ABSTRACT
We introduce a static detector, Saber, for detecting memory leaks in C programs. Leveraging recent advances on sparse pointer analysis, Saber is the first to use a full-sparse value-flow analysis for leak detection. Saber tracks the flow of values from allocation to free sites using a sparse value-flow graph (SVFG) that captures def-use chains and value flows via assignments for all memory locations represented by both top-level and address-taken pointers. By exploiting field-, flow- and context-sensitivity during different phases of the analysis, Saber detects leaks in a program by solving a graph reachability problem on its SVFG. Saber, which is fully implemented in Open64, is effective at detecting 211 leaks in the 15 SPEC2000 C programs and five applications, while keeping the false positive rate at 18.5%. We have also compared Saber with Fastcheck (which analyzes allocated objects flowing only into top-level pointers) and Sparrow (which handles all allocated objects using abstract interpretation) using the 15 SPEC2000 C programs. Saber is as accurate as Sparrow but is 14.2X faster and reports 40.7% more bugs than Fastcheck at a slightly higher false positive rate but is only 3.7X slower.
- D. Bruening and Q. Zhao. Practical memory checking with Dr. Memory. In CGO'11. Google ScholarDigital Library
- S. Cherem, L. Princehouse, and R. Rugina. Practical memory leak detection using guarded value-flow analysis. In PLDI'07. Google ScholarDigital Library
- F. Chow, S. Chan, S. Liu, R. Lo, and M. Streich. Effective representation of aliases and indirect memory operations in SSA form. In CC'96. Google ScholarDigital Library
- J. Clause and A. Orso. LEAKPOINT: pinpointing the causes of memory leaks. In ICSE'10. Google ScholarDigital Library
- B. Hardekopf and C. Lin. Flow-sensitive pointer analysis for millions of lines of code. In CGO'11. Google ScholarDigital Library
- B. Hardekopf and C. Lin. Semi-sparse flow-sensitive pointer analysis. In POPL'09. Google ScholarDigital Library
- D.L. Heine and M.S. Lam. A practical flow-sensitive and context-sensitive C and C++ memory leak detector. PLDI'03. Google ScholarDigital Library
- http://clang-analyzer.llvm.org/.Google Scholar
- Y. Jung and K. Yi. Practical memory leak detector based on parameterized procedural summaries. In ISMM'08. Google ScholarDigital Library
- L. Li, C. Cifuentes, and N. Keynes. Boosting the performance of flow-sensitive points-to analysis using value flow. In FSE'11. Google ScholarDigital Library
- V.B. Livshits and M.S. Lam. Tracking pointers with path and context sensitivity for bug detection in C programs. FSE'03. Google ScholarDigital Library
- N. Nethercote and J. Seward. Valgrind: a framework for heavyweight dynamic binary instrumentation. PLDI'07. Google ScholarDigital Library
- G. Novark, E.D. Berger, and B.G. Zorn. Efficiently and precisely locating memory leaks and bloat. PLDI'09. Google ScholarDigital Library
- M. Orlovich and R. Rugina. Memory leak analysis by contradiction. SAS'06. Google ScholarDigital Library
- T. Reps, S. Horwitz, and M. Sagiv. Precise interprocedural dataflow analysis via graph reachability. In POPL'95. Google ScholarDigital Library
- L. Shang, X. Xie, and J. Xue. On-demand dynamic summary-based points-to analysis. In CGO'12. Google ScholarDigital Library
- Manu Sridharan and Rastislav Bodík. Refinement-based context-sensitive points-to analysis for Java. In PLDI'06. Google ScholarDigital Library
- Y. Sui, S. Ye, J. Xue, and P.C. Yew. SPAS: Scalable path-sensitive pointer analysis on full-sparse SSA. APLAS'11. Google ScholarDigital Library
- E. Torlak and S. Chandra. Effective interprocedural resource leak detection. In ICSE'10. Google ScholarDigital Library
- Y. Xie and A. Aiken. Context-and path-sensitive memory leak detection. FSE'05. Google ScholarDigital Library
- Y. Xie and A. Aiken. Saturn: A scalable framework for error detection using boolean satisfiability. TOPLAS'07. Google ScholarDigital Library
- G. Xu, M.D. Bond, F. Qin, and A. Rountev. LeakChaser: helping programmers narrow down causes of memory leaks. In PLDI'11. Google ScholarDigital Library
- G. Xu and A. Rountev. Precise memory leak detection for Java software using container profiling. In ICSE'08. Google ScholarDigital Library
- H. Yu, J. Xue, W. Huo, X. Feng, and Z. Zhang. Level by level: making flow-and context-sensitive pointer analysis scalable for millions of lines of code. In CGO'10. Google ScholarDigital Library
Index Terms
- Static memory leak detection using full-sparse value-flow analysis
Recommendations
SVF: interprocedural static value-flow analysis in LLVM
CC 2016: Proceedings of the 25th International Conference on Compiler ConstructionThis paper presents SVF, a tool that enables scalable and precise interprocedural Static Value-Flow analysis for C programs by leveraging recent advances in sparse analysis. SVF, which is fully implemented in LLVM, allows value-flow construction and ...
Practical memory leak detection using guarded value-flow analysis
PLDI '07: Proceedings of the 28th ACM SIGPLAN Conference on Programming Language Design and ImplementationThis paper presents a practical inter-procedural analysis algorithm for detecting memory leaks in C programs. Our algorithm tracks the flow of values from allocation points to deallocation points using a sparse representation of the program consisting ...
Detecting Memory Leaks Statically with Full-Sparse Value-Flow Analysis
We introduce a static detector, Saber, for detecting memory leaks in C programs. Leveraging recent advances on sparse pointer analysis, Saber is the first to use a full-sparse value-flow analysis for detecting memory leaks statically. Saber tracks the ...
Comments