorFactor = number | identifier |
Intermediate code generation Postfix Evaluation
3 address code generation
Target Source File
Test(n)
int banj
if(jltn)
a=a+b
argument
operator
operand 1
operand2
result
0 lt j n
1 if 0 gotol0
2 + a b
3 = a 2
l0
Work DoneIntermediate Code
Further Work
bull Evaluation of intermediate code for performing data flow and control flow analysis
bull Prediction of run time errors using intermediate code
bull Using code optimization techniques such as constant folding to predict code behavior
REFERENCESbull A V Aho R Sethi J D Ullman Compilers Principles Techniques
and Tools 2nd ed Addison-Wesley Pub Co
bull G R Luecke J Coyle J Hoekstra ldquoA Survey of Systems for Detecting Serial Run-Time Errorsrdquo The Iowa State Universitys High Performance Computing Group Concurrency and Computation Practice and Experience 18 15(Dec 2006) 1885-1907
bull T Erkkinen C Hote ldquoCode Verification and Run-Time Error Detection Through Abstract Interpretationrdquo AIAA Modeling and Simulation Technologies Conference and Exhibit 21 - 24 Aug 2006 Keystone Colorado
bull PolySpace Client for CC++ 6 datasheet Available HTTP httpwwwmathworkscomproductspolyspaceclientchtml
bull DM Dhamdhere Compiler Construction Tata McGraw-Hill
bull Semantic designs ldquoFlow analysis for control and datardquo Available HTTP httpwwwsemdesignscomProductsDMSFlowAnalysishtml
Code optimization based analysis
bull Code Verification and Run-Time Error prediction at compile time using syntax directed translation
bull Predict run time errors without program execution or test cases
bull Uses Intermediate Code
Existing Solutions
Possible Run time Errors
1) Detecting uninitialized Variables
Using variables before they have been initialized by the
program can cause unpredictable results
2) Detecting Overflows Underflows and Divide by
Zeros
Consider pseudo-code
X=X(X-Y)
Identifying all possible causes for error on the
operation
1048707 X and Y may not be initialized
1048707 X-Y may overflow or underflow
1048707 X and Y may be equal and cause a division by
zero
1048707 X(XndashY) may overflow or underflow
All possible values of x amp y in program p
If the value of x amp y both fall on the black line there is a divide by zero error
3) Detecting incorrect argument data types and
incorrect number of arguments
bull Checking of arguments for type and for the correct order of
occurrence
bull Requires both the calling program and the called program to
be compiled with a special compiler option
bull Checks can be made to determine if the number and types
of arguments in function (and subroutine) calls are
consistent with the actual function definitions
4) Detecting errors with strings at run-time
bull A string must have a null terminator at the end of the
meaningful data in the string A common mistake is to not
allocate room for this extra character
This can also be a problem with dynamic allocation
char copy_str = malloc( strlen(orig_str) + 1)
strcpy(copy_str orig_str)
bull The strlen() function returns a count of the data characters
which does not include the null terminator
bull In the case of dynamic allocation it might corrupt the heap
a Detecting Out-of-bounds indexing of statically and
dynamically allocated arrays
A common run-time error is the reading and writing of arrays
outside of their declared bounds
b Detecting Out-of-Bounds Pointer References
A common run-time error for C and C++ programs occurs
when a pointer points to memory outside its associated
memory block
for(i=0ilt5i++)
A[i]=i
p=A
for(i=0ilt=5i++)
p++
a=p
out-of-bounds reading using pointers
Pseudo code for out of bound references
5) Detecting Memory Allocation and Deallocation
Errors
bull A memory deallocation error occurs when a portion of
memory is deallocated more than once
bull Another common source of errors in C and C++ programs
is an attempt to use a dangling pointer A dangling pointer
is a pointer to storage that is no longer allocated
6) Detecting Memory Leaks
bull A program has a memory leak if during execution the program loses
its ability to address a portion of memory because of a programming
error
bull A pointer points to a location in memory and then all the pointers
pointing to this location are set to point somewhere else
bull A functionsubroutine is called memory is allocated during
execution of the functionsubroutine and then the memory is not
deallocated upon exit and all pointers to this memory are destroyed
Source code analyzer predicates
Reliable Proven free of run-time errors and under all
operating conditions within the scope
Faulty Proven faulty each time the operation is
executedDead Proven unreachable (may indicate a functional
issue)Unproven Unproven code
section or beyond the scope of the analyzer
Specifications
bullWhy Java for developing analyser
Specifications
bullWhy CC++ as input language
Design for Code Analyzer
Input program
(C File)
Lexical Analyzer
Parser
Symbol Table
IC(SDT)
Generation
Run Time Error Predictions
Analysis of Code
Input Program
Lexical Analysis-Stream Tokenizer
Parser-Condition = ( Expression (==|=|gt|lt|gt=|lt=) Expression )Expression = Term (+|-) TermTerm = Factor (|) FactorFactor = number | identifier |
Intermediate code generation Postfix Evaluation
3 address code generation
Target Source File
Test(n)
int banj
if(jltn)
a=a+b
argument
operator
operand 1
operand2
result
0 lt j n
1 if 0 gotol0
2 + a b
3 = a 2
l0
Work DoneIntermediate Code
Further Work
bull Evaluation of intermediate code for performing data flow and control flow analysis
bull Prediction of run time errors using intermediate code
bull Using code optimization techniques such as constant folding to predict code behavior
REFERENCESbull A V Aho R Sethi J D Ullman Compilers Principles Techniques
and Tools 2nd ed Addison-Wesley Pub Co
bull G R Luecke J Coyle J Hoekstra ldquoA Survey of Systems for Detecting Serial Run-Time Errorsrdquo The Iowa State Universitys High Performance Computing Group Concurrency and Computation Practice and Experience 18 15(Dec 2006) 1885-1907
bull T Erkkinen C Hote ldquoCode Verification and Run-Time Error Detection Through Abstract Interpretationrdquo AIAA Modeling and Simulation Technologies Conference and Exhibit 21 - 24 Aug 2006 Keystone Colorado
bull PolySpace Client for CC++ 6 datasheet Available HTTP httpwwwmathworkscomproductspolyspaceclientchtml
bull DM Dhamdhere Compiler Construction Tata McGraw-Hill
bull Semantic designs ldquoFlow analysis for control and datardquo Available HTTP httpwwwsemdesignscomProductsDMSFlowAnalysishtml
Existing Solutions
Possible Run time Errors
1) Detecting uninitialized Variables
Using variables before they have been initialized by the
program can cause unpredictable results
2) Detecting Overflows Underflows and Divide by
Zeros
Consider pseudo-code
X=X(X-Y)
Identifying all possible causes for error on the
operation
1048707 X and Y may not be initialized
1048707 X-Y may overflow or underflow
1048707 X and Y may be equal and cause a division by
zero
1048707 X(XndashY) may overflow or underflow
All possible values of x amp y in program p
If the value of x amp y both fall on the black line there is a divide by zero error
3) Detecting incorrect argument data types and
incorrect number of arguments
bull Checking of arguments for type and for the correct order of
occurrence
bull Requires both the calling program and the called program to
be compiled with a special compiler option
bull Checks can be made to determine if the number and types
of arguments in function (and subroutine) calls are
consistent with the actual function definitions
4) Detecting errors with strings at run-time
bull A string must have a null terminator at the end of the
meaningful data in the string A common mistake is to not
allocate room for this extra character
This can also be a problem with dynamic allocation
char copy_str = malloc( strlen(orig_str) + 1)
strcpy(copy_str orig_str)
bull The strlen() function returns a count of the data characters
which does not include the null terminator
bull In the case of dynamic allocation it might corrupt the heap
a Detecting Out-of-bounds indexing of statically and
dynamically allocated arrays
A common run-time error is the reading and writing of arrays
outside of their declared bounds
b Detecting Out-of-Bounds Pointer References
A common run-time error for C and C++ programs occurs
when a pointer points to memory outside its associated
memory block
for(i=0ilt5i++)
A[i]=i
p=A
for(i=0ilt=5i++)
p++
a=p
out-of-bounds reading using pointers
Pseudo code for out of bound references
5) Detecting Memory Allocation and Deallocation
Errors
bull A memory deallocation error occurs when a portion of
memory is deallocated more than once
bull Another common source of errors in C and C++ programs
is an attempt to use a dangling pointer A dangling pointer
is a pointer to storage that is no longer allocated
6) Detecting Memory Leaks
bull A program has a memory leak if during execution the program loses
its ability to address a portion of memory because of a programming
error
bull A pointer points to a location in memory and then all the pointers
pointing to this location are set to point somewhere else
bull A functionsubroutine is called memory is allocated during
execution of the functionsubroutine and then the memory is not
deallocated upon exit and all pointers to this memory are destroyed
Source code analyzer predicates
Reliable Proven free of run-time errors and under all
operating conditions within the scope
Faulty Proven faulty each time the operation is
executedDead Proven unreachable (may indicate a functional
issue)Unproven Unproven code
section or beyond the scope of the analyzer
Specifications
bullWhy Java for developing analyser
Specifications
bullWhy CC++ as input language
Design for Code Analyzer
Input program
(C File)
Lexical Analyzer
Parser
Symbol Table
IC(SDT)
Generation
Run Time Error Predictions
Analysis of Code
Input Program
Lexical Analysis-Stream Tokenizer
Parser-Condition = ( Expression (==|=|gt|lt|gt=|lt=) Expression )Expression = Term (+|-) TermTerm = Factor (|) FactorFactor = number | identifier |
Intermediate code generation Postfix Evaluation
3 address code generation
Target Source File
Test(n)
int banj
if(jltn)
a=a+b
argument
operator
operand 1
operand2
result
0 lt j n
1 if 0 gotol0
2 + a b
3 = a 2
l0
Work DoneIntermediate Code
Further Work
bull Evaluation of intermediate code for performing data flow and control flow analysis
bull Prediction of run time errors using intermediate code
bull Using code optimization techniques such as constant folding to predict code behavior
REFERENCESbull A V Aho R Sethi J D Ullman Compilers Principles Techniques
and Tools 2nd ed Addison-Wesley Pub Co
bull G R Luecke J Coyle J Hoekstra ldquoA Survey of Systems for Detecting Serial Run-Time Errorsrdquo The Iowa State Universitys High Performance Computing Group Concurrency and Computation Practice and Experience 18 15(Dec 2006) 1885-1907
bull T Erkkinen C Hote ldquoCode Verification and Run-Time Error Detection Through Abstract Interpretationrdquo AIAA Modeling and Simulation Technologies Conference and Exhibit 21 - 24 Aug 2006 Keystone Colorado
bull PolySpace Client for CC++ 6 datasheet Available HTTP httpwwwmathworkscomproductspolyspaceclientchtml
bull DM Dhamdhere Compiler Construction Tata McGraw-Hill
bull Semantic designs ldquoFlow analysis for control and datardquo Available HTTP httpwwwsemdesignscomProductsDMSFlowAnalysishtml
Possible Run time Errors
1) Detecting uninitialized Variables
Using variables before they have been initialized by the
program can cause unpredictable results
2) Detecting Overflows Underflows and Divide by
Zeros
Consider pseudo-code
X=X(X-Y)
Identifying all possible causes for error on the
operation
1048707 X and Y may not be initialized
1048707 X-Y may overflow or underflow
1048707 X and Y may be equal and cause a division by
zero
1048707 X(XndashY) may overflow or underflow
All possible values of x amp y in program p
If the value of x amp y both fall on the black line there is a divide by zero error
3) Detecting incorrect argument data types and
incorrect number of arguments
bull Checking of arguments for type and for the correct order of
occurrence
bull Requires both the calling program and the called program to
be compiled with a special compiler option
bull Checks can be made to determine if the number and types
of arguments in function (and subroutine) calls are
consistent with the actual function definitions
4) Detecting errors with strings at run-time
bull A string must have a null terminator at the end of the
meaningful data in the string A common mistake is to not
allocate room for this extra character
This can also be a problem with dynamic allocation
char copy_str = malloc( strlen(orig_str) + 1)
strcpy(copy_str orig_str)
bull The strlen() function returns a count of the data characters
which does not include the null terminator
bull In the case of dynamic allocation it might corrupt the heap
a Detecting Out-of-bounds indexing of statically and
dynamically allocated arrays
A common run-time error is the reading and writing of arrays
outside of their declared bounds
b Detecting Out-of-Bounds Pointer References
A common run-time error for C and C++ programs occurs
when a pointer points to memory outside its associated
memory block
for(i=0ilt5i++)
A[i]=i
p=A
for(i=0ilt=5i++)
p++
a=p
out-of-bounds reading using pointers
Pseudo code for out of bound references
5) Detecting Memory Allocation and Deallocation
Errors
bull A memory deallocation error occurs when a portion of
memory is deallocated more than once
bull Another common source of errors in C and C++ programs
is an attempt to use a dangling pointer A dangling pointer
is a pointer to storage that is no longer allocated
6) Detecting Memory Leaks
bull A program has a memory leak if during execution the program loses
its ability to address a portion of memory because of a programming
error
bull A pointer points to a location in memory and then all the pointers
pointing to this location are set to point somewhere else
bull A functionsubroutine is called memory is allocated during
execution of the functionsubroutine and then the memory is not
deallocated upon exit and all pointers to this memory are destroyed
Source code analyzer predicates
Reliable Proven free of run-time errors and under all
operating conditions within the scope
Faulty Proven faulty each time the operation is
executedDead Proven unreachable (may indicate a functional
issue)Unproven Unproven code
section or beyond the scope of the analyzer
Specifications
bullWhy Java for developing analyser
Specifications
bullWhy CC++ as input language
Design for Code Analyzer
Input program
(C File)
Lexical Analyzer
Parser
Symbol Table
IC(SDT)
Generation
Run Time Error Predictions
Analysis of Code
Input Program
Lexical Analysis-Stream Tokenizer
Parser-Condition = ( Expression (==|=|gt|lt|gt=|lt=) Expression )Expression = Term (+|-) TermTerm = Factor (|) FactorFactor = number | identifier |
Intermediate code generation Postfix Evaluation
3 address code generation
Target Source File
Test(n)
int banj
if(jltn)
a=a+b
argument
operator
operand 1
operand2
result
0 lt j n
1 if 0 gotol0
2 + a b
3 = a 2
l0
Work DoneIntermediate Code
Further Work
bull Evaluation of intermediate code for performing data flow and control flow analysis
bull Prediction of run time errors using intermediate code
bull Using code optimization techniques such as constant folding to predict code behavior
REFERENCESbull A V Aho R Sethi J D Ullman Compilers Principles Techniques
and Tools 2nd ed Addison-Wesley Pub Co
bull G R Luecke J Coyle J Hoekstra ldquoA Survey of Systems for Detecting Serial Run-Time Errorsrdquo The Iowa State Universitys High Performance Computing Group Concurrency and Computation Practice and Experience 18 15(Dec 2006) 1885-1907
bull T Erkkinen C Hote ldquoCode Verification and Run-Time Error Detection Through Abstract Interpretationrdquo AIAA Modeling and Simulation Technologies Conference and Exhibit 21 - 24 Aug 2006 Keystone Colorado
bull PolySpace Client for CC++ 6 datasheet Available HTTP httpwwwmathworkscomproductspolyspaceclientchtml
bull DM Dhamdhere Compiler Construction Tata McGraw-Hill
bull Semantic designs ldquoFlow analysis for control and datardquo Available HTTP httpwwwsemdesignscomProductsDMSFlowAnalysishtml
Consider pseudo-code
X=X(X-Y)
Identifying all possible causes for error on the
operation
1048707 X and Y may not be initialized
1048707 X-Y may overflow or underflow
1048707 X and Y may be equal and cause a division by
zero
1048707 X(XndashY) may overflow or underflow
All possible values of x amp y in program p
If the value of x amp y both fall on the black line there is a divide by zero error
3) Detecting incorrect argument data types and
incorrect number of arguments
bull Checking of arguments for type and for the correct order of
occurrence
bull Requires both the calling program and the called program to
be compiled with a special compiler option
bull Checks can be made to determine if the number and types
of arguments in function (and subroutine) calls are
consistent with the actual function definitions
4) Detecting errors with strings at run-time
bull A string must have a null terminator at the end of the
meaningful data in the string A common mistake is to not
allocate room for this extra character
This can also be a problem with dynamic allocation
char copy_str = malloc( strlen(orig_str) + 1)
strcpy(copy_str orig_str)
bull The strlen() function returns a count of the data characters
which does not include the null terminator
bull In the case of dynamic allocation it might corrupt the heap
a Detecting Out-of-bounds indexing of statically and
dynamically allocated arrays
A common run-time error is the reading and writing of arrays
outside of their declared bounds
b Detecting Out-of-Bounds Pointer References
A common run-time error for C and C++ programs occurs
when a pointer points to memory outside its associated
memory block
for(i=0ilt5i++)
A[i]=i
p=A
for(i=0ilt=5i++)
p++
a=p
out-of-bounds reading using pointers
Pseudo code for out of bound references
5) Detecting Memory Allocation and Deallocation
Errors
bull A memory deallocation error occurs when a portion of
memory is deallocated more than once
bull Another common source of errors in C and C++ programs
is an attempt to use a dangling pointer A dangling pointer
is a pointer to storage that is no longer allocated
6) Detecting Memory Leaks
bull A program has a memory leak if during execution the program loses
its ability to address a portion of memory because of a programming
error
bull A pointer points to a location in memory and then all the pointers
pointing to this location are set to point somewhere else
bull A functionsubroutine is called memory is allocated during
execution of the functionsubroutine and then the memory is not
deallocated upon exit and all pointers to this memory are destroyed
Source code analyzer predicates
Reliable Proven free of run-time errors and under all
operating conditions within the scope
Faulty Proven faulty each time the operation is
executedDead Proven unreachable (may indicate a functional
issue)Unproven Unproven code
section or beyond the scope of the analyzer
Specifications
bullWhy Java for developing analyser
Specifications
bullWhy CC++ as input language
Design for Code Analyzer
Input program
(C File)
Lexical Analyzer
Parser
Symbol Table
IC(SDT)
Generation
Run Time Error Predictions
Analysis of Code
Input Program
Lexical Analysis-Stream Tokenizer
Parser-Condition = ( Expression (==|=|gt|lt|gt=|lt=) Expression )Expression = Term (+|-) TermTerm = Factor (|) FactorFactor = number | identifier |
Intermediate code generation Postfix Evaluation
3 address code generation
Target Source File
Test(n)
int banj
if(jltn)
a=a+b
argument
operator
operand 1
operand2
result
0 lt j n
1 if 0 gotol0
2 + a b
3 = a 2
l0
Work DoneIntermediate Code
Further Work
bull Evaluation of intermediate code for performing data flow and control flow analysis
bull Prediction of run time errors using intermediate code
bull Using code optimization techniques such as constant folding to predict code behavior
REFERENCESbull A V Aho R Sethi J D Ullman Compilers Principles Techniques
and Tools 2nd ed Addison-Wesley Pub Co
bull G R Luecke J Coyle J Hoekstra ldquoA Survey of Systems for Detecting Serial Run-Time Errorsrdquo The Iowa State Universitys High Performance Computing Group Concurrency and Computation Practice and Experience 18 15(Dec 2006) 1885-1907
bull T Erkkinen C Hote ldquoCode Verification and Run-Time Error Detection Through Abstract Interpretationrdquo AIAA Modeling and Simulation Technologies Conference and Exhibit 21 - 24 Aug 2006 Keystone Colorado
bull PolySpace Client for CC++ 6 datasheet Available HTTP httpwwwmathworkscomproductspolyspaceclientchtml
bull DM Dhamdhere Compiler Construction Tata McGraw-Hill
bull Semantic designs ldquoFlow analysis for control and datardquo Available HTTP httpwwwsemdesignscomProductsDMSFlowAnalysishtml
All possible values of x amp y in program p
If the value of x amp y both fall on the black line there is a divide by zero error
3) Detecting incorrect argument data types and
incorrect number of arguments
bull Checking of arguments for type and for the correct order of
occurrence
bull Requires both the calling program and the called program to
be compiled with a special compiler option
bull Checks can be made to determine if the number and types
of arguments in function (and subroutine) calls are
consistent with the actual function definitions
4) Detecting errors with strings at run-time
bull A string must have a null terminator at the end of the
meaningful data in the string A common mistake is to not
allocate room for this extra character
This can also be a problem with dynamic allocation
char copy_str = malloc( strlen(orig_str) + 1)
strcpy(copy_str orig_str)
bull The strlen() function returns a count of the data characters
which does not include the null terminator
bull In the case of dynamic allocation it might corrupt the heap
a Detecting Out-of-bounds indexing of statically and
dynamically allocated arrays
A common run-time error is the reading and writing of arrays
outside of their declared bounds
b Detecting Out-of-Bounds Pointer References
A common run-time error for C and C++ programs occurs
when a pointer points to memory outside its associated
memory block
for(i=0ilt5i++)
A[i]=i
p=A
for(i=0ilt=5i++)
p++
a=p
out-of-bounds reading using pointers
Pseudo code for out of bound references
5) Detecting Memory Allocation and Deallocation
Errors
bull A memory deallocation error occurs when a portion of
memory is deallocated more than once
bull Another common source of errors in C and C++ programs
is an attempt to use a dangling pointer A dangling pointer
is a pointer to storage that is no longer allocated
6) Detecting Memory Leaks
bull A program has a memory leak if during execution the program loses
its ability to address a portion of memory because of a programming
error
bull A pointer points to a location in memory and then all the pointers
pointing to this location are set to point somewhere else
bull A functionsubroutine is called memory is allocated during
execution of the functionsubroutine and then the memory is not
deallocated upon exit and all pointers to this memory are destroyed
Source code analyzer predicates
Reliable Proven free of run-time errors and under all
operating conditions within the scope
Faulty Proven faulty each time the operation is
executedDead Proven unreachable (may indicate a functional
issue)Unproven Unproven code
section or beyond the scope of the analyzer
Specifications
bullWhy Java for developing analyser
Specifications
bullWhy CC++ as input language
Design for Code Analyzer
Input program
(C File)
Lexical Analyzer
Parser
Symbol Table
IC(SDT)
Generation
Run Time Error Predictions
Analysis of Code
Input Program
Lexical Analysis-Stream Tokenizer
Parser-Condition = ( Expression (==|=|gt|lt|gt=|lt=) Expression )Expression = Term (+|-) TermTerm = Factor (|) FactorFactor = number | identifier |
Intermediate code generation Postfix Evaluation
3 address code generation
Target Source File
Test(n)
int banj
if(jltn)
a=a+b
argument
operator
operand 1
operand2
result
0 lt j n
1 if 0 gotol0
2 + a b
3 = a 2
l0
Work DoneIntermediate Code
Further Work
bull Evaluation of intermediate code for performing data flow and control flow analysis
bull Prediction of run time errors using intermediate code
bull Using code optimization techniques such as constant folding to predict code behavior
REFERENCESbull A V Aho R Sethi J D Ullman Compilers Principles Techniques
and Tools 2nd ed Addison-Wesley Pub Co
bull G R Luecke J Coyle J Hoekstra ldquoA Survey of Systems for Detecting Serial Run-Time Errorsrdquo The Iowa State Universitys High Performance Computing Group Concurrency and Computation Practice and Experience 18 15(Dec 2006) 1885-1907
bull T Erkkinen C Hote ldquoCode Verification and Run-Time Error Detection Through Abstract Interpretationrdquo AIAA Modeling and Simulation Technologies Conference and Exhibit 21 - 24 Aug 2006 Keystone Colorado
bull PolySpace Client for CC++ 6 datasheet Available HTTP httpwwwmathworkscomproductspolyspaceclientchtml
bull DM Dhamdhere Compiler Construction Tata McGraw-Hill
bull Semantic designs ldquoFlow analysis for control and datardquo Available HTTP httpwwwsemdesignscomProductsDMSFlowAnalysishtml
3) Detecting incorrect argument data types and
incorrect number of arguments
bull Checking of arguments for type and for the correct order of
occurrence
bull Requires both the calling program and the called program to
be compiled with a special compiler option
bull Checks can be made to determine if the number and types
of arguments in function (and subroutine) calls are
consistent with the actual function definitions
4) Detecting errors with strings at run-time
bull A string must have a null terminator at the end of the
meaningful data in the string A common mistake is to not
allocate room for this extra character
This can also be a problem with dynamic allocation
char copy_str = malloc( strlen(orig_str) + 1)
strcpy(copy_str orig_str)
bull The strlen() function returns a count of the data characters
which does not include the null terminator
bull In the case of dynamic allocation it might corrupt the heap
a Detecting Out-of-bounds indexing of statically and
dynamically allocated arrays
A common run-time error is the reading and writing of arrays
outside of their declared bounds
b Detecting Out-of-Bounds Pointer References
A common run-time error for C and C++ programs occurs
when a pointer points to memory outside its associated
memory block
for(i=0ilt5i++)
A[i]=i
p=A
for(i=0ilt=5i++)
p++
a=p
out-of-bounds reading using pointers
Pseudo code for out of bound references
5) Detecting Memory Allocation and Deallocation
Errors
bull A memory deallocation error occurs when a portion of
memory is deallocated more than once
bull Another common source of errors in C and C++ programs
is an attempt to use a dangling pointer A dangling pointer
is a pointer to storage that is no longer allocated
6) Detecting Memory Leaks
bull A program has a memory leak if during execution the program loses
its ability to address a portion of memory because of a programming
error
bull A pointer points to a location in memory and then all the pointers
pointing to this location are set to point somewhere else
bull A functionsubroutine is called memory is allocated during
execution of the functionsubroutine and then the memory is not
deallocated upon exit and all pointers to this memory are destroyed
Source code analyzer predicates
Reliable Proven free of run-time errors and under all
operating conditions within the scope
Faulty Proven faulty each time the operation is
executedDead Proven unreachable (may indicate a functional
issue)Unproven Unproven code
section or beyond the scope of the analyzer
Specifications
bullWhy Java for developing analyser
Specifications
bullWhy CC++ as input language
Design for Code Analyzer
Input program
(C File)
Lexical Analyzer
Parser
Symbol Table
IC(SDT)
Generation
Run Time Error Predictions
Analysis of Code
Input Program
Lexical Analysis-Stream Tokenizer
Parser-Condition = ( Expression (==|=|gt|lt|gt=|lt=) Expression )Expression = Term (+|-) TermTerm = Factor (|) FactorFactor = number | identifier |
Intermediate code generation Postfix Evaluation
3 address code generation
Target Source File
Test(n)
int banj
if(jltn)
a=a+b
argument
operator
operand 1
operand2
result
0 lt j n
1 if 0 gotol0
2 + a b
3 = a 2
l0
Work DoneIntermediate Code
Further Work
bull Evaluation of intermediate code for performing data flow and control flow analysis
bull Prediction of run time errors using intermediate code
bull Using code optimization techniques such as constant folding to predict code behavior
REFERENCESbull A V Aho R Sethi J D Ullman Compilers Principles Techniques
and Tools 2nd ed Addison-Wesley Pub Co
bull G R Luecke J Coyle J Hoekstra ldquoA Survey of Systems for Detecting Serial Run-Time Errorsrdquo The Iowa State Universitys High Performance Computing Group Concurrency and Computation Practice and Experience 18 15(Dec 2006) 1885-1907
bull T Erkkinen C Hote ldquoCode Verification and Run-Time Error Detection Through Abstract Interpretationrdquo AIAA Modeling and Simulation Technologies Conference and Exhibit 21 - 24 Aug 2006 Keystone Colorado
bull PolySpace Client for CC++ 6 datasheet Available HTTP httpwwwmathworkscomproductspolyspaceclientchtml
bull DM Dhamdhere Compiler Construction Tata McGraw-Hill
bull Semantic designs ldquoFlow analysis for control and datardquo Available HTTP httpwwwsemdesignscomProductsDMSFlowAnalysishtml
4) Detecting errors with strings at run-time
bull A string must have a null terminator at the end of the
meaningful data in the string A common mistake is to not
allocate room for this extra character
This can also be a problem with dynamic allocation
char copy_str = malloc( strlen(orig_str) + 1)
strcpy(copy_str orig_str)
bull The strlen() function returns a count of the data characters
which does not include the null terminator
bull In the case of dynamic allocation it might corrupt the heap
a Detecting Out-of-bounds indexing of statically and
dynamically allocated arrays
A common run-time error is the reading and writing of arrays
outside of their declared bounds
b Detecting Out-of-Bounds Pointer References
A common run-time error for C and C++ programs occurs
when a pointer points to memory outside its associated
memory block
for(i=0ilt5i++)
A[i]=i
p=A
for(i=0ilt=5i++)
p++
a=p
out-of-bounds reading using pointers
Pseudo code for out of bound references
5) Detecting Memory Allocation and Deallocation
Errors
bull A memory deallocation error occurs when a portion of
memory is deallocated more than once
bull Another common source of errors in C and C++ programs
is an attempt to use a dangling pointer A dangling pointer
is a pointer to storage that is no longer allocated
6) Detecting Memory Leaks
bull A program has a memory leak if during execution the program loses
its ability to address a portion of memory because of a programming
error
bull A pointer points to a location in memory and then all the pointers
pointing to this location are set to point somewhere else
bull A functionsubroutine is called memory is allocated during
execution of the functionsubroutine and then the memory is not
deallocated upon exit and all pointers to this memory are destroyed
Source code analyzer predicates
Reliable Proven free of run-time errors and under all
operating conditions within the scope
Faulty Proven faulty each time the operation is
executedDead Proven unreachable (may indicate a functional
issue)Unproven Unproven code
section or beyond the scope of the analyzer
Specifications
bullWhy Java for developing analyser
Specifications
bullWhy CC++ as input language
Design for Code Analyzer
Input program
(C File)
Lexical Analyzer
Parser
Symbol Table
IC(SDT)
Generation
Run Time Error Predictions
Analysis of Code
Input Program
Lexical Analysis-Stream Tokenizer
Parser-Condition = ( Expression (==|=|gt|lt|gt=|lt=) Expression )Expression = Term (+|-) TermTerm = Factor (|) FactorFactor = number | identifier |
Intermediate code generation Postfix Evaluation
3 address code generation
Target Source File
Test(n)
int banj
if(jltn)
a=a+b
argument
operator
operand 1
operand2
result
0 lt j n
1 if 0 gotol0
2 + a b
3 = a 2
l0
Work DoneIntermediate Code
Further Work
bull Evaluation of intermediate code for performing data flow and control flow analysis
bull Prediction of run time errors using intermediate code
bull Using code optimization techniques such as constant folding to predict code behavior
REFERENCESbull A V Aho R Sethi J D Ullman Compilers Principles Techniques
and Tools 2nd ed Addison-Wesley Pub Co
bull G R Luecke J Coyle J Hoekstra ldquoA Survey of Systems for Detecting Serial Run-Time Errorsrdquo The Iowa State Universitys High Performance Computing Group Concurrency and Computation Practice and Experience 18 15(Dec 2006) 1885-1907
bull T Erkkinen C Hote ldquoCode Verification and Run-Time Error Detection Through Abstract Interpretationrdquo AIAA Modeling and Simulation Technologies Conference and Exhibit 21 - 24 Aug 2006 Keystone Colorado
bull PolySpace Client for CC++ 6 datasheet Available HTTP httpwwwmathworkscomproductspolyspaceclientchtml
bull DM Dhamdhere Compiler Construction Tata McGraw-Hill
bull Semantic designs ldquoFlow analysis for control and datardquo Available HTTP httpwwwsemdesignscomProductsDMSFlowAnalysishtml
a Detecting Out-of-bounds indexing of statically and
dynamically allocated arrays
A common run-time error is the reading and writing of arrays
outside of their declared bounds
b Detecting Out-of-Bounds Pointer References
A common run-time error for C and C++ programs occurs
when a pointer points to memory outside its associated
memory block
for(i=0ilt5i++)
A[i]=i
p=A
for(i=0ilt=5i++)
p++
a=p
out-of-bounds reading using pointers
Pseudo code for out of bound references
5) Detecting Memory Allocation and Deallocation
Errors
bull A memory deallocation error occurs when a portion of
memory is deallocated more than once
bull Another common source of errors in C and C++ programs
is an attempt to use a dangling pointer A dangling pointer
is a pointer to storage that is no longer allocated
6) Detecting Memory Leaks
bull A program has a memory leak if during execution the program loses
its ability to address a portion of memory because of a programming
error
bull A pointer points to a location in memory and then all the pointers
pointing to this location are set to point somewhere else
bull A functionsubroutine is called memory is allocated during
execution of the functionsubroutine and then the memory is not
deallocated upon exit and all pointers to this memory are destroyed
Source code analyzer predicates
Reliable Proven free of run-time errors and under all
operating conditions within the scope
Faulty Proven faulty each time the operation is
executedDead Proven unreachable (may indicate a functional
issue)Unproven Unproven code
section or beyond the scope of the analyzer
Specifications
bullWhy Java for developing analyser
Specifications
bullWhy CC++ as input language
Design for Code Analyzer
Input program
(C File)
Lexical Analyzer
Parser
Symbol Table
IC(SDT)
Generation
Run Time Error Predictions
Analysis of Code
Input Program
Lexical Analysis-Stream Tokenizer
Parser-Condition = ( Expression (==|=|gt|lt|gt=|lt=) Expression )Expression = Term (+|-) TermTerm = Factor (|) FactorFactor = number | identifier |
Intermediate code generation Postfix Evaluation
3 address code generation
Target Source File
Test(n)
int banj
if(jltn)
a=a+b
argument
operator
operand 1
operand2
result
0 lt j n
1 if 0 gotol0
2 + a b
3 = a 2
l0
Work DoneIntermediate Code
Further Work
bull Evaluation of intermediate code for performing data flow and control flow analysis
bull Prediction of run time errors using intermediate code
bull Using code optimization techniques such as constant folding to predict code behavior
REFERENCESbull A V Aho R Sethi J D Ullman Compilers Principles Techniques
and Tools 2nd ed Addison-Wesley Pub Co
bull G R Luecke J Coyle J Hoekstra ldquoA Survey of Systems for Detecting Serial Run-Time Errorsrdquo The Iowa State Universitys High Performance Computing Group Concurrency and Computation Practice and Experience 18 15(Dec 2006) 1885-1907
bull T Erkkinen C Hote ldquoCode Verification and Run-Time Error Detection Through Abstract Interpretationrdquo AIAA Modeling and Simulation Technologies Conference and Exhibit 21 - 24 Aug 2006 Keystone Colorado
bull PolySpace Client for CC++ 6 datasheet Available HTTP httpwwwmathworkscomproductspolyspaceclientchtml
bull DM Dhamdhere Compiler Construction Tata McGraw-Hill
bull Semantic designs ldquoFlow analysis for control and datardquo Available HTTP httpwwwsemdesignscomProductsDMSFlowAnalysishtml
for(i=0ilt5i++)
A[i]=i
p=A
for(i=0ilt=5i++)
p++
a=p
out-of-bounds reading using pointers
Pseudo code for out of bound references
5) Detecting Memory Allocation and Deallocation
Errors
bull A memory deallocation error occurs when a portion of
memory is deallocated more than once
bull Another common source of errors in C and C++ programs
is an attempt to use a dangling pointer A dangling pointer
is a pointer to storage that is no longer allocated
6) Detecting Memory Leaks
bull A program has a memory leak if during execution the program loses
its ability to address a portion of memory because of a programming
error
bull A pointer points to a location in memory and then all the pointers
pointing to this location are set to point somewhere else
bull A functionsubroutine is called memory is allocated during
execution of the functionsubroutine and then the memory is not
deallocated upon exit and all pointers to this memory are destroyed
Source code analyzer predicates
Reliable Proven free of run-time errors and under all
operating conditions within the scope
Faulty Proven faulty each time the operation is
executedDead Proven unreachable (may indicate a functional
issue)Unproven Unproven code
section or beyond the scope of the analyzer
Specifications
bullWhy Java for developing analyser
Specifications
bullWhy CC++ as input language
Design for Code Analyzer
Input program
(C File)
Lexical Analyzer
Parser
Symbol Table
IC(SDT)
Generation
Run Time Error Predictions
Analysis of Code
Input Program
Lexical Analysis-Stream Tokenizer
Parser-Condition = ( Expression (==|=|gt|lt|gt=|lt=) Expression )Expression = Term (+|-) TermTerm = Factor (|) FactorFactor = number | identifier |
Intermediate code generation Postfix Evaluation
3 address code generation
Target Source File
Test(n)
int banj
if(jltn)
a=a+b
argument
operator
operand 1
operand2
result
0 lt j n
1 if 0 gotol0
2 + a b
3 = a 2
l0
Work DoneIntermediate Code
Further Work
bull Evaluation of intermediate code for performing data flow and control flow analysis
bull Prediction of run time errors using intermediate code
bull Using code optimization techniques such as constant folding to predict code behavior
REFERENCESbull A V Aho R Sethi J D Ullman Compilers Principles Techniques
and Tools 2nd ed Addison-Wesley Pub Co
bull G R Luecke J Coyle J Hoekstra ldquoA Survey of Systems for Detecting Serial Run-Time Errorsrdquo The Iowa State Universitys High Performance Computing Group Concurrency and Computation Practice and Experience 18 15(Dec 2006) 1885-1907
bull T Erkkinen C Hote ldquoCode Verification and Run-Time Error Detection Through Abstract Interpretationrdquo AIAA Modeling and Simulation Technologies Conference and Exhibit 21 - 24 Aug 2006 Keystone Colorado
bull PolySpace Client for CC++ 6 datasheet Available HTTP httpwwwmathworkscomproductspolyspaceclientchtml
bull DM Dhamdhere Compiler Construction Tata McGraw-Hill
bull Semantic designs ldquoFlow analysis for control and datardquo Available HTTP httpwwwsemdesignscomProductsDMSFlowAnalysishtml
5) Detecting Memory Allocation and Deallocation
Errors
bull A memory deallocation error occurs when a portion of
memory is deallocated more than once
bull Another common source of errors in C and C++ programs
is an attempt to use a dangling pointer A dangling pointer
is a pointer to storage that is no longer allocated
6) Detecting Memory Leaks
bull A program has a memory leak if during execution the program loses
its ability to address a portion of memory because of a programming
error
bull A pointer points to a location in memory and then all the pointers
pointing to this location are set to point somewhere else
bull A functionsubroutine is called memory is allocated during
execution of the functionsubroutine and then the memory is not
deallocated upon exit and all pointers to this memory are destroyed
Source code analyzer predicates
Reliable Proven free of run-time errors and under all
operating conditions within the scope
Faulty Proven faulty each time the operation is
executedDead Proven unreachable (may indicate a functional
issue)Unproven Unproven code
section or beyond the scope of the analyzer
Specifications
bullWhy Java for developing analyser
Specifications
bullWhy CC++ as input language
Design for Code Analyzer
Input program
(C File)
Lexical Analyzer
Parser
Symbol Table
IC(SDT)
Generation
Run Time Error Predictions
Analysis of Code
Input Program
Lexical Analysis-Stream Tokenizer
Parser-Condition = ( Expression (==|=|gt|lt|gt=|lt=) Expression )Expression = Term (+|-) TermTerm = Factor (|) FactorFactor = number | identifier |
Intermediate code generation Postfix Evaluation
3 address code generation
Target Source File
Test(n)
int banj
if(jltn)
a=a+b
argument
operator
operand 1
operand2
result
0 lt j n
1 if 0 gotol0
2 + a b
3 = a 2
l0
Work DoneIntermediate Code
Further Work
bull Evaluation of intermediate code for performing data flow and control flow analysis
bull Prediction of run time errors using intermediate code
bull Using code optimization techniques such as constant folding to predict code behavior
REFERENCESbull A V Aho R Sethi J D Ullman Compilers Principles Techniques
and Tools 2nd ed Addison-Wesley Pub Co
bull G R Luecke J Coyle J Hoekstra ldquoA Survey of Systems for Detecting Serial Run-Time Errorsrdquo The Iowa State Universitys High Performance Computing Group Concurrency and Computation Practice and Experience 18 15(Dec 2006) 1885-1907
bull T Erkkinen C Hote ldquoCode Verification and Run-Time Error Detection Through Abstract Interpretationrdquo AIAA Modeling and Simulation Technologies Conference and Exhibit 21 - 24 Aug 2006 Keystone Colorado
bull PolySpace Client for CC++ 6 datasheet Available HTTP httpwwwmathworkscomproductspolyspaceclientchtml
bull DM Dhamdhere Compiler Construction Tata McGraw-Hill
bull Semantic designs ldquoFlow analysis for control and datardquo Available HTTP httpwwwsemdesignscomProductsDMSFlowAnalysishtml
6) Detecting Memory Leaks
bull A program has a memory leak if during execution the program loses
its ability to address a portion of memory because of a programming
error
bull A pointer points to a location in memory and then all the pointers
pointing to this location are set to point somewhere else
bull A functionsubroutine is called memory is allocated during
execution of the functionsubroutine and then the memory is not
deallocated upon exit and all pointers to this memory are destroyed
Source code analyzer predicates
Reliable Proven free of run-time errors and under all
operating conditions within the scope
Faulty Proven faulty each time the operation is
executedDead Proven unreachable (may indicate a functional
issue)Unproven Unproven code
section or beyond the scope of the analyzer
Specifications
bullWhy Java for developing analyser
Specifications
bullWhy CC++ as input language
Design for Code Analyzer
Input program
(C File)
Lexical Analyzer
Parser
Symbol Table
IC(SDT)
Generation
Run Time Error Predictions
Analysis of Code
Input Program
Lexical Analysis-Stream Tokenizer
Parser-Condition = ( Expression (==|=|gt|lt|gt=|lt=) Expression )Expression = Term (+|-) TermTerm = Factor (|) FactorFactor = number | identifier |
Intermediate code generation Postfix Evaluation
3 address code generation
Target Source File
Test(n)
int banj
if(jltn)
a=a+b
argument
operator
operand 1
operand2
result
0 lt j n
1 if 0 gotol0
2 + a b
3 = a 2
l0
Work DoneIntermediate Code
Further Work
bull Evaluation of intermediate code for performing data flow and control flow analysis
bull Prediction of run time errors using intermediate code
bull Using code optimization techniques such as constant folding to predict code behavior
REFERENCESbull A V Aho R Sethi J D Ullman Compilers Principles Techniques
and Tools 2nd ed Addison-Wesley Pub Co
bull G R Luecke J Coyle J Hoekstra ldquoA Survey of Systems for Detecting Serial Run-Time Errorsrdquo The Iowa State Universitys High Performance Computing Group Concurrency and Computation Practice and Experience 18 15(Dec 2006) 1885-1907
bull T Erkkinen C Hote ldquoCode Verification and Run-Time Error Detection Through Abstract Interpretationrdquo AIAA Modeling and Simulation Technologies Conference and Exhibit 21 - 24 Aug 2006 Keystone Colorado
bull PolySpace Client for CC++ 6 datasheet Available HTTP httpwwwmathworkscomproductspolyspaceclientchtml
bull DM Dhamdhere Compiler Construction Tata McGraw-Hill
bull Semantic designs ldquoFlow analysis for control and datardquo Available HTTP httpwwwsemdesignscomProductsDMSFlowAnalysishtml
Source code analyzer predicates
Reliable Proven free of run-time errors and under all
operating conditions within the scope
Faulty Proven faulty each time the operation is
executedDead Proven unreachable (may indicate a functional
issue)Unproven Unproven code
section or beyond the scope of the analyzer
Specifications
bullWhy Java for developing analyser
Specifications
bullWhy CC++ as input language
Design for Code Analyzer
Input program
(C File)
Lexical Analyzer
Parser
Symbol Table
IC(SDT)
Generation
Run Time Error Predictions
Analysis of Code
Input Program
Lexical Analysis-Stream Tokenizer
Parser-Condition = ( Expression (==|=|gt|lt|gt=|lt=) Expression )Expression = Term (+|-) TermTerm = Factor (|) FactorFactor = number | identifier |
Intermediate code generation Postfix Evaluation
3 address code generation
Target Source File
Test(n)
int banj
if(jltn)
a=a+b
argument
operator
operand 1
operand2
result
0 lt j n
1 if 0 gotol0
2 + a b
3 = a 2
l0
Work DoneIntermediate Code
Further Work
bull Evaluation of intermediate code for performing data flow and control flow analysis
bull Prediction of run time errors using intermediate code
bull Using code optimization techniques such as constant folding to predict code behavior
REFERENCESbull A V Aho R Sethi J D Ullman Compilers Principles Techniques
and Tools 2nd ed Addison-Wesley Pub Co
bull G R Luecke J Coyle J Hoekstra ldquoA Survey of Systems for Detecting Serial Run-Time Errorsrdquo The Iowa State Universitys High Performance Computing Group Concurrency and Computation Practice and Experience 18 15(Dec 2006) 1885-1907
bull T Erkkinen C Hote ldquoCode Verification and Run-Time Error Detection Through Abstract Interpretationrdquo AIAA Modeling and Simulation Technologies Conference and Exhibit 21 - 24 Aug 2006 Keystone Colorado
bull PolySpace Client for CC++ 6 datasheet Available HTTP httpwwwmathworkscomproductspolyspaceclientchtml
bull DM Dhamdhere Compiler Construction Tata McGraw-Hill
bull Semantic designs ldquoFlow analysis for control and datardquo Available HTTP httpwwwsemdesignscomProductsDMSFlowAnalysishtml
Specifications
bullWhy Java for developing analyser
Specifications
bullWhy CC++ as input language
Design for Code Analyzer
Input program
(C File)
Lexical Analyzer
Parser
Symbol Table
IC(SDT)
Generation
Run Time Error Predictions
Analysis of Code
Input Program
Lexical Analysis-Stream Tokenizer
Parser-Condition = ( Expression (==|=|gt|lt|gt=|lt=) Expression )Expression = Term (+|-) TermTerm = Factor (|) FactorFactor = number | identifier |
Intermediate code generation Postfix Evaluation
3 address code generation
Target Source File
Test(n)
int banj
if(jltn)
a=a+b
argument
operator
operand 1
operand2
result
0 lt j n
1 if 0 gotol0
2 + a b
3 = a 2
l0
Work DoneIntermediate Code
Further Work
bull Evaluation of intermediate code for performing data flow and control flow analysis
bull Prediction of run time errors using intermediate code
bull Using code optimization techniques such as constant folding to predict code behavior
REFERENCESbull A V Aho R Sethi J D Ullman Compilers Principles Techniques
and Tools 2nd ed Addison-Wesley Pub Co
bull G R Luecke J Coyle J Hoekstra ldquoA Survey of Systems for Detecting Serial Run-Time Errorsrdquo The Iowa State Universitys High Performance Computing Group Concurrency and Computation Practice and Experience 18 15(Dec 2006) 1885-1907
bull T Erkkinen C Hote ldquoCode Verification and Run-Time Error Detection Through Abstract Interpretationrdquo AIAA Modeling and Simulation Technologies Conference and Exhibit 21 - 24 Aug 2006 Keystone Colorado
bull PolySpace Client for CC++ 6 datasheet Available HTTP httpwwwmathworkscomproductspolyspaceclientchtml
bull DM Dhamdhere Compiler Construction Tata McGraw-Hill
bull Semantic designs ldquoFlow analysis for control and datardquo Available HTTP httpwwwsemdesignscomProductsDMSFlowAnalysishtml
Specifications
bullWhy CC++ as input language
Design for Code Analyzer
Input program
(C File)
Lexical Analyzer
Parser
Symbol Table
IC(SDT)
Generation
Run Time Error Predictions
Analysis of Code
Input Program
Lexical Analysis-Stream Tokenizer
Parser-Condition = ( Expression (==|=|gt|lt|gt=|lt=) Expression )Expression = Term (+|-) TermTerm = Factor (|) FactorFactor = number | identifier |
Intermediate code generation Postfix Evaluation
3 address code generation
Target Source File
Test(n)
int banj
if(jltn)
a=a+b
argument
operator
operand 1
operand2
result
0 lt j n
1 if 0 gotol0
2 + a b
3 = a 2
l0
Work DoneIntermediate Code
Further Work
bull Evaluation of intermediate code for performing data flow and control flow analysis
bull Prediction of run time errors using intermediate code
bull Using code optimization techniques such as constant folding to predict code behavior
REFERENCESbull A V Aho R Sethi J D Ullman Compilers Principles Techniques
and Tools 2nd ed Addison-Wesley Pub Co
bull G R Luecke J Coyle J Hoekstra ldquoA Survey of Systems for Detecting Serial Run-Time Errorsrdquo The Iowa State Universitys High Performance Computing Group Concurrency and Computation Practice and Experience 18 15(Dec 2006) 1885-1907
bull T Erkkinen C Hote ldquoCode Verification and Run-Time Error Detection Through Abstract Interpretationrdquo AIAA Modeling and Simulation Technologies Conference and Exhibit 21 - 24 Aug 2006 Keystone Colorado
bull PolySpace Client for CC++ 6 datasheet Available HTTP httpwwwmathworkscomproductspolyspaceclientchtml
bull DM Dhamdhere Compiler Construction Tata McGraw-Hill
bull Semantic designs ldquoFlow analysis for control and datardquo Available HTTP httpwwwsemdesignscomProductsDMSFlowAnalysishtml
Design for Code Analyzer
Input program
(C File)
Lexical Analyzer
Parser
Symbol Table
IC(SDT)
Generation
Run Time Error Predictions
Analysis of Code
Input Program
Lexical Analysis-Stream Tokenizer
Parser-Condition = ( Expression (==|=|gt|lt|gt=|lt=) Expression )Expression = Term (+|-) TermTerm = Factor (|) FactorFactor = number | identifier |
Intermediate code generation Postfix Evaluation
3 address code generation
Target Source File
Test(n)
int banj
if(jltn)
a=a+b
argument
operator
operand 1
operand2
result
0 lt j n
1 if 0 gotol0
2 + a b
3 = a 2
l0
Work DoneIntermediate Code
Further Work
bull Evaluation of intermediate code for performing data flow and control flow analysis
bull Prediction of run time errors using intermediate code
bull Using code optimization techniques such as constant folding to predict code behavior
REFERENCESbull A V Aho R Sethi J D Ullman Compilers Principles Techniques
and Tools 2nd ed Addison-Wesley Pub Co
bull G R Luecke J Coyle J Hoekstra ldquoA Survey of Systems for Detecting Serial Run-Time Errorsrdquo The Iowa State Universitys High Performance Computing Group Concurrency and Computation Practice and Experience 18 15(Dec 2006) 1885-1907
bull T Erkkinen C Hote ldquoCode Verification and Run-Time Error Detection Through Abstract Interpretationrdquo AIAA Modeling and Simulation Technologies Conference and Exhibit 21 - 24 Aug 2006 Keystone Colorado
bull PolySpace Client for CC++ 6 datasheet Available HTTP httpwwwmathworkscomproductspolyspaceclientchtml
bull DM Dhamdhere Compiler Construction Tata McGraw-Hill
bull Semantic designs ldquoFlow analysis for control and datardquo Available HTTP httpwwwsemdesignscomProductsDMSFlowAnalysishtml
Analysis of Code
Input Program
Lexical Analysis-Stream Tokenizer
Parser-Condition = ( Expression (==|=|gt|lt|gt=|lt=) Expression )Expression = Term (+|-) TermTerm = Factor (|) FactorFactor = number | identifier |
Intermediate code generation Postfix Evaluation
3 address code generation
Target Source File
Test(n)
int banj
if(jltn)
a=a+b
argument
operator
operand 1
operand2
result
0 lt j n
1 if 0 gotol0
2 + a b
3 = a 2
l0
Work DoneIntermediate Code
Further Work
bull Evaluation of intermediate code for performing data flow and control flow analysis
bull Prediction of run time errors using intermediate code
bull Using code optimization techniques such as constant folding to predict code behavior
REFERENCESbull A V Aho R Sethi J D Ullman Compilers Principles Techniques
and Tools 2nd ed Addison-Wesley Pub Co
bull G R Luecke J Coyle J Hoekstra ldquoA Survey of Systems for Detecting Serial Run-Time Errorsrdquo The Iowa State Universitys High Performance Computing Group Concurrency and Computation Practice and Experience 18 15(Dec 2006) 1885-1907
bull T Erkkinen C Hote ldquoCode Verification and Run-Time Error Detection Through Abstract Interpretationrdquo AIAA Modeling and Simulation Technologies Conference and Exhibit 21 - 24 Aug 2006 Keystone Colorado
bull PolySpace Client for CC++ 6 datasheet Available HTTP httpwwwmathworkscomproductspolyspaceclientchtml
bull DM Dhamdhere Compiler Construction Tata McGraw-Hill
bull Semantic designs ldquoFlow analysis for control and datardquo Available HTTP httpwwwsemdesignscomProductsDMSFlowAnalysishtml
3 address code generation
Target Source File
Test(n)
int banj
if(jltn)
a=a+b
argument
operator
operand 1
operand2
result
0 lt j n
1 if 0 gotol0
2 + a b
3 = a 2
l0
Work DoneIntermediate Code
Further Work
bull Evaluation of intermediate code for performing data flow and control flow analysis
bull Prediction of run time errors using intermediate code
bull Using code optimization techniques such as constant folding to predict code behavior
REFERENCESbull A V Aho R Sethi J D Ullman Compilers Principles Techniques
and Tools 2nd ed Addison-Wesley Pub Co
bull G R Luecke J Coyle J Hoekstra ldquoA Survey of Systems for Detecting Serial Run-Time Errorsrdquo The Iowa State Universitys High Performance Computing Group Concurrency and Computation Practice and Experience 18 15(Dec 2006) 1885-1907
bull T Erkkinen C Hote ldquoCode Verification and Run-Time Error Detection Through Abstract Interpretationrdquo AIAA Modeling and Simulation Technologies Conference and Exhibit 21 - 24 Aug 2006 Keystone Colorado
bull PolySpace Client for CC++ 6 datasheet Available HTTP httpwwwmathworkscomproductspolyspaceclientchtml
bull DM Dhamdhere Compiler Construction Tata McGraw-Hill
bull Semantic designs ldquoFlow analysis for control and datardquo Available HTTP httpwwwsemdesignscomProductsDMSFlowAnalysishtml
Work DoneIntermediate Code
Further Work
bull Evaluation of intermediate code for performing data flow and control flow analysis
bull Prediction of run time errors using intermediate code
bull Using code optimization techniques such as constant folding to predict code behavior
REFERENCESbull A V Aho R Sethi J D Ullman Compilers Principles Techniques
and Tools 2nd ed Addison-Wesley Pub Co
bull G R Luecke J Coyle J Hoekstra ldquoA Survey of Systems for Detecting Serial Run-Time Errorsrdquo The Iowa State Universitys High Performance Computing Group Concurrency and Computation Practice and Experience 18 15(Dec 2006) 1885-1907
bull T Erkkinen C Hote ldquoCode Verification and Run-Time Error Detection Through Abstract Interpretationrdquo AIAA Modeling and Simulation Technologies Conference and Exhibit 21 - 24 Aug 2006 Keystone Colorado
bull PolySpace Client for CC++ 6 datasheet Available HTTP httpwwwmathworkscomproductspolyspaceclientchtml
bull DM Dhamdhere Compiler Construction Tata McGraw-Hill
bull Semantic designs ldquoFlow analysis for control and datardquo Available HTTP httpwwwsemdesignscomProductsDMSFlowAnalysishtml
Further Work
bull Evaluation of intermediate code for performing data flow and control flow analysis
bull Prediction of run time errors using intermediate code
bull Using code optimization techniques such as constant folding to predict code behavior
REFERENCESbull A V Aho R Sethi J D Ullman Compilers Principles Techniques
and Tools 2nd ed Addison-Wesley Pub Co
bull G R Luecke J Coyle J Hoekstra ldquoA Survey of Systems for Detecting Serial Run-Time Errorsrdquo The Iowa State Universitys High Performance Computing Group Concurrency and Computation Practice and Experience 18 15(Dec 2006) 1885-1907
bull T Erkkinen C Hote ldquoCode Verification and Run-Time Error Detection Through Abstract Interpretationrdquo AIAA Modeling and Simulation Technologies Conference and Exhibit 21 - 24 Aug 2006 Keystone Colorado
bull PolySpace Client for CC++ 6 datasheet Available HTTP httpwwwmathworkscomproductspolyspaceclientchtml
bull DM Dhamdhere Compiler Construction Tata McGraw-Hill
bull Semantic designs ldquoFlow analysis for control and datardquo Available HTTP httpwwwsemdesignscomProductsDMSFlowAnalysishtml
REFERENCESbull A V Aho R Sethi J D Ullman Compilers Principles Techniques
and Tools 2nd ed Addison-Wesley Pub Co
bull G R Luecke J Coyle J Hoekstra ldquoA Survey of Systems for Detecting Serial Run-Time Errorsrdquo The Iowa State Universitys High Performance Computing Group Concurrency and Computation Practice and Experience 18 15(Dec 2006) 1885-1907
bull T Erkkinen C Hote ldquoCode Verification and Run-Time Error Detection Through Abstract Interpretationrdquo AIAA Modeling and Simulation Technologies Conference and Exhibit 21 - 24 Aug 2006 Keystone Colorado
bull PolySpace Client for CC++ 6 datasheet Available HTTP httpwwwmathworkscomproductspolyspaceclientchtml
bull DM Dhamdhere Compiler Construction Tata McGraw-Hill
bull Semantic designs ldquoFlow analysis for control and datardquo Available HTTP httpwwwsemdesignscomProductsDMSFlowAnalysishtml