Article

Dynamic heap type inference for program understanding and debugging

Authors:

Marina Polishchuk,

Chloë W. SchulzeAuthors Info & Claims

POPL '07: Proceedings of the 34th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages

Pages 39 - 46

https://doi.org/10.1145/1190216.1190225

Published: 17 January 2007 Publication History

Abstract

C programs can be difficult to debug due to lax type enforcement and low-level access to memory. We present a dynamic analysis for C that checks heap snapshots for consistency with program types. Our approach builds on ideas from physical subtyping and conservative garbage collection. We infer a program-defined type for each allocated storage location or identify "untypable" blocks that reveal heap corruption or type safety violations. The analysis exploits symbolic debug information if present, but requires no annotation or recompilation beyond a list of defined program types and allocated heap blocks. We have integrated our analysis into the GNU Debugger (gdb), and describe our initial experience using this tool with several small to medium-sized programs.

References

[1]

L. O. Andersen. Program Analysis and Specialization for the C Programming Language. PhD thesis, DIKU, University of Copenhagen, May 1994.

[2]

T. M. Austin, S. E. Breach, and G. S. Sohi. Efficient detection of all pointer and array access errors. In PLDI '94: Proceedings of the ACM SIGPLAN 1994 conference on Programming language design and implementation, pages 290--301, New York, NY, USA, 1994. ACM Press.

Digital Library

[3]

H.-J. Boehm and M. Weiser. Garbage collection in an uncooperative environment. Software: Practice & Experience, 18(9):807--820, 1988.

Digital Library

[4]

L. Cardelli. Structural subtyping and the notion of power type. In POPL '88: Proceedings of the 15th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pages 70--79, New York, NY, USA, 1988. ACM Press.

Digital Library

[5]

S. Chandra and T. W. Reps. Physical type checking for C. In Workshop on Program Analysis For Software Tools and Engineering, pages 66--75, 1999.

Digital Library

[6]

B. Demsky, M. D. Ernst, P. J. Guo, S. McCamant, J. H. Perkins, and M. Rinard. Inference and enforcement of data structure consistency specifications. In ISSTA 2006, Proceedings of the 2006 International Symposium on Software Testing and Analysis, Portland, ME, USA, July 18--20 2006.

Digital Library

[7]

D. Evans. Static detection of dynamic memory errors. In PLDI '96: Proceedings of the ACM SIGPLAN 1996 conference on Programming language design and implementation, pages 44--53, New York, NY, USA, 1996. ACM Press.

Digital Library

[8]

EXIF tag parsing library. http://libexif.sf.net/.

[9]

Free Software Foundation, Inc., Boston, MA, USA. The GNU C Library, 0.10 edition, July 6 2001.

[10]

J. Gilmore and S. Shebs. GDB Internals, Feb. 2004.

[11]

R. Hastings and B. Joyce. Purify: Fast detection of memory leaks and access errors. In Proceedings of the USENIX Winter Conference, pages 125--138, San Francisco, CA, USA, 1992. USENIX Association.

[12]

M. Hutchins, H. Foster, T. Goradia, and T. Ostrand. Experiments on the effectiveness of dataflow- and control-flow-based test adequacy criteria. In Proceedings of the 16th International Conference on Software Engineering, pages 191--200. IEEE Computer Society Press, May 1994.

Digital Library

[13]

International Organization for Standardization. ISOslash IEC 9899:1999: Programming Languages --- C. International Organization for Standardization, Geneva, Switzerland, Dec. 1999.

[14]

T. Jim, J. G. Morrisett, D. Grossman, M. W. Hicks, J. Cheney, and Y. Wang. Cyclone: A safe dialect of C. In Proceedings of the General Track: 2002 USENIX Annual Technical Conference, pages 275--288, Berkeley, CA, USA, 2002. USENIX Association.

Digital Library

[15]

R. W. M. Jones and P. H. J. Kelly. Backwards-compatible bounds checking for arrays and pointers in C programs. In AADEBUG, pages 13--26, 1997.

[16]

S. Kaufer, R. Lopez, and S. Pratap. Saber-C: An interpreter-based programming environment for the C language. In Proceedings of the USENIX Summer Conference, pages 161--171, San Francisco, CA, USA, June 1988. USENIX Association.

[17]

A. Loginov, S. H. Yong, S. Horwitz, and T. W. Reps. Debugging via run-time type checking. In FASE '01: Proceedings of the 4th International Conference on Fundamental Approaches to Software Engineering, pages 217--232, London, UK, 2001. Springer-Verlag.

Digital Library

[18]

G. C. Necula, J. Condit, M. Harren, S. McPeak, and W. Weimer. CCured: Type-safe retrofitting of legacy software. ACM Transactions on Programming Languages and Systems, 27(3):477--526, 2005.

Digital Library

[19]

N. Nethercote and J. Seward. Valgrind: A program supervision framework. Electronic Notes in Theoretical Computer Science, 89(2), 2003.

[20]

M. Polishchuk, B. Liblit, and C. Schulze. WhatsAt: Dynamic heap type inference for program understanding and debugging. Technical Report 1583, University of Wisconsin--Madison, Oct. 2006.

[21]

M. Siff, S. Chandra, T. Ball, K. Kunchithapadam, and T. W. Reps. Coping with type casts in C. In O. Nierstrasz and M. Lemoine, editors, ESEC/SIGSOFT FSE, volume 1687 of Lecture Notes in Computer Science, pages 180--198. Springer, 1999.

Digital Library

[22]

G. Smith and D. Volpano. A sound polymorphic type system for a dialect of C. Science of Computer Programming, 32(1-3):49--72, 1998.

Digital Library

[23]

B. Steensgaard. Points-to analysis in almost linear time. In Symposium on Principles of Programming Languages, pages 32--41, 1996.

Digital Library

[24]

J. L. Steffen. Adding run-time checking to the portable C compiler. Software: Practice & Experience, 22(4):305--316, 1992.

Digital Library

[25]

T. Zimmermann and A. Zeller. Visualizing memory graphs. In Software Visualization, International Seminar Dagstuhl Castle, Germany, May 20--25, 2001, Revised Lectures, volume 2269 of Lecture Notes in Computer Science, pages 191--204. Springer, May 2001.

Digital Library

Cited By

Simonnet JLemerre MSighireanu M(2024)A Dependent Nominal Physical Type System for Static Analysis of Memory in Low Level CodeProceedings of the ACM on Programming Languages10.1145/36897128:OOPSLA2(30-59)Online publication date: 8-Oct-2024
https://dl.acm.org/doi/10.1145/3689712
Kell S(2016)Dynamically diagnosing type errors in unsafe codeACM SIGPLAN Notices10.1145/3022671.298399851:10(800-819)Online publication date: 19-Oct-2016
https://dl.acm.org/doi/10.1145/3022671.2983998
Kell SVisser ESmaragdakis Y(2016)Dynamically diagnosing type errors in unsafe codeProceedings of the 2016 ACM SIGPLAN International Conference on Object-Oriented Programming, Systems, Languages, and Applications10.1145/2983990.2983998(800-819)Online publication date: 19-Oct-2016
https://dl.acm.org/doi/10.1145/2983990.2983998
Show More Cited By

Recommendations

Dynamic heap type inference for program understanding and debugging
Proceedings of the 2007 POPL Conference

C programs can be difficult to debug due to lax type enforcement and low-level access to memory. We present a dynamic analysis for C that checks heap snapshots for consistency with program types. Our approach builds on ideas from physical subtyping and ...
Dynamic type inference for gradual Hindley–Milner typing

Garcia and Cimini study a type inference problem for the ITGL, an implicitly and gradually typed language with let-polymorphism, and develop a sound and complete inference algorithm for it. Soundness and completeness mean that, if the algorithm succeeds, ...
Interactive type debugging in Haskell
Haskell '03: Proceedings of the 2003 ACM SIGPLAN workshop on Haskell

In this paper we illustrate the facilities for type debugging of Haskell programs in the Chameleon programming environment. Chameleon provides an extension to Haskell supporting advanced and programmable type extensions. Chameleon maps the typing ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

POPL '07: Proceedings of the 34th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages

January 2007

400 pages

ISBN:1595935754

DOI:10.1145/1190216

General Chair:
Martin Hofmann
Ludwig-Maximilians U, Munich, Germany
,
Program Chair:
Matthias Felleisen
Northeastern University, Boston MA

ACM SIGPLAN Notices Volume 42, Issue 1
Proceedings of the 2007 POPL Conference
January 2007
379 pages
ISSN:0362-1340
EISSN:1558-1160
DOI:10.1145/1190215
Issue’s Table of Contents

Copyright © 2007 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 17 January 2007

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Conference

POPL07

Sponsor:

POPL07: The 34th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages

January 17 - 19, 2007

Nice, France

Acceptance Rates

POPL '07 Paper Acceptance Rate 36 of 198 submissions, 18%;

Overall Acceptance Rate 860 of 4,328 submissions, 20%

Upcoming Conference

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

16
Total Citations
View Citations
531
Total Downloads

Downloads (Last 12 months)8
Downloads (Last 6 weeks)0

Reflects downloads up to 07 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Simonnet JLemerre MSighireanu M(2024)A Dependent Nominal Physical Type System for Static Analysis of Memory in Low Level CodeProceedings of the ACM on Programming Languages10.1145/36897128:OOPSLA2(30-59)Online publication date: 8-Oct-2024
https://dl.acm.org/doi/10.1145/3689712
Kell S(2016)Dynamically diagnosing type errors in unsafe codeACM SIGPLAN Notices10.1145/3022671.298399851:10(800-819)Online publication date: 19-Oct-2016
https://dl.acm.org/doi/10.1145/3022671.2983998
Kell SVisser ESmaragdakis Y(2016)Dynamically diagnosing type errors in unsafe codeProceedings of the 2016 ACM SIGPLAN International Conference on Object-Oriented Programming, Systems, Languages, and Applications10.1145/2983990.2983998(800-819)Online publication date: 19-Oct-2016
https://dl.acm.org/doi/10.1145/2983990.2983998
Xu JMu DChen PXing XWang PLiu PWeippl EKatzenbeisser SKruegel CMyers AHalevi S(2016)CREDALProceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security10.1145/2976749.2978340(529-540)Online publication date: 24-Oct-2016
https://dl.acm.org/doi/10.1145/2976749.2978340
Ohmann PYoung MXie T(2015)Making your crashes work for you (doctoral symposium)Proceedings of the 2015 International Symposium on Software Testing and Analysis10.1145/2771783.2784772(428-431)Online publication date: 13-Jul-2015
https://dl.acm.org/doi/10.1145/2771783.2784772
Feldthaus AMøller A(2014)Checking correctness of TypeScript interfaces for JavaScript librariesACM SIGPLAN Notices10.1145/2714064.266021549:10(1-16)Online publication date: 15-Oct-2014
https://dl.acm.org/doi/10.1145/2714064.2660215
Feldthaus AMøller ABlack AMillstein T(2014)Checking correctness of TypeScript interfaces for JavaScript librariesProceedings of the 2014 ACM International Conference on Object Oriented Programming Systems Languages & Applications10.1145/2660193.2660215(1-16)Online publication date: 15-Oct-2014
https://dl.acm.org/doi/10.1145/2660193.2660215
Haller ISlowinska ABos H(2013)MemPick: High-level data structure detection in C/C++ binaries2013 20th Working Conference on Reverse Engineering (WCRE)10.1109/WCRE.2013.6671278(32-41)Online publication date: Oct-2013
https://doi.org/10.1109/WCRE.2013.6671278
Marron MSanchez CSu ZFahndrich M(2013)Abstracting Runtime Heaps for Program UnderstandingIEEE Transactions on Software Engineering10.1109/TSE.2012.6939:6(774-786)Online publication date: 1-Jun-2013
https://dl.acm.org/doi/10.1109/TSE.2012.69
Rhee JRiley RXu DJiang X(2010)Kernel malware analysis with un-tampered and temporal views of dynamic kernel memoryProceedings of the 13th international conference on Recent advances in intrusion detection10.5555/1894166.1894179(178-197)Online publication date: 15-Sep-2010
https://dl.acm.org/doi/10.5555/1894166.1894179
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten