afl-material: comparison handouts/ho09.tex

equal deleted inserted replaced

-:17acdd516ccd
+:ed8f014217be
+\documentclass{article}
+\usepackage{../style}
+\usepackage{../langs}
+\usepackage{../graphics}
+\usepackage{../grammar}
+\usepackage{multicol}
+\newcommand{\dn}{\stackrel{\mbox{\scriptsize def}}{=}}
+\begin{document}
+\fnote{\copyright{} Christian Urban, King's College London, 2014}
+%% why are shuttle flights so good with software
+%%http://www.fastcompany.com/28121/they-write-right-stuff
+\section*{Handout 9 (Static Analysis)}
+If we want to improve the safety and security of our programs,
+we need a more principled approach to programming. Testing is
+good, but as Edsger Dijkstra famously wrote:
+\begin{quote}\it
+``Program testing can be a very effective way to show the
+\underline{\smash{presence}} of bugs, but it is hopelessly
+inadequate for showing their \underline{\smash{absence}}.''
+\end{quote}
+\noindent While such a more principled approach has been the
+subject of intense study for a long, long time, only in the
+past few years some impressive results have been achieved. One
+is the complete formalisation and (mathematical) verification
+of a microkernel operating system called seL4.
+\begin{center}
+\url{http://sel4.systems}
+\end{center}
+\noindent In 2011 this work was included in the MIT Technology
+Review in the annual list of the world’s ten most important
+emerging
+technologies.\footnote{\url{http://www2.technologyreview.com/tr10/?year=2011}}
+While this work is impressive, its technical details are too
+enormous for an explanation here. Therefore let us look at
+something much simpler, namely finding out properties about
+programs using \emph{static analysis}.
+Static analysis is a technique that checks properties of a
+program without actually running the program. This should
+raise alarm bells with you---because almost all interesting
+properties about programs  are equivalent to the halting
+problem, which we know is undecidable. For example estimating
+the memory consumption of programs is in general undecidable,
+just like the halting problem. Static analysis circumvents
+this undecidability-problem by essentially allowing answers
+\emph{yes} and \emph{no}, but also \emph{don't know}. With
+this ``trick'' even the halting problem becomes
+decidable\ldots{}for example we could always say \emph{don't
+know}. Of course this would be silly. The point is that we
+should be striving for a method that answers as often as
+possible either \emph{yes} or \emph{no}---just in cases when
+it is too difficult we fall back on the
+\emph{don't-know}-answer. This might sound all like abstract
+nonsense. Therefore let us look at a concrete example.
+\subsubsection*{A Simple, Idealised Programming Language}
+Our starting point is a small, idealised programming language.
+It is idealised because we cut several corners in comparison
+with real programming languages. The language we will study
+contains, amongst other things, variables holding integers.
+Using static analysis, we want to find out what the sign of
+these integers (positive or negative) will be when the program
+runs. This sign-analysis seems like a very simple problem. But
+even such simple problems, if approached naively, are in
+general undecidable, just like Turing's halting problem. I let
+you think why?
+Is sign-analysis of variables an interesting problem? Well,
+yes---if a compiler can find out that for example a variable
+will never be negative and this variable is used as an index
+for an array, then the compiler does not need to generate code
+for an underflow-check. Remember some languages are immune to
+buffer-overflow attacks, but they need to add underflow and
+overflow checks everywhere. According to John Regher, an
+expert in the field of compilers, overflow checks can cause
+5-10\% slowdown, in some languages even 100\% for tight
+loops.\footnote{\url{http://blog.regehr.org/archives/1154}} If
+the compiler can omit the underflow check, for example, then
+this can potentially drastically speed up the generated code.
+What do programs in our simple programming language look like?
+The following grammar gives a first specification:
+\begin{multicols}{2}
+\begin{plstx}[rhs style=,one per line,left margin=9mm]
+: \meta{Stmt} ::= \meta{label} \texttt{:}
+| \meta{var} \texttt{:=} \meta{Exp}
+| \texttt{jmp?} \meta{Exp} \meta{label}
+| \texttt{goto} \meta{label}\\
+: \meta{Prog} ::= \meta{Stmt} \ldots{} \meta{Stmt}\\
+\end{plstx}
+\columnbreak
+\begin{plstx}[rhs style=,one per line]
+: \meta{Exp} ::= \meta{Exp} \texttt{+} \meta{Exp}
+| \meta{Exp} \texttt{*} \meta{Exp}
+| \meta{Exp} \texttt{=} \meta{Exp}
+| \meta{num}
+| \meta{var}\\
+\end{plstx}
+\end{multicols}
+\noindent I assume you are familiar with such
+grammars.\footnote{\url{http://en.wikipedia.org/wiki/Backus–Naur_Form}}
+There are three main syntactic categories: \emph{statments}
+and \emph{expressions} as well as \emph{programs}, which are
+sequences of statements. Statements are either labels,
+variable assignments, conditional jumps (\pcode{jmp?}) and
+unconditional jumps (\pcode{goto}). Labels are just strings,
+which can be used as the target of a jump. We assume that in
+every program the labels are unique---if there is a clash,
+then we do not know where to jump to. The conditional jumps
+and variable assignments involve (arithmetic) expressions.
+Expressions are either numbers, variables or compound
+expressions built up from \pcode{+}, \pcode{*} and \emph{=}
+(for simplicity reasons we do not consider any other
+operations). We assume we have negative and positive numbers,
+\ldots \pcode{-2}, \pcode{-1}, \pcode{0}, \pcode{1},
+\pcode{2}\ldots{} An example program that calculates the
+factorial of 5 is in our programming language as follows:
+\begin{lstlisting}[language={},xleftmargin=10mm]
+a := 1
+n := 5
+top:
+jmp? n = 0 done
+a := a * n
+n := n + -1
+goto top
+done:
+\end{lstlisting}
+\noindent As can be seen each line of the program contains a
+statement. In the first two lines we assign values to the
+variables \pcode{a} and \pcode{n}. In line 4 we test whether
+\pcode{n} is zero, in which case we jump to the end of the
+program marked with the label \pcode{done}. If \pcode{n} is
+not zero, we multiply the content of \pcode{a} by \pcode{n},
+decrease \pcode{n} by one and jump back to the beginning of
+the loop, marked with the label \pcode{top}. Another program
+in our language is shown in Figure~\ref{fib}. I let you think
+what it calculates.
+\begin{figure}[t]
+\begin{lstlisting}[numbers=none,
+language={},xleftmargin=10mm]
+n := 6
+m1 := 0
+m2 := 1
+loop:
+jmp? n = 0 done
+tmp := m2
+m2 := m1 + m2
+m1 := tmp
+n := n + -1
+goto top
+done:
+\end{lstlisting}
+\caption{A mystery program in our idealised programming language.
+Try to find out what it calculates! \label{fib}}
+\end{figure}
+Even if our language is rather small, it is still Turing
+complete---meaning quite powerful. However, discussing this
+fact in more detail would lead us too far astray. Clearly, our
+programming is rather low-level and not very comfortable for
+writing programs. It is inspired by real machine code, which
+is the code that is executed by a CPU. So a more interesting
+question is what is missing in comparison with real machine
+code? Well, not much\ldots{}in principle. Real machine code,
+of course, contains many more arithmetic instructions (not
+just addition and multiplication) and many more conditional
+jumps. We could add these to our language if we wanted, but
+complexity is really beside the point here. Furthermore, real
+machine code has many instructions for manipulating memory. We
+do not have this at all. This is actually a more serious
+simplification because we assume numbers to be arbitrary small
+or large, which is not the case with real machine code. In
+real machine code, basic number formats have a range and might
+over-flow or under-flow this range. Also the number of
+variables in our programs is potentially unlimited, while
+memory in an actual computer, of course, is always limited. To
+sum up, our language might look ridiculously simple, but it is
+not too far removed from practically relevant issues.
+\subsubsection*{An Interpreter}
+Designing a language is like playing god: you can say what
+names for variables you allow; what programs should look like;
+most importantly you can decide what each part of the program
+should mean and do. While our language is quite simple and the
+meaning of statements, for example, is rather straightforward,
+there are still places where we need to make real choices. For
+example consider the conditional jumps, say the one in the
+factorial program:
+\begin{center}
+\code{jmp? n = 0 done}
+\end{center}
+\noindent How should they work? We could introduce Booleans
+(\pcode{true} and \pcode{false}) and then jump only when the
+condition is \pcode{true}. However, since we have numbers in
+our language anyway, why not just encoding \pcode{true} as
+one, and \pcode{false} as zero? In this way we can dispense
+with the additional concept of Booleans.
+I hope the above discussion makes it already clear we need to
+be a bit more careful with our programs. Below we shall
+describe an interpreter for our programming language, which
+specifies exactly how programs are supposed to be
+run\ldots{}at least we will specify this for all \emph{good}
+programs. By good programs I mean where all variables are
+initialised, for example. Our interpreter will just crash if
+it cannot find out the value for a variable when it is not
+initialised. Also, we will assume that labels in good programs
+are unique, otherwise our programs will calculate ``garbage''.
+First we will pre-process our programs. This will simplify the
+definition of our interpreter later on. By pre-processing our
+programs we will transform programs into \emph{snippets}. A
+snippet is a label and all the code that comes after the
+label. This essentially means a snippet is a \emph{map} from
+labels to code.\footnote{Be sure you know what maps are. In a
+programming context they are often represented as association
+list where some data is associated with a key.}
+Given that programs are sequences (or lists) of statements, we
+can easily calculate the snippets by just traversing this
+sequence and recursively generating the map. Suppose a program
+is of the general form
+\begin{center}
+$stmt_1\;stmt_2\; \ldots\; stmt_n$
+\end{center}
+\noindent The idea is to go through this sequence of
+statements one by one and check whether they are a label. If
+yes, we add the label and the remaining statements to our map.
+If no, we just continue with the next statement. To come up
+with a recursive definition for generating snippets, let us
+write $[]$ for the program that does not contain any
+statement. Consider the following definition:
+\begin{center}
+\begin{tabular}{l@{\hspace{1mm}}c@{\hspace{1mm}}l}
+$\textit{snippets}([])$ & $\dn$ & $\varnothing$\\
+$\textit{snippets}(stmt\;\; rest)$ & $\dn$ &
+$\begin{cases}
+\textit{snippets}(rest)[label := rest] & \text{if}\;stmt = \textit{label:}\\
+\textit{snippets}(rest)                & \text{otherwise}
+\end{cases}$
+\end{tabular}
+\end{center}
+\noindent In the first clause we just return the empty map for
+the program that does not contain any statement. In the second
+clause, we have to distinguish the case where the first
+statement is a label or not. As said before, if not, then we
+just ``throw away'' the label and recursively calculate the
+snippets for the rest of the program (the otherwise clause).
+If yes, then we do the same, but also update the map so that
+$label$ now points to the rest of the statements (the if
+clause). This looks all realtively straightforward, but there
+is one small problem we need to overcome: our two programs
+shown so far have no label as \emph{entry point}---that is
+where the execution is supposed to start. We usually assume
+that the first statement will be run first. To make this the
+default, it is convenient if we add to all our programs a
+default label, say \pcode{""} (the empty string). With this we
+can define our pre-processing of programs as follows
+\begin{center}
+$\textit{preproc}(prog) \dn \textit{snippets}(\pcode{"":}\;\; prog)$
+\end{center}
+\noindent Let us see how this pans out in practice. If we
+pre-process the factorial program shown earlier, we obtain the
+following map:
+\begin{center}
+\small
+\lstset{numbers=none,
+language={},
+xleftmargin=0mm,
+aboveskip=0.5mm,
+belowskip=0.5mm,
+frame=single,
+framerule=0mm,
+framesep=0mm}
+\begin{tikzpicture}[node distance=0mm]
+\node (A1) [draw]{\pcode{""}};
+\node (B1) [right=of A1] {$\mapsto$};
+\node (C1) [right=of B1,anchor=north west] {
+\begin{minipage}{3.5cm}
+\begin{lstlisting}[language={},xleftmargin=0mm]
+a := 1
+n := 5
+top:
+jmp? n = 0 done
+a := a * n
+n := n + -1
+goto top
+done:
+\end{lstlisting}
+\end{minipage}};
+\node (A2) [right=of C1.north east,draw] {\pcode{top}};
+\node (B2) [right=of A2] {$\mapsto$};
+\node (C2) [right=of B2, anchor=north west] {
+\begin{minipage}{3.5cm}
+\begin{lstlisting}[language={},xleftmargin=0mm]
+jmp? n = 0 done
+a := a * n
+n := n + -1
+goto top
+done:
+\end{lstlisting}
+\end{minipage}};
+\node (A3) [right=of C2.north east,draw] {\pcode{done}};
+\node (B3) [right=of A3] {$\mapsto$};
+\node (C3) [right=of B3] {$[]$};
+\end{tikzpicture}
+\end{center}
+\noindent I highlighted the \emph{keys} in this map. Since
+there are three labels in the factorial program (remember we
+added \pcode{""}), there are three keys. When running the
+factorial program and encountering a jump, then we only have
+to consult this snippets-map in order to find out what the
+next statements should be.
+We should now be in the position to define how a program
+should be run. In the context of interpreters, this
+``running'' of programs is often called \emph{evaluation}. Let
+us start with the definition of how expressions are evaluated.
+A first attempt might be the following recursive function:
+\begin{center}
+\begin{tabular}{l@{\hspace{1mm}}c@{\hspace{1mm}}l}
+$\textit{eval\_exp}(\texttt{n})$ & $\dn$ & $n$
+\qquad\text{if}\; \texttt{n}\; \text{is a number like}
+\ldots \pcode{-2}, \pcode{-1}, \pcode{0}, \pcode{1},
+\pcode{2}\ldots{}\\
+$\textit{eval\_exp}(\texttt{e}_\texttt{1} \,\texttt{+}\,
+\texttt{e}_\texttt{2})$ &
+$\dn$ & $\textit{eval\_exp}(\texttt{e}_\texttt{1}) +
+\textit{eval\_exp}(\texttt{e}_\texttt{2})$\\
+$\textit{eval\_exp}(\texttt{e}_\texttt{1} \,\texttt{*}\,
+\texttt{e}_\texttt{2})$ &
+$\dn$ & $\textit{eval\_exp}(\texttt{e}_\texttt{1}) *
+\textit{eval\_exp}(\texttt{e}_\texttt{2})$\\
+$\textit{eval\_exp}(\texttt{e}_\texttt{1} \,\texttt{=}\,
+\texttt{e}_\texttt{2})$ &
+$\dn$ & $\begin{cases}
+1 & \text{if}\;\textit{eval\_exp}(\texttt{e}_\texttt{1}) =
+\textit{eval\_exp}(\texttt{e}_\texttt{2})\\
+0 & \text{otherwise}
+\end{cases}$
+\end{tabular}
+\end{center}
+\noindent While this should look all rather intuitive`, still
+be very careful. There is a subtlety which can be easily
+overlooked: The function \textit{eval\_exp} takes an
+expression of our programming language as input and returns a
+number as output. Therefore whenever we encounter a number in
+our program, we just return this number---this is defined in
+the first clause above. Whenever we encounter an addition,
+well then we first evaluate the left-hand side
+$\texttt{e}_\texttt{1}$ of the addition (this will give a
+number), then evaluate the right-hand side
+$\texttt{e}_\texttt{2}$ (this gives another number), and
+finally add both numbers together. Here is the subtlety: on
+the left-hand side of the $\dn$ we have a \texttt{+} (in the
+teletype font) which is the symbol for addition in our
+programming language. On the right-hand side we have $+$ which
+stands for the arithmetic operation from ``mathematics'' of
+adding two numbers. These are rather different concepts---one
+is a symbol (which we made up), and the other a mathematical
+operation. When we will have a look at an actual
+implementation of our interpreter, the mathematical operation
+will be the function for addition from the programming
+language in which we \underline{\smash{implement}} our
+interpreter. While the \texttt{+} is just a symbol that is
+used in our programming language. Clearly we have to use a
+symbol that is a good mnemonic for addition, otherwise we will
+confuse the programmers working with our language. Therefore
+we use $\texttt{+}$. A similar choice is made for times in the
+third clause and equality in the fourth clause.
+Remember I wrote at the beginning of this section about being
+god when designing a programming language. You can see this
+here: we need to give meaning to symbols. At the moment
+however, we are a poor fallible god. Look again at the grammar
+of our programming language and our definition. Clearly, an
+expression can contain variables. So far we have ignored them.
+What should our interpreter do with variables? They might
+change during the evaluation of a program. For example the
+variable \pcode{n} in the factorial program counts down from 5
+down to 0. How can we improve our definition above to give also
+an answer whenever our interpreter encounters a variable in an
+expression? The solution is to add an \emph{environment},
+written $env$, as an additional input argument to our
+\textit{eval\_exp} function.
+\begin{center}
+\begin{tabular}{l@{\hspace{1mm}}c@{\hspace{1mm}}l}
+$\textit{eval\_exp}(\texttt{n}, env)$ & $\dn$ & $n$
+\qquad\text{if}\; \texttt{n}\; \text{is a number like}
+\ldots \pcode{-2}, \pcode{-1}, \pcode{0}, \pcode{1},
+\pcode{2}\ldots{}\\
+$\textit{eval\_exp}(\texttt{e}_\texttt{1} \,\texttt{+}\,
+\texttt{e}_\texttt{2}, env)$ &
+$\dn$ & $\textit{eval\_exp}(\texttt{e}_\texttt{1}, env) +
+\textit{eval\_exp}(\texttt{e}_\texttt{2}, env)$\\
+$\textit{eval\_exp}(\texttt{e}_\texttt{1} \,\texttt{*}\,
+\texttt{e}_\texttt{2}, env)$ &
+$\dn$ & $\textit{eval\_exp}(\texttt{e}_\texttt{1}, env) *
+\textit{eval\_exp}(\texttt{e}_\texttt{2}, env)$\\
+$\textit{eval\_exp}(\texttt{e}_\texttt{1} \,\texttt{=}\,
+\texttt{e}_\texttt{2}, env)$ &
+$\dn$ & $\begin{cases}
+1 & \text{if}\;\textit{eval\_exp}(\texttt{e}_\texttt{1}, env) =
+\textit{eval\_exp}(\texttt{e}_\texttt{2}, env)\\
+0 & \text{otherwise}
+\end{cases}$\\
+$\textit{eval\_exp}(\texttt{x}, env)$ & $\dn$ & $env(x)$
+\end{tabular}
+\end{center}
+\noindent This environment $env$ also acts like a map: it
+associates variables with their current values. For example
+after evaluating the first two lines in our factorial
+program, such an environment might look as follows
+\begin{center}
+\begin{tabular}{ll}
+$\fbox{\texttt{a}} \mapsto \texttt{1}$ &
+$\fbox{\texttt{n}} \mapsto \texttt{5}$
+\end{tabular}
+\end{center}
+\noindent Again I highlighted the keys. In the clause for
+variables, we can therefore consult this environment and
+return whatever value is currently stored for this variable.
+This is written $env(x)$---meaning we query this map with $x$
+we obtain the corresponding number. You might ask what happens
+if an environment does not contain any value for, say, the
+variable $x$? Well, then our interpreter just ``crashes'', or
+more precisely will raise an exception. In this case we have a
+``bad'' program that tried to use a variable before it was
+initialised. The programmer should not have done this. In a
+real programming language, we would of course try a bit harder
+and for example give an error at compile time, or design our
+language in such a way that this can never happen. With the
+second version of \textit{eval\_exp} we completed our
+definition for evaluating expressions.
+Next comes the evaluation function for statements. We define
+this function in such a way that we recursively evaluate a
+whole sequence of statements. Assume a program $p$ (you want
+to evaluate) and its pre-processed snippets $sn$. Then we can
+define:
+\begin{center}
+\begin{tabular}{@{}l@{\hspace{1mm}}c@{\hspace{1mm}}l@{}}
+$\textit{eval\_stmts}([], env)$ & $\dn$ & $env$\\
+$\textit{eval\_stmts}(\texttt{label:}\;rest, env)$ &
+$\dn$ & $\textit{eval\_stmts}(rest, env)$ \\
+$\textit{eval\_stmts}(\texttt{x\,:=\,e}\;rest, env)$ &
+$\dn$ & $\textit{eval\_stmts}(rest,
+env[x := \textit{eval\_exp}(\texttt{e}, env)])$\\
+$\textit{eval\_stmts}(\texttt{goto\,lbl}\;rest, env)$
+& $\dn$ & $\textit{eval\_stmts}(sn(\texttt{lbl}), env)$\\
+$\textit{eval\_stmts}(\texttt{jmp?\,e\,lbl}\;rest, env)$
+& $\dn$ & $\begin{cases}\begin{array}{@{}l@{\hspace{-12mm}}r@{}}
+\textit{eval\_stmts}(sn(\texttt{lbl}), env)\\
+& \text{if}\;\textit{eval\_exp}(\texttt{e}, env) = 1\\
+\textit{eval\_stmts}(rest, env) & \text{otherwise}\\
+\end{array}\end{cases}$
+\end{tabular}
+\end{center}
+\noindent The first clause is for the empty program, or when
+we arrived at the end of the program. In this case we just
+return the environment. The second clause is for when the next
+statement is a label. That means the program is of the form
+$\texttt{label:}\;rest$ where the label is some string and
+$rest$ stands for all following statements. This case is easy,
+because our evaluation function just discards the label and
+evaluates the rest of the statements (we already extracted all
+important information about labels when we pre-processed our
+programs and generated the snippets). The third clause is for
+variable assignments. Again we just evaluate the rest for the
+statements, but with a modified environment---since the
+variable assignment is supposed to introduce a new variable or
+change the current value of a variable. For this modification
+of the environment we first evaluate the expression
+$\texttt{e}$ using our evaluation function for expressions.
+This gives us a number. Then we assign this number to the
+variable $x$ in the environment. This modified environment
+will be used to evaluate the rest of the program. The fourth
+clause is for the unconditional jump to a label, called
+\texttt{lbl}. That means we have to look up in our snippets
+map $sn$ what are the next statements for this label.
+Therefore we will continue with evaluating, not with the rest
+of the program, but with the statements stored in the
+snippets-map under the label $\texttt{lbl}$. The fifth clause
+for conditional jumps is similar, but to decide whether to
+make the jump we first need to evaluate the expression
+$\texttt{e}$ in order to find out whether it is $1$. If yes,
+we jump, otherwise we just continue with evaluating the rest
+of the program.
+Our interpreter works in two stages: First we pre-process our
+program generating the snippets map $sn$, say. Second we call
+the evaluation function with the default entry point and the
+empty environment:
+\begin{center}
+$\textit{eval\_stmts}(sn(\pcode{""}), \varnothing)$
+\end{center}
+\noindent It is interesting to note that our interpreter when
+it comes to the end of the program returns an environment. Our
+programming language does not contain any constructs for input
+and output. Therefore this environment is the only effect we
+can observe when running the program (apart from that our
+interpreter might need some time before finishing the
+evaluation of the program and the CPU getting hot). Evaluating
+the factorial program with our interpreter we receive as
+``answer''-environment
+\begin{center}
+\begin{tabular}{ll}
+$\fbox{\texttt{a}} \mapsto \texttt{120}$ &
+$\fbox{\texttt{n}} \mapsto \texttt{0}$
+\end{tabular}
+\end{center}
+\noindent While the discussion above should have illustrated
+the ideas, in order to do some serious calculations, we clearly
+need to implement the interpreter.
+\subsubsection*{Scala Code for the Interpreter}
+Functional programming languages are very convenient for
+implementations of interpreters. A good choice for a
+functional programming language is Scala, a programming
+language that combines functional and object-oriented
+pro\-gramming-styles. It has received in the last five years or
+so quite a bit of attention. One reason for this attention is
+that, like the Java programming language, Scala compiles to
+the Java Virtual Machine (JVM) and therefore Scala programs
+can run under MacOSX, Linux and Windows.\footnote{There are
+also experimental backends for Android and JavaScript.} Unlike
+Java, however, Scala often allows programmers to write very
+concise and elegant code. Some therefore say Scala is the much
+better Java. A number of companies, The Guardian, Twitter,
+Coursera, FourSquare, LinkedIn to name a few, either use Scala
+exclusively in production code, or at least to some
+substantial degree. If you want to try out Scala yourself, the
+Scala compiler can be downloaded from
+\begin{quote}
+\url{http://www.scala-lang.org}
+\end{quote}
+Let us have a look at the Scala code shown in
+Figure~\ref{code}. It shows the entire code for the
+interpreter, though the implementation is admittedly no
+frills.
+\begin{figure}[t]
+\small
+\lstinputlisting[language=Scala]{../progs/inter.scala}
+\caption{The entire code of the interpreter for our
+idealised programming language.\label{code}}
+\end{figure}
+\subsubsection*{Static Analysis}
+Finally we can come back to our original problem, namely
+finding out what the signs of variables are
+\begin{center}
+\end{center}
+\end{document}
+%% list of static analysers for C
+http://spinroot.com/static/index.html
+%% NASA coding rules for C
+http://pixelscommander.com/wp-content/uploads/2014/12/P10.pdf
+%%% Local Variables:
+%%% mode: latex
+%%% TeX-master: t
+%%% End:

changeset 539	ed8f014217be
child 677	decfd8cf8180