skip to main content
article

HeapMD: identifying heap-based bugs using anomaly detection

Published:20 October 2006Publication History
Skip Abstract Section

Abstract

We present the design, implementation, and evaluation of HeapMD, a dynamic analysis tool that finds heap-based bugs using anomaly detection. HeapMD is based upon the observation that, in spite of the evolving nature of the heap, several of its properties remain stable. HeapMD uses this observation in a novel way: periodically, during the execution of the program, it computes a suite of metrics which are sensitive to the state of the heap. These metrics track heap behavior, and the stability of the heap reflects quantitatively in the values of these metrics. The "normal" ranges of stable metrics, obtained by running a program on multiple inputs, are then treated as indicators of correct behaviour, and are used in conjunction with an anomaly detector to find heap-based bugs. Using HeapMD, we were able to find 40 heap-based bugs, 31 of them previously unknown, in 5 large, commercial applications.

References

  1. ARNOLD, M., AND RYDER, B.G. A framework for reducing the cost of instrumented code. In Proc. PLDI (May 2001), ACM, pp. 168--179. Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. BUSH, W., PINCUS, J.D., AND SIELAFF, D.J. A static analyzer for finding dynamic programming errors. Software-Practice and Experience 30, 7 (2000), 775--802. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. CHILIMBI, T.M., AND HAUSWIRTH, M. Low-overhead memory leak detection using adaptive statistical profiling. In Proc. ASPLOS (October 2004), ACM, pp. 156--164. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. DEMSKY, B., AND RINARD, M. Role-based exploration of objectoriented programs. In Proc. ICSE (May 2002), IEEE/ACM, pp. 313--334. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. DEMSKY, B., AND RINARD, M. Automatic detection and repair of errors in data structures. In Proc. OOPSLA (October 2003), ACM, pp. 78--95. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. DING, C., AND ZHONG, Y. Predicting whole-program locality with reuse distance analysis. In Proc. PLDI (June 2003), ACM, pp. 245--257. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. EDWARDS, A., SRIVASTAVA, A., AND VO, H. Vulcan: Binary transformation in a distributed environment. Tech. Rep. 2001-50, Microsoft Research, April 2001.Google ScholarGoogle Scholar
  8. ERNST, M.D. Dynamically Discovering Likely Program Invariants. PhD thesis, University of Washington, Seattle, WA, August 2000. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. GHIYA, R., AND HENDREN, L. Is it a Tree, a DAG or a Cyclic Graph? A shape analysis for heap-directed pointers in C. In Proc. POPL (January 1996), ACM, pp. 1--15. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. HACKETT, B., AND RUGINA, R. Region-based shape analysis with tracked locations. In Proc. POPL (January 2005), ACM, pp. 310--323. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. HANGAL, S., AND LAM, M.S. Tracking down software bugs using automatic anomaly detection. In Proc. ICSE (May 2002), IEEE/ACM, pp. 291--301. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. HASTINGS, R., AND JOYCE, B. Purify: Fast detection of memory leaks and access errors. In Winter USENIX Conference (January 1992).Google ScholarGoogle Scholar
  13. HIRZEL, M., AND CHILIMBI, T.M. Bursty tracing: A framework for low-overhead temporal profiling. In Proc. Wkshp. on Feedback-Directed and Dynamic Optimization (December 2001).Google ScholarGoogle Scholar
  14. HIRZEL, M., HENKEL, J., DIWAN, A., AND HIND, M. Understanding the connectivity of heap objects. In Proc. ISMM (June 2002), ACM, pp. 143--156. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. KREMENEK, T., ASHCRAFT, K., YANG, J., AND ENGLER, D. Correlation exploitation in error ranking. In Proc. SIGSOFT FSE (November 2004), ACM, pp. 83--93. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. KREMENEK, T., AND ENGLER, D. Z-Ranking: Using statistical analysis to counter the impact of static analysis approximations. In Proc. Intl. Static Analysis Symp. (SAS) (June 2003), pp. 295--315. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. LI, Z., LU, S., MYAGMAR, S., AND ZHOU, Y. Cp-miner: A tool for finding copy-paste and related bugs in operating system code. In Proc. OSDI (Dec. 2004), ACM/USENIX, pp. 289--302. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. LIBLIT, B., AIKEN, A., ZHENG, A.X., AND JORDAN, M.I. Bug isolation via remote program sampling. In Proc. PLDI (June 2003), ACM, pp. 141--154. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. NETHERCOTE, N., AND SEWARD, J. Valgrind: A program supervision framework. Elec. Notes in Theor. Comp. Sci. (ENTCS) 89, 2 (2003).Google ScholarGoogle ScholarCross RefCross Ref
  20. QADEER, S., AND LAHIRI, S. Verifying properties of well-founed linked lists. In Proc. POPL (Jan. 2006), ACM. Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. QIN, F., TUCEK, J., SUNDARESAN, J., AND ZHOU, Y. Rx: Treating bugs as allergies-a safe method to survive software failures. In Proc. SOSP (Oct 2005), ACM, pp. 235--248. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. RINARD, M., CADAR, C., DUMITRAN, D., ROY, D., LEU, T., AND BEEBEE, W. Enhancing server availability and security through failure-oblivious computing. In Proc. OSDI (December 2004), pp. 303--316. Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. RUBIN, S., BODIK, R., AND CHILIMBI, T.M. An efficient profileanalysis framework for data-layout optimizations. In Proc. POPL (January 2002), ACM, pp. 140--153. Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. SAGIV, M., REPS, T.W., AND WILHELM, R. Parametric shape analysis via 3-valued logic. ACM TOPLAS 24, 3 (May 2002), 217--298. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. SEKAR, R., BENDRE, M., DHURJATI, D., AND BOLLINENI, P. A fast automaton-based method for detecting anomalous program behaviors. In Symp. on Security and Privacy (May 2001), IEEE, pp. 144--155. Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. SHEN, X., ZHONG, Y., AND DING, C. Locality phase prediction. In Proc. ASPLOS (October 2004), ACM, pp. 165--176. Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. SHERWOOD, T., PERELMAN, E., HAMERLY, G., AND CALDER, B. Automatically characterizing large scale program behaviour. In Proc. ASPLOS (October 2002), ACM, pp. 45--57. Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. SHERWOOD, T., SAIR, S., AND CALDER, B. Phase tracking and prediction. In Proc. ISCA (June 2003), pp. 288--299. Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. WAGNER, D., AND DEAN, D. Intrusion detection via static analysis. In Symp. on Security and Privacy (May 2001), IEEE, pp. 156--169. Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. YAHAV, E., AND RAMALINGAM, G. Verifying safety properties using separation and heterogenous abstractions. In Proc. PLDI (June 2004), ACM, pp. 25--34. Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. ZHOU, P., LIU, W., LONG, F., LU, S., QIN, F., ZHOU, Y., MIDKIFF, S., AND TORRELLAS, J. AccMon: Automatically detecting memoryrelated bugs via program counter-based invariants. In Proc. MICRO (December 2004), IEEE/ACM, pp. 269--280. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. HeapMD: identifying heap-based bugs using anomaly detection

    Recommendations

    Comments

    Login options

    Check if you have access through your login credentials or your institution to get full access on this article.

    Sign in

    Full Access

    • Published in

      cover image ACM SIGARCH Computer Architecture News
      ACM SIGARCH Computer Architecture News  Volume 34, Issue 5
      Proceedings of the 2006 ASPLOS Conference
      December 2006
      425 pages
      ISSN:0163-5964
      DOI:10.1145/1168919
      Issue’s Table of Contents
      • cover image ACM Conferences
        ASPLOS XII: Proceedings of the 12th international conference on Architectural support for programming languages and operating systems
        October 2006
        440 pages
        ISBN:1595934510
        DOI:10.1145/1168857

      Copyright © 2006 ACM

      Publisher

      Association for Computing Machinery

      New York, NY, United States

      Publication History

      • Published: 20 October 2006

      Check for updates

      Qualifiers

      • article

    PDF Format

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader
    About Cookies On This Site

    We use cookies to ensure that we give you the best experience on our website.

    Learn more

    Got it!