1. Field of the Invention
The present invention relates to a method and system for detecting an invalid access to a memory so as to debug or the like of a computer program. More particularly, the present invention relates to a method and system for automatically detecting an invalid access to a dynamically allocated memory caused by any defect in a user program incorporated in various tools such as a software development tool, a defect investigation tool and a quality examination/improvement tool that are operated in a computer system where the user program allows dynamic allocation/deallocation of a memory as the process requests.
2. Description of Related Art
As a programming language, Fortran and Cobol are in common use but in recent years C and C++ languages are becoming more popular. The C and C++ languages are advantageously flexible in that they can directly call services in the used system and directly describe a memory operation and the like. On the other hand, when the system is mistakenly used or the program has a defect or error, the direct call for services in the system and the direct memory operation is likely to involve inconveniences resulting in the inoperation of the computer. In order to avoid such inconveniences or dangers, the program must be constantly debugged. In line with increases in the computing speed and the memory capacity, the scale of a software is becoming large, which makes it difficult to detect defects in the programs.
In the case of improper or ineffective use of a memory, an invalid access, such as an access to a wrong page which is not allocated in the program, is automatically detected by a Page Memory Management Unit (PMMU).
The PMMU is a device for, in an address space of a processor that is divided into predetermined units (i.e., pages), setting an access right to each page, managing an allocation state of a physical memory to a virtual memory when the virtual memory is used, and translating a virtual logical address into a physical address. The PMMUs can be built in a processor. A dynamic memory allocation facility for allocating a memory to a program in need is packaged by using the PMMU. Furthermore, in order to enable the operating system to control the PMMU operating system, a page management table that stores the allocation of the physical memory in each page and the setting of an access right in each page is used.
The PMMU is disadvantageous in that it cannot detect an invalid access within any page allocated to the writing of a program; for example, an access beyond the range of an array data, and a copy of a data larger than a memory area dynamically allocated to the program. Such invalid accesses are likely to cause secondary defects such as damage to the other data.
Now, examples of improper accesses to the memory will be described in details:
(1) Memory access beyond a range of a dynamically allocated memory:
For example, where a memory with 10 bytes is dynamically allocated to an address 1000, a writing to an address 999 may destroy previous, other data. Similarly, a writing to an address 1011 may destroy other, subsequent data. In either case, an unexpected data is read in a reading operation, which can result in secondary nonconformity when another instruction is executed based on the read data.
(2) Execution of a read instruction before executing a write instruction in a dynamically allocated memory:
A dynamically allocated memory has an undefined content when allocated. When such a dynamically allocated memory is read before writing, the undefined data is read. As a result, secondary nonconformity can be caused when another instruction is executed based on the read data.
(3) Access to a dynamically allocated memory that has already been deallocated:
A program dynamically allocates a memory in need for processing, and deallocates the memory when the need is lost. Although an access to the deallocated memory is inhibited in principle, when the deallocated memory is accessed or a request for deallocating that memory is issued again, an unexpected situation is brought about.
The memories to be used in a program are roughly divided into two kinds, an instruction area memory and a data area memory. The instruction area memory is generally used for read only, and there is no possibility that the instruction area memory is damaged by the nonconformity of a program. Therefore, it is the data area memory that can be damaged by the nonconformity of a program. The data to be used in a program are divided into the following three kinds: a static data, a stack data and a dynamically allocated data.
The static data is always allocated to a fixed address. The stack data is allocated in the order of call in each function (i.e., subroutine), and hence, the stack data having the same orders in the functions are allocated to the same addresses. Furthermore, a data defined as a static/stack data is allocated in the order of declaration and is aligned on a memory in the order of the allocation. Therefore, when a static/stack data is found to be damaged, an instruction having damaged the data can be comparatively easily identified by tracing instructions operating the previous and subsequent data of the damaged data (i.e., data defined in front and behind of the damaged data).
The dynamically allocated data is allocated in need for processing, and hence, it can be allocated to different addresses depending upon various conditions including the size of the data and the operating environment. Furthermore, the position of the dynamically allocated data on a memory is not necessarily in accordance with the order of the allocation. Therefore, when a dynamically allocated data is found to be damaged, it is necessary to identify the previous and subsequent data of the damaged data in order to trace the instruction operating these data. Thus, it is more difficult to identify the instruction that has damaged the data.
U.S. Pat. No. 5,193,180 discloses a device for detecting any defect in using a memory. This device comprises means for retrieving memory access instructions in an object program so as to insert an instruction string for checking the address of a memory to be accessed, in front and behind of each of the retrieved memory access instructions; means for inserting a dummy data between respective data in the memory so as to break an accessible area; means for generating a control data used for checking purpose; means for evaluating the validity of an access on the basis of the management data; and means for adjusting a shift of an inaccessed address due to the insert of the instruction string and the dummy data.
As is evident from the foregoing description, the destruction of the static data and the stack data is comparatively easily detected as compared with that of the dynamically allocated data. The device of the aforementioned U.S. patent, however, checks all the memory accesses, and does not respond to a request of program developers that checking time should be shortened by merely checking the dynamically allocated data. The aforementioned U.S. patent only describes how to check the propriety of an access to the dynamically allocated memory but fails to describe any means for effecting the check. This is because the memory access instructions in a relocatable object file or an executable file are statically retrieved in the device disclosed in this U.S. patent.