Chapter 5 CCured Type Inference
If you do not pass pass the –nocure argument to ccured, CCured
will automatically infer pointer kinds (see Section 3.1) for the
pointer types in your program. In a nutshell, this is done by creating a graph
with one node for every pointer type in the program. If the program contains a
cast or assignment from one type to another, the graph contains an edge
between the corresponding nodes.
Once the graph has been created, the inferencer will examine every node and
edge in the graph. If the edge represents a cast that is not captured by
our notion of physical subtyping (i.e., a cast that we cannot statically
verify to be valid) we mark the involved nodes (and thus the pointers in
the program they are associated with) as WILD. Since WILDpointers may
only point to other WILDareas, any node connected to a WILDnode must
also be WILD.
The inferencer then checks the remaining nodes to see if the types they
represent are involved in pointer arithmetic. A node that is only
incremented can be made FSEQwhile a node that is subject to general
arithmetic must be SEQ. All remaining nodes (i.e., those that adhere to
our notion of physical subtyping and have no other constraints) become SAFE.
The actual inferencer includes support for a number of specialty pointer
types, like the run-time type information pointer (RTTI), but the basic idea
remains as described above. The end result of the inferencer is the graph,
which serves as a mapping from types in the program to pointer kinds. The
module that inserts run-time checks into the program uses this information to
determine which checks to put where.
In the process of adding run-time checks to make the program type- and
memory-safe, CCured introduces new types, changes old types and changes
function prototypes. In each of these cases a new name is introduced to
eliminate confusion and to prevent the resulting program from linking
improperly.
5.1 Using the pointer browser
To inspect the results of the inference you should use the pointer browser.
Every time you run CCured it will produce a directory called foo.browser
(where foo is the name of the executable you are creating).
Alternatively, you can use the –browserdir option to CCured to specify in
which directory it should place the browser.
That
directory contains HTML files and Javascript programs that you can use to find
the reasoning that CCured has used during pointer kind inference. To start the
browser, point your web browser (Mozilla or IE; Netscape was broken beyond
belief when we checked last in September 2002) to the file
foo.browser/index.html and get going.
The browser will show you the preprocessed and merged file with annotations
about the pointer kinds. The file that you will see also has the result
of processing the polymorphism directives (see Section 7.1) and the wrappers
(see Chapter 8).
The documentation for the pointer browser is at browser_help.html.
There is an alternative lower-level way to inspect the result of the
inference, which is described in Appendix A.