function-typed variables, virtual functions, and 7/7 call-backs. 8/8 Maintain shadow bitmap: Maintain a map indicating which storage regions are valid. Update it when stack allocations, malloc and free occur. Augment each memory access instruction with code to check whether the address is valid [Hastings and Joyce, 1992]. Advantages: Fairly ecient Doesn't require access to source code, so can (must) be applied to all constituents of application False negatives - fails to ag accesses to a valid region using an 9/9 improperly-derived pointer 10/10 Summarise requirements: Track intended referent for each pointer It is not good enough just to check that accesses are to valid locations No change to pointer representation In order to inter-operate with unchecked code without restriction, no information can be bundled with the pointer. 11/11 How to do it . . . 3: the central idea Invariant: Assume all stored pointers are properly-derived pointers to their intended referent Im

Abstract- Embedded assertions have been recognized as a potentially powerful tool for automatic runtime detection of software faults during debugging, testing, maintenance and even production versions of software systems. Yet despite the richness of the notations and the maturity of the techniques and tools that have been developed for programming with assertions, assertions are a development tool that has seen little widespread use in practice. The main reasons seem to be that (1) previous assertion processing tools did not integrate easily with existing program-ming environments, and (2) it is not well understood what kinds of assertions are most effective at detecting software faults. This paper describes experience using an assertion processing tool that was built to address the concerns of ease-of-use and effective-ness. The tool is called APP, an Annotation PreProcessor for C programs developed in UNIX-based development environments. APP has been used in the development of a variety of software systems over the past five years. Based on this experience, the paper presents a classification of the assertions that were most effective at detecting faults. While the assertions that are described guard against many common kinds of faults and errors, the very commonness of such faults demonstrates the need for an explicit, high-level, automatically checkable specification of required behavior. It is hoped that the classification presented in this paper will prove to be a useful first step in developing a method of programming with assertions. Index Terms-Anna, APP, assertions, C, consistency checking, formal specifications, formal methods, programming environ-

Program slicing is a technique for automatically identifying all the lines in a program which affect a selected subset of variables. A large program can be divided into a number of smaller programs (its slices), each constructed for different variable subsets. The slices are typically simpler than the original program, thereby simplifying the process of testing a property of the program which only concerns a subset of its variables. Some aspects of a program's computation are not captured by a set of variables, rendering slicing inapplicable. To overcome this difficulty we make a program introspective, adding assignments to denote these `implicit' computations. Initially this makes the program longer. However, slicing can now be applied to the introspective program, forming a slice concerned solely with the implicit computation. We improve the simplification power of slicing using program transformation. To illustrate our approach we consider the implicit computation which ...

This paper describes the first fully automated conditioned slicing system, C##SIT, detailing the theory that underlies it, its architecture and the way it combines symbolic execution, theorem proving and slicing technologies. The use of C##SIT is illustrated with respect to the applications of testing and comprehension. ### #####: Conditioned Slicing, program conditioning, slicing, symbolic execution, path analysis

. We present an approach for automatically generating relevant, focused questions to be asked during code inspection sessions. The method is based on Hoare-logic. The novel key idea is the introduction of informal predicates, which, though not having a formal definition, may have a perfectly legal and unique informal interpretation. Such predicates make it easier to express requirements in terms of assertions, while still allowing for the automatic derivation of verification conditions. Moreover, informal predicates enable reasoning about assertions and verifying verification conditions at a level which is suitable for man rather than machine. 1 Introduction In November 1995 the project "Automation Verification in Software Development " was commenced. The project is one of several projects within the competence center ISIS (Information Systems for Industrial Control and Supervision), and is carried out in cooperation between ABB Industrial Systems and the RealTime Systems Laboratory a...

This paper presents a new approach to enforcing array bounds and pointer checking in the C language. Checking is rigorous in the sense that the result of pointer arithmetic must refer to the same object as the original pointer (this object is sometimes called the 'intended referent'). The novel aspect of this work is that checked code can inter-operate without restriction with unchecked code, without interface problems, with some effective checking, and without false alarms. This "backwards compatibility" property allows the overheads of checking to be confined to suspect modules, and also facilitates the use of libraries for which source code is not available. The paper describes the scheme, its prototype implementation (as an extension to the GNU C compiler), presents experimental results to evaluate its effectiveness, and discusses performance issues and the effectiveness of some simple optimisations. 1 Introduction and related work C is unusual among programming languages in pro...