• Existing solutions
• Run time errors
• Future Work
Difference between project success & failure.
• If there's going to be a program, there has to be
• Code is often the only accurate description of the
• Code must follow coding standards and code
Source code Conventions
• 80% of the lifetime cost of a piece of software goes to
• Hardly any software is maintained for its whole life by
the original author.
• Code conventions improve the readability of the
• Source code like any other product should be well
Code optimization based analysis
• Code Verification and Run-Time Error prediction at
compile time using syntax directed translation.
• Predict run time errors without program execution or
• Uses Intermediate Code
Possible Run time Errors
1) Detecting uninitialized Variables
Using variables before they have been initialized by the
program can cause unpredictable results
2) Detecting Overflows, Underflows, and Divide by Zeros
Identifying all possible causes for error on the
o X and Y may not be initialized
X-Y may overflow or underflow
- X and Y may be equal and cause a division by
e X/(X–Y) may overflow or underflow
All possible values of x & y in
If the value of x & y both fall on the black line, there is a
divide by zero error.
3) Detecting incorrect argument data types and incorrect
number of arguments
• Checking of arguments for type and for the correct order of
• Requires both the calling program and the called program
to be compiled with a special compiler option.
• Checks can be made to determine if the number and types
of arguments in function (and subroutine) calls are consistent
with the actual function definitions.
4) Detecting errors with strings at run-time
• A string must have a null terminator at the end of the
meaningful data in the string. A common mistake is to not
allocate room for this extra character.
This can also be a problem with dynamic allocation.
char * copy_str = malloc( strlen(orig_str) + 1);
• The strlen() function returns a count of the data characters
which does not include the null terminator.
• In the case of dynamic allocation, it might corrupt the heap
a. Detecting Out-of-bounds indexing of statically and
dynamically allocated arrays
A common run-time error is the reading and writing of arrays
outside of their declared bounds.
b. Detecting Out-of-Bounds Pointer References
A common run-time error for C and C++ programs occurs
when a pointer points to memory outside its associated
Pseudo code for out of bound
/* out-of-bounds reading using pointers */
5) Detecting Memory Allocation and Deallocation Errors
• A memory deallocation error occurs when a portion of
memory is deallocated more than once.
• Another common source of errors in C and C++ programs is
an attempt to use a dangling pointer. A dangling pointer is a
pointer to storage that is no longer allocated.
6) Detecting Memory Leaks
• A program has a memory leak if during execution the
program loses its ability to address a portion of memory
because of a programming error;
• A pointer points to a location in memory and then all the
pointers pointing to this location are set to point somewhere
• A function/subroutine is called, memory is allocated during
execution of the function/subroutine, and then the memory
is not deallocated upon exit and all pointers to this memory
Source code analyzer predicates
Reliable: Proven free of run-
time errors and under all
operating conditions within
Faulty: Proven faulty each
time the operation is
Dead: Proven unreachable
(may indicate a functional
Unproven: Unproven code
section or beyond the scope of
•Why Java for developing
• Evaluation of intermediate code for performing data
flow and control flow analysis.
• Prediction of run time errors using intermediate code.
• Using code optimization techniques such as constant
folding to predict code behavior
• A V. Aho, R Sethi, J D. Ullman., Compilers: Principles, Techniques and
Tools, 2nd ed. , Addison-Wesley Pub. Co.
• G R. Luecke, J Coyle, J Hoekstra “A Survey of Systems for Detecting
Serial Run-Time Errors”, The Iowa State University's High Performance
Computing Group, Concurrency and Computation. : Practice and
Experience. 18, 15(Dec. 2006), 1885-1907.
• T Erkkinen, C Hote “Code Verification and Run-Time Error Detection
Through Abstract Interpretation”, AIAA Modeling and Simulation
Technologies Conference and Exhibit ,21 - 24 Aug 2006, Keystone,
• PolySpace Client for C/C++ 6 datasheet. Available HTTP:
• D.M. Dhamdhere, Compiler Construction, Tata McGraw-Hill.
• Semantic designs, “Flow analysis for control and data”, Available