[comp.lang.c] C run-time checking

hartley@uvm-gen.UUCP (Stephen J. Hartley) (03/11/88)

  I scan this news group every day but don't remember ever seeing a
discussion about this.  Are there C compilers provided by any
vendors that generate code to perform run-time checking (toggled
by an option on the command line, say)?  I have in mind run-time
checking of the type provided by Pascal compilers, such as checking
an array subscript against the array bounds, checking a pointer for
reasonable values before dereferencing it.
-- 
	Department of Computer Science and Elec. Eng.	Stephen J. Hartley
USENET:	{decvax,ihnp4,linus}!dartvax!uvm-gen!hartley	University of Vermont
CSNET:	hartley@uvm.EDU					(802) 656-3330, 862-5323

chris@mimsy.UUCP (Chris Torek) (03/15/88)

In article <763@uvm-gen.UUCP> hartley@uvm-gen.UUCP (Stephen J. Hartley) writes:
>... Are there C compilers provided by any vendors that generate code
>to perform run-time checking ... such as checking an array subscript
>against the array bounds, checking a pointer for reasonable values
>before dereferencing it.

I have heard of two such compilers; one is called Safe-C and I cannot
recall the name of the other.  For some reason this is tied in with
a memory of a C interpreter that can dynamically either interpret or
compile code: a handy thing to have if you ever write buggy code :-) .

In general, pointer and array checking in C is difficult but not
impossible.  Every pointer must carry around three values (min, max,
and current), and some operations must be allowed while others must
be prevented.  E.g., the dpANS says that

	int foo[MAX], *p;
	for (p = &foo[0]; p < &foo[MAX]; p++)

is legal; hence, computing the address of foo[MAX] must be allowed,
while actually indirecting through *(foo+MAX) must not.  At least
one of those runtime-checking systems forced one to write

	for (p = &foo[0]; p <= &foo[MAX - 1]; p++)
-- 
In-Real-Life: Chris Torek, Univ of MD Comp Sci Dept (+1 301 454 7163)
Domain:	chris@mimsy.umd.edu	Path:	uunet!mimsy!chris

mlandau@bbn.com (Matt Landau) (03/16/88)

In comp.lang.c (<10651@mimsy.UUCP>), chris@mimsy.UUCP (Chris Torek) writes:
>I have heard of two such compilers; one is called Safe-C and I cannot
>recall the name of the other.  For some reason this is tied in with
>a memory of a C interpreter that can dynamically either interpret or
>compile code: a handy thing to have if you ever write buggy code :-) .

That would be Saber-C, from Saber Software in Cambridge MA.  I've been
using Saber for a while now, and it's a really slick piece of work, not
to mention *very* useful for tracking down a fairly obscure class of
bugs (trashing random memory due to wild pointers).

I've found it reasonably fast and fairly convenient to use (and getting
better with each release).  It's been absolutely wonderful to be able to
test and debug new code in an interpretive environment, without having
to write test drivers, recompile constantly, etc.

Equally important, the folks at Saber seem really concerned with learning 
what we still perceive as problems in the system and fixing them.

DISCLAIMER: These are my opinions, not those of BBN or any of its 
	    subsidiaries.  I have no professional association with
	    Saber other than as a reasonably happy user who once in
	    a while gets to beta test new versions.
--
 Matt Landau			Waiting for a flash of enlightenment
 mlandau@bbn.com			  in all this blood and thunder

pardo@june.cs.washington.edu (David Keppel) (03/16/88)

In article <763@uvm-gen.UUCP> hartley@uvm-gen (Stephen J. Hartley) writes:
>
>  I scan this news group every day but don't remember ever seeing a
>discussion about this.  Are there C compilers provided by any
>vendors that generate code to perform run-time checking (toggled
>by an option on the command line, say)?  I have in mind run-time
>checking of the type provided by Pascal compilers, such as checking
>an array subscript against the array bounds, checking a pointer for
>reasonable values before dereferencing it.

I think that this is very difficult to do in C.  Consider a generic
"pointer to char" type that can point into any-ol'-char array.
What's "reasonable"?

There is an alternative, namely to pass the "reasonable" limits to
the pointer when it is assigned, but then this requires the char*
to be structure:

    struct char* {
	val : real char*
	lo : real char*
	hi : real char*
    }

and then what do things like:

    foo = (char *)33;
    foo = NULL;

mean?  We can special case them, but now life has gotten a lot more
complicated.  I won't go into detail, but things do get wierder.

	;-D on  (Dereferencing an idea)  Pardo

bright@Data-IO.COM (Walter Bright) (03/17/88)

In article <763@uvm-gen.UUCP> hartley@uvm-gen.UUCP (Stephen J. Hartley) writes:
>Are there C compilers provided by any
>vendors that generate code to perform run-time checking (toggled
>by an option on the command line, say)?

All 8086 compilers have a compile-time option to insert code that checks
for stack overflow. The lack of CPU hardware to check for this is a MAJOR
BOTCH! A lot of effort is expended in this direction, and even then it
is not 100% reliable (what if an interrupt occurs...).

My run-time libraries not only check if the stack pointer is past the end
of the stack, but also a 'sentinal' is checked. The sentinal is a word
of a known value that is inserted at the end of the stack. If the stack
overflows, probabilities are that this word will get trashed. Thus you
can check to see if the stack overflowed sometime in the past.

johnson@c10sd1.StPaul.NCR.COM (Wayne D. T. Johnson) (03/23/88)

In article <763@uvm-gen.UUCP> hartley@uvm-gen.UUCP (Stephen J. Hartley) writes:
>
>Are there C compilers provided by any
>vendors that generate code to perform run-time checking (toggled
>by an option on the command line, say)?  

There is no compiler that I know of (but maybe there should be a run time 
support library that could do some of it.)

This is a product known as C-TERP.  It is a "C" interpreter.  It executes 
"C" source code in a real-time environment (simuler to a BASIC interpreter)
and in the process does some testing of arguments.  It will even allow
you to "link" in your faviourate (my spelling is terable ain't it) object
code to be executed.  

This is a PC based product but I think a UNIX version is soon (it not
already) to be announced.

C-Terp is marketed by:
    Gimpel Software
    3207 Hogarth Lane
    Collegeville, PA. 19426
    (215) 584-4261

DIsclaimer: I am in no way related to this company nor am I receiving
            any payment for this statment.  This is a referral, not a 
            commercial.

-- 
Wayne Johnson                 (voice) 612-638-7665
NCR Comten, Inc.           (internet) johnson@ncrcce.StPaul.NCR.COM or
Roseville MN 55113                    johnson@c10sd1.StPaul.NCR.COM
The comments stated here do not reflect the policy of NCR Comten.