Debugging via Run-Time Type Checking

  • Alexey Loginov
  • Suan Hsi Yong
  • Susan Horwitz
  • Thomas Reps
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2029)


This paper describes the design and implementation of a tool for C programs that provides run-time checks based on type information. The tool instruments a program to monitor the type stored in each memory location. Whenever a value is written into a location, the location’s run-time type tag is updated to match the type of the value. Also, the location’s static type is compared with the value’s type; if there is a mismatch, a warning message is issued. Whenever the value in a location is used, its run-time type tag is checked, and if the type is inappropriate in the context in which the value is being used, an error message is issued. The tool has been used to pinpoint the cause of bugs in several Solaris utilities and Olden benchmarks, usually providing information that is succinct and precise.


Error Message Struct Node Warning Message Type Check Array Access 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    R. Hasting and B. Joyce. Purify: Fast detection of memory leaks and access errors. In Proceedings of the Winter Usenix Conference, 1992.Google Scholar
  2. 2.
    T. Austin, S. Breach, and G. Sohi. Efficient detection of all pointer and array access errors. In ACM SIGPLAN’ 94 Conference on Programming Language Design and Implementation, 1994.Google Scholar
  3. 3.
    H. Patil and C. Fischer. Low-cost, concurrent checking of pointer and array accesses in C programs. Software-Practice and Experience, 27(27):87–110, 1997.CrossRefGoogle Scholar
  4. 4.
    M. Siff, S. Chandra, T. Ball, K. Kunchithapadam, and T. Reps. Coping with type casts in C. In Proc. of ESEC/FSE’ 99: Seventh European Softw. Eng. Conf. and Seventh ACM SIGSOFT Symp. on the Found. of Softw. Eng., pages 180–198, September 1999.Google Scholar
  5. 6.
    R. Stallman and R. Pesch. Using GDB: A Guide to the GNU Source-Level Debugger. July 1991.Google Scholar
  6. 7.
    B. Miller, D. Koski, C.P. Lee, V. Maganty, R. Murthy, A. Natarajan, and J. Steidl. Fuzz revisited: A re-examination of the reliability of UNIX utilities and services. Technical report, University of Wisconsin-Madison, 1995.Google Scholar
  7. 8.
    M. Fagan. Soft typing: An approach to type checking for dynamically typed languages. Technical Report TR 92-184, Department of Comp. Sci., Rice Univ., Houston, TX, USA, March 1998.Google Scholar
  8. 9.
    A. Wright. Practical soft typing. Technical Report TR 94-236, Department of Comp. Sci., Rice Univ., Houston, TX, USA, April 1998.Google Scholar
  9. 12.
    P. Cousot and N. Halbwachs. Automatic discovery of linear restraints among variables of a program. In Conf. Rec. of the Fifth annual ACM Symp. on Princ. of Prog. Lang., pages 84–96. ACM, January 1978.Google Scholar
  10. 13.
    C. Verbrugge, P. Co, and L.J. Hendren. Generalized constant propagation: A study in C. In 6th Int. Conf. on Compiler Construction, volume 1060 of Lec. Notes in Comp. Sci., pages 74–90. Springer, April 1996.Google Scholar
  11. 14.
    R. Rugina and M. Rinard. Symbolic bounds analysis of pointers, array indices, and accessed memory regions. In SIGPLAN Conf. on Prog. Lang. Design and Impl., pages 182–195, New York, NY, 2000. ACM Press.Google Scholar
  12. 15.
    R. Bodik, R. Gupta, and V. Sarkar. ABCD: Eliminating array bounds checks on demand. In SIGPLAN Conf. on Prog. Lang. Design and Impl., pages 321–333, New York, NY, 2000. ACM Press.Google Scholar
  13. 16.
    D. Wagner, J.S. Foster, E.A. Brewer, and A. Aiken. A first step towards automated detection of buffer overrun vulnerabilities. In Symposium on Network and Distributed Systems Security (NDSS’ 00), pages 3–17, San Diego, CA, February 2000.Google Scholar
  14. 17.
    B. Steensgaard. Points-to analysis by type inference of programs with structures and unions. In 6th Int. Conf. on Compiler Construction, volume 1060 of Lec. Notes in Comp. Sci., pages 136–150. Springer, April 1996.Google Scholar
  15. 18.
    S. Yong, S. Horwitz, and T. Reps. Pointer analysis for programs with structures and casting. In ACM SIGPLAN’ 99 Conference on Programming Language Design and Implementation, pages 91–103, May 1999.Google Scholar
  16. 19.
    S. Chandra and T. Reps. Physical type checking for C. In Proc. of PASTE’ 99: SIGPLAN-SIGSOFT Workshop on Program Analysis for Softw. Tools and Eng., pages 66–75, New York, NY, 1999. ACM.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2001

Authors and Affiliations

  • Alexey Loginov
    • 1
  • Suan Hsi Yong
    • 1
  • Susan Horwitz
    • 1
  • Thomas Reps
    • 1
  1. 1.Computer Sciences DepartmentUniversity of Wisconsin-MadisonMadisonUSA

Personalised recommendations