Journal of KIISE:Software and Applications (한국정보과학회논문지:소프트웨어및응용)

Korean Institute of Information Scientists and Engineers (한국정보과학회)
권호 표지

A Static Analyzer for Detecting Memory Leaks based on Procedural Summary

함수 요약에 기반한 메모리 누수 정적 탐지기

  • 정영범 (서울대학교 컴퓨터공학부) ;
  • 이광근 (서울대학교 컴퓨터공학부)
  • Published : 2009.07.15
Download PDF
⟨ Previous Next ⟩

Abstract

We present a static analyzer that detects memory leaks in C programs. It achieves relatively high accuracy at a relatively low cost on SPEC2000 benchmarks and several open-source software packages, demonstrating its practicality and competitive edge against other reported analyzers: for a set of benchmarks totaling 1,777 KLOCs, it found 332 bugs with 47 additional false positives (a 12.4% false-positive ratio), and the average analysis speed was 720 LOC/sec. We separately analyze each procedure's memory behavior into a summary that is used in analyzing its call sites. Each procedural summary is parameterized by the procedure's call context so that it can be instantiated at different call sites. What information to capture in each procedural summary has been carefully tuned so that the summary should not lose any common memory-leak-related behaviors in real-world C program. Because each procedure is summarized by conventional fixpoint iteration over the abstract semantics ('a la abstract interpretation), the analyzer naturally handles arbitrary call cycles from direct or indirect recursive calls.

C프로그램에서 발생할 수 있는 메모리 누수(memory leaks)를 실행 전에 찾아 주는 분석기를 제안한다. 이 분석기는 SPEC2000 벤치마크 프로그램과 여러 오픈 소스 프로그램들에 적용시킨 결과 다른 분석기에 비해 상대적으로 뛰어난 성능을 보여준다. 총 1,777 KLOC의 프로그램에서 332개의 메모리 누수 오류를 찾아냈으며 이 때 발생한 허위 경보(false positive)는 47개에 불과하다(12.4%의 허위 경보율). 이분석기는 초당720 LOC를 분석한다. 각각의 함수들이 하는 일을 요약하여 그 함수들이 불려지는 곳에서 사용함으로써 모든 함수에 대해 단 한번의 분석만을 실행한다. 각각의 함수 요약(procedural summary)은 잘 매개화 되어 함수가 불려질 때의 상황에 맞게 적용할 수 있다. 실제 프로그램들에 적용하고 피드백 받는 방법을 통해 함수가 하는 일중에 메모리 누수를 찾는데 효과적인 정보들만으로 추리는 과정을 거쳤다. 분석은 요약 해석(abstract interpretation)에 기반하였기 때문에 C의 여러 문법 구조와 순환 호출 (recursive call), 루프(loop)등은 고정점 연산(fixpoint iteration)을 통해 자연스럽게 해결한다.

Keywords

References

  1. Sigmund Cherem, Lonnie Princehouse, and Radu Rugina, Practical Memory Leak Detection Using Guarded Value-flow Analysis, SIGPLAN 2007 https://doi.org/10.1145/1250734.1250789
  2. Yichen Xie and Alex Aiken, Context- and Pathsensitive Memory Leak Detection, In ESEC/FSE-13: Proceedings of the 10th European Software Engineering Conference held jointly with 13th ACM SIGSOFT international symposium on Foundations of Software Engineering, pp.115-125, New York, NY, USA, 2005. ACM https://doi.org/10.1145/1095430.1081728
  3. David, L. Heine and Monica, S. Lam, A Practical Flow-sensitive and Context-sensitive C and C++ Memory Leak Detector, In Proceedings of the ACM SIGPLAN 2004 Conference on Programming Language Design and Implementation, pp.168-181, 2003 https://doi.org/10.1145/781131.781150
  4. M. Orlovich and R. Rugina, Memory Leak Analysis by Contradiction, In SAS 2006: 13th Annual International Static Analysis Symposium, Lecture Notes in Computer Science, Springer, 2006
  5. Patrick Cousot and Radhia Cousot, Abstract Interpretation: A Unified Lattice Model for Static Analysis of Programs by Construction or Approximation of Fixpoints, In Proceddings of ACM Symposium on Principles of Programming Languages, pp.238-252, January 1977 https://doi.org/10.1145/512950.512973
  6. Bruno Blanchet, Patrick Cousot, Radhia Cousot, Jerome Feret, Laurent Mauborgne, Antoine Mine, David Monniaux, and Xavier Rival, A static analyzer for large safety-critical software, In PLDI'03: Proceedings of the ACM SIGPLAN 2003 conference on Programming Language Design and Implementation, pp.196-207, New York, NY, USA, 2003. ACM Press
  7. J. Reynolds, Separation Logic: A Logic for Shared Mutable Data Structures, In Proceedings of the 17th Annual IEEE Symposium on Logic in Computer Science, 2002 https://doi.org/10.1109/LICS.2002.1029817
  8. Cristiano Calcagno, Dino Distefano, Peter O'hearn, and Hongseok Yang, Footprint Analysis: A Shape Analysis That Discovers Preconditions, In SAS 2007: 14th Annual International Static Analysis Symposium, Lecture Notes in Computer Science, Springer, 2007 https://doi.org/10.1007/978-3-540-74061-2_25
  9. Erick M. Nystrom, H.-S. Kim, and Wen mei W. Hwu, Bottom-up and Top-down Context-sensitive Summary-based Pointer Analysis, In the proceeding of the 11th Annual International Static Analysis Symposium, Lecture Notes in Computer Science. Springer, 2006
  10. John Whaley and Martin Rinard, Compositional Pointer and Escape Analysis for Java Programs, In Proceddings of ACM SIGPLAN Conference on Object-oriented Programming, Systems, Languages, and Applications, pp.187-206, 1999 https://doi.org/10.1145/320385.320400
  11. David L. Heine and Monica S. Lam, Static Detection of Leaks in Polymorphic Containers. In ICSE'06: Proceeding of the 28th international conference on Software Engineering, pp.252-261, New York, ACM Press https://doi.org/10.1145/1134285.1134321
  12. Yichen Xie and Alex Aiken, Scalable Error Detection Using Boolean Satisfiability, In POPL'05: Proceedings of the 32nd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pp.351-363, New York, NY, USA, 2005. ACM https://doi.org/10.1145/1047659.1040334
  13. M. Das, S. Lerner, and M. Seigle, ESP: Pathsensitive program verification in polynomial time, In Proc. Conference on Programming Language Design and Implementation, pp.57-68, 2002 https://doi.org/10.1145/512529.512538
  14. Manuvir Das, Sorin Lerner, and Mark Seigle, ESP: Path-sensitive Program Verification in Polynomial Time, In Proceedings of the ACM SIGPLAN 2002 Conference on Programming Language Design and Implementation, pp.57-68, June 2002 https://doi.org/10.1145/512529.512538
  15. David Evans, Static Detection of Dynamic Memory Errors, In Proceedings of the ACM SIGPLAN 1996 Conference on Programming Language Design and Implementation, pp.44-53, May 1996 https://doi.org/10.1145/249069.231389