Abstract
We present the design, implementation, and evaluation of HeapMD, a dynamic analysis tool that finds heap-based bugs using anomaly detection. HeapMD is based upon the observation that, in spite of the evolving nature of the heap, several of its properties remain stable. HeapMD uses this observation in a novel way: periodically, during the execution of the program, it computes a suite of metrics which are sensitive to the state of the heap. These metrics track heap behavior, and the stability of the heap reflects quantitatively in the values of these metrics. The "normal" ranges of stable metrics, obtained by running a program on multiple inputs, are then treated as indicators of correct behaviour, and are used in conjunction with an anomaly detector to find heap-based bugs. Using HeapMD, we were able to find 40 heap-based bugs, 31 of them previously unknown, in 5 large, commercial applications.
- ARNOLD, M., AND RYDER, B.G. A framework for reducing the cost of instrumented code. In Proc. PLDI (May 2001), ACM, pp. 168--179. Google Scholar
Digital Library
- BUSH, W., PINCUS, J.D., AND SIELAFF, D.J. A static analyzer for finding dynamic programming errors. Software-Practice and Experience 30, 7 (2000), 775--802. Google Scholar
Digital Library
- CHILIMBI, T.M., AND HAUSWIRTH, M. Low-overhead memory leak detection using adaptive statistical profiling. In Proc. ASPLOS (October 2004), ACM, pp. 156--164. Google Scholar
Digital Library
- DEMSKY, B., AND RINARD, M. Role-based exploration of objectoriented programs. In Proc. ICSE (May 2002), IEEE/ACM, pp. 313--334. Google Scholar
Digital Library
- DEMSKY, B., AND RINARD, M. Automatic detection and repair of errors in data structures. In Proc. OOPSLA (October 2003), ACM, pp. 78--95. Google Scholar
Digital Library
- DING, C., AND ZHONG, Y. Predicting whole-program locality with reuse distance analysis. In Proc. PLDI (June 2003), ACM, pp. 245--257. Google Scholar
Digital Library
- EDWARDS, A., SRIVASTAVA, A., AND VO, H. Vulcan: Binary transformation in a distributed environment. Tech. Rep. 2001-50, Microsoft Research, April 2001.Google Scholar
- ERNST, M.D. Dynamically Discovering Likely Program Invariants. PhD thesis, University of Washington, Seattle, WA, August 2000. Google Scholar
Digital Library
- GHIYA, R., AND HENDREN, L. Is it a Tree, a DAG or a Cyclic Graph? A shape analysis for heap-directed pointers in C. In Proc. POPL (January 1996), ACM, pp. 1--15. Google Scholar
Digital Library
- HACKETT, B., AND RUGINA, R. Region-based shape analysis with tracked locations. In Proc. POPL (January 2005), ACM, pp. 310--323. Google Scholar
Digital Library
- HANGAL, S., AND LAM, M.S. Tracking down software bugs using automatic anomaly detection. In Proc. ICSE (May 2002), IEEE/ACM, pp. 291--301. Google Scholar
Digital Library
- HASTINGS, R., AND JOYCE, B. Purify: Fast detection of memory leaks and access errors. In Winter USENIX Conference (January 1992).Google Scholar
- HIRZEL, M., AND CHILIMBI, T.M. Bursty tracing: A framework for low-overhead temporal profiling. In Proc. Wkshp. on Feedback-Directed and Dynamic Optimization (December 2001).Google Scholar
- HIRZEL, M., HENKEL, J., DIWAN, A., AND HIND, M. Understanding the connectivity of heap objects. In Proc. ISMM (June 2002), ACM, pp. 143--156. Google Scholar
Digital Library
- KREMENEK, T., ASHCRAFT, K., YANG, J., AND ENGLER, D. Correlation exploitation in error ranking. In Proc. SIGSOFT FSE (November 2004), ACM, pp. 83--93. Google Scholar
Digital Library
- KREMENEK, T., AND ENGLER, D. Z-Ranking: Using statistical analysis to counter the impact of static analysis approximations. In Proc. Intl. Static Analysis Symp. (SAS) (June 2003), pp. 295--315. Google Scholar
Digital Library
- LI, Z., LU, S., MYAGMAR, S., AND ZHOU, Y. Cp-miner: A tool for finding copy-paste and related bugs in operating system code. In Proc. OSDI (Dec. 2004), ACM/USENIX, pp. 289--302. Google Scholar
Digital Library
- LIBLIT, B., AIKEN, A., ZHENG, A.X., AND JORDAN, M.I. Bug isolation via remote program sampling. In Proc. PLDI (June 2003), ACM, pp. 141--154. Google Scholar
Digital Library
- NETHERCOTE, N., AND SEWARD, J. Valgrind: A program supervision framework. Elec. Notes in Theor. Comp. Sci. (ENTCS) 89, 2 (2003).Google Scholar
Cross Ref
- QADEER, S., AND LAHIRI, S. Verifying properties of well-founed linked lists. In Proc. POPL (Jan. 2006), ACM. Google Scholar
Digital Library
- QIN, F., TUCEK, J., SUNDARESAN, J., AND ZHOU, Y. Rx: Treating bugs as allergies-a safe method to survive software failures. In Proc. SOSP (Oct 2005), ACM, pp. 235--248. Google Scholar
Digital Library
- RINARD, M., CADAR, C., DUMITRAN, D., ROY, D., LEU, T., AND BEEBEE, W. Enhancing server availability and security through failure-oblivious computing. In Proc. OSDI (December 2004), pp. 303--316. Google Scholar
Digital Library
- RUBIN, S., BODIK, R., AND CHILIMBI, T.M. An efficient profileanalysis framework for data-layout optimizations. In Proc. POPL (January 2002), ACM, pp. 140--153. Google Scholar
Digital Library
- SAGIV, M., REPS, T.W., AND WILHELM, R. Parametric shape analysis via 3-valued logic. ACM TOPLAS 24, 3 (May 2002), 217--298. Google Scholar
Digital Library
- SEKAR, R., BENDRE, M., DHURJATI, D., AND BOLLINENI, P. A fast automaton-based method for detecting anomalous program behaviors. In Symp. on Security and Privacy (May 2001), IEEE, pp. 144--155. Google Scholar
Digital Library
- SHEN, X., ZHONG, Y., AND DING, C. Locality phase prediction. In Proc. ASPLOS (October 2004), ACM, pp. 165--176. Google Scholar
Digital Library
- SHERWOOD, T., PERELMAN, E., HAMERLY, G., AND CALDER, B. Automatically characterizing large scale program behaviour. In Proc. ASPLOS (October 2002), ACM, pp. 45--57. Google Scholar
Digital Library
- SHERWOOD, T., SAIR, S., AND CALDER, B. Phase tracking and prediction. In Proc. ISCA (June 2003), pp. 288--299. Google Scholar
Digital Library
- WAGNER, D., AND DEAN, D. Intrusion detection via static analysis. In Symp. on Security and Privacy (May 2001), IEEE, pp. 156--169. Google Scholar
Digital Library
- YAHAV, E., AND RAMALINGAM, G. Verifying safety properties using separation and heterogenous abstractions. In Proc. PLDI (June 2004), ACM, pp. 25--34. Google Scholar
Digital Library
- ZHOU, P., LIU, W., LONG, F., LU, S., QIN, F., ZHOU, Y., MIDKIFF, S., AND TORRELLAS, J. AccMon: Automatically detecting memoryrelated bugs via program counter-based invariants. In Proc. MICRO (December 2004), IEEE/ACM, pp. 269--280. Google Scholar
Digital Library
Index Terms
HeapMD: identifying heap-based bugs using anomaly detection
Recommendations
HeapMD: identifying heap-based bugs using anomaly detection
Proceedings of the 2006 ASPLOS ConferenceWe present the design, implementation, and evaluation of HeapMD, a dynamic analysis tool that finds heap-based bugs using anomaly detection. HeapMD is based upon the observation that, in spite of the evolving nature of the heap, several of its ...
HeapMD: identifying heap-based bugs using anomaly detection
ASPLOS XII: Proceedings of the 12th international conference on Architectural support for programming languages and operating systemsWe present the design, implementation, and evaluation of HeapMD, a dynamic analysis tool that finds heap-based bugs using anomaly detection. HeapMD is based upon the observation that, in spite of the evolving nature of the heap, several of its ...
HeapMD: identifying heap-based bugs using anomaly detection
Proceedings of the 2006 ASPLOS ConferenceWe present the design, implementation, and evaluation of HeapMD, a dynamic analysis tool that finds heap-based bugs using anomaly detection. HeapMD is based upon the observation that, in spite of the evolving nature of the heap, several of its ...






Comments