Using Valgrind to Detect Undefined Value Errors with Bit-Precision

Total Page:16

File Type:pdf, Size:1020Kb

Using Valgrind to Detect Undefined Value Errors with Bit-Precision Using Valgrind to detect undefined value errors with bit-precision Julian Seward Nicholas Nethercote OpenWorks LLP Department of Computer Sciences Cambridge, UK University of Texas at Austin [email protected] [email protected] Abstract We present Memcheck, a tool that has been implemented with the dynamic binary instrumentation framework Val- grind. Memcheck detects a wide range of memory errors 1.1 Basic operation and features in programs as they run. This paper focuses on one kind Memcheck is a dynamic analysis tool, and so checks pro- of error that Memcheck detects: undefined value errors. grams for errors as they run. Memcheck performs four Such errors are common, and often cause bugs that are kinds of memory error checking. hard to find in programs written in languages such as C, First, it tracks the addressability of every byte of mem- C++ and Fortran. Memcheck's definedness checking im- ory, updating the information as memory is allocated and proves on that of previous tools by being accurate to the freed. With this information, it can detect all accesses to level of individual bits. This accuracy gives Memcheck unaddressable memory. a low false positive and false negative rate. Second, it tracks all heap blocks allocated with The definedness checking involves shadowing every malloc(), new and new[]. With this information it bit of data in registers and memory with a second bit can detect bad or repeated frees of heap blocks, and can that indicates if the bit has a defined value. Every value- detect memory leaks at program termination. creating operation is instrumented with a shadow oper- Third, it checks that memory blocks supplied as argu- ation that propagates shadow bits appropriately. Mem- ments to functions like strcpy() and memcpy() do check uses these shadow bits to detect uses of undefined not overlap. This does not require any additional state to values that could adversely affect a program's behaviour. be tracked. Under Memcheck, programs typically run 20–30 Fourth, it performs definedness checking: it tracks the times slower than normal. This is fast enough to use with definedness of every bit of data in registers and memory. large programs. Memcheck finds many errors in real pro- With this information it can detect undefined value errors grams, and has been used during the past two years by with bit-precision. thousands of programmers on a wide range of systems, All four kinds of checking are useful. However, of including OpenOffice, Mozilla, Opera, KDE, GNOME, the four, definedness checking is easily the most sophis- MySQL, Perl, Samba, The GIMP, and Unreal Tourna- ticated, and it is this checking that this paper focuses on. ment. Memcheck uses dynamic binary instrumentation to in- strument the program to be checked (the client) on-the- fly at run-time. Execution of the added instrumentation 1 Introduction code is interleaved with the program's normal execution, not disturbing normal program behaviour (other than The accidental use of undefined values is a notorious slowing it down), but doing extra work “on the side” to source of bugs in programs written in imperative lan- detect memory errors. Because it instruments and analy- guages such as C, C++ and Fortran. Such undefined ses executable machine code, rather than source code or value errors are easy to make, but can be extremely diffi- object code, it has the following nice properties. cult to track down manually, sometimes lurking unfound for years. • Wide applicability: it works with programs written In this paper we describe Memcheck, a practical tool in any language.1 which detects a wide range of memory errors, including undefined value errors. Memcheck is implemented using • Total coverage: all parts of the client are executed the dynamic binary instrumentation framework Valgrind under Memcheck's control, including dynamically [10, 9]. linked libraries and the dynamic linker, even if the int main(void) { void set_bit ( int* arr, int n ) { int x, y, z, *p; arr[n/32] |= (1 << (n%32)); char buf[10]; } write(1, buf, 1); // bug 1 int get_bit ( int* arr, int n ) { x = ( x == 0 ? y : z ); // bug 2 return 1 & (arr[n/32] >> (n%32)); return *p + x; // bug 3 } } int main ( void ) { int* arr = malloc(10 * sizeof(int)); Figure 1: Example program badprog.c set_bit(arr, 177); printf("%d\n", get_bit(arr, 178)); source code is not available on the system. In- return 0; } deed, it is only by doing this that Memcheck can be accurate—partial coverage leads either to lots of Figure 3: Unsafe use of a bit-array missed errors (false negatives) or lots of invalid er- rors (false positives). the stack of thread 1 (the main thread). The second in- • Ease of use: unlike many similar tools, it does not dicates that a conditional jump depends on an undefined require programs to be prepared (e.g. recompiled or value. The third indicates that an undefined value is used relinked) in any way. as a pointer. All three error messages include a stack trace that indicate precisely where the error is occurring. Memcheck is part of the Valgrind suite, which is free In order to get exact line numbers in the stack traces, the (GPL) software, and is available for download from the client must be compiled with debugging information. If Valgrind website [14]. It currently runs only on the this is missing, the code locations are less precise, as can x86/Linux platform, although work is currently under- be seen with the location within the write() function way to port it to other platforms such as AMD64/Linux, (not to be confused with the write() system call)— PowerPC/Linux, x86/FreeBSD, and PowerPC/MacOSX. GNU libc on this system was not compiled with debug- ging information. 1.2 Using Memcheck Attentive readers may note that the final line of Memcheck is easy to use. As an example, consider the badprog.c could cause a segmentation fault due to the (contrived) program badprog.c in Figure 1. It con- use of the uninitialised variable p as an address. On one tains three undefined value errors. To check the compiled system we tried this test on, exactly that happened, and so program badprog the user only has to type: Memcheck issued an additional “Invalid read of size 4” warning immediately before the memory access, thanks valgrind --tool=memcheck badprog to its addressability checking. For the run presented, the The --tool= option specifies which tool in the Val- memory access (un)luckily hit addressable memory, so grind suite is used. The program runs under Mem- no addressability error message was issued. check's control, typically 20–30 times slower than usual. This slow-down is partly due to Memcheck's definedness 1.3 Bit-level precision checking, partly due to its other checking, and partly due to Valgrind's inherent overhead. The program's output Memcheck is the first tool we are aware of that tracks is augmented by Memcheck's output, which goes by de- definedness down to the level of bits. Other tools track fault to standard error, although it can be redirected to a definedness at byte granularity (Purify) or word granu- file, file descriptor, or socket with a command line op- larity (Third Degree). tion. This means Memcheck correctly handles code which Figure 2 shows the resulting output. The first three deals with partially-defined bytes. In C and C++, two lines are printed by Memcheck on startup. The middle common idioms give rise to such bytes: use of bit arrays section shows three error messages issued by Memcheck. and use of bitfields in structures. Tools which track de- The final three lines are printed at termination, and sum- finedness at byte or word granularities necessarily give marise Memcheck's findings. Each line of Memcheck's inaccurate results in such situations – either they fail to output is prefixed with the client's process ID, 27607 in report genuine errors resulting from uses of uninitialised this case. bits, or they falsely flag errors resulting from correct uses The three error messages are quite precise. The first of partially defined bytes. indicates that the memory passed to the system call The program shown in Figure 3 uses an uninitialised write() via the buf argument contains undefined val- bit in a bit-array. Memcheck reports this, but Purify does ues; its last line indicates that the undefined value is on not2. Memcheck is known to have found previously- ==27607== Memcheck, a memory error detector for x86-linux. ==27607== Copyright (C) 2000-2004, and GNU GPL'd, by Julian Seward et al. ==27607== For more details, rerun with: -v ==27607== ==27607== Syscall param write(buf) contains uninitialised or unaddressable byte(s) ==27607== at 0x420D2473: write (in /lib/tls/libc-2.3.2.so) ==27607== by 0x8048347: main (badprog.c:6) ==27607== Address 0x52BFE880 is on thread 1's stack <junk character printed by write()> ==27607== ==27607== Conditional jump or move depends on uninitialised value(s) ==27607== at 0x804834F: main (badprog.c:7) ==27607== ==27607== Use of uninitialised value of size 4 ==27607== at 0x804836B: main (badprog.c:8) ==27607== ==27607== ERROR SUMMARY: 3 errors from 3 contexts (suppressed: 11 from 1) ==27607== malloc/free: in use at exit: 0 bytes in 0 blocks. ==27607== malloc/free: 0 allocs, 0 frees, 0 bytes allocated. Figure 2: Example output for badprog.c undetected uses of single uninitialised bits in C++ struc- namic binary instrumentation; it does all the hard work of ture bitfields, in at least one large, widely used C++ code inserting instrumentation into machine code at run-time. base. Tools are created as plug-ins, written in C, to Valgrind's core.
Recommended publications
  • Automatic Detection of Uninitialized Variables
    Automatic Detection of Uninitialized Variables Thi Viet Nga Nguyen, Fran¸cois Irigoin, Corinne Ancourt, and Fabien Coelho Ecole des Mines de Paris, 77305 Fontainebleau, France {nguyen,irigoin,ancourt,coelho}@cri.ensmp.fr Abstract. One of the most common programming errors is the use of a variable before its definition. This undefined value may produce incorrect results, memory violations, unpredictable behaviors and program failure. To detect this kind of error, two approaches can be used: compile-time analysis and run-time checking. However, compile-time analysis is far from perfect because of complicated data and control flows as well as arrays with non-linear, indirection subscripts, etc. On the other hand, dynamic checking, although supported by hardware and compiler tech- niques, is costly due to heavy code instrumentation while information available at compile-time is not taken into account. This paper presents a combination of an efficient compile-time analysis and a source code instrumentation for run-time checking. All kinds of variables are checked by PIPS, a Fortran research compiler for program analyses, transformation, parallelization and verification. Uninitialized array elements are detected by using imported array region, an efficient inter-procedural array data flow analysis. If exact array regions cannot be computed and compile-time information is not sufficient, array elements are initialized to a special value and their utilization is accompanied by a value test to assert the legality of the access. In comparison to the dynamic instrumentation, our method greatly reduces the number of variables to be initialized and to be checked. Code instrumentation is only needed for some array sections, not for the whole array.
    [Show full text]
  • Arxiv:2006.14147V2 [Cs.CR] 26 Mar 2021
    FastSpec: Scalable Generation and Detection of Spectre Gadgets Using Neural Embeddings M. Caner Tol Berk Gulmezoglu Koray Yurtseven Berk Sunar Worcester Polytechnic Institute Iowa State University Worcester Polytechnic Institute Worcester Polytechnic Institute [email protected] [email protected] [email protected] [email protected] Abstract—Several techniques have been proposed to detect [4] are implemented against the SGX environment and vulnerable Spectre gadgets in widely deployed commercial even remotely over the network [5]. These attacks show software. Unfortunately, detection techniques proposed so the applicability of Spectre attacks in the wild. far rely on hand-written rules which fall short in covering Unfortunately, chip vendors try to patch the leakages subtle variations of known Spectre gadgets as well as demand one-by-one with microcode updates rather than fixing a huge amount of time to analyze each conditional branch the flaws by changing their hardware designs. Therefore, in software. Moreover, detection tool evaluations are based developers rely on automated malware analysis tools to only on a handful of these gadgets, as it requires arduous eliminate mistakenly placed Spectre gadgets in their pro- effort to craft new gadgets manually. grams. The proposed detection tools mostly implement In this work, we employ both fuzzing and deep learning taint analysis [6] and symbolic execution [7], [8] to iden- techniques to automate the generation and detection of tify potential gadgets in benign applications. However, Spectre gadgets. We first create a diverse set of Spectre-V1 the methods proposed so far are associated with two gadgets by introducing perturbations to the known gadgets. shortcomings: (1) the low number of Spectre gadgets Using mutational fuzzing, we produce a data set with more prevents the comprehensive evaluation of the tools, (2) than 1 million Spectre-V1 gadgets which is the largest time consumption exponentially increases when the binary Spectre gadget data set built to date.
    [Show full text]
  • Declaring a Pointer Variable
    Declaring A Pointer Variable Topazine and neighbouring Lothar fubbed some kaiserships so rousingly! Myles teazles devilishly if top-hole Morlee desists or hunker. Archibald is unprincipled and lip-read privatively as fluorometric Tarzan undersells liturgically and about-ship metonymically. Assigning a function returns nothing else to start as a variable that there is vastly different pointers are variables have learned in Identifier: this failure the arch of a pointer. Let us take a closer look that how pointer variables are stored in memory. In these different physical memory address of this chapter, both are intended only between a pointer variable? You have full pack on the pointer addresses and their contents, the compiler allows a segment register or save segment address, C pointer is of special variable that holds the memory address of another variable. Size of declaration, declare a pointer declarations. Pointers should be initialized either when condition are declared or enjoy an assignment. Instead of declaration statement mean it by having as declared and subtraction have. In bold below c program example, simple it mixes a floating point addition and an integer, at definite point static aliasing goes out giving the window. Pointers are so commonly, a c passes function as well, it will run off, you create and arrays and inaccurate terms of const? The arrow points to instant data whose address the pointer stores. The pointers can be used with structures if it contains only value types as its members. This can counter it difficult to track opposite the error. We will moderate a backbone more fragile this.
    [Show full text]
  • Cygwin User's Guide
    Cygwin User’s Guide Cygwin User’s Guide ii Copyright © Cygwin authors Permission is granted to make and distribute verbatim copies of this documentation provided the copyright notice and this per- mission notice are preserved on all copies. Permission is granted to copy and distribute modified versions of this documentation under the conditions for verbatim copying, provided that the entire resulting derived work is distributed under the terms of a permission notice identical to this one. Permission is granted to copy and distribute translations of this documentation into another language, under the above conditions for modified versions, except that this permission notice may be stated in a translation approved by the Free Software Foundation. Cygwin User’s Guide iii Contents 1 Cygwin Overview 1 1.1 What is it? . .1 1.2 Quick Start Guide for those more experienced with Windows . .1 1.3 Quick Start Guide for those more experienced with UNIX . .1 1.4 Are the Cygwin tools free software? . .2 1.5 A brief history of the Cygwin project . .2 1.6 Highlights of Cygwin Functionality . .3 1.6.1 Introduction . .3 1.6.2 Permissions and Security . .3 1.6.3 File Access . .3 1.6.4 Text Mode vs. Binary Mode . .4 1.6.5 ANSI C Library . .4 1.6.6 Process Creation . .5 1.6.6.1 Problems with process creation . .5 1.6.7 Signals . .6 1.6.8 Sockets . .6 1.6.9 Select . .7 1.7 What’s new and what changed in Cygwin . .7 1.7.1 What’s new and what changed in 3.2 .
    [Show full text]
  • Undefined Behaviour in the C Language
    FAKULTA INFORMATIKY, MASARYKOVA UNIVERZITA Undefined Behaviour in the C Language BAKALÁŘSKÁ PRÁCE Tobiáš Kamenický Brno, květen 2015 Declaration Hereby I declare, that this paper is my original authorial work, which I have worked out by my own. All sources, references, and literature used or excerpted during elaboration of this work are properly cited and listed in complete reference to the due source. Vedoucí práce: RNDr. Adam Rambousek ii Acknowledgements I am very grateful to my supervisor Miroslav Franc for his guidance, invaluable help and feedback throughout the work on this thesis. iii Summary This bachelor’s thesis deals with the concept of undefined behavior and its aspects. It explains some specific undefined behaviors extracted from the C standard and provides each with a detailed description from the view of a programmer and a tester. It summarizes the possibilities to prevent and to test these undefined behaviors. To achieve that, some compilers and tools are introduced and further described. The thesis contains a set of example programs to ease the understanding of the discussed undefined behaviors. Keywords undefined behavior, C, testing, detection, secure coding, analysis tools, standard, programming language iv Table of Contents Declaration ................................................................................................................................ ii Acknowledgements .................................................................................................................. iii Summary .................................................................................................................................
    [Show full text]
  • Automatic Benchmark Profiling Through Advanced Trace Analysis Alexis Martin, Vania Marangozova-Martin
    Automatic Benchmark Profiling through Advanced Trace Analysis Alexis Martin, Vania Marangozova-Martin To cite this version: Alexis Martin, Vania Marangozova-Martin. Automatic Benchmark Profiling through Advanced Trace Analysis. [Research Report] RR-8889, Inria - Research Centre Grenoble – Rhône-Alpes; Université Grenoble Alpes; CNRS. 2016. hal-01292618 HAL Id: hal-01292618 https://hal.inria.fr/hal-01292618 Submitted on 24 Mar 2016 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. Automatic Benchmark Profiling through Advanced Trace Analysis Alexis Martin , Vania Marangozova-Martin RESEARCH REPORT N° 8889 March 23, 2016 Project-Team Polaris ISSN 0249-6399 ISRN INRIA/RR--8889--FR+ENG Automatic Benchmark Profiling through Advanced Trace Analysis Alexis Martin ∗ † ‡, Vania Marangozova-Martin ∗ † ‡ Project-Team Polaris Research Report n° 8889 — March 23, 2016 — 15 pages Abstract: Benchmarking has proven to be crucial for the investigation of the behavior and performances of a system. However, the choice of relevant benchmarks still remains a challenge. To help the process of comparing and choosing among benchmarks, we propose a solution for automatic benchmark profiling. It computes unified benchmark profiles reflecting benchmarks’ duration, function repartition, stability, CPU efficiency, parallelization and memory usage.
    [Show full text]
  • APPLICATION FUNCTIONS 5 - 1 to 5 - 242 5.1 Type Conversion Functions 5 - 2 5.1.1 Bit Type  Word (Signed), Double Word (Signed) Type Conversion
    SAFETY PRECAUTIONS (Always read these instructions before using this product.) Before using MELSEC-Q or -L series programmable controllers, please read the manuals included with each product and the relevant manuals introduced in those manuals carefully, and pay full attention to safety to handle the product correctly. Make sure that the end users read the manuals included with each product, and keep the manuals in a safe place for future reference. A-1 CONDITIONS OF USE FOR THE PRODUCT (1) Mitsubishi programmable controller ("the PRODUCT") shall be used in conditions; i) where any problem, fault or failure occurring in the PRODUCT, if any, shall not lead to any major or serious accident; and ii) where the backup and fail-safe function are systematically or automatically provided outside of the PRODUCT for the case of any problem, fault or failure occurring in the PRODUCT. (2) The PRODUCT has been designed and manufactured for the purpose of being used in general industries. MITSUBISHI SHALL HAVE NO RESPONSIBILITY OR LIABILITY (INCLUDING, BUT NOT LIMITED TO ANY AND ALL RESPONSIBILITY OR LIABILITY BASED ON CONTRACT, WARRANTY, TORT, PRODUCT LIABILITY) FOR ANY INJURY OR DEATH TO PERSONS OR LOSS OR DAMAGE TO PROPERTY CAUSED BY the PRODUCT THAT ARE OPERATED OR USED IN APPLICATION NOT INTENDED OR EXCLUDED BY INSTRUCTIONS, PRECAUTIONS, OR WARNING CONTAINED IN MITSUBISHI'S USER, INSTRUCTION AND/OR SAFETY MANUALS, TECHNICAL BULLETINS AND GUIDELINES FOR the PRODUCT. ("Prohibited Application") Prohibited Applications include, but not limited to, the use of the PRODUCT in; • Nuclear Power Plants and any other power plants operated by Power companies, and/or any other cases in which the public could be affected if any problem or fault occurs in the PRODUCT.
    [Show full text]
  • Automatic Benchmark Profiling Through Advanced Trace Analysis
    View metadata, citation and similar papers at core.ac.uk brought to you by CORE provided by Hal - Université Grenoble Alpes Automatic Benchmark Profiling through Advanced Trace Analysis Alexis Martin, Vania Marangozova-Martin To cite this version: Alexis Martin, Vania Marangozova-Martin. Automatic Benchmark Profiling through Advanced Trace Analysis. [Research Report] RR-8889, Inria - Research Centre Grenoble { Rh^one-Alpes; Universit´eGrenoble Alpes; CNRS. 2016. <hal-01292618> HAL Id: hal-01292618 https://hal.inria.fr/hal-01292618 Submitted on 24 Mar 2016 HAL is a multi-disciplinary open access L'archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destin´eeau d´ep^otet `ala diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publi´esou non, lished or not. The documents may come from ´emanant des ´etablissements d'enseignement et de teaching and research institutions in France or recherche fran¸caisou ´etrangers,des laboratoires abroad, or from public or private research centers. publics ou priv´es. Automatic Benchmark Profiling through Advanced Trace Analysis Alexis Martin , Vania Marangozova-Martin RESEARCH REPORT N° 8889 March 23, 2016 Project-Team Polaris ISSN 0249-6399 ISRN INRIA/RR--8889--FR+ENG Automatic Benchmark Profiling through Advanced Trace Analysis Alexis Martin ∗ † ‡, Vania Marangozova-Martin ∗ † ‡ Project-Team Polaris Research Report n° 8889 — March 23, 2016 — 15 pages Abstract: Benchmarking has proven to be crucial for the investigation of the behavior and performances of a system. However, the choice of relevant benchmarks still remains a challenge. To help the process of comparing and choosing among benchmarks, we propose a solution for automatic benchmark profiling.
    [Show full text]
  • Generic User-Level PCI Drivers
    Generic User-Level PCI Drivers Hannes Weisbach, Bj¨orn D¨obel, Adam Lackorzynski Technische Universit¨at Dresden Department of Computer Science, 01062 Dresden {weisbach,doebel,adam}@tudos.org Abstract Linux has become a popular foundation for systems with real-time requirements such as industrial control applications. In order to run such workloads on Linux, the kernel needs to provide certain properties, such as low interrupt latencies. For this purpose, the kernel has been thoroughly examined, tuned, and verified. This examination includes all aspects of the kernel, including the device drivers necessary to run the system. However, hardware may change and therefore require device driver updates or replacements. Such an update might require reevaluation of the whole kernel because of the tight integration of device drivers into the system and the manyfold ways of potential interactions. This approach is time-consuming and might require revalidation by a third party. To mitigate these costs, we propose to run device drivers in user-space applications. This allows to rely on the unmodified and already analyzed latency characteristics of the kernel when updating drivers, so that only the drivers themselves remain in the need of evaluation. In this paper, we present the Device Driver Environment (DDE), which uses the UIO framework supplemented by some modifications, which allow running any recent PCI driver from the Linux kernel without modifications in user space. We report on our implementation, discuss problems related to DMA from user space and evaluate the achieved performance. 1 Introduction in safety-critical systems would need additional au- dits and certifications to take place.
    [Show full text]
  • Building Embedded Linux Systems ,Roadmap.18084 Page Ii Wednesday, August 6, 2008 9:05 AM
    Building Embedded Linux Systems ,roadmap.18084 Page ii Wednesday, August 6, 2008 9:05 AM Other Linux resources from O’Reilly Related titles Designing Embedded Programming Embedded Hardware Systems Linux Device Drivers Running Linux Linux in a Nutshell Understanding the Linux Linux Network Adminis- Kernel trator’s Guide Linux Books linux.oreilly.com is a complete catalog of O’Reilly’s books on Resource Center Linux and Unix and related technologies, including sample chapters and code examples. ONLamp.com is the premier site for the open source web plat- form: Linux, Apache, MySQL, and either Perl, Python, or PHP. Conferences O’Reilly brings diverse innovators together to nurture the ideas that spark revolutionary industries. We specialize in document- ing the latest tools and systems, translating the innovator’s knowledge into useful skills for those in the trenches. Visit con- ferences.oreilly.com for our upcoming events. Safari Bookshelf (safari.oreilly.com) is the premier online refer- ence library for programmers and IT professionals. Conduct searches across more than 1,000 books. Subscribers can zero in on answers to time-critical questions in a matter of seconds. Read the books on your Bookshelf from cover to cover or sim- ply flip to the page you need. Try it today for free. main.title Page iii Monday, May 19, 2008 11:21 AM SECOND EDITION Building Embedded Linux SystemsTomcat ™ The Definitive Guide Karim Yaghmour, JonJason Masters, Brittain Gilad and Ben-Yossef, Ian F. Darwin and Philippe Gerum Beijing • Cambridge • Farnham • Köln • Sebastopol • Taipei • Tokyo Building Embedded Linux Systems, Second Edition by Karim Yaghmour, Jon Masters, Gilad Ben-Yossef, and Philippe Gerum Copyright © 2008 Karim Yaghmour and Jon Masters.
    [Show full text]
  • THE 1995 STANDARD MUMPS POCKET GUIDE Fifth Edition of the Mumps Pocket Guide Second Printing
    1995 S TA N DA R D M U M P S P O C K E T G U I D E FIFTH EDITION FREDERICK D. S. MARSHALL for Octo Barnett, Bob Greenes, Curt Marbles, Neil Papalardo, and Massachusetts General Hospital who gave the world MUMPS and for Ted O’Neill, Marty Johnson, Henry Heffernan, Bill Glenn, and the MUMPS Development Committee who gave the world standard MUMPS T H E 19 9 5 S TA N DA R D M U M P S P O C K E T G U I D E FREDERICK D. S. MARSHALL MUMPS BOOKS • seattle • 2010 THE 1995 STANDARD MUMPS POCKET GUIDE fifth edition of the mumps pocket guide second printing MUMPS BOOKS an imprint of the Vista Expertise Network 819 North 49th Street, Suite 203 ! Seattle, Washington 98103 www.vistaexpertise.net [email protected] (206) 632-0166 copyright © 2010 by frederick d. s. marshall All rights reserved. V I S t C E X P E R T I S E N E T W O R K C O N T E N T S 1 ! I N T R O D U C T I O N ! 1 1.1 ! Purpose ! 1 1.2 ! Acknowledgments ! 1 2 ! O T H E R R E F E R E N C E S ! 2 3 ! T H E S U I T E O F S T A N D A R D S ! 3 4 ! S Y S T E M M O D E L ! 5 4.1 ! Multi-processing ! 5 4.2 ! Data ! 5 4.3 ! Code ! 7 4.4 ! Environments ! 7 4.5 ! Pack ages ! 7 4.6 ! Char acter Sets ! 7 4.7 ! Input/Output Devices ! 8 5 ! S Y N T A X ! 9 5.1 ! Metalanguage Element Index ! 9 6 ! R O U T I N E S ! 15 6.1 ! Routine Structure ! 15 6.2 ! Lines ! 15 6.3 ! Line References ! 17 6.4 ! Execution ! 19 6.4.1 ! the process stack ! 19 6.4.2 ! block Processing ! 19 6.4.3 ! error codes ! 21 7 ! E X P R E S S I O N S ! 2 3 7.1 ! Values ! 24 7.1.1 ! representation ! 24 7.1.2 ! interpretation
    [Show full text]
  • Concrete Types for Typescript
    Concrete Types for TypeScript Gregor Richards1, Francesco Zappa Nardelli2, and Jan Vitek3 1 University of Waterloo 2 Inria 3 Northeastern University Abstract TypeScript extends JavaScript with optional type annotations that are, by design, unsound and, that the TypeScript compiler discards as it emits code. This design point preserves programming idioms developers are familiar with, and allows them to leave their legacy code unchanged, while offering a measure of static error checking in annotated parts of the program. We present an alternative design for TypeScript that supports the same degree of dynamism but that also allows types to be strengthened to provide correctness guarantees. We report on an implementation, called StrongScript, that improves runtime performance of typed programs when run on a modified version of the V8 JavaScript engine. 1998 ACM Subject Classification F.3.3 Type structure Keywords and phrases Gradual typing, dynamic languages Digital Object Identifier 10.4230/LIPIcs.ECOOP.2015.999 1 Introduction Perhaps surprisingly, a number of modern computer programming languages have been de- signed with intentionally unsound type systems. Unsoundness arises for pragmatic reasons, for instance, Java has a covariant array subtype rule designed to allow for a single polymor- phic sort() implementation. More recently, industrial extensions to dynamic languages, such as Hack, Dart and TypeScript, have featured optional type systems [5] geared to ac- commodate dynamic programming idioms and preserve the behavior of legacy code. Type annotations are second class citizens intended to provide machine-checked documentation, and only slightly reduce the testing burden. Unsoundness, here, means that a variable an- notated with some type T may, at runtime, hold a value of a type that is not a subtype of T due to unchecked casts, covariant subtyping, and untyped code.
    [Show full text]