Static memory leak detection using full-sparse value-flow analysis

Sui, Yulei; Ye, Ding; Xue, Jingling

doi:10.1145/2338965.2336784

Cited by 116 publications

(56 citation statements)

References 29 publications

(65 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In SSA-based pointer analysis, the program is first translated to SSA form and the points-to graphs contain only the information about the SSA program. Unlike leak detection approaches [11,12], which could directly work on converted SSA program, our approach needs to modify the source code to fix leaks, and cannot work on the converted SSA program.…”

Section: B Basic Ideamentioning

confidence: 99%

“…Though this fix is technically safe, it may not be efficient because the deallocation may be too far from its last use. This problem does not exist in leak detection algorithms [9,12], as a detection in main still detects the leak.…”

Section: B Basic Ideamentioning

confidence: 99%

“…As a result, we can treat the body of the loop as an independent procedure and check within the procedure. Many existing approaches on leaks [23,9,12] also only track leaks in one iteration, though the techniques are somewhat different. Fig.…”

Section: ) Loopsmentioning

confidence: 99%

“…First, dealing with memory leak is an important problem in software development. While many approaches [7,8,9,10,11,12,13] have been proposed to detect memory leaks, it is still difficult to fix a [14,15]. Second, memory leaks cannot be easily handled by general bug-fixing approaches, as we cannot easily specify the condition of "no leak" as an assertion or a test case.…”

Section: Introductionmentioning

confidence: 99%

“…Since leak detection is strongly interrelated with pointer analysis, existing leak detection approaches often build their approaches as a special pointer analysis process [9,12]. Recently, there are significant improvements on the efficiency of pointer analysis [16,17,18], so it makes sense to reuse existing pointer analysis algorithms as black boxes.…”

Section: Introductionmentioning

confidence: 99%

See 4 more Smart Citations

Safe Memory-Leak Fixing for C Programs

Gao

Xiong

et al. 2015

2015 IEEE/ACM 37th IEEE International Conference on Software Engineering

View full text Add to dashboard Cite

Abstract-Automatic bug fixing has become a promising direction for reducing manual effort in debugging. However, general approaches to automatic bug fixing may face some fundamental difficulties. In this paper, we argue that automatic fixing of specific types of bugs can be a useful complement.This paper reports our first attempt towards automatically fixing memory leaks in C programs. Our approach generates only safe fixes, which are guaranteed not to interrupt normal execution of the program. To design such an approach, we have to deal with several challenging problems such as inter-procedural leaks, global variables, loops, and leaks from multiple allocations. We propose solutions to all the problems and integrate the solutions into a coherent approach.We implemented our inter-procedural memory leak fixing into a tool named LeakF ix and evaluated LeakF ix on 15 programs with 522k lines of code. Our evaluation shows that LeakF ix is able to successfully fix a substantial number of memory leaks, and LeakF ix is scalable for large applications.

show abstract

Section: B Basic Ideamentioning

confidence: 99%

Section: B Basic Ideamentioning

confidence: 99%

Section: ) Loopsmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Safe Memory-Leak Fixing for C Programs

Gao

Xiong

et al. 2015

2015 IEEE/ACM 37th IEEE International Conference on Software Engineering

View full text Add to dashboard Cite

show abstract

Making context-sensitive inclusion-based pointer analysis practical for compilers using parameterised summarisation

Sui

Xue

et al. 2013

Softw. Pract. Exper.

Self Cite

View full text Add to dashboard Cite

SUMMARYBecause of its high precision as a flow‐insensitive pointer analysis, Andersen's analysis has been deployed in some modern optimising compilers. To obtain improved precision, we describe how to add context sensitivity on top of Andersen's analysis. The resulting analysis, called ICON, is efficient to analyse large programs while being sufficiently precise to drive compiler optimisations. Its novelty lies in summarising the side effects of a procedure by using one transfer function on virtual variables that represent fully parameterised locations accessed via its formal parameters. As a result, a good balance between efficiency and precision is made, resulting in ICON that is more powerful than a 1‐callsite‐sensitive analysis and less so than a call‐path‐sensitive analysis (when the recursion cycles in a program are collapsed in all cases). We have compared ICON with FULCRA, a state of the art Andersen's analysis that is context sensitive by acyclic call paths, in Open64 (with recursion cycles collapsed in both cases) using the 16 C/C++ benchmarks in SPEC2000 (totalling 600 KLOC) and 5 C applications (totalling 2.1 MLOC). Our results demonstrate scalability of ICON and lack of scalability of FULCRA. FULCRA spends over 2 h in analysing SPEC2000 and fails to run to completion within 5 h for two of the five applications tested. In contrast, ICON spends just under 7 min on the 16 benchmarks in SPEC2000 and just under 26 min on the same two applications. For the 19 benchmarks analysable by FULCRA, ICON is nearly as accurate as FULCRA in terms of the quality of the built Static Single Assignment (SSA) form and the precision of the discovered alias information. Copyright © 2013 John Wiley & Sons, Ltd.

show abstract

Efficient online cycle detection technique combining with Steensgaard points‐to information

Liu

Nasre

2015

Softw Pract Exp

View full text Add to dashboard Cite

Summary Pointer analysis is a key static analysis during compilation. Several client analyses and transformations rely on precise pointer information to optimize programs. Therefore, it is paramount to improve the efficiency of pointer analysis. A critical piece of an inclusion‐based pointer analysis is online cycle detection. The efficiency of pointer analysis is significantly influenced by the efficacy of detecting cycles. Existing approaches perform poorly when they guess cycle formation in the constraint graph. Thus, the number of false cycle‐detection triggers of the state‐of‐the‐art methods is considerably high (over 99% on Standard Performance Evaluation Corporation (SPEC) benchmarks). In this paper, we propose bootstrapping as a way to improve cycle detection predictability of pointer analysis. The main idea is to run a sequence of increasingly precise analyses to feed into the next more precise analysis to improve the efficiency of the latter analysis. In this process, we develop a new notion of pointer equivalence called constraint equivalence. Using Steensgaard's fast unification algorithm as the bootstrap, we devise a new cycle detection method for Andersen's inclusion‐based analysis. We measure the effectiveness of our approach using a suite of programs including SPEC 2000 benchmarks and two open‐source programs, and find that our method can reduce the number of false cycle detections by almost 22× compared with a state‐of‐the‐art method. This leads to an overall analysis time improvement of 18% on an average. Copyright © 2015 John Wiley & Sons, Ltd.

show abstract

Static memory leak detection using full-sparse value-flow analysis

Cited by 116 publications

References 29 publications

Safe Memory-Leak Fixing for C Programs

Safe Memory-Leak Fixing for C Programs

Making context-sensitive inclusion-based pointer analysis practical for compilers using parameterised summarisation

Efficient online cycle detection technique combining with Steensgaard points‐to information

Contact Info

Product

Resources

About