skip to main content
research-article

Conditional correlation analysis for safe region-based memory management

Published:07 June 2008Publication History
Skip Abstract Section

Abstract

Region-based memory management is a popular scheme in systems software for better organization and performance. In the scheme, a developer constructs a hierarchy of regions of different lifetimes and allocates objects in regions. When the developer deletes a region, the runtime will recursively delete all its subregions and simultaneously reclaim objects in the regions. The developer must construct a consistent placement of objects in regions; otherwise, if a region that contains pointers to other regions is not always deleted before pointees, an inconsistency will surface and cause dangling pointers, which may lead to either crashes or leaks.

This paper presents a static analysis tool RegionWiz that can find such lifetime inconsistencies in large C programs using regions. The tool is based on an analysis framework that generalizes the relations and constraints over regions and objects as conditional correlations. This framework allows a succinct formalization of consistency rules for region lifetimes, preserving memory safety and avoiding dangling pointers. RegionWiz uses these consistency rules to implement an efficient static analysis to compute the conditional correlation and reason about region lifetime consistency; the analysis is based on a context-sensitive, field-sensitive pointer analysis with heap cloning.

Experiments with applying RegionWiz to six real-world software packages (including the RC compiler, Apache web server, and Subversion version control system) with two different region-based memory management interfaces show that RegionWiz can reason about region lifetime consistency in large C programs. The experiments also show that RegionWiz can find several previously unknown inconsistency bugs in these packages.

References

  1. A. Aiken, M. Fahndrich, and R. Levien. Better static memory management: Improving region-based analysis of higher-order languages. In ACMSIGPLAN Conference on Programming Language Design and Implementation (PLDI), 1995. Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. R. Z. Altucher andW. Landi. An extended form of must alias analysis for dynamic allocation. In ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL), 1995. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. L. O. Andersen. Program Analysis and Specialization for the C Programming Language. PhD thesis, DIKU, University of Copenhagen, 1994.Google ScholarGoogle Scholar
  4. D. Avots, M. Dalton, V. B. Livshits, and M. S. Lam. Improving software security with a C pointer analysis. In International Conference on Software Engineering (ICSE), 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. E. D. Berger, B. G. Zorn, and K. S. McKinley. Reconsidering custom memory allocation. In ACM SIGPLAN Conference on Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA), 2002. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. L. Birkedal, M. Toft, and M. Vejlstrup. From region inference to von Neumann machines via region representation inference. In ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL), 1996. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. H.-J. Boehm and M. Weiser. Garbage collection in an uncooperative environment. Software - Practice and Experience, 18(9):807--820, 1988. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. C. Boyapati, A. Salcianu, W. Beebee, and M. Rinard. Ownership types for safe region-based memory management in real-time Java. In ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), 2003. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. S. Cherem, L. Princehouse, and R. Rugina. Practical memory leak detection using guarded value-flow analysis. In ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. S. Cherem and R. Rugina. Region analysis and transformation for Java programs. In International Symposium on Memory Management (ISMM), 2004. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. W.-N. Chin, F. Craciun, S. Qin, and M. Rinard. Region inference for an object-oriented language. In ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), 2004. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. M. Das, S. Lerner, and M. Seigle. ESP: Path-sensitive program verification in polynomial time. In ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), 2002. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. D. Dhurjati, S. Kowshik, and V. Adve. SAFECode: Enforcing alias analysis for weakly typed languages. In ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. M. Emami, R. Ghiya, and L. J. Hendren. Context-sensitive interprocedural points-to analysis in the presence of function pointers. In ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), 1994. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. D. Engler and K. Ashcraft. RacerX: Effective, static detection of race conditions and deadlocks. In ACM Symposium on Operating Systems Principles (SOSP), 2003. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. D. Gay and A. Aiken. Memory management with explicit regions. In ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), 1998. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. D. Gay and A. Aiken. Language support for regions. In ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), 2001. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. R. Ghiya and L. J. Hendren. Is it a tree, a DAG, or a cyclic graph? a shape analysis for heap-directed pointers in C. In ACM SIGPLANSIGACT Symposium on Principles of Programming Languages (POPL), 1996. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. D. Grossman, G.Morrisett, T. Jim,M. Hicks, Y.Wang, and J. Cheney. Region-based memory management in Cyclone. In ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), 2002. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. B. Hackett and R. Rugina. Region based shape analysis with tracked locations. In ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL), 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. D. R. Hanson. Fast allocation and deallocation of memory based on object lifetimes. Software - Practice and Experience, 20(1):5--12, 1990. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. M. Hind. Pointer analysis: Haven't we solved this problem yet? In ACM SIGPLAN-SIGSOFT Workshop on Program Analysis for Software Tools and Engineering (PASTE), 2001. Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. N. Kew. The Apache Modules Book: Application Development with Apache. Prentice Hall PTR, 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. M. S. Lam, J. Whaley, V. B. Livshits, M. C. Martin, D. Avots, M. Carbin, and C. Unkel. Context-sensitive program analysis as database queries. In SIGMOD-SIGACT-SIGART Symposium on Principles of Database Systems (PODS), 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. C. Lattner and V. Adve. Automatic pool allocation: Improving performance by controlling data structure layout in the heap. In ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. C. Lattner, A. Lenharth, and V. Adve. Making context-sensitive points-to analysis with heap cloning practical for the real world. In ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. O. Lhot´ak and L. Hendren. Jedd: A BDD-based relational extension of Java. In ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), 2004. Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. J. Lind-Nielsen. BuDDy: A binary decision diagram package. http://buddy.sourceforge.net/.Google ScholarGoogle Scholar
  29. V. B. Livshits and M. S. Lam. Tracking pointers with path and context sensitivity for bug detection in C programs. In European Software Engineering Conference and ACM SIGSOFT Symposium on the Foundations of Software Engineering (ESEC/FSE), 2003. Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. S. Lu, S. Park, C. Hu, X.Ma,W. Jiang, Z. Li, R. A. Popa, and Y. Zhou. MUVI: Automatically inferring multi-variable access correlations and detecting related semantic and concurrency bugs. In ACM Symposium on Operating Systems Principles (SOSP), 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. Microsoft. Phoenix compiler framework. http://research.microsoft.com/phoenix/.Google ScholarGoogle Scholar
  32. A. Milanova, A. Rountev, and B. G. Ryder. Parameterized object sensitivity for points-to and side-effect analyses for Java. In ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA), 2002. Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. M. Naik and A. Aiken. Effective static race detection for Java. In ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  34. M. Naik and A. Aiken. Conditional must not aliasing for static race detection. In ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL), 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. E. M. Nystrom, H.-S. Kim, and W. mei W. Hwu. Bottom-up and top-down context-sensitive summary-based pointer analysis. In Static Analysis Symposium (SAS), 2004.Google ScholarGoogle ScholarCross RefCross Ref
  36. E. M. Nystrom, H.-S. Kim, and W. mei W. Hwu. Importance of heap specialization in pointer analysis. In ACM SIGPLAN-SIGSOFT Workshop on Program Analysis for Software Tools and Engineering (PASTE), 2004. Google ScholarGoogle ScholarDigital LibraryDigital Library
  37. P. Pratikakis, J. S. Foster, and M. Hicks. LOCKSMITH: Context-sensitive correlation analysis for race detection. In ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  38. M. Tofte and J.-P. Talpin. Implementation of the typed call-by-value lambda-calculus using a stack of regions. In ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL), 1994. Google ScholarGoogle ScholarDigital LibraryDigital Library
  39. X. Wang, Z. Guo, X. Liu, Z. Xu, H. Lin, X. Wang, and Z. Zhang. Hang analysis: Fighting responsiveness bugs. In ACM SIGOPS European Conference on Computer Systems (EuroSys), 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  40. J. Whaley and M. S. Lam. Cloning-based context-sensitive pointer alias analysis using binary decision diagrams. In ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), 2004. Google ScholarGoogle ScholarDigital LibraryDigital Library
  41. P. R. Wilson. Uniprocessor garbage collection techniques. In International Workshop on Memory Management (IWMM), 1992. Google ScholarGoogle ScholarDigital LibraryDigital Library
  42. Y. Xie and A. Aiken. Context- and path-sensitive memory leak detection. In European Software Engineering Conference and ACM SIGSOFT Symposium on the Foundations of Software Engineering (ESEC/FSE), 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  43. Y. Xie and A. Aiken. Scalable error detection using Boolean satisfiability. In ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL), 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  44. J. Zhu and S. Calman. Symbolic pointer analysis revisited. In ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), 2004. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Conditional correlation analysis for safe region-based memory management

            Recommendations

            Comments

            Login options

            Check if you have access through your login credentials or your institution to get full access on this article.

            Sign in

            Full Access

            • Published in

              cover image ACM SIGPLAN Notices
              ACM SIGPLAN Notices  Volume 43, Issue 6
              PLDI '08
              June 2008
              382 pages
              ISSN:0362-1340
              EISSN:1558-1160
              DOI:10.1145/1379022
              Issue’s Table of Contents
              • cover image ACM Conferences
                PLDI '08: Proceedings of the 29th ACM SIGPLAN Conference on Programming Language Design and Implementation
                June 2008
                396 pages
                ISBN:9781595938602
                DOI:10.1145/1375581
                • General Chair:
                • Rajiv Gupta,
                • Program Chair:
                • Saman Amarasinghe

              Copyright © 2008 ACM

              Publisher

              Association for Computing Machinery

              New York, NY, United States

              Publication History

              • Published: 7 June 2008

              Check for updates

              Qualifiers

              • research-article

            PDF Format

            View or Download as a PDF file.

            PDF

            eReader

            View online with eReader.

            eReader
            About Cookies On This Site

            We use cookies to ensure that we give you the best experience on our website.

            Learn more

            Got it!