SMOKE: Scalable Path-Sensitive Memory Leak Detection for Millions of Lines of Code

@article{Fan2019SMOKESP,
  title={SMOKE: Scalable Path-Sensitive Memory Leak Detection for Millions of Lines of Code},
  author={Gang Fan and Rongxin Wu and Qingkai Shi and Xiao Xiao and Jinguo Zhou and Charles Zhang},
  journal={2019 IEEE/ACM 41st International Conference on Software Engineering (ICSE)},
  year={2019},
  pages={72-82}
}
  • Gang Fan, R. Wu, Charles Zhang
  • Published 25 May 2019
  • Computer Science
  • 2019 IEEE/ACM 41st International Conference on Software Engineering (ICSE)
Detecting memory leak at industrial scale is still not well addressed, in spite of the tremendous effort from both industry and academia in the past decades. Existing work suffers from an unresolved paradox - a highly precise analysis limits its scalability and an imprecise one seriously hurts its precision or recall. In this work, we present SMOKE, a staged approach to resolve this paradox. In the ?rst stage, instead of using a uniform precise analysis for all paths, we use a scalable but… 
Conquering the Extensional Scalability Problem for Value-Flow Analysis Frameworks
TLDR
This work is to leverage the inter-property awareness and to capture redundancies and inconsistencies when many properties are considered at the same time and is more than 8× faster than existing ones but consumes only 1/7 of the memory.
PCA: memory leak detection using partial call-path analysis
TLDR
PCA is presented, a static interprocedural data dependence analyzer for real-world C programs that performs interProcedural points-to and data-flow analyses with a lightweight design and features a partial call-path (PCA) analysis that consists of optimization options to further speed up data dependence computation.
MEMLOCK: Memory Usage Guided Fuzzing
TLDR
This work proposes a memory usage guided fuzzing technique, named MemLock, to generate the excessive memory consumption inputs and trigger uncontrolled memory consumption bugs and results show that MemLock substantially outperforms the state-of-the-art fuzzing techniques, including AFL, AFLfast, PerfFuzz, Fairfuzz, Angora and QSYM, in discovering memory consumption Bugs.
MLEE: Effective Detection of Memory Leaks on Early-Exit Paths in OS Kernels
  • Wenwen Wang
  • Computer Science
    USENIX Annual Technical Conference
  • 2021
TLDR
A novel leak detector for OS kernels is designed: MLEE, which intelligently discovers memory leaks on E-E paths by cross-checking the presence of memory deallocations on different E- E paths and normal paths.
SAVER: Scalable, Precise, and Safe Memory-Error Repair
TLDR
SAVER is presented, a new memory-error repair technique for C programs based on a novel representation of the program called object flow graph, which summarizes the program's heap-related behavior using static analysis and shows that fixing memory errors can be formulated as a graph labeling problem over object flowgraph and present an efficient algorithm.
PUS: A Fast and Highly Efficient Solver for Inclusion-based Pointer Analysis
TLDR
Pus is a new constraint solving algorithm that significantly advances the state-of-the-art in inclusion-based pointer analysis and is able to analyze millions of lines of code such as PostgreSQL in 10 minutes on a commodity laptop.
Risk-Aware Leak Detection at Binary Level
TLDR
Experiments with several synthetic and real programs show that BIGLeak succeeded in accurately detecting both high-risk and low-risk leaks in distinction at binary level in a short period of time, much better than an existing staleness detector, SWAT, which works at binarylevel.
An Automated Approach of Detection of Memory Leaks for Remote Server Controllers
TLDR
A staged approach to detect leaks in firmware of remote server controller that leverages an automated leak detection approach that invokes the leak detection process on encountering any severity in the system and generates a consolidated leak report.
Detecting Struct Member-Related Memory Leaks Using Error Code Analysis in Linux Kernel
TLDR
This paper presents a simple static-analysis approach to detect struct member-related memory leak in the Linux Kernel, and introduces error-code analysis, which is an optimization to efficiently pass back the alloc/free information by focusing on the return value of callee and its use in the caller.
D2A: A Dataset Built for AI-Based Vulnerability Detection Methods Using Differential Analysis
  • Yunhui Zheng, Saurabh Pujar, Zhonglai Su
  • Computer Science
    2021 IEEE/ACM 43rd International Conference on Software Engineering: Software Engineering in Practice (ICSE-SEIP)
  • 2021
TLDR
D2A is used to generate a large labeled dataset to train models for vulnerability identification and it is shown that the dataset can be used to build a classifier to identify possible false alarms among the issues reported by static analysis, hence helping developers prioritize and investigate potential true positives first.
...
1
2
...

References

SHOWING 1-10 OF 35 REFERENCES
Detecting Memory Leaks Statically with Full-Sparse Value-Flow Analysis
TLDR
Saber is the first to use a full-sparse value-flow analysis for detecting memory leaks statically, and compares favorably with several static leak detectors in terms of accuracy, scalability and scalability.
Context- and path-sensitive memory leak detection
TLDR
A context- and path-sensitive algorithm for detecting memory leaks in programs with explicit memory management based on an underlying escape analysis that achieves very precise context-and path-sensitivity by expressing the analysis using boolean constraints.
Practical memory leak detector based on parameterized procedural summaries
We present a static analyzer that detects memory leaks in C programs. It achieves relatively high accuracy at a relatively low cost on SPEC2000 benchmarks and several open-source software packages,
Low-overhead memory leak detection using adaptive statistical profiling
TLDR
An adaptive profiling scheme is described that addresses poor coverage of infrequently executed code, by sampling executions of code segments at a rate inversely proportional to their execution frequency by implementing SWAT, a novel memory leak detection tool.
Pinpoint: fast and precise sparse value flow analysis for million lines of code
TLDR
Pinpoint is presented, a holistic approach that decomposes the cost of high-precision points-to analysis by precisely discovering local data dependence and delaying the expensive inter-procedural analysis through memorization.
Automated memory leak detection for production use
TLDR
The Sniper performs a statistical analysis, which views memory leaks as anomalies, for automated and systematic leak determination, and accurately detected real-world memory leaks with no false positive, and achieved an F-measure of 81% on average for 17 benchmarks stress-tested with various memory leaks.
Memory Leak Analysis by Contradiction
TLDR
A novel leak detection algorithm that assumes its presence and runs a backward heap analysis to disprove this assumption and is implemented in a memory leak analysis tool and used to analyze several routines that manipulate linked lists and trees.
Practical memory leak detection using guarded value-flow analysis
TLDR
This paper presents a practical inter-procedural analysis algorithm for detecting memory leaks in C programs using a sparse representation of the program consisting of a value flow graph that captures def-use relations and value flows via program assignments.
Scalable and incremental software bug detection
TLDR
This work presents a technique for parallel and incremental static analysis using top-down, bottom-up and global specification inference based around the concept of a work unit, a self-contained atom of analysis input that deterministically maps to its output.
LEAKPOINT: pinpointing the causes of memory leaks
  • J. Clause, A. Orso
  • Computer Science
    2010 ACM/IEEE 32nd International Conference on Software Engineering
  • 2010
TLDR
A new technique that not only detects leaks, but also points developers to the locations where the underlying errors may be fixed, and can be effective at helping developers fix the underlying memory management errors.
...
1
2
3
4
...