Method and apparatus for detecting memory access errors

US 5,590,329 A
Filed: 02/04/1994
Issued: 12/31/1996
Est. Priority Date: 02/04/1994
Status: Expired due to Term

First Claim

Patent Images

1. A method of generating executable code for a program from source code for the program, the executable code including pointer checking code which checks memory references made by dereferencing pointers, the method comprising the steps of:

performing an analysis based on the source code to identify certain memory references which are made by dereferencing pointers and which need not be checked; and

responding to the analysis by generating the executable code without pointer checking code that checks the certain memory references.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed is a software generation system (SGS) based memory error detection system which may be utilized to detect various memory access errors, such as array dimension violations, dereferencing of invalid pointers, accessing freed memory, reading uninitialized memory, and automated detection of memory leaks. Error checking commands and additional information are inserted into a parse tree associated with a source code file being tested at read-time which serve to initiate and facilitate run-time error detection processes. Wrapper functions may be provided for initiating error checking processes for associated library functions. A pointer check table maintains pointer information, including valid range information, for each pointer that is utilized to monitor the use and modification of the respective pointers. A memory allocation structure records allocation information, including a chain list of all pointers that point to the memory region and an initialization status for each byte in the memory region, for each region of memory. The chain list is utilized to monitor the deallocation of the associated memory region, as well as to detect when there is a memory leak. The initialization status is used to ensure that a region of uninitialized memory is not accessed. A data flow analysis algorithm minimizes the number of pointer checks that have to be performed and allows certain read-time errors to be detected.

183 Citations

12 Claims

1. A method of generating executable code for a program from source code for the program, the executable code including pointer checking code which checks memory references made by dereferencing pointers, the method comprising the steps of:
- performing an analysis based on the source code to identify certain memory references which are made by dereferencing pointers and which need not be checked; and
  
  responding to the analysis by generating the executable code without pointer checking code that checks the certain memory references.
- View Dependent Claims (2, 3)
- - 2. The method of claim 1, wherein the step of performing comprises the step of eliminating overlapping pointer checks.
  - 3. The method of claim 2, wherein each of the dereferencing pointers is associated with one of a plurality of flow sets, wherein the step of responding comprises the step of establishing a single pointer check for each flow set having one or more pointer dereferences.

4. A method of generating executable code for a program from source code for the program, the executable code including pointer checking code which checks memory references made by dereferencing pointers, the method comprising the steps of:
- performing an analysis based on the source code to identify certain memory references which are made by dereferencing pointers and which need not be checked; and
  
  responding to the analysis by generating the executable code without pointer checking code that checks the certain memory references, wherein the program is executed by a software generation system, and wherein the program comprises one or more library functions, said software generation system maintaining pointer information on each of said dereferencing pointers, the method further comprising the steps of;
  
  establishing a flow set for each of said dereferencing pointers; and
  
  performing an analysis routine on each line of the source code, said analysis routine comprising the steps of;
  
  (i) establishing a new flow set each time said software generation system detects an assignment of a new value to one of the dereferencing pointers in said line of the source code; and
  
  (ii) marking the current flow set associated with a dereferenced pointer with an indication that said dereferenced pointer has been dereferenced in said line of the source code; and
  
  performing a single pointer check for each of said flow sets having one or more pointer dereferences, said pointer check having an expanded offset for each of said identified flow sets having a plurality of pointer dereferences.
- View Dependent Claims (5, 6, 7, 8, 9, 10)
- - 5. The method of claim 4, further including the step of evaluating the flow sets at read-time following completion of said analysis to detect the dereferencing of an unitialized dereferencing pointer by determining if a flow set indicates that a dereferencing pointer has been dereferenced before it has been assigned a legal value.
  - 6. The method of claim 4, wherein the analysis routine further includes the step of marking each current flow set with an indication that said line of the source code includes a call to one of said library functions.
  - 7. The method of claim 6, further including the steps of:
    - evaluating said flow sets at read-time following completion of said analysis routine; and
      
      initiating a compiled code flow analysis routine at run-time if a flow set associated with a dereferencing pointer includes the calling of one of said library functions among a plurality of pointer dereferences and if said library function can access said pointer associated with said flow set, said compiled code flow analysis routine comprising the steps of;
      
      performing a test following execution of said library function at run-time to determine if a pointer value associated with said flow set has been modified by said library function; and
      
      performing an additional pointer check for those pointer dereferences that are in said flow set following said call to said library function only if said pointer value associated with said dereferenced pointer has been modified by said library function.
  - 8. The method of claim 6, wherein said library function includes one or more dereferencing pointers, said software generation system maintaining pointer information on each of said pointers, said pointer information including the valid memory range of said associated pointer, said method further comprising the steps of:
    - executing said library function; and
      
      detecting the dereferencing of an invalid pointer by said library function, wherein the step of detecting comprises the steps of;
      
      (a) associating a wrapper function with said library function, said wrapper function retrieving said pointer information associated with each of said pointers that are dereferenced by said library function and determining if said memory space pointed to by the actual contents of each of said dereferenced pointers is within said valid memory range retrieved from said associated pointer information; and
      
      (b) executing said wrapper function prior to executing said associated library function.
  - 9. The method of claim 6, wherein said library function includes one or more dereferencing pointers, said software generation system maintaining pointer information on each of said pointers, said method comprising the steps of:
    - executing said library function; and
      
      updating pointer information associated with a pointer that is created during said step of executing, wherein the step of updating comprises the steps of;
      
      (a) associating a wrapper function with said library function, said wrapper function storing said pointer information associated with said pointer created by said library function; and
      
      (b) executing said wrapper function following execution of said associated library function.
  - 10. The method of claim 6 further comprising the steps of:
    - executing said library function;
      
      returning a pointer value from said library function to said source code;
      
      assigning said pointer value to one of the dereferencing pointers; and
      
      updating pointer information associated with said pointer value, wherein the step of updating comprises the steps of;
      
      (i) associating a wrapper function with said library function, said wrapper function storing said pointer information associated with said returned pointer value in a memory location;
      
      (ii) executing said wrapper function following execution of said associated library function; and
      
      (iii) retrieving said pointer information from said memory location for placement in a pointer check table upon said assignment of said returned pointer value to said dereferencing pointer.

11. A method of generating executable code for a program from source code for the program, the executable code including pointer checking code which checks memory references made by dereferencing pointers, each of which is associated with one of a plurality of flow sets, the method comprising the steps of:
- performing an analysis based on the source code to identify certain memory references which are made by dereferencing pointers and which need not be checked, wherein the step of performing comprises the step of eliminating overlapping pointer checks; and
  
  responding to the analysis by generating the executable code without pointer checking code that checks the certain memory references, wherein the step of responding comprises the step of establishing a single pointer check for each flow set having one or more pointer dereferences and wherein the step of establishing a single pointer check comprises the step of establishing, for each of the flow sets having a plurality of pointer dereferences, a pointer check having an expanded offset.

12. A method of generating executable code for a program from source code for the program, the executable code including pointer checking code which checks memory references made by dereferencing pointers, the method comprising the steps of:
- performing an analysis based on the source code to identify certain memory references which are made by dereferencing pointers and which need not be checked; and
  
  responding to the analysis by generating the executable code without pointer checking code that checks the certain memory references, wherein the program comprises a complex expression and is executed by a software generation system, said complex expression containing a plurality of instruction streams, each of said instruction streams having a pointer expression, said software generation system maintaining pointer information on each of said dereferencing pointers, said method further comprising the steps of;
  
  allocating a memory location for temporary storage of pointer information;
  
  placing a command in each of said instruction streams, only one of said instruction streams being executed by said software generation system at run-time, said command causing said software generation system to retrieve the pointer information associated with the pointer expression in said executed instruction stream and to place said retrieved pointer information in said temporary memory location; and
  
  retrieving said pointer information from said temporary memory location upon said pointer'"'"'s dereferencing of said complex expression at run-time.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Lucent Technologies, Inc. (Nokia Corporation)
Original Assignee
Lucent Technologies, Inc. (Nokia Corporation)
Inventors
Goodnow, James E. II, Kowalski, Thaddeus J., Rowland, James R.
Primary Examiner(s)
Kriess, Kevin A.
Assistant Examiner(s)
CHAVIS, JOHN Q

Application Number

US08/192,239
Time in Patent Office

1,061 Days
Field of Search

395/650, 395/700, 395/575
US Class Current

717/144
CPC Class Codes

G06F 11/3624 by performing operations on...

Method and apparatus for detecting memory access errors

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

183 Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for detecting memory access errors

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

183 Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links