Lua Implementation Verification

lua-users home
wiki

This page concerns validating the correctness of the Lua implementation by various [program analysis] techniques. For validation of your own Lua script code, see ProgramAnalysis instead.

Debugging macros in the source

See LUA_USE_APICHECK and lua_assert macros in the source code.

Testing suites

See UnitTesting, which links to test suites for Lua 5.0 - 5.2beta.

Valgrid

Various people have used tools like Valgrid for dynamic analysis ([search lua-l]).

Gimpel PC lint

Here's an initial set of definitions to lint Lua with [Gimpel PC-lint]. Many improvements could be made. Unfortunately, Lua's source code with all its casting and things make linting a challenge, and doing this effectively likely requires many changes to the source code.

// lua.lnt
// gimpel lint 9.00h on Lua 5.2.0rc1.
// David Manura, 2011-11.

// safe to ignore
-e537 // repeated include file (superfluous warnings)
-e801 // use of goto is deprecated
-e834 // operator '-' followed by operator '+' is confusing.  Use parentheses.
-esym(438,argp) // last value assigned to variable not used (debug.c vararg)
-esym(123,gch,luai_num*,luaL_checkint) // macro defined with arguments
-esym(750,LUA_LIB) // local macro not referenced
-esym(750,l*_c) // local macro not referenced
-e845 // the right argument to operator is certain to  be 0
-e778 // constant expression evaluates to 0 in operation
-e835 // a zero has been given as right argument to operator
-e730 // boolean argument to function

// functions that don't return
-sem(cannot, r_no)
-sem(luaL_error, r_no)
-sem(luaL_argerror, r_no)
-sem(luaX_syntaxerror, r_no)
-sem(tag_error, r_no)
-sem(error_expected, r_no)
-sem(errorlimit, r_no)
-sem(escerror, r_no)
-sem(fileerror, r_no)
-sem(lexerror, r_no)
-sem(semerror, r_no)
-sem(typeerror, r_no)
// all below are marked 'l_noret' in the code
-sem(luaD_throw, r_no)
-sem(luaB_error, r_no)
-sem(luaG_typeerror, r_no)
-sem(luaG_concaterror, r_no)
-sem(luaG_aritherror, r_no)
-sem(luaG_ordererror, r_no)
-sem(luaG_errormsg, r_no)
-sem(luaG_runerror, r_no)
-sem(resume_error, r_no)


-esym(767,setnvalue,TValuefields,NILCONSTANT,numfield,
          val_,num_,rttype,ttisnumber,ttisequal,checktag,settt_,setobj)
          // macro defined differently in another module
          // http://lua-users.org/lists/lua-l/2011-10/msg00007.html
-e546 // suspicious use of &

// check these later (these are numerous)
-e534 // ignoring return value of function
-e648 // overflow in computing constant for operation
-e508 // extern used with definition
-e641 // converting enum to int
-e679 // suspicious truncation in arithmetic expression
-e818 // Pointer parameter could be declared as pointing to const
-e826 // suspicious pointer-to-pointer conversion
-e661 // possible access of out-of-bounds pointer
-e662 // possible creation of out-of-bounds pointer
-e613 // possible use of null pointer
-e416 // likely creation of out-of-bounds pointer
-e420 // apparent access beyond array for function
-e670 // possible access beyond array for function
-e669 // possible data overrun for function
-e419 // apparent data overrun for function
-e415 // likely access of out-of-bounds pointer
-e732 // loss of sign
-e737 // loss of sign in promotion
-e506 // constant value Boolean
// note: other warnings (less numerous) also remain

// Avoids assembly code not understood by lint (MS_ASMTRICK)
-u_M_IX86  // WARNING: undefining this causes problems in setjmp.h

-esym(750, _FILE_OFFSET_BITS) // local macro not referenced
   // This macro not used on non-POSIX systems

// TO FIX
-esym(760,LUA_FILEHANDLE)
/*
#define LUA_FILEHANDLE		"FILE*"
src\lualib.h(15) : Info 760: Redundant macro 'LUA_FILEHANDLE' defined
    identically at line 183, file src\lauxlib.h, module src\lauxlib.c
src\lauxlib.h(183) : Info 830: Location cited in prior message
*/


//-passes(3)

-header(lint.h)

src/lapi.c
src/lauxlib.c
src/lbaselib.c
src/lbitlib.c
src/lcode.c
src/lcorolib.c
src/lctype.c
src/ldblib.c
src/ldebug.c
src/ldo.c
src/ldump.c
src/lfunc.c
src/lgc.c
src/linit.c
src/liolib.c
src/llex.c
src/lmathlib.c
src/lmem.c
src/loadlib.c
src/lobject.c
src/lopcodes.c
src/loslib.c
src/lparser.c
src/lstate.c
src/lstring.c
src/lstrlib.c
src/ltable.c
src/ltablib.c
src/ltm.c
src/lua.c
src/luac.c
src/lundump.c
src/lvm.c
src/lzio.c

.

//lint.h

//lint -sem(myexit, r_no)
extern int myexit(void);
#define LUA_LINT_FALLTHROUGH /*lint -fallthrough*/
  // NOTE: edit the Lua source code to add this macro at the end of
  // switch cases labeled "/* go through */"
#define lua_assert(p) ((p) ? 0 : myexit())

#define LUA_LINT_UNREACHABLE /*lint --e{527} */
  // NOTE: edit the Lua source code to add this macro at end of
  // all lines that are unreachable

#define LUA_LINT_LOOPVARCHANGED(x) /*lint --e{850} */
  // NOTE: edit the Lua source to add add this macro inside any
  // loop that modifies variable x.

.

usage: lint lua.lnt

Lua Manual (HTML) validation

The Lua manual in HTML format can be checked in tools like the [w3c validator]. grep techniques can also be helpful.

Formal verification techniques

Has anyone tried this? [1]


RecentChanges · preferences
edit · history
Last edited November 25, 2011 3:14 am GMT (diff)