Cyclone By Example 15-213 Spring 2007 Aleksey Kliger Computer Science Department Carnegie Mellon University March 8, 2007 Aleksey Kliger (CMU) Cyclone By Example Mar 8 1 / 26 The Big Picture Outline 1 The Big Picture 2 Pointer Arithmetic 3 Tagged Unions And Not-NULL Pointers 4 Regions Aleksey Kliger (CMU) Cyclone By Example Mar 8 2 / 26 The Big Picture From C to Cyclone Theme 1 Rule out unsafe features of C 2 When possible, check some properties of a program at compile-time. 3 Otherwise, do a runtime check. Aleksey Kliger (CMU) Cyclone By Example Mar 8 3 / 26 The Big Picture Unsafe Features of C Review of Tuesday’s Lecture 1 Pointer arithmetic 2 NULL pointer dereferences 3 Union types 4 Pointers to local variables 5 Casting to pointer types 6 Malloc/free 7 Symbol confusion during linking 8 Format string problems 9 Uninitialized Variables Aleksey Kliger (CMU) Cyclone By Example Mar 8 4 / 26 The Big Picture Unsafe Features of C Review of Tuesday’s Lecture 1 Pointer arithmetic 2 NULL pointer dereferences 3 Union types 4 Pointers to local variables 5 Casting to pointer types 6 Malloc/free 7 Symbol confusion during linking 8 Format string problems 9 Uninitialized Variables Aleksey Kliger (CMU) Cyclone By Example Mar 8 4 / 26 The Big Picture C vs Cyclone C Cyclone 1 Pointer arithmetic 1 @fat pointers 2 NULL pointer dereferences 2 @notnull pointers or runtime checks 3 Union types 3 @tagged unions 4 Pointers to local variables 4 @region() annotations Aleksey Kliger (CMU) Cyclone By Example Mar 8 5 / 26 Pointer Arithmetic Outline 1 The Big Picture 2 Pointer Arithmetic 3 Tagged Unions And Not-NULL Pointers 4 Regions Aleksey Kliger (CMU) Cyclone By Example Mar 8 6 / 26 Pointer Arithmetic Pointer Arithmetic C version Example (Singly-linked Example (Array to list) lists) list* array2list(int* A, int n) { struct List { list* l = NULL; int head; int i; struct List* tail; for (i = n-1; i >= 0; i--) { }; list* t = malloc (sizeof (list)); typedef t->head = A[i]; struct List t->tail = l; list; l = t; } return l; } Aleksey Kliger (CMU) Cyclone By Example Mar 8 7 / 26 Pointer Arithmetic Pointer Arithmetic C version Example (Singly-linked Example (Array to list) lists) list* array2list(int* A, int n) { struct List { list* l = NULL; int head; int i; struct List* tail; for (i = n-1; i >= 0; i--) { }; list* t = malloc (sizeof (list)); typedef t->head = A[i]; struct List t->tail = l; list; l = t; } return l; } Aleksey Kliger (CMU) Cyclone By Example Mar 8 7 / 26 Pointer Arithmetic Array To List Illustration Example (Array to list) list* array2list(int* A, int n) { list* l = NULL; int i; for (i = n-1; i >= 0; i--) { list* t = malloc (sizeof (list)); Example t->head = A[i]; int a[3] = t->tail = l; {7, 8, 9}; l = t; list* result = } array2list (a, 3); return l; } Aleksey Kliger (CMU) Cyclone By Example Mar 8 8 / 26 Pointer Arithmetic Array To List Illustration Example (Array to list) list* array2list(int* A, int n) { list* l = NULL; int i; for (i = n-1; i >= 0; i--) { list* t = malloc (sizeof (list)); Example t->head = A[i]; int a[3] = t->tail = l; {7, 8, 9}; l = t; list* result = } array2list (a, 3); return l; } Aleksey Kliger (CMU) Cyclone By Example Mar 8 8 / 26 Pointer Arithmetic Array To List Illustration Example (Array to list) list* array2list(int* A, int n) { list* l = NULL; int i; for (i = n-1; i >= 0; i--) { list* t = malloc (sizeof (list)); Example t->head = A[i]; int a[3] = t->tail = l; {7, 8, 9}; l = t; list* result = } array2list (a, 3); return l; } Aleksey Kliger (CMU) Cyclone By Example Mar 8 8 / 26 Pointer Arithmetic Array To List Illustration Example (Array to list) list* array2list(int* A, int n) { list* l = NULL; int i; for (i = n-1; i >= 0; i--) { list* t = malloc (sizeof (list)); Example t->head = A[i]; int a[3] = t->tail = l; {7, 8, 9}; l = t; list* result = } array2list (a, 3); return l; } Aleksey Kliger (CMU) Cyclone By Example Mar 8 8 / 26 Pointer Arithmetic Array To List Illustration Example (Array to list) list* array2list(int* A, int n) { list* l = NULL; int i; for (i = n-1; i >= 0; i--) { list* t = malloc (sizeof (list)); Example t->head = A[i]; int a[3] = t->tail = l; {7, 8, 9}; l = t; list* result = } array2list (a, 3); return l; } Aleksey Kliger (CMU) Cyclone By Example Mar 8 8 / 26 Pointer Arithmetic Array To List Unsafe Aspects Question Example (Array to list) What’s unsafe here? list* array2list(int* A, int n){ list* l = NULL; int i; for (i = n-1; i >= 0; i--) { list* t = malloc (sizeof (list)); t->head = A[i]; t->tail = l; l = t; } return l; } Aleksey Kliger (CMU) Cyclone By Example Mar 8 9 / 26 Pointer Arithmetic Array To List Unsafe Aspects Question Example (Array to list) What’s unsafe here? list* array2list(int* A, int n){ list* l = NULL; int i; for (i = n-1; i >= 0; i--) { list* t = malloc (sizeof (list)); t->head = A[i]; t->tail = l; l = t; } return l; } Aleksey Kliger (CMU) Cyclone By Example Mar 8 9 / 26 Pointer Arithmetic Array To List Cyclone Version Example (Array to list) 1 Fat pointer list* array2list(int? A){ (int? A) list* l = NULL; 2 Number of int i; int n = numelts(A); elements for (i = n-1; i >= 0; i--) { numelts(A) list* t = malloc (sizeof (list)); 3 Array bounds check t->head = A[i]; t->tail = l; l = t; } (int ? abbreviates int *@fat) return l; } Aleksey Kliger (CMU) Cyclone By Example Mar 8 10 / 26 Pointer Arithmetic Array To List Let’s compile it! [aleksey@tuna] cyclone -Wall -c array2list.cyc ***Warnings*** array2list.cyc:16: inserted bounds check at A[i] array2list.cyc:16: inserted null check ************** Often, Cyclone can eliminate bounds checks. Sometimes it can’t. Aleksey Kliger (CMU) Cyclone By Example Mar 8 11 / 26 Pointer Arithmetic Array To List Let’s compile it! [aleksey@tuna] cyclone -Wall -c array2list.cyc ***Warnings*** array2list.cyc:16: inserted bounds check at A[i] array2list.cyc:16: inserted null check ************** But why the null check? Aleksey Kliger (CMU) Cyclone By Example Mar 8 11 / 26 Pointer Arithmetic Array To List @fat pointers can be null Example (Array to list) list* array2list(int? A) { list* l = NULL; int i; int n = numelts(A); If A were NULL, we for (i = n-1; i >= 0; i--) { would never get here, list* t = malloc (sizeof (list)); but Cyclone doesn’t know that. t->head = A[i]; t->tail = l; l = t; } return l; } Aleksey Kliger (CMU) Cyclone By Example Mar 8 12 / 26 Pointer Arithmetic Array To List @fat pointers can be null Example (Array to list) list* array2list(int? A) { list* l = NULL; Add our own NULL int i; int n = numelts(A); check (outside the if (!A) return NULL; loop). for (i = n-1; i >= 0; i--) { list* t = malloc (sizeof (list)); t->head = A[i]; t->tail = l; l = t; } return l; } Aleksey Kliger (CMU) Cyclone By Example Mar 8 12 / 26 Tagged Unions And Not-NULL Pointers Outline 1 The Big Picture 2 Pointer Arithmetic 3 Tagged Unions And Not-NULL Pointers 4 Regions Aleksey Kliger (CMU) Cyclone By Example Mar 8 13 / 26 Tagged Unions And Not-NULL Pointers Zoology (From a gazelle’s perspective) Example (Animals) Example (Count teeth) struct Herbivore {...}; int count_teeth(animal struct Carnivore { serengeti[], int numteeth; ... int n) { }; int total = 0; struct Animal { int i; int isCarnivore; union { for (i = 0; i < n; i++) { struct Herbivore* h; if (serengeti[i].isCarnivore) struct Carnivore* c; total += }; serengeti[i].c->numteeth; }; } typedef struct Animal return total; animal; } Aleksey Kliger (CMU) Cyclone By Example Mar 8 14 / 26 Tagged Unions And Not-NULL Pointers Zoology (From a gazelle’s perspective) Example (Animals) Example (Count teeth) struct Herbivore {...}; int count_teeth(animal struct Carnivore { serengeti[], int numteeth; ... int n) { }; int total = 0; struct Animal { int i; int isCarnivore; union { for (i = 0; i < n; i++) { struct Herbivore* h; if (serengeti[i].isCarnivore) struct Carnivore* c; total += }; serengeti[i].c->numteeth; }; } typedef struct Animal return total; animal; } Aleksey Kliger (CMU) Cyclone By Example Mar 8 14 / 26 Tagged Unions And Not-NULL Pointers Zoology Unsafe features Example (Count teeth) int count_teeth(animal serengeti[], int n){ int total = 0; int i; for (i = 0; i < n; i++) { if (serengeti[i].isCarnivore) total += serengeti[i].c->numteeth; } return total; } Aleksey Kliger (CMU) Cyclone By Example Mar 8 15 / 26 Tagged Unions And Not-NULL Pointers Zoology Unsafe features Example (Count teeth) int count_teeth(animal serengeti[], int n){ 1 Arrays int total = 0; 2 Tag and union field int i; may be out of sync 3 Dereferencing a pointer for (i = 0; i < n; i++) { without checking for if (serengeti[i].isCarnivore) NULL total += serengeti[i].c->numteeth; } return total; } Aleksey Kliger (CMU) Cyclone By Example Mar 8 15 / 26 Tagged Unions And Not-NULL Pointers Safe Zoology Use @tagged and @notnull Example (Animals) struct Herbivore {...}; struct Carnivore { int numteeth; ... }; struct Animal { int isCarnivore; union { struct Herbivore* h; struct Carnivore* c; }; }; typedef struct Animal animal; Aleksey Kliger (CMU) Cyclone By Example Mar 8 16 / 26 Tagged Unions And Not-NULL Pointers Safe Zoology Use @tagged and @notnull Example (Animals) struct Herbivore {...}; 1 @tagged union: compiler knows the struct Carnivore { role of the tag in selecting between int numteeth; ... .h and .c }; 2 struct Carnivore @ is a pointer @tagged that must not be NULL.