Previous Up Next

Chapter 5  CCured Type Inference

If you do not pass pass the –nocure argument to ccured, CCured will automatically infer pointer kinds (see Section 3.1) for the pointer types in your program. In a nutshell, this is done by creating a graph with one node for every pointer type in the program. If the program contains a cast or assignment from one type to another, the graph contains an edge between the corresponding nodes.

Once the graph has been created, the inferencer will examine every node and edge in the graph. If the edge represents a cast that is not captured by our notion of physical subtyping (i.e., a cast that we cannot statically verify to be valid) we mark the involved nodes (and thus the pointers in the program they are associated with) as WILD. Since WILDpointers may only point to other WILDareas, any node connected to a WILDnode must also be WILD.

The inferencer then checks the remaining nodes to see if the types they represent are involved in pointer arithmetic. A node that is only incremented can be made FSEQwhile a node that is subject to general arithmetic must be SEQ. All remaining nodes (i.e., those that adhere to our notion of physical subtyping and have no other constraints) become SAFE.

The actual inferencer includes support for a number of specialty pointer types, like the run-time type information pointer (RTTI), but the basic idea remains as described above. The end result of the inferencer is the graph, which serves as a mapping from types in the program to pointer kinds. The module that inserts run-time checks into the program uses this information to determine which checks to put where.

In the process of adding run-time checks to make the program type- and memory-safe, CCured introduces new types, changes old types and changes function prototypes. In each of these cases a new name is introduced to eliminate confusion and to prevent the resulting program from linking improperly.

5.1  Using the pointer browser

To inspect the results of the inference you should use the pointer browser. Every time you run CCured it will produce a directory called foo.browser (where foo is the name of the executable you are creating). Alternatively, you can use the –browserdir option to CCured to specify in which directory it should place the browser. That directory contains HTML files and Javascript programs that you can use to find the reasoning that CCured has used during pointer kind inference. To start the browser, point your web browser (Mozilla or IE; Netscape was broken beyond belief when we checked last in September 2002) to the file foo.browser/index.html and get going.

The browser will show you the preprocessed and merged file with annotations about the pointer kinds. The file that you will see also has the result of processing the polymorphism directives (see Section 7.1) and the wrappers (see Chapter 8).

The documentation for the pointer browser is at browser_help.html.

There is an alternative lower-level way to inspect the result of the inference, which is described in Appendix A.


Previous Up Next