Discussion:
Stony Brook Modula2 pointer question
(too old to reply)
a***@drrob1.com
2013-04-09 00:57:02 UTC
Permalink
I have a type defined to be a pointer to a record. I only want to
call NEW(pointertype) if this pointer has not been initialized. I
hoped I could test for 0BAADF00DH but that only seems to work if I set
the compiler directive from the environment for Debug -> Initialize
Data.

Is there a way I can do that within my code and not depending on me
remembering to set that option?

Thanks
Martin Brown
2013-04-09 06:25:00 UTC
Permalink
Post by a***@drrob1.com
I have a type defined to be a pointer to a record. I only want to
call NEW(pointertype) if this pointer has not been initialized. I
hoped I could test for 0BAADF00DH but that only seems to work if I set
the compiler directive from the environment for Debug -> Initialize
Data.
Is there a way I can do that within my code and not depending on me
remembering to set that option?
It is wise to leave all pointers explicitly set to NIL when they are not
meaningful. Otherwise you will eventually trample over memory. Then your
already in use test becomes if pointer isn't NIL and any attempt to
dereference it in error fails instantly there and then.

Wild or uninitialised pointers are a source of absolutely lethal runtime
errors if not treated with appropriate respect. Some compilers dataflow
static analysis will detect first use of variable before it has been
initialised or where some paths leave it uninitialised.

ISTR by default XDS compiles a hard trap for using an uninitialised
variable of any sort in the right hand side of an expression. You can
alter the default behaviour to give a compile time warning instead...

I have run some large codebases of "working" code through that compiler
and seen it find obscure faults in seldom travelled paths (usually but
not always the error handling for never previously encountered errors).
--
Regards,
Martin Brown
Marco van de Voort
2013-04-10 08:59:59 UTC
Permalink
Post by Martin Brown
Wild or uninitialised pointers are a source of absolutely lethal runtime
errors if not treated with appropriate respect. Some compilers dataflow
static analysis will detect first use of variable before it has been
initialised or where some paths leave it uninitialised.
ISTR by default XDS compiles a hard trap for using an uninitialised
variable of any sort in the right hand side of an expression. You can
alter the default behaviour to give a compile time warning instead...
I have run some large codebases of "working" code through that compiler
and seen it find obscure faults in seldom travelled paths (usually but
not always the error handling for never previously encountered errors).
Free Pascal has a "poison variables" option that initializes local variables
to random parameters. As a concept very powerful, specially in combination
with range checks (the randomized variables nearly immediately fail on
rangechecks when used as array index or if they are enumerations)

Of course it is a runtime solution though, so it suffers from the codepaths
never travelled problem.
Martin Brown
2013-04-10 18:27:32 UTC
Permalink
Post by Marco van de Voort
Post by Martin Brown
Wild or uninitialised pointers are a source of absolutely lethal runtime
errors if not treated with appropriate respect. Some compilers dataflow
static analysis will detect first use of variable before it has been
initialised or where some paths leave it uninitialised.
ISTR by default XDS compiles a hard trap for using an uninitialised
variable of any sort in the right hand side of an expression. You can
alter the default behaviour to give a compile time warning instead...
I have run some large codebases of "working" code through that compiler
and seen it find obscure faults in seldom travelled paths (usually but
not always the error handling for never previously encountered errors).
Free Pascal has a "poison variables" option that initializes local variables
to random parameters. As a concept very powerful, specially in combination
with range checks (the randomized variables nearly immediately fail on
rangechecks when used as array index or if they are enumerations)
I am quite hardline on this I favour executing code in an environment
where a memory fetch from a location that has not been declared as a
hardware input or previously written to should be an immediate trap.
Post by Marco van de Voort
Of course it is a runtime solution though, so it suffers from the codepaths
never travelled problem.
That is the huge advantage of static analysis.

The compiler has to do most of the work anyway so if in the process it
can spot any logically distinct path where a variable remains
uninitialised then it is far better to hard fail at that stage than to
leave a potential landmine waiting for someone to step on it.
--
Regards,
Martin Brown
Marco van de Voort
2013-04-10 18:47:19 UTC
Permalink
Post by Martin Brown
Post by Marco van de Voort
Post by Martin Brown
and seen it find obscure faults in seldom travelled paths (usually but
not always the error handling for never previously encountered errors).
Free Pascal has a "poison variables" option that initializes local variables
to random parameters. As a concept very powerful, specially in combination
with range checks (the randomized variables nearly immediately fail on
rangechecks when used as array index or if they are enumerations)
I am quite hardline on this I favour executing code in an environment
where a memory fetch from a location that has not been declared as a
hardware input or previously written to should be an immediate trap.
Interesting view of course. It's interesting how you implement it.

I know I nice test, allocate a 1GB array, and then access every other item
:-)
Post by Martin Brown
Post by Marco van de Voort
Of course it is a runtime solution though, so it suffers from the codepaths
never travelled problem.
That is the huge advantage of static analysis.
Yes. But poisoning locals is magnitudes more simple. Same for the other
Post by Martin Brown
The compiler has to do most of the work anyway so if in the process it
can spot any logically distinct path where a variable remains
This is still about Modula2 isn't it? The modular system might result in
the complete program never being in memory in a compiler controlled
representation. (only some modules and definitions of the other)

IOW, this is a feature (reducing the program) at the global level.

Static analysis is not perfect anyway, since the uncertainty of external
input propagates through the system, making more and more of the system
impossible to analyse.

It will thus only uncover a subset of problems.
Post by Martin Brown
uninitialised then it is far better to hard fail at that stage than to
leave a potential landmine waiting for someone to step on it.
Like always, the best is a combination of techniques, since all have
downsides.
Martin Brown
2013-04-11 07:28:04 UTC
Permalink
Post by Marco van de Voort
Post by Martin Brown
Post by Marco van de Voort
Post by Martin Brown
and seen it find obscure faults in seldom travelled paths (usually but
not always the error handling for never previously encountered errors).
Free Pascal has a "poison variables" option that initializes local variables
to random parameters. As a concept very powerful, specially in combination
with range checks (the randomized variables nearly immediately fail on
rangechecks when used as array index or if they are enumerations)
I am quite hardline on this I favour executing code in an environment
where a memory fetch from a location that has not been declared as a
hardware input or previously written to should be an immediate trap.
Interesting view of course. It's interesting how you implement it.
I know I nice test, allocate a 1GB array, and then access every other item
:-)
There would obviously be an overhead in any software implementation.

On hardware assisted parity memory it is conceptually easy - set all of
the memory to an invalid parity state before you start execution.

Any fetch from an unitialised location generates a parity error trap. So
on the right hardware it could be made to work at full speed and would
catch a lot of very common errors immediately.

Floating point is also easy you store a pattern that is an immediate
fault, on some architectures you can store a pattern that is both an
invalid FP and an invalid pointer - a variant on your poison variables.

The other way which is more painful is to have a virtual machine that
keeps a bit array for has been written to and is checked on every fetch.
Major performance hit but you get aggressive error detection.

I much prefer static analysis on a cost benefit basis.
Post by Marco van de Voort
Post by Martin Brown
Post by Marco van de Voort
Of course it is a runtime solution though, so it suffers from the codepaths
never travelled problem.
That is the huge advantage of static analysis.
Yes. But poisoning locals is magnitudes more simple. Same for the other
I disagree. Most compilers now have the model of dataflow internally but
fail to pass comment when variables appear to be on shaky ground. This
makes no sense at all when CPU cycles are so cheap and skilled human
ones so expensive. The tools should be watching out for errors and not
just compiling what they are given to wrong machine code.
Post by Marco van de Voort
Post by Martin Brown
The compiler has to do most of the work anyway so if in the process it
can spot any logically distinct path where a variable remains
This is still about Modula2 isn't it? The modular system might result in
the complete program never being in memory in a compiler controlled
representation. (only some modules and definitions of the other)
IOW, this is a feature (reducing the program) at the global level.
OTOH if the modules are proven to be internally consistent and always
deterministic on their stated inputs this is an advantage.
Post by Marco van de Voort
Static analysis is not perfect anyway, since the uncertainty of external
input propagates through the system, making more and more of the system
impossible to analyse.
It will thus only uncover a subset of problems.
All tools can only find a subset of problems. But it is madness that in
this day and age static analysis is not more widely used.
Post by Marco van de Voort
Post by Martin Brown
uninitialised then it is far better to hard fail at that stage than to
leave a potential landmine waiting for someone to step on it.
Like always, the best is a combination of techniques, since all have
downsides.
Agreed.
--
Regards,
Martin Brown
Rainard Buchmann
2013-04-20 01:01:03 UTC
Permalink
In Stony Brook - modula you can initialize variables statically :

VAR pt : pointertype = NIL ;

So later you can ask

IF pt = NIL THEN NEW (pt) ;


Rainard
Post by a***@drrob1.com
I have a type defined to be a pointer to a record. I only want to
call NEW(pointertype) if this pointer has not been initialized. I
hoped I could test for 0BAADF00DH but that only seems to work if I set
the compiler directive from the environment for Debug -> Initialize
Data.
Is there a way I can do that within my code and not depending on me
remembering to set that option?
Thanks
a***@drrob1.com
2013-04-21 18:12:45 UTC
Permalink
That's the answer I needed. I then figured out that after I call
DISPOSE, I can set the pointer to NIL myself.

And my code is working.

Thanks,
Rob

On Sat, 20 Apr 2013 03:01:03 +0200, "Rainard Buchmann"
Post by Rainard Buchmann
VAR pt : pointertype = NIL ;
So later you can ask
IF pt = NIL THEN NEW (pt) ;
Rainard
Post by a***@drrob1.com
I have a type defined to be a pointer to a record. I only want to
call NEW(pointertype) if this pointer has not been initialized. I
hoped I could test for 0BAADF00DH but that only seems to work if I set
the compiler directive from the environment for Debug -> Initialize
Data.
Is there a way I can do that within my code and not depending on me
remembering to set that option?
Thanks
Loading...