Abstract
Region-based memory management is a popular scheme in systems software for better organization and performance. In the scheme, a developer constructs a hierarchy of regions of different lifetimes and allocates objects in regions. When the developer deletes a region, the runtime will recursively delete all its subregions and simultaneously reclaim objects in the regions. The developer must construct a consistent placement of objects in regions; otherwise, if a region that contains pointers to other regions is not always deleted before pointees, an inconsistency will surface and cause dangling pointers, which may lead to either crashes or leaks.
This paper presents a static analysis tool RegionWiz that can find such lifetime inconsistencies in large C programs using regions. The tool is based on an analysis framework that generalizes the relations and constraints over regions and objects as conditional correlations. This framework allows a succinct formalization of consistency rules for region lifetimes, preserving memory safety and avoiding dangling pointers. RegionWiz uses these consistency rules to implement an efficient static analysis to compute the conditional correlation and reason about region lifetime consistency; the analysis is based on a context-sensitive, field-sensitive pointer analysis with heap cloning.
Experiments with applying RegionWiz to six real-world software packages (including the RC compiler, Apache web server, and Subversion version control system) with two different region-based memory management interfaces show that RegionWiz can reason about region lifetime consistency in large C programs. The experiments also show that RegionWiz can find several previously unknown inconsistency bugs in these packages.
- A. Aiken, M. Fahndrich, and R. Levien. Better static memory management: Improving region-based analysis of higher-order languages. In ACMSIGPLAN Conference on Programming Language Design and Implementation (PLDI), 1995. Google Scholar
Digital Library
- R. Z. Altucher andW. Landi. An extended form of must alias analysis for dynamic allocation. In ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL), 1995. Google Scholar
Digital Library
- L. O. Andersen. Program Analysis and Specialization for the C Programming Language. PhD thesis, DIKU, University of Copenhagen, 1994.Google Scholar
- D. Avots, M. Dalton, V. B. Livshits, and M. S. Lam. Improving software security with a C pointer analysis. In International Conference on Software Engineering (ICSE), 2005. Google Scholar
Digital Library
- E. D. Berger, B. G. Zorn, and K. S. McKinley. Reconsidering custom memory allocation. In ACM SIGPLAN Conference on Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA), 2002. Google Scholar
Digital Library
- L. Birkedal, M. Toft, and M. Vejlstrup. From region inference to von Neumann machines via region representation inference. In ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL), 1996. Google Scholar
Digital Library
- H.-J. Boehm and M. Weiser. Garbage collection in an uncooperative environment. Software - Practice and Experience, 18(9):807--820, 1988. Google Scholar
Digital Library
- C. Boyapati, A. Salcianu, W. Beebee, and M. Rinard. Ownership types for safe region-based memory management in real-time Java. In ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), 2003. Google Scholar
Digital Library
- S. Cherem, L. Princehouse, and R. Rugina. Practical memory leak detection using guarded value-flow analysis. In ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), 2007. Google Scholar
Digital Library
- S. Cherem and R. Rugina. Region analysis and transformation for Java programs. In International Symposium on Memory Management (ISMM), 2004. Google Scholar
Digital Library
- W.-N. Chin, F. Craciun, S. Qin, and M. Rinard. Region inference for an object-oriented language. In ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), 2004. Google Scholar
Digital Library
- M. Das, S. Lerner, and M. Seigle. ESP: Path-sensitive program verification in polynomial time. In ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), 2002. Google Scholar
Digital Library
- D. Dhurjati, S. Kowshik, and V. Adve. SAFECode: Enforcing alias analysis for weakly typed languages. In ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), 2006. Google Scholar
Digital Library
- M. Emami, R. Ghiya, and L. J. Hendren. Context-sensitive interprocedural points-to analysis in the presence of function pointers. In ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), 1994. Google Scholar
Digital Library
- D. Engler and K. Ashcraft. RacerX: Effective, static detection of race conditions and deadlocks. In ACM Symposium on Operating Systems Principles (SOSP), 2003. Google Scholar
Digital Library
- D. Gay and A. Aiken. Memory management with explicit regions. In ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), 1998. Google Scholar
Digital Library
- D. Gay and A. Aiken. Language support for regions. In ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), 2001. Google Scholar
Digital Library
- R. Ghiya and L. J. Hendren. Is it a tree, a DAG, or a cyclic graph? a shape analysis for heap-directed pointers in C. In ACM SIGPLANSIGACT Symposium on Principles of Programming Languages (POPL), 1996. Google Scholar
Digital Library
- D. Grossman, G.Morrisett, T. Jim,M. Hicks, Y.Wang, and J. Cheney. Region-based memory management in Cyclone. In ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), 2002. Google Scholar
Digital Library
- B. Hackett and R. Rugina. Region based shape analysis with tracked locations. In ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL), 2005. Google Scholar
Digital Library
- D. R. Hanson. Fast allocation and deallocation of memory based on object lifetimes. Software - Practice and Experience, 20(1):5--12, 1990. Google Scholar
Digital Library
- M. Hind. Pointer analysis: Haven't we solved this problem yet? In ACM SIGPLAN-SIGSOFT Workshop on Program Analysis for Software Tools and Engineering (PASTE), 2001. Google Scholar
Digital Library
- N. Kew. The Apache Modules Book: Application Development with Apache. Prentice Hall PTR, 2007. Google Scholar
Digital Library
- M. S. Lam, J. Whaley, V. B. Livshits, M. C. Martin, D. Avots, M. Carbin, and C. Unkel. Context-sensitive program analysis as database queries. In SIGMOD-SIGACT-SIGART Symposium on Principles of Database Systems (PODS), 2005. Google Scholar
Digital Library
- C. Lattner and V. Adve. Automatic pool allocation: Improving performance by controlling data structure layout in the heap. In ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), 2005. Google Scholar
Digital Library
- C. Lattner, A. Lenharth, and V. Adve. Making context-sensitive points-to analysis with heap cloning practical for the real world. In ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), 2007. Google Scholar
Digital Library
- O. Lhot´ak and L. Hendren. Jedd: A BDD-based relational extension of Java. In ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), 2004. Google Scholar
Digital Library
- J. Lind-Nielsen. BuDDy: A binary decision diagram package. http://buddy.sourceforge.net/.Google Scholar
- V. B. Livshits and M. S. Lam. Tracking pointers with path and context sensitivity for bug detection in C programs. In European Software Engineering Conference and ACM SIGSOFT Symposium on the Foundations of Software Engineering (ESEC/FSE), 2003. Google Scholar
Digital Library
- S. Lu, S. Park, C. Hu, X.Ma,W. Jiang, Z. Li, R. A. Popa, and Y. Zhou. MUVI: Automatically inferring multi-variable access correlations and detecting related semantic and concurrency bugs. In ACM Symposium on Operating Systems Principles (SOSP), 2007. Google Scholar
Digital Library
- Microsoft. Phoenix compiler framework. http://research.microsoft.com/phoenix/.Google Scholar
- A. Milanova, A. Rountev, and B. G. Ryder. Parameterized object sensitivity for points-to and side-effect analyses for Java. In ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA), 2002. Google Scholar
Digital Library
- M. Naik and A. Aiken. Effective static race detection for Java. In ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), 2006. Google Scholar
Digital Library
- M. Naik and A. Aiken. Conditional must not aliasing for static race detection. In ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL), 2007. Google Scholar
Digital Library
- E. M. Nystrom, H.-S. Kim, and W. mei W. Hwu. Bottom-up and top-down context-sensitive summary-based pointer analysis. In Static Analysis Symposium (SAS), 2004.Google Scholar
Cross Ref
- E. M. Nystrom, H.-S. Kim, and W. mei W. Hwu. Importance of heap specialization in pointer analysis. In ACM SIGPLAN-SIGSOFT Workshop on Program Analysis for Software Tools and Engineering (PASTE), 2004. Google Scholar
Digital Library
- P. Pratikakis, J. S. Foster, and M. Hicks. LOCKSMITH: Context-sensitive correlation analysis for race detection. In ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), 2006. Google Scholar
Digital Library
- M. Tofte and J.-P. Talpin. Implementation of the typed call-by-value lambda-calculus using a stack of regions. In ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL), 1994. Google Scholar
Digital Library
- X. Wang, Z. Guo, X. Liu, Z. Xu, H. Lin, X. Wang, and Z. Zhang. Hang analysis: Fighting responsiveness bugs. In ACM SIGOPS European Conference on Computer Systems (EuroSys), 2008. Google Scholar
Digital Library
- J. Whaley and M. S. Lam. Cloning-based context-sensitive pointer alias analysis using binary decision diagrams. In ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), 2004. Google Scholar
Digital Library
- P. R. Wilson. Uniprocessor garbage collection techniques. In International Workshop on Memory Management (IWMM), 1992. Google Scholar
Digital Library
- Y. Xie and A. Aiken. Context- and path-sensitive memory leak detection. In European Software Engineering Conference and ACM SIGSOFT Symposium on the Foundations of Software Engineering (ESEC/FSE), 2005. Google Scholar
Digital Library
- Y. Xie and A. Aiken. Scalable error detection using Boolean satisfiability. In ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL), 2005. Google Scholar
Digital Library
- J. Zhu and S. Calman. Symbolic pointer analysis revisited. In ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), 2004. Google Scholar
Digital Library
Index Terms
Conditional correlation analysis for safe region-based memory management
Recommendations
Conditional correlation analysis for safe region-based memory management
PLDI '08: Proceedings of the 29th ACM SIGPLAN Conference on Programming Language Design and ImplementationRegion-based memory management is a popular scheme in systems software for better organization and performance. In the scheme, a developer constructs a hierarchy of regions of different lifetimes and allocates objects in regions. When the developer ...
Practical memory leak detector based on parameterized procedural summaries
ISMM '08: Proceedings of the 7th international symposium on Memory managementWe present a static analyzer that detects memory leaks in C programs. It achieves relatively high accuracy at a relatively low cost on SPEC2000 benchmarks and several open-source software packages, demonstrating its practicality and competitive edge ...
Context- and path-sensitive memory leak detection
We present a context- and path-sensitive algorithm for detecting memory leaks in programs with explicit memory management. Our leak detection algorithm is based on an underlying escape analysis: any allocated location in a procedure P that is not ...







Comments