ABSTRACT
This paper presents a practical inter-procedural analysis algorithm for detecting memory leaks in C programs. Our algorithm tracks the flow of values from allocation points to deallocation points using a sparse representation of the program consisting of a value flow graph that captures def-use relations and value flows via program assignments. Edges in the graph are annotated with guards that describe branch conditions in the program. The memory leak analysis is reduced to a reachability problem over the guarded value flowgraph. Our implemented tool has been effective at detecting more than 60 memory leaks in the SPEC2000 benchmarks and in two open-source applications, bash and sshd, while keeping the false positive rate below 20%. The sparse program representation makes the tool efficient in practice, and allows it to report concise error messages.
- Thomas Ball, Rupak Majumdar, Todd Millstein, and Sriram K. Rajamani. Automatic predicate abstraction of C programs. In Proceedings of the ACM Conference on Program Language Design and Implementation, Snowbird, Utah, June 2001. Google Scholar
Digital Library
- Thomas Ball and Sriram K. Rajamani. The SLAM project: debugging system software via static analysis. In Proceedings of the Annual ACM Symposium on the Principles of Programming Languages, Portland, OR, January 2002. Google Scholar
Digital Library
- Ron Cytron, Jeanne Ferrante, Barry Rosen, Mark Wegman, and F. Kenneth Zadeck. An efficient method of computing static single assignment form. In Proceedings of the Annual ACM Symposium on the Principles of Programming Languages, Austin, TX, June 1989. Google Scholar
Digital Library
- Manuvir Das, Sorin Lerner, and Mark Seigle. ESP: Path-sensitive program verification in polynomial time. In Proceedings of the ACM Conference on Program Language Design and Implementation, Berlin, Germany, June 2002. Google Scholar
Digital Library
- Nurit Dor, Michael Rodeh, and Mooly Sagiv. Checking cleanness in linked lists. In Proceedings of the International Static Analysis Symposium, Santa Barbara, CA, July 2000. Google Scholar
Digital Library
- Dawson Engler, Benjamin Chelf, Andy Chou, and Seth Hallem. Checking system rules using system-specific, programmer-written compiler extensions. In Proceedings of the Symposium on Operating System Design and Implementation, San Diego, CA, October 2000. Google Scholar
Digital Library
- Jeffrey S. Foster, Robert Johnson, John Kodumal, and Alex Aiken. Flow-insensitive type qualifiers. ACM Transactions on Programming Languages and Systems, 28(6):1035--1087, November 2006. Google Scholar
Digital Library
- Emden R. Gansner and Stephen C. North. An open graph visualization system and its applications to software engineering. Software -- Practice and Experience, 30(11):1203--1233, 2000. Google Scholar
Digital Library
- Brian Hackett and Radu Rugina. Shape analysis with tracked locations. In Proceedings of the Annual ACM Symposium on the Principles of Programming Languages, Long Beach, CA, January 2005. Google Scholar
Digital Library
- David L. Heine and Monica S. Lam. A practical flow-sensitive and context-sensitive C and C++ memory leak detector. In Proceedings of the ACM Conference on Program Language Design and Implementation, San Diego, CA, June 2003. Google Scholar
Digital Library
- David L. Heine and Monica S. Lam. Static detection of leaks in polymorphic containers. In Proceeding of the International Conference on Software Engineering (ICSE), Shanghai, China, May 2006. Google Scholar
Digital Library
- Gerard J. Holzmann. UNO: Static source code checking for userdefined properties. In Proceedings of the World Conference on Integrated Design and Process Technology, Pasadena, CA, June 2002.Google Scholar
- V. Benjamin Livshits and Monica S. Lam. Tracking pointers with path and context sensitivity for bug detection in C programs. In ACM SIGSOFT Symposium on the Foundations of Software Engineering, Helsinki, Finland, September 2003. Google Scholar
Digital Library
- Maksim Orlovich and Radu Rugina. Memory leak analysis by contradition. In Proceedings of the International Static Analysis Symposium, Seoul, Korea, August 2006. Google Scholar
Digital Library
- Daniel Le Berre (project leader). SAT4J: A satisfiability library for java. http://www.sat4j.org/, January 2006.Google Scholar
- Thomas Reps, Susan Horowitz, and Mooly Sagiv. Precise interprocedural dataflow analysis via graph reachability. In Proceedings of the Annual ACM Symposium on the Principles of Programming Languages, San Francisco, CA, January 1995. Google Scholar
Digital Library
- Mooly Sagiv, Thomas Reps, and Reinhard Wilhelm. Parametric shape analysis via 3-valued logic. In Proceedings of the Annual ACM Symposium on the Principles of Programming Languages, San Antonio, TX, January 1999. Google Scholar
Digital Library
- Gregor Snelting, Torsten Robschink, and Jens Krinke. Efficient path conditions in dependence graphs for software safety analysis. ACM Transactions on Software Engineering and Methodology, 15(4):410--457, October 2006. Google Scholar
Digital Library
- Bjarne Steensgaard. Points-to analysis in almost linear time. In Proceedings of the Annual ACM Symposium on the Principles of Programming Languages, St. Petersburg Beach, FL, January 1996. Google Scholar
Digital Library
- Peng Tu and David Padua. Efficient building and placing of gating functions. In Proceedings of the ACM Conference on Program Language Design and Implementation, La Jolla, CA, June 1995. Google Scholar
Digital Library
- J. Uniejewski. SPEC Benchmark Suite: Designed for today's advanced systems. SPEC Newsletter Volume 1, Issue 1, SPEC, Fall 1989.Google Scholar
- Yichen Xie and Alex Aiken. Context- and path-sensitive memory leak detection. In ACM SIGSOFT Symposium on the Foundations of Software Engineering, Lisbon, Portugal, September 2005. Google Scholar
Digital Library
- Junfeng Yang, Paul Twohey, Dawson Engler, and Madanlal Musuvathi. Using model checking to find serious file system errors. In Proceedings of the Symposium on Operating System Design and Implementation, San Francisco, CA, December 2004. Google Scholar
Digital Library
Index Terms
Practical memory leak detection using guarded value-flow analysis
Recommendations
Static memory leak detection using full-sparse value-flow analysis
ISSTA 2012: Proceedings of the 2012 International Symposium on Software Testing and AnalysisWe introduce a static detector, Saber, for detecting memory leaks in C programs. Leveraging recent advances on sparse pointer analysis, Saber is the first to use a full-sparse value-flow analysis for leak detection. Saber tracks the flow of values from ...
Context- and path-sensitive memory leak detection
ESEC/FSE-13: Proceedings of the 10th European software engineering conference held jointly with 13th ACM SIGSOFT international symposium on Foundations of software engineeringWe present a context- and path-sensitive algorithm for detecting memory leaks in programs with explicit memory management. Our leak detection algorithm is based on an underlying escape analysis: any allocated location in a procedure P that is not ...
Practical memory leak detection using guarded value-flow analysis
Proceedings of the 2007 PLDI conferenceThis paper presents a practical inter-procedural analysis algorithm for detecting memory leaks in C programs. Our algorithm tracks the flow of values from allocation points to deallocation points using a sparse representation of the program consisting ...







Comments